Firezone, yakasarudzika sarudzo yekugadzira maVPN akavakirwa paWireGuard

Kana iwe uchida kugadzira server yeVPN, rega ndikuudze kuti pane yakasarudzika sarudzo kubva kwaunogona kuzvitsigira iwe pachako kuti uite basa rako uye ndizvozvo Firezone irikugadzira VPN server pKuronga kuwanikwa kweanogamuchira pane yemukati network yakasarudzika kubva kumashandisi emashandisi ari pane ekunze network.

Iyo purojekiti inotarisira kuwana yakakwira chengetedzo uye kurerutsa iyo VPN yekuita maitiro.

Nezve Firezone

Iyo purojekiti iri kugadzirwa neCisco Security Automation Injiniya, uyo akaedza kugadzira mhinduro inogadzirisa kushanda neyakagadziriswa dhizaini uye kubvisa matambudziko avakatarisana nawo pakuronga mukana wakachengeteka weVPCs mugore.

nzvimbo yemoto inoshanda senge interface kune ese ari maviri WireGuard kernel module nezve netfilter kernel subsystem. Gadzira iyo WireGuard interface (inonzi wg-firezone nekumira) uye netfilter tafura uye wedzera nzira dzakakodzera petafura yekufambisa. Zvimwe zvirongwa zvinoshandura tafura yeLinux yekufambisa kana iyo netfilter firewall inogona kukanganisa kushanda kweFirezone.

Iwe unogona kufunga nezveFirezone seyakavhurika sosi shamwari kune OpenVPN Access Server, yakavakirwa pamusoro peWireGuard pane OpenVPN.

WireGuard inoshandiswa kuronga nzira dzekutaurirana muFirezone. Firezone zvakare ine yakavakirwa-mukati firewall mashandiro ayo anoshandisa nftables.

Mune fomu yazvino, iyo firewall inogumirwa nekuvharira inobuda traffic kune chaiwo mauto kana subnets Mune zvemukati kana zvekunze network, izvi zvinokonzereswa nekuti Firezone ndeye beta software, saka kwechinguvana mashandisiro ayo anongokurudzirwa nekudzikisira kupinda kwenetiweki kune yewebhu mushandisi interface kudzivirira kuiburitsa kuruzhinji rweInternet.

Firezone inoda chitupa cheSSL chakakodzera uye inowoneka DNS rekodhi kumhanya mukugadzira, iyo inogona kugadzirwa uye kutarisirwa neRega Encrypt chishandiso kuburitsa yemahara SSL setifiketi.

Kune chikamu che manejimendi, zvinotaurwa kuti izvi zvinoitwa kuburikidza newebhu interface kana mune yekuraira mutsara modhi uchishandisa firezone-ctl chinoshandiswa. Iyo yewebhu interface inovakwa pane hwaro hweAdmin Imwe Bulma.

Iye zvino, zvese Firezone zvikamu zvinomhanya pane imwechete server, Asi chirongwa ichi chinotanga kugadzirwa neziso pane modularity, uye mune ramangwana zvakarongwa kuwedzera kugona kugovera zvikamu zveiyo webhu interface, VPN uye firewall pane akasiyana mauto.

Zvirongwa izvi zvinotaura zvakare nezve kubatanidzwa kweDNS-based ad blocker, rutsigiro rwevagari uye subnet block zvinyorwa, kugona kuratidza kuburikidza neLDAP / SSO, uye nehunyanzvi hwekushandisa manejimendi.

Pazvinhu zvakataurwa zveFirezone:

  • Kurumidza: shandisa WireGuard kuve 3-4 nguva nekukurumidza kupfuura OpenVPN.
  • Hapana kutsamira: kwese kutsamira kwakarongedzwa nekutenda kuna Chef Omnibus.
  • Nyore: zvinotora maminetsi mashoma kuiseta. Manage kuburikidza neyakareruka CLI API.
  • Yakachengeteka: inoshanda isina ropafadzo. HTTPS yakashandiswa.
  • Akanyora makuki.
  • Firewall inosanganisirwa - Inoshandisa Linux nftables yekuvharira isingadiwe traffic inobuda.

Zvekuisa, rpm uye madhiri mapakeji anopihwa yemhando dzakasiyana dzeCentOS, Fedora, Ubuntu naDebian, iyo kuiswa kwayo hakudi kutsamira kwekunze, nekuti kutsamira kwese kwakakodzera kwatove kusanganisirwa kushandisa Chef Omnibus toolkit.

Kushanda, iwe unongoda kugoverwa kweLinux iyo ine Linux kernel pasati yapfuura 4.19 uye kernel module yakanyorwa neVPN WireGuard. Sekureva kwemunyori, kutanga uye kugadzirisa sevha yeVPN kunogona kuitwa mumaminetsi mashoma. Izvo zvinongedzo zvewebhu webhusaiti zvinomhanya pasi pemunhu asina-rombo mushandisi uye kuwana kunogoneka chete pamusoro peHTTPS.

Firezone ine imwechete inoparadzirwa Linux package iyo inogona kuiswa uye kutarisirwa nemushandisi. Iyo kodhi yeprojekiti yakanyorwa muElixir naRuby, uye inogoverwa pasi peiyo Apache 2.0 rezinesi.

Finalmente kana iwe uchifarira kuziva zvakawanda nezvazvo kana iwe uchida kuteedzera iyo yekuisa rairo, unogona kuzviita kubva chinotevera chinongedzo.


Iva wekutanga kutaura

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira iyo data: Miguel Ángel Gatón
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako