diff --git a/sources/tech/20210803 Set up a VPN server on your Linux PC.md b/sources/tech/20210803 Set up a VPN server on your Linux PC.md deleted file mode 100644 index fe54a13efb..0000000000 --- a/sources/tech/20210803 Set up a VPN server on your Linux PC.md +++ /dev/null @@ -1,137 +0,0 @@ -[#]: subject: (Set up a VPN server on your Linux PC) -[#]: via: (https://opensource.com/article/21/8/openvpn-server-linux) -[#]: author: (D. Greg Scott https://opensource.com/users/greg-scott) -[#]: collector: (lujun9972) -[#]: translator: (perfiffer) -[#]: reviewer: ( ) -[#]: publisher: ( ) -[#]: url: ( ) - -Set up a VPN server on your Linux PC -====== -The first step in building a VPN is setting up a VPN server. -![Person drinking a hot drink at the computer][1] - -Have you been connected to an untrusted network such as a hotel or café WiFi and need to securely browse the internet from your smartphone or laptop? By using a virtual private network (VPN), you can access that untrusted network anonymously and as safely as if you were on a private network. - -VPN is an amazing tool for safeguarding private data. By using a VPN, you can connect to a private network on the internet while maintaining anonymity. - -There are many VPN services available, and many people have found that the preferred option for securing private data when using untrusted networks is [OpenVPN][2]. - -OpenVPN creates an encrypted tunnel between two points, preventing a third party from accessing your network traffic data. By setting up your VPN server, you become your own VPN provider. Many popular VPN services use OpenVPN, so why tie your connection to a specific provider when you can have complete control yourself? - -### Set up a Linux server - -First, install a copy of Linux onto a spare PC. These examples use Fedora, but the steps are mostly the same no matter what Linux distribution you use. - -Download a copy of the most recent Fedora ISO from the [Fedora project][3] website. Make a bootable USB drive, plug it into and boot your PC, and install the operating system. If you've never made a bootable USB drive, read about [Fedora Media Writer][4]. If you've never installed Linux, read about [installing Linux in three steps][5]. - -### Set up networking - -After installing the Fedora operating system, log into the console or SSH session. - -Apply the latest updates and reboot: - - -``` -`$ sudo dnf update -y && reboot` -``` - -Log in again and disable the firewall rules: - - -``` -systemctl disable firewalld.service -systemctl stop firewalld.service -``` - -You may want to add appropriate firewall rules on this system for your internal network. If so, finish setting up and debugging OpenVPN with all firewall rules turned off, and then add your local firewall rules. For more information, read about [setting up firewalls on Linux][6]. - -### Set up IP addresses - -You need a static IP address inside your local network. The commands below assume a Network Manager connection named `ens3` on a device named `ens3`. Your device and connection names might be different, so find them by opening an SSH session or the console and entering: - - -``` -$ sudo nmcli connection show -NAME  UUID                                  TYPE      DEVICE -ens3  39ad55bd-adde-384a-bb09-7f8e83380875  ethernet  ens3 -``` - -You need to ensure that your remote people can find your VPN server. There are two ways to do this. You can set its IP address manually, or you can let your router do most of the work. - -#### Configure an IP address manually - -Set your static IP address, prefix, gateway, and DNS resolver with the following command but substituting your own IP addresses: - - -``` -$ sudo nmcli connection modify ens3 ipv4.addresses 10.10.10.97/24 -$ sudo nmcli connection modify ens3 ipv4.gateway 10.10.10.1 -$ sudo nmcli connection modify ens3 ipv4.dns 10.10.10.10 -$ sudo nmcli connection modify ens3 ipv4.method manual -$ sudo nmcli connection modify ens3 connection.autoconnect yes -``` - -Set a hostname: - - -``` -`$ sudo hostnamectl set-hostname OVPNserver2020` -``` - -If you run a local DNS server, you will want to set up a DNS entry with the hostname pointing to the VPN server IP Address. - -Reboot and make sure the system has the correct networking information. - -#### Configure an IP address in your router - -You probably have a router on your network. You may have purchased it, or you may have gotten one from your internet service provider (ISP). Either way, your router probably has a built-in DHCP server that assigns an IP address to each device on your network. Your new server counts as a device on your network, so you may have noticed an IP address is assigned to it automatically. - -The potential problem here is that your router doesn't guarantee that any device will ever get the same IP address after reconnecting. It does _try_ to keep the IP addresses consistent, but they can change depending on how many devices are connected at the time. - -However, almost all routers have an interface allowing you to intercede and reserve IP addresses for specific devices. - -![Router IP address settings][7] - -(Seth Kenlon, [CC BY-SA 4.0][8]) - -There isn't a universal interface for routers, so search the interface of the router you own for **DHCP** or **Static IP address** options. Assign your server its own reserved IP address so that its network location remains the same no matter what. - -### Access your server - -By default, your router probably has a firewall built into it. This is normally good because you don't want someone outside your network to be able to brute force their way into any of your computers. However, you must allow traffic destined for your VPN server through your firewall, or else your VPN will be unreachable and, therefore, no use to you.  - -You will need at least one public static IP Address from your internet service provider. Set up the public side of your router with its static IP Address, and then put your OpenVPN server on the private side, with its own private static IP Address inside your network. OpenVPN uses UDP port 1194 by default. Configure your router to [port-forward][9] traffic for your public VPN IP Address on UDP port 1194 to UDP port 1194 on your OpenVPN server. If you decide to use a different UDP port, adjust the port number accordingly. - -### Get ready for the next step - -In this article, you installed and configured an operating system on your server, which is approximately half the battle. In the next article, you'll tackle installing and configuring OpenVPN itself. In the meantime, get familiar with your router and make sure you can reach your server from the outside world. But be sure to close the port forwarding after testing until your VPN is up and running. - -* * * - -_Parts of this article were adapted from D. Greg Scott's [blog][10] and have been republished with permission._ - --------------------------------------------------------------------------------- - -via: https://opensource.com/article/21/8/openvpn-server-linux - -作者:[D. Greg Scott][a] -选题:[lujun9972][b] -译者:[译者ID](https://github.com/译者ID) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]: https://opensource.com/users/greg-scott -[b]: https://github.com/lujun9972 -[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/coffee_tea_laptop_computer_work_desk.png?itok=D5yMx_Dr (Person drinking a hot drink at the computer) -[2]: https://openvpn.net/ -[3]: http://getfedora.org -[4]: https://opensource.com/article/20/10/fedora-media-writer -[5]: https://opensource.com/article/21/2/linux-installation -[6]: https://www.redhat.com/sysadmin/secure-linux-network-firewall-cmd -[7]: https://opensource.com/sites/default/files/uploads/reserved-ip.jpg (Router IP address settings) -[8]: https://creativecommons.org/licenses/by-sa/4.0/ -[9]: https://opensource.com/article/20/9/firewall -[10]: https://www.dgregscott.com/how-to-build-a-vpn-in-four-easy-steps-without-spending-one-penny/ diff --git a/translated/tech/20210803 Set up a VPN server on your Linux PC.md b/translated/tech/20210803 Set up a VPN server on your Linux PC.md new file mode 100644 index 0000000000..26587a4916 --- /dev/null +++ b/translated/tech/20210803 Set up a VPN server on your Linux PC.md @@ -0,0 +1,131 @@ +[#]: subject: (Set up a VPN server on your Linux PC) +[#]: via: (https://opensource.com/article/21/8/openvpn-server-linux) +[#]: author: (D. Greg Scott https://opensource.com/users/greg-scott) +[#]: collector: (lujun9972) +[#]: translator: (perfiffer) +[#]: reviewer: ( ) +[#]: publisher: ( ) +[#]: url: ( ) + +在你的 `Linux` 电脑上安装一个 `VPN` 服务。 + +====== + +想要建立一个 `VPN` 的第一步是安装一个 `VPN` 服务器。 + +![](https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/coffee_tea_laptop_computer_work_desk.png?itok=D5yMx_Dr) + +你是否已经连接到不受信任的网络,例如酒店或咖啡馆的 `WiFi`,并需要通过智能手机和笔记本电脑安全浏览互联网?通过使用虚拟专用网络(`VPN`),你可以匿名访问不受信任的网络,就像你在专用网络上一样安全。 + +`VPN` 是保护私人数据的绝佳工具。通过使用 `VPN`,你可以在保持匿名的同时连接到互联网上的专用网络。 + +可选的 `VPN` 服务有很多,[`OpenVPN`][2] 依然是很多人在使用不受信任的网络时保护私人数据的第一选择。 + +`OpenVPN` 在两点之间创建一个加密通道,防止第三方访问你的网络流量数据。通过设置你的 `VPN` 服务,你完全可以掌控自己的 `VPN`。许多流行的 `VPN` 服务都使用 `OpenVPN`,所以当你可以掌控自己的网络时,为什么要将你的网络连接绑定到特定的提供商呢? + +### 搭建 `Linux` 服务器 + +首先,在备用 `PC` 上安装一个 `Linux` 拷贝。本例使用 `Fedora`,但是不论你使用的是什么 `Linux` 发行版,步骤基本是相同的。 + +从 [Fedora 项目][3] 网站下载最新的 `Fedora ISO` 副本。制作一个 `USB` 启动盘,将其插入到你的 `PC` 并启动,然后安装操作系统。如果你从未制作过可引导的 `USB` 启动盘,请参照 [Fedora Media Writer][4]。如果您从未安装过 `Linux`,请阅读 [installing Linux in three steps][5]。 + +### 设置网络 + +安装完成 `Fedora` 操作系统后,登录到控制台或者 `SSH` 会话。 + +更新到最新并重新启动: + +``` +$ sudo dnf update -y && reboot +``` + +重新登录并关闭防火墙: + +``` +systemctl disable firewalld.service +systemctl stop firewalld.service +``` + +你可能希望在此系统上为你的内部网络添加适当的防火墙规则。如果是这样,请在关闭所有防火墙规则后完成 `OpenVPN` 的设置和调试,然后添加本地防火墙规则。想要了解更多,请参照 [setting up firewalls on Linux][6]。 + +### 设置 `IP` 地址 + +你需要在你的本地网络设置一个静态 `IP` 地址。下面的命令假设在一个名为 `en3` 的设备上有一个名为 `ens3` 的网络管理器连接。你的设备和连接名称可能不同,你可以通过打开 `SSH` 会话或从控制台输入以下命令: + +``` +$ sudo nmcli connection show +NAME  UUID                                  TYPE      DEVICE +ens3  39ad55bd-adde-384a-bb09-7f8e83380875  ethernet  ens3 +``` + +你需要确保远程用户能够找到你的 `VPN` 服务器。有两种方法可以做到这一点。你可以手动设置它的 `IP` 地址,或者将大部分工作交给你的路由器去完成。 + +#### 手动配置一个 `IP` 地址 + +通过以下命令来设置静态 `IP` 地址、前缀、网关和 `DNS` 解析器,用来替换掉原有的 `IP` 地址: + +``` +$ sudo nmcli connection modify ens3 ipv4.addresses 10.10.10.97/24 +$ sudo nmcli connection modify ens3 ipv4.gateway 10.10.10.1 +$ sudo nmcli connection modify ens3 ipv4.dns 10.10.10.10 +$ sudo nmcli connection modify ens3 ipv4.method manual +$ sudo nmcli connection modify ens3 connection.autoconnect yes +``` + +设置主机名: + + +``` +`$ sudo hostnamectl set-hostname OVPNserver2020` +``` +如果你运行了一个本地的 `DNS` 服务,你需要设置一个 `DNS` 条目,将主机名指向 `VPN` 服务器的 `IP` 地址。 + +重启并确保系统的网络运行正常。 + +#### 在路由器中配置 `IP` 地址 + +在你的网络当中应该有一台路由器。你可能已经购买了它,或者从互联网服务提供商(`ISP`)那里获得了一台。无论哪种方式,你的路由器可能都有一个内置的 `DHCP` 服务,可以为连接到网络上的每台设备分配一个 `IP` 地址。你的新 `VPN` 服务器也是属于网络的一台设备,因此你可能已经注意到它会自动分配一个 `IP` 地址。 + +这里的潜在问题是你的路由器不能保证每台设备都能在重新连接后获取到相同的 `IP` 地址。路由器确实尝试保持 `IP` 地址一致,但这会根据当时连接的设备数量而发生变化。 + +但是,几乎所有的路由器都会保留一个接口,允许你为特定设备调停和保留 `IP` 地址。 + +![Router IP address settings][7] + +路由器没有通用接口,因此请在你的路由器接口中搜索 `DHCP` 或静态 `IP` 地址选项。为你的服务器分配自己的预留 `IP` 地址,使其在网络中保持 `IP` 不变。 + +### 连接到服务器 +默认情况下,你的路由器可能内置了防火墙。这通常很好,因为你不希望网络之外的人能够强行进入你的任何计算机。但是,你必须允许发往 `VPN` 服务器的流量通过防火墙,否则你的 `VPN` 将无法访问,这种情况下你的 `VPN` 服务器将形同虚设。 + +你至少需要一个来自互联网服务提供商的公共静态 `IP` 地址。使用其静态 `IP` 地址设置路由器的公共端,然后将你的 `OpenVPN` 服务器放在私有端,在你的网络中使用私有静态 `IP` 地址。 `OpenVPN` 默认使用 `UDP` 1194 端口。配置你的路由器,将你的公网 `VPN` `IP` 地址的 `UDP` 1194 端口转发到 `OpenVPN` 服务器上的 `UDP` 1194 端口。如果你决定使用不同的 UDP 端口,请相应地调整端口号。 + +### 准备好,我们开始下一步 + +在本文中,你在服务器上安装并配置了一个操作系统,这已经成功了一半。在下一篇文章中,你将解决安装和配置 `OpenVPN` 本身的问题。同时,熟悉你的路由器并确保你可以从外部访问你的服务器。但是请务必在测试后关闭端口转发,直到你的 `VPN` 服务启动并运行。 + +* * * +本文的部分内容改编自 `D. Greg Scott` 的博客,并经许可重新发布。 + +-------------------------------------------------------------------------------- + +via: https://opensource.com/article/21/8/openvpn-server-linux + +作者:[D. Greg Scott][a] +选题:[lujun9972][b] +译者:[perfiffer](https://github.com/perfiffer) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]: https://opensource.com/users/greg-scott +[b]: https://github.com/lujun9972 +[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/coffee_tea_laptop_computer_work_desk.png?itok=D5yMx_Dr (Person drinking a hot drink at the computer) +[2]: https://openvpn.net/ +[3]: http://getfedora.org +[4]: https://opensource.com/article/20/10/fedora-media-writer +[5]: https://opensource.com/article/21/2/linux-installation +[6]: https://www.redhat.com/sysadmin/secure-linux-network-firewall-cmd +[7]: https://opensource.com/sites/default/files/uploads/reserved-ip.jpg (Router IP address settings) +[8]: https://creativecommons.org/licenses/by-sa/4.0/ +[9]: https://opensource.com/article/20/9/firewall +[10]: https://www.dgregscott.com/how-to-build-a-vpn-in-four-easy-steps-without-spending-one-penny/