L2TP Mikrotik: sentlalo. izixhobo Mikrotik

Ngoku iinkampani ngakumbi nangakumbi kunye namasebe zabo zithande ukuba sibumbane kwi womnatha ulwazi enye, ngoko ke lo mbuzo kakhulu efanelekileyo. Kwakhona ngokufuthi kufuneka akwazi ukunika womnatha abasebenzi abavela naphi na ehlabathini. Ngoko indlela yokuhlanganisa kakuhle inethiwekhi, eli nqaku liza kuchaza umzekelo ngokutshintsha yoMgaqo L2TP. Mikrotik, isicwangciso elichazwa kamva, uthathwa ukuba ibe yindlela elungileyo zombini ekhaya ofisi. Ngenxa Ja lite osemqoka, unako kwenkxamleko eninzi ukusebenza unikezelo lobekelo kude ngomqeshwa ngamnye. zendlela yokusebenza ivumela ukuba abasebenza ezi-ofisini ezincinane, apho phambi inkampani akumenzi iimfuno kakhulu.

Kaninzi kwi womnatha wobulali efanayo kunye ofisi kunye namasebe. Zisebenza kunye nomboneleli enye, ngoko ke inkqubo uqhagamshelo Oluphawu eziqondile. Kufuneka kuqatshelwe ukuba ngokufuthi amasebe zikwindawo kumgama elikhulu ukusuka kwiziko engundoqo kwaye usuka kwenye. Kakhulu ezifunekayo elichaphazelekayo mzuzu iteknoloji ebizwa Virtual Network zabucala (VPN). Kokuba iphunyezwe ngeendlela ezininzi. Akuyi Kucetyiswa ukuba basebenzise PPTP, njengoko obu bugcisa kuphelelwa, kwaye OpenVPN. Akwazi ukunxibelelana nazo zonke izixhobo.

L2TP protocol

Ngenxa yokufumaneka wayesisalamane L2TP protocol Mikrotik, leyo uhlengahlengiso ziza kuchazwa kamva, ukuba akwazi ukusebenza kwiindlela ezisebenzayo. Kucingwa elaziwa kakhulu. Iingxaki nabo kungenzeka kuphela xa Umxhamli kuya kuba emva NATED. Kulo mzekelo, i-software eyodwa iya kublokha iipasile zayo. Kukho iindlela zokukhawulelana nale ngxaki. Le protocol iye kuneengxaki zako.

Ngokomzekelo, abo L2TP zingathathwa njengesibambiso kunye nokusebenza. Xa IPSec isetyenziselwa ukunyusa izinga lokhuseleko, icandelo lesibini lifinyele. Oku kubizwa ngokuba yi-data ixabiso yokhuseleko.

Ukubeka up iseva

Inkosi Umncedisi ekufuneka ibenodidi IP Idilesi-static. Kukho umzekelo wakhe: 192.168.106.246. Le ezincinane kubaluleke kakhulu, ngenxa yokuba idilesi kuyo nayiphi na imeko ukuba kufuneka itshintshwe. Kungenjalo, umnini kunye nabanye abasebenzisi kuya kufuneka ukuba usebenzise DNS-igama ungazihluphi kunye neentshukumo ezingeyomfuneko.

Yenza iprofayili

Ukuze uzenzele eyakho iprofayili, kufuneka uye kwi-PPP kwicandelo. "Iinkangeleko" Kuya kubakho i menu. Ngaphezu koko kuyimfuneko ukwenza iprofayile eziya kusetyenziswa uhlobo lonxibelelwano VPN, ngamanye uthungelwano enye. Kufuneka kuqatshelwe, kwaye ziquka ezi zilandelayo: "Tshintsha TCP MSS», «Sebenzisa ucinezelo", "Sebenzisa yeBitLocker". Njengokuba le yokugqibela khetho, kuya kuthabatha ixabiso elisisiseko. Siza kuqhubeka nokusebenza kunye kumzila Mikrotik. Server L2TP kunye nokumisa zintsonkothe kakhulu, ngoko ke kufuneka ukuba ukubukela onke amabanga.

Okulandelayo, umsebenzisi kufuneka ukuya kwi "Interface 'tab. Apho kufuneka ahlawule ingqalelo L2TP-server. Imenu ulwazi apho cofa iqosha le "Yenza". Iprofayile ziya kukhethwa ngokungagqibekanga, njengoko wahlukile kwaye wadala kancinane ngaphambili. Ukuba ufuna, unako ukutshintsha uhlobo ububhali. Kodwa ukuba umsebenzisi akenzi ukuqonda nto, kuhle ukushiya ixabiso elisisiseko. IPsec ukhetho kufuneka ahlale unactivated.

Emva koko umsebenzisi ufuna ukuya kwi "Iimfihlo" kwaye wenze ngumsebenzisi kwi-network. In "Server" lwesi- kufuneka ukhankanye L2TP. Ukuba oyifunayo apha ibonisa iprofayile eziya kusetyenziswa ngo-Mikrotik. Kulungiselelwa Server L2TP kwaye phantse ayikagqitywa. Local kunye kude idilesi umncedisi kufuneka enye, umahluko kukuba abanazo kuphela amanani amabini okugqibela. Eli xabiso 10.50.0.10/11 ngokulandelelanayo. Ukuba kukho imfuneko, kufuneka ukudala abasebenzisi ezongezelelweyo. idilesi Local, nangona kunjalo, uhlala ayitshintshanga, kodwa kude kuyimfuneko ukuba kancane ukuba ixabiso efanayo.

Kulungiselelwa firewall

Ukwenzela ukuba sisebenze womnatha elimanyeneyo, kufuneka uvule uhlobo olulodwa lwe UDP port. Liphuma ulawulo ephambili kwaye ihambisa indawo ngasentla. Indlela kuphela ukuphumeza L2TP umsebenzi olungileyo. Mikrotik uqwalaselo inzima, kodwa ngenene ethile umgudu. Ngaphezu koko, lo Sombhalo kufuneka ungene ukongeza NATED kunye ukuzenza. Oku kwenziwa ukuze iikhompyutha ngangokuba zazibonakala phakathi nethiwekhi.

Ukongeza kwindlela

subnet ekude wadalwa ngexesha lonke izicwangciso. Ukuba kufuneka zicaciswe indlela. Ixabiso lokugqibela subnet ukuba 192.168.2.0/24. Gateway ubuye enze kwidilesi enye umxhasi kwi network ngokwayo. volume ekujoliswe kuyo ifanele ibe umanyano. Ngako oko bonke server ekupheleni uqwalaselo, wena ubambe kuphela utshintsho client parameter.

Zokuqwalasela client

Ngokusebenzisa uhlengahlengiso ezinye L2TP technology "Mikrotik" uqwalaselo umxhasi kufuneka ihlawulwe ingqalelo enkulu. Kuyimfuneko ukuya kwicandelo "Interface" kwaye wenze uhlobo olutsha client L2TP. Kufuneka ukhankanye idilesi yomncedisi kunye klk. Encryption kukhethiwe Ngokungagqibekanga, i ukhetho engagqibekanga kufutshane ndlela kubalulekile ukuba ukususa isheke lusebenze. Ukuba yenziwe ngendlela eyiyo, ngoko emva kokuba zokonga uxhulumaniso kufuneka avele kwi network L2TP. Mikrotik, leyo yababini phantse ngokupheleleyo, kuba ukhetho kakhulu ukuba zisetyenziswe VPN.

Thina khangela ukusebenza nodes wadalwa grid. Ngenisa ixabiso 192.168.1.1. Uxhulumaniso kufuneka ibe reset. Kuyimfuneko ke ngoko ukuba ukwenza uhlobo olutsha indlela static. Kuyinto uhlobo subnet 192.168.1.0/24. Gateway - virtual iseva idilesi womnatha. U "Imvelaphi" Kuyimfuneko ukuba ukhankanye idilesi ye-network yomsebenzisi. Emva ezalathelwe UKUTSHEKISHWA operability-kuthiwa ping kunokuthi kubonwe ukuba compound wabonakala. Noko ke, iikhompyutha olunamandla lombane ingekabinazo ningawuboni. Ukwenzela ukuba bakwazi ukudibanisa, edalwe ukuzenza. Ifanele efanayo ngokupheleleyo oko sele yenziwe kwi umncedisi. Enanikade esibonakalayo imveliso unalo uqhagamshelo ixabiso VPN-hlobo. Ukuba ping ophawulekayo, ngoko kufuneka asebenze yonke into. Kwitonela idaliwe, iikhompyutha nga ukuxhuma umsebenzi kwigridi. Nale phakheji elungileyo lweerhafu lula ukufumana isantya megabits-50 ngomzuzwana. Isalathisi ngolo kunokufikelelwa kuphela xa ekungaphumelelini iteknoloji (usebenzisa L2TP) IPSec e Mikrotik.

Kule uqwalaselo womnatha oluqhelekileyo lugqityiwe. Ukuba umsebenzisi elitsha longezwa, kufuneka ibe kwisixhobo yayo ukongeza enye indlela. Ngoko ke isixhobo aya kubona omnye. Ukuba indlela ices ukusuka Client1 kunye Client2, ngoko naliphi na izicwangciso kumncedisi awufuni dingi kuyitshintsha. Unako ukudala nje iindlela, wabukhangelisa nedilesi esangweni welinye icala network.

Kulungiselelwa L2TP kunye IPSec e Mikrotik

Ukuba ufuna ukuthatha unonophelo yokhuseleko, kufuneka usebenzise IPSec. Akuyomfuneko ukuba ukudala uthungelwano entsha, ungasebenzisa endala. Nceda qaphela ukuba kufuneka udale i protocol phakathi iidilesi lohlobo 10.50.0. Oku kuya kuvumela iteknoloji ukusebenza, kungakhathaliseki ukuba idilesi ye client yakhe.

Ukuba kukho umnqweno ukwenza kwitonela IPSec e Mikrotik phakathi iseva kunye lomxhasi WAN, ngoko ke kufuneka uqinisekise ukuba kwakungu idilesi yangaphandle. Ukuba linamandla, kuyimfuneko ukutshintsha imigaqo-nkqubo protocol ngokusebenzisa zeempendulo. Ukuba IPSec ivunyelwe phakathi iidilesi yangaphandle, ngokubanzi, kunye nemfuneko L2TP aya kuncitshiswa abe ubuncinane.

Hlola ukusebenza

Qiniseka ukuba isiphelo useto ofuna ukukhangela ukusebenza. Oku kungenxa yokuba xa usebenzisa L2TP / IPSec encapsulation kwenzeka kabini-hlobo, nto leyo ethetha ukuba CPU unzima kakhulu. Amaxesha amaninzi, xa uyila womnatha kunokuthi kubonwe ukuba isantya uqhagamshelo tsakisi. Yandisa ngokwakha yimisinga ezithile 10. Iprosesa iya ngoko lolayisho phantse nekhulu ekhulwini. Oku luncedo ubugcisa L2TP IPSec Mikrotik. Oku kulimaza yokusebenza iqinisekisa ukhuseleko eliphezulu.

Ukuze ufumane mawundithamsanqele, kufuneka ukuthenga kwinqanaba eliphezulu buciko. Ungakhetha kwakhona ukhetha i zendlela exhasa umsebenzi ngekhompyutha kunye RouterOS. Ukuba uya kuba iyunithi encryption yentsimbi, intsebenzo iphucula kakhulu. Ngelishwa, izixhobo cheap Mikrotik le result angeke.