Idan kuna son ƙirƙirar sabar VPN, bari in gaya muku cewa akwai kyakkyawan zaɓi wanda daga ciki zaku iya tallafawa kanku don cimma burin ku kuma shine aikin Firezone yana haɓaka sabar VPN pDon tsara samun dama ga runduna a kan hanyar sadarwa ta ciki da aka ware daga na'urorin masu amfani da ke kan cibiyoyin sadarwa na waje.
Wannan aikin da nufin cimma babban matakin tsaro da sauƙaƙe tsarin aiwatar da VPN.
Game da Firezone
Wannan aikin Injiniyan Aiki na Tsaro na Cisco yana haɓaka shi, waɗanda suka yi ƙoƙarin ƙirƙirar mafita wanda ke sarrafa aiki ta atomatik tare da daidaitawar rundunar kuma yana kawar da wahalar da suka fuskanta yayin shirya amintaccen samun dama ga VPCs a cikin gajimare.
Wutar wuta yana aiki azaman mai dubawa ga duka WireGuard kernel module game da kernel subsystem netfilter. Ƙirƙiri ƙirar WireGuard (wanda ake kira wg-firezone ta tsohuwa) da tebur mai tacewa kuma ƙara hanyoyin da suka dace akan teburin juyawa. Sauran shirye -shiryen da ke canza teburin juyawa na Linux ko firewall na netfilter na iya tsoma baki tare da aikin Firezone.
Ana iya tunanin Firezone a matsayin takwaransa na buɗe tushen OpenVPN Access Server, wanda aka gina akan WireGuard maimakon OpenVPN.
Ana amfani da WireGuard don tsara tashoshin sadarwa a cikin Firezone. Har ila yau, Firezone yana da ginanniyar kayan aikin wuta wanda ke amfani da nftables.
A halin yanzu, Tacewar tazarar ta iyakance ta hanyar toshe zirga -zirgar waje zuwa takamaiman runduna ko ƙaramin yanki A cikin cibiyoyin sadarwa na ciki ko na waje, wannan ya faru ne saboda gaskiyar cewa Firezone software ce ta beta, don haka a halin yanzu ana ba da shawarar amfani da shi kawai ta hanyar iyakance damar shiga yanar gizo zuwa mai amfani da yanar gizo don gujewa fallasa shi ga Intanet na jama'a.
Firezone yana buƙatar ingantacciyar takaddar SSL da rikodin DNS mai dacewa don gudana cikin samarwa, wanda kayan aikin Bari mu Encrypt zai iya samarwa da sarrafa shi don samar da takardar shaidar SSL kyauta.
A bangaren gudanarwa, an ambaci cewa ana yin hakan ta hanyar yanar gizo ko a yanayin layin umarni ta amfani da firezone-ctl utility. Ginin yanar gizo an gina shi ne akan Admin One Bulma.
A halin yanzu, duk abubuwan Firezone suna gudana akan sabar guda, Amma aikin da farko an haɓaka shi tare da ido kan madaidaiciya, kuma a nan gaba an yi niyyar ƙara ikon rarraba abubuwan don keɓaɓɓen gidan yanar gizon, VPN da Tacewar zaɓi akan runduna daban -daban.
Hakanan tsare-tsaren sun ambaci haɗin kan mai toshe talla na tushen DNS, goyan baya ga mai masaukin baki da jerin abubuwan toshe hanyoyin yanar gizo, ikon tabbatarwa ta hanyar LDAP / SSO, da ƙarin ikon sarrafa mai amfani.
Daga cikin abubuwan da aka ambata na Firezone:
- Mai sauri: yi amfani da WireGuard don saurin sau 3-4 fiye da OpenVPN.
- Babu dogaro: duk abubuwan dogaro an haɗa su godiya ga Chef Omnibus.
- Mai sauƙi: yana ɗaukar mintuna kaɗan don saitawa. Sarrafa ta hanyar API mai sauƙi na CLI.
- Amintacce: yana aiki ba tare da gata ba. An yi amfani da HTTPS.
- Kukis da aka rufaffen.
- Firewall ya haɗa - Yana amfani da kayan aikin Linux don toshe zirga -zirgar da ba a so.
Don shigarwa, ana ba da rpm da fakitin deb don sigogi daban -daban na CentOS, Fedora, Ubuntu da Debian, waɗanda shigar su baya buƙatar dogaro da waje, tunda duk abubuwan da ake buƙata an riga an haɗa su ta amfani da kayan aikin Chef Omnibus.
Don aiki, kawai kuna buƙatar rarraba Linux wanda ke da kernel Linux ba a baya fiye da 4.19 da ƙirar kernel da aka haɗa tare da WireGuard VPN. A cewar marubucin, farawa da daidaita uwar garken VPN za a iya yin su cikin 'yan mintuna kaɗan. Abubuwan abubuwan haɗin yanar gizon suna gudana ƙarƙashin mai amfani mara gata kuma samun dama yana yiwuwa ne akan HTTPS kawai.
Firezone ya ƙunshi kunshin Linux guda ɗaya mai rarraba wanda mai amfani zai iya shigarwa da sarrafa shi. An rubuta lambar aikin a cikin Elixir da Ruby, kuma an rarraba ta ƙarƙashin lasisin Apache 2.0.
Finalmente idan kuna sha'awar ƙarin sani game da shi ko kuna son bin umarnin shigarwa, zaku iya yi daga mahada mai zuwa.