L2TP Mikrotik: kulungiselelwa. imishini Mikrotik

Manje izinkampani bayanda namagatsha awo bathambekele hlanganani ibe nemininingwane yenethiwekhi olulodwa, ngakho lo mbuzo ngempela efanele. Futhi ngokuvamile kudingeka sikwazi ukunikeza inethiwekhi ezisebenzini kuphi emhlabeni. Khona-ke indlela ukuhlanganisa kahle inethiwekhi, kulesi sihloko sizochaza isibonelo ekushintsheni kwemigomo L2TP. Mikrotik, kulungiselelwa elichazwa kamuva, ubhekwa kukho okuhle ngokuba kokubili ekhaya kanye nehhovisi. Ngenxa Hap lite sici, ungakwazi ngomzamo omncane ukusebenza ukufinyelela kude umsebenzi ngamunye. Ukusebenza router ivumela ukusebenza kumahhovisi amancane, lapho phambi inkampani ayenzi nezimfuneko kakhulu.

Kaningi kule nethiwekhi wendawo namahhovisi amagatsha. Isebenza nabantu umhlinzeki efanayo, ngakho isignali inqubo uxhumano eziqondile. Kufanele kuqashelwe ukuthi kaningi amagatsha zitholakala kude kakhulu kusukela maphakathi main futhi kusukela komunye nomunye. kudingeka kakhulu futhi olufanele okwamanje ubuchwepheshe ngokuthi Virtual Network Private (VPN). Kungaba lolu hlelo luzosebenza ngezindlela eziningi. It is hhayi Kunconywa ukusebenzisa PPTP, njengoba ubuchwepheshe yisikhathi, futhi OpenVPN. Lesi sakamuva singabangela ukuxhumana nawo wonke amadivayisi.

L2TP protocol

Ngenxa ukutholakala eyisihlobo L2TP olandelwayo Mikrotik, okuyinto ukulungiswa uzobe kuchazwe kamuva, uyakwazi ukusebenzisa ku wokusebenza eziningi. Kuthathwa enhle eyaziwa kakhulu. Izinkinga nabo singenzeka kuphela uma iklayenti kuyoba ngemuva NAT. Kulokhu, isofthiwe ekhethekile kuzovimba amaphakethe yayo. Kunezindlela ukubhekana nale nkinga. Lesi sivumelwano has nezihibe.

Ngokwesibonelo, labo abakha u-L2TP kungase kubhekwe njengokwelapha ukuphepha kanye nokusebenza. Lapho i-IPSec isetshenziswa ukwandisa ezingeni ukuphepha, ingxenye yesibili kuyehla. Lokhu okuthiwa intengo kudatha yezokuphepha.

Ukusetha i-server

Iseva master kumele abe static IP-ikheli hlobo. Kukhona isibonelo sakhe: 192.168.106.246. Lokhu ehilelekile kubalulekile ngempela, ngoba ikheli noma kunjalo akumele ushintshwe. Kungenjalo, kumnikazi nakwabanye abasebenzisi kuyodingeka usebenzise-DNS igama enkingeni wena nge izenzo engadingekile.

Dala amaphrofayli

Ukudala iphrofayela, udinga ukuya e-PPP sigaba. "Amaphrofayli" Kuzobalwa imenyu. Ngaphezu kwalokho kubalulekile ukwakha iphrofayli ukuthi kuzosetshenziswa uhlobo uxhumano lwe-VPN, isb kunethiwekhi eyodwa. Kufanele kuqashelwe, futhi zihlanganisa kukho okulandelayo: "Shintsha TCP yesandla», «Sebenzisa kokucindezelwa", "Sebenzisa Ukubethela". Njengoba for inketho yokugcina, kuzothatha ukubaluleka okuzenzakalelayo. Siyaqhubeka ukusebenza router Mikrotik. L2TP Server futhi kulungiselelwa abasakwazi eziyinkimbinkimbi, ngakho kudingeka ubuke zonke izinyathelo.

Ngokulandelayo, umsebenzisi udinga ukuya "Ukusebenza" ithebhu. Kube kufanele sinake L2TP-server. Kuvele imenyu Imininingwane lapho ucindezela inkinobho "Vumela". Iphrofayela uzobe kukhethwa ngokuzenzakalela, njengoba uhlukile futhi wadala kancane ekuqaleni. Uma ufuna, ungakwazi ukushintsha uhlobo ubuqiniso. Kodwa uma umsebenzisi akaqondi lutho, kungcono ukushiya inani elimisiwe. IPsec inketho kufanele ahlale unactivated.

Ngemva kwalokho umsebenzisi udinga ukuya "Izimfihlo 'futhi kokudala umsebenzisi kunethiwekhi. Ohlwini "Iseva" udinga ukucacisa L2TP. Uma wayefisa lapha ebonisa iphrofayli ukuthi sizosetshenziswa Mikrotik. Ilungiselela L2TP Server futhi cishe siphelile. ikheli leseva Local futhi akude kumele kube okufanayo, umehluko banayo zokugcina Izinombolo ezimbili kuphela. Lokhu value 10.50.0.10/11 ngokulandelana. Uma kudingekile, udinga ukwakha abasebenzisi ezengeziwe. Nokho, ikheli Local, uhlala ingashintshiwe, kodwa akude kuyadingeka ukuze kancane kancane ukwandisa nenani efanayo.

Ukulungisa firewall

Ukuze sisebenze inethiwekhi enobunye, udinga ukuvula uhlobo olukhethekile UDP port. Liyophuma umthetho kuqala futhi ushukumisela isikhundla ngenhla. Okuwukuphela kwendlela ukufeza umsebenzi L2TP ezinhle. Mikrotik ukucushwa luyindida, kodwa ngempela namanye umzamo. Ngaphezu kwalokho, ukuthi ishuna kumele ungene ngemvume ukuze ungeze NAT futhi beziguqula. Lokhu kwenziwa ukuze amakhompyutha kungabonwa ngaphakathi kunethiwekhi efanayo.

Ukungeza umzila

subnet akude yadalwa ngesikhathi wonke amasethingi. Lokho kufanele umzila ecacisiwe. Inani yokugcina subnet ukuba 192.168.2.0/24. Gateway ubuye enze kuleli kheli efanayo iklayenti e inethiwekhi uqobo. Target ivolumu kufanele kube nobunye. Kulokhu bonke ukucushwa ukuphela iseva, wena kuphela ubambe izinguquko iklayenti ipharamitha.

Ilungiselela iklayenti

Through ezinye izinguquko L2TP ubuchwepheshe "Mikrotik" iklayenti ukumisa kumele ikhokhwe ukunakwa okukhulu. Kuyadingeka ukuya "Ukusebenza" sigaba bese udale entsha L2TP iklayenti hlobo. Kufanele ucacise ikheli leseva kanye iziqinisekiso. Ukubethela kukhethwa ngokuzenzakalela, inketho ezenzakalelayo siseduze komzila osetshenziswa izindiza kuyadingeka ukususa isheke kusebenze. Uma kwenziwe ngendlela efanele, khona-ke ngemva kulondolozwa uxhumano kufanele kuvele inethiwekhi L2TP. Mikrotik, okuyinto ukusetha sekuyaphela, kuyinto inketho kakhulu ukusetshenziswa ne-VPN.

Sibheka ukusebenza ISIZINDA wadala grid. Faka ukubaluleka 192.168.1.1. Uxhumano kufanele isethwe kabusha. Ngakho-ke kudingekile ukwakha static uhlobo olusha umzila. It is a uhlobo subnet 192.168.1.0/24. Gateway - isengezo ikheli inethiwekhi iseva. I "umthombo" kuyadingeka ukuze ucacise ikheli inethiwekhi umsebenzisi. Ngemva ISIZINDA rechecking operability okuthiwa ping kungabonwa ukuthi kwakwakhe yavela. Nokho, ama-computer kugridi namanje awuwuboni. Ukuze bakwazi ukuxhuma, ukudala beziguqula. Kufanele kube okufanayo ngokugcwele nalokho sesivele sidaliwe on the server. Kulokhu esibonakalayo okukhipha inenani-VPN-uhlobo uxhumano. Uma ping ophawulekayo ke konke kufanele asebenze. Umhubhe idaliwe, amakhompyutha Ungaxhuma futhi umsebenzi kugridi. Nge ezinhle tariff iphakethe kalula ukuthola ijubane megabits ngomzuzwana 50. inkomba okunjalo bungatholakala kuphela uma ukwehluleka ubuchwepheshe (usebenzisa L2TP) IPSec e Mikrotik.

Kulesi ukumisa inethiwekhi ejwayelekile usuphothuliwe. Uma umsebenzisi entsha wanezela, kufanele kube kudivayisi yayo ukuze ungeze omunye umzila. Khona-ke idivayisi uzobona nomunye. Uma ICES umzila kusuka Client1 futhi Client2 ke noma yimaphi amasethingi ku iseva akudingeki ashintshe. Ungakwazi umane ukudala imizila, bese usetha ikheli le-IP abaphikisi inethiwekhi.

Ilungiselela L2TP futhi IPSec e Mikrotik

Uma udinga ukuba banakekele yezizathu zokuvikeleka, kumele usebenzise i-IPSec. Awudingi ukudala inethiwekhi entsha, ungasebenzisa eyodwa ubudala. Sicela uqaphele ukuthi kufanele ukudala olandelwayo phakathi amakheli uhlobo 10.50.0. Lokhu kuzovumela ubuchwepheshe ukusebenza, kungakhathaliseki ukuthi yini ikheli iklayenti sika.

Uma kukhona isifiso ukudala i Umhubhe IPSec e Mikrotik phakathi iseva kanye iklayenti le-WAN, wena ke kudingeka siqiniseke ukuthi wabo kwakungu ikheli zangaphandle. Uma kuyaguquguquka, kubalulekile ukuba ukushintsha izinqubomgomo olandelwayo ngokusebenzisa zokubhala. Uma i-IPSec inikwe amandla phakathi amakheli zangaphandle, ngokuvamile, kanye nesidingo L2TP uzobe kuyehla kube sezingeni eliphansi.

Hlola ukusebenza

Qiniseka ekupheleni izilungiselelo ufuna ukuhlola ukusebenza. Lokhu kungenxa yokuthi uma usebenzisa L2TP / IPSec encapsulation kwenzeka kabili uhlobo, okusho ukuthi CPU sinzima kakhulu. Ngokuvamile, uma udala inethiwekhi kungabonwa ukuthi yesivinini sokuxhuma lehla. Khulisa ngokudala Ukusakaza ezinye 10 ke. Processor izobe ukulayishwa cishe sasiyikhulu namashumi amaphesenti. Lona kusimo eyinhloko L2TP IPSec ubuchwepheshe Mikrotik. Kuyinto alimaze ukusebenza iqinisekisa ukuphepha esiphezulu.

Ukuze uthole ijubane ezinhle, udinga ukuthenga ezingeni lelisetulu imiklamo. Ungakwazi futhi ukuthi ukhethe ukuba router esekela umsebenzi nge-computer bese RouterOS. Uma kuzodingeka ukubethela hardware iyunithi, ukusebenza kakhulu ngcono. Ngeshwa, imishini ezishibhile Mikrotik lomphumela ngeke.