0
点赞
收藏
分享

微信扫一扫

OpenCV Mat和Bitmap的转换

独兜曲 2023-12-02 阅读 36

文章目录

AWS Client VPN实验架构图

image-20230530164004410

1.AWS VPN介绍

基础知识:网络安全、加密技术、AWS VPC网络概念

2.AWS Client VPN系统结构

参考链接:https://aws.amazon.com/cn/vpn/features/

3.AWS Client VPN - 生成上传VPN证书

  • 在 EC2 实例中生成 VPN 服务器和客户端的证书密钥
  • 将建立的证书上传到ACM

操作演示

# 系统更新
$ sudo yum update -y

# 安装Git
$ sudo yum install -y git

# 将OpenVPN easy-rsa 存储库克隆到本地
$ git clone https://github.com/OpenVPN/easy-rsa.git
$ cd easy-rsa/easyrsa3

# 初始化一个新的 PKI环境(PKI:公钥基础设施)
$ ./easyrsa init-pki

# 构建新的证书颁发机构(CA)
$ ./easyrsa build-ca nopass

# 生成服务器证书和密钥
$ ./easyrsa build-server-full server.vpn.xybaws.com nopass

# 生成客户端证书和密钥
$ ./easyrsa build-client-full client1.vpn.xybaws.com nopass

# 将服务器证书和密钥和客户端证书和密钥复制到项目文件夹
$ mkdir ~/xybaws-vpn/
$ cp pki/ca.crt ~/xybaws-vpn/
$ cp pki/issued/server.vpn.xybaws.com.crt ~/xybaws-vpn/
$ cp pki/private/server.vpn.xybaws.com.key ~/xybaws-vpn/
$ cp pki/issued/client1.vpn.xybaws.com.crt ~/xybaws-vpn/
$ cp pki/private/client1.vpn.xybaws.com.key ~/xybaws-vpn/
$ cd ~/xybaws-vpn

# 将服务器证书和密钥以及客户端证书和密钥上传到 ACM
$ aws acm import-certificate \
	--certificate fileb://server.vpn.xybaws.com.crt \
	--private-key fileb://server.vpn.xybaws.com.key \
	--certificate-chain fileb://ca.crt \
	--tags Key=Name,Value=xybaws-vpn-server \
	--region ap-northeast-1
$ aws acm import-certificate \
	--certificate fileb://client1.vpn.xybaws.com.crt \
	--private-key fileb://client1.vpn.xybaws.com.key \
	--certificate-chain fileb://ca.crt \
	--tags Key=Name,Value=xybaws-vpn-client1 \
	--region ap-northeast-1

image-20230530114410732

4.AWS Client VPN - 建立 VPN 使用的 安全组

官方链接:https://docs.aws.amazon.com/zh_cn/vpn/latest/clientvpn-admin/client-authorization.html

image-20230530115657709

5.AWS Client VPN - 建立客户端 VPN 终端节点

建立客户端 VPN终端节点

官网地址:https://docs.aws.amazon.com/zh_cn/vpn/latest/clientvpn-admin/cvpn-getting-started.html

操作步骤:

image-20230530122156289

image-20230606094422735

image-20230530122506459

6.AWS Client VPN - 关联 VPN 终端节点

image-20230530122748808

image-20230530122727771
image-20230530151156506

7.AWS Client VPN - 授权客户端访问网络

VPC / 客户端 VPN 终端节点 / xybaws-vpc

授权 / Authorize Ingress

  • 要启动访问权限的目标网络
    • 0.0.0.0/0
  • 授权访问权限
    • 允许访问所有用户

image-20230530151249461

image-20230530151348350

image-20230530151452391

8.AWS Client VPN - 建立授权配置文件

  • 下载客户端 ovpn文件

image-20230530152058997
image-20230530152106446

  • 编辑授权配置文件
<cert>
Contenets of client certificate (.crt) file
</cert>

<key>
Contents of private key (.key) file
</key>
  • 修改 DNS 名称
remote client1.cvpn-endpoint-0bebae19c3283ab85.prod.clientvpn.ap-northeast-1.amazonaws.com 443

9.AWS Client VPN - 修改路由表

image-20230530153549524

10.AWS Client VPN - 使用 OpenVPN 连接 Client VPN 终端节点

image-20230530163702999

image-20230530162101676

image-20230530160527082


image-20230530162330528

image-20230530160705444


完结🎉

举报

相关推荐

0 条评论