Pehea e hoʻonohonoho ai i ka Hailbytes VPN no kāu ʻĀina AWS

Introduction

Ma kēia ʻatikala, e hele mākou i ka hoʻonohonoho ʻana iā HailBytes VPN ma kāu pūnaewele, kahi VPN maʻalahi a paʻa a paʻa no kāu pūnaewele. Hiki ke loaʻa nā kikoʻī hou aʻe a me nā kikoʻī kikoʻī i kā mākou palapala hoʻomohala pili maanei.

e hoomakaukau ai

1. Pono waiwai:

Manaʻo mākou e hoʻomaka me 1 vCPU a me 1 GB o RAM ma mua o ka hoʻonui ʻana.

No ka Omnibus-based deployments ma nā kikowaena me ka liʻiliʻi o 1 GB o ka hoʻomanaʻo, pono ʻoe e hoʻohuli i ka swap e pale aku i ka kernel Linux mai ka pepehi ʻana i nā kaʻina Firezone.

Pono ka 1 vCPU e hoʻopiha i kahi loulou 1 Gbps no ka VPN.

2. E hana i ka mooolelo DNS: Pono ʻo Firezone i kahi inoa kikowaena kūpono no ka hoʻohana ʻana, e laʻa me firezone.company.com. Pono e hana i kahi moʻolelo DNS kūpono e like me A, CNAME, a i ʻole AAAA moʻolelo.

3. Hoʻonohonoho SSL: Pono ʻoe i kahi palapala SSL kūpono e hoʻohana ai i Firezone i kahi mana hana. Kākoʻo ʻo Firezone i ka ACME no ka hoʻolako ʻana i nā palapala SSL no nā hoʻonohonoho Docker a me Omnibus.

4. Wehe i nā awa pā ahi: Hoʻohana ʻo Firezone i nā awa 51820/udp a me 443/tcp no HTTPS a me WireGuard traffic. Hiki iā ʻoe ke hoʻololi i kēia mau awa ma hope o ka faila hoʻonohonoho.

Hoʻopili ma Docker (Manaʻo ʻia)

1. Nā mea e pono ai:

E hōʻoia aia ʻoe ma kahi kahua i kākoʻo ʻia me ka docker-compose version 2 a i ʻole ke kiʻekiʻe.

E hōʻoia i ka hiki ʻana o ka hoʻouna awa ma ka pā ahi. Pono nā awa paʻamau e wehe ʻia:

o 80/tcp (koho): Hoʻopuka ʻakomi i nā palapala SSL

o 443/tcp: E kiʻi i ka UI pūnaewele

o 51820/udp: VPN traffic listen port

2. E hoʻouka i ke koho kikowaena I: Hoʻokomo ʻakomi (Manaʻo ʻia)

Run installation script: bash <(curl -fsSL https://github.com/firezone/firezone/raw/master/scripts/install.sh) 1889d1a18e090c-0ec2bae288f1e2-26031d51-144000-1889d1a18e11c6c

E nīnau iā ʻoe i kekahi mau nīnau e pili ana i ka hoʻonohonoho mua ʻana ma mua o ka hoʻoiho ʻana i kahi faila docker-compose.yml. Makemake ʻoe e hoʻonohonoho me kāu mau pane, a paʻi i nā ʻōlelo kuhikuhi no ke komo ʻana i ka UI Pūnaewele.

Wahi paʻamau Firezone: $HOME/.firezone.

2. E hoʻouka i ke kikowaena Koho II: Hoʻokomo lima

Hoʻoiho i ka papa kuhikuhi docker compose i kahi papa kuhikuhi hana kūloko

- Linux: curl -fsSL https://raw.githubusercontent.com/firezone/firezone/master/docker-compose.prod.yml -o docker-compose.yml

- macOS a i ʻole Windows: curl -fsSL https://raw.githubusercontent.com/firezone/firezone/master/docker-compose.desktop.yml -o docker-compose.yml

E hana i nā mea huna i makemake ʻia: docker run –rm firezone/firezone bin/gen-env > .env

E hoʻololi i nā mea hoʻololi DEFAULT_ADMIN_EMAIL a me EXTERNAL_URL. E hoʻololi i nā mea huna ʻē aʻe inā pono.

E neʻe i ka waihona: docker compose run –rm firezone bin/migrate

E hana i kahi moʻokāki admin: docker compose run –rm firezone bin/create-or-reset-admin

E hoʻonui i nā lawelawe: docker compose up -d

Hiki iā ʻoe ke komo i ka UI Firezome ma o ka hoʻololi EXTERNAL_URL i wehewehe ʻia ma luna.

3. E ho'ā ma ka pahu (ke koho):

E hōʻoia i ka hiki ʻana o Docker i ka hoʻomaka ʻana: sudo systemctl enable docker

Pono ka hoʻomaka hou ʻana o nā lawelawe Firezone: mau a hoʻomaka hou paha: ke ʻole ke koho i hoʻopaʻa ʻia ma ka faila docker-compose.yml.

4. E ho'ā i ka IPv6 Public Routability (koho):

E hoʻohui i kēia i /etc/docker/daemon.json e hiki ai iā IPv6 NAT a hoʻonohonoho i ka hoʻouna ʻana i IPv6 no nā pahu Docker.

E ho'ā i nā leka hoʻomaopopo o ka mea hoʻokele ma ka boot no kāu egress interface: egress=`ip route show default 0.0.0.0/0 | grep -oP '(?<=dev ).*' | ʻoki -f1 -d' ' | tr -d '\n'` sudo bash -c “echo net.ipv6.conf.${egress}.accept_ra=2 >> /etc/sysctl.conf”

Hoʻomaka hou a hoʻāʻo ma ka pinging iā Google mai loko o ka pahu docker: holo docker –rm -t busybox ping6 -c 4 google.com

ʻAʻole pono e hoʻohui i nā lula iptables e hiki ai iā IPv6 SNAT/masquerading no ke kaʻa kaʻa. E mālama ʻo Firezone i kēia.

5. E hoʻouka i nā polokalamu kelepona

Hiki iā ʻoe ke hoʻohui i nā mea hoʻohana i kāu pūnaewele a hoʻonohonoho i nā ʻōlelo kuhikuhi e hoʻokumu i kahi kau VPN.

Hoʻonohonoho Post

Hoʻomaikaʻi, ua hoʻopau ʻoe i ka hoʻonohonoho! Makemake paha ʻoe e nānā i kā mākou palapala hoʻomohala no nā hoʻonohonoho hou, noʻonoʻo palekana, a me nā hiʻohiʻona holomua: https://www.firezone.dev/docs/

Pehea e wehe ai i ka metadata mai kahi faila

April 27, 2024 No Comments

Pehea e Wehe ai i ka Metadata mai kahi File Introduction Metadata, i wehewehe pinepine ʻia he "ʻikepili e pili ana i ka ʻikepili," ʻo ia ka ʻike e hāʻawi ana i nā kikoʻī e pili ana i kahi faila. ʻO ia

Heluhelu »

Ke kāʻalo ʻana i ka Pūnaewele Pūnaewele me TOR

April 27, 2024 No Comments

Kaʻalo ʻana i ka Internet Censorship me TOR Introduction Ma kahi honua kahi e hoʻoponopono nui ʻia ai ka ʻike, ua lilo nā mea hana e like me ka pūnaewele Tor i mea koʻikoʻi no

Heluhelu »

Nā leka Kobold: HTML-based Email Phishing Attacks

April 18, 2024 No Comments

Kobold Letters: HTML-based Email Phishing Attacks Ma Malaki 31st 2024, ua hoʻopuka ʻo Luta Security i kahi ʻatikala e hoʻomālamalama ana i kahi vector phishing hou, nā Kobold Letters.

Heluhelu »

Pehea e hoʻonohonoho ai i ka Hailbytes VPN no kāu ʻĀina AWS

Introduction

e hoomakaukau ai

Hoʻopili ma Docker (Manaʻo ʻia)

Hoʻonohonoho Post

Pehea e wehe ai i ka metadata mai kahi faila

Ke kāʻalo ʻana i ka Pūnaewele Pūnaewele me TOR

Nā leka Kobold: HTML-based Email Phishing Attacks

Services

ʻO kā mākou hui

ʻO kā mākou pane

pāʻoihana

FAQ palekana

Social Media