如何创建 VPN?

如何创建 VPN?

我需要访问一个网页,结果出现 403 错误,我被告知只能在服务器所在的局域网中或通过 VPN 连接才能访问。我对 VPN 的概念非常模糊,不知道如何制作 VPN。无法使用 LAN。我用的是 Mac(OS X 10.6.8)。

答案1

我在网站的公共部分搜索了一下,以便能够回答 Rowland Shaw 的评论。我找到了一个.pcf文件。查看了安装过程后,我认为它是一个配置文件,并尝试用文本编辑器打开它。然后我谷歌了一下,mac vpn client发现 Mac 本身支持它。我创建了一个新的网络接口,猜测hostpcf 文件中应该Server Address在系统偏好设置中,我已经知道用户名和密码并尝试连接。然后我了解到我需要给它一个组密钥(或者我相信是共享密钥)(以及一个组名。但这只是在 pcf 中给出的)。这有点困难。在 pcf 文件中,它说enc_groupPwd。我认为这意味着加密,但还是试了一下。Group Secret incorrect之后我发现本指南这帮助了我。它有一个链接用于思科编码的 Group Secrets 的解码器,使用这个解码器(源代码)。如果托管源代码的服务器删除文件或发生故障:情况如下:

/* Decoder for password encoding of Cisco VPN client.
   Copyright (C) 2005 Maurice Massar
   Thanks to [email protected] for decoding and posting the algorithm!

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 2 of the License, or
   (at your option) any later version.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program; if not, write to the Free Software
   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
*/

/*
   Requires libgcrypt version 1.1.90 or newer
   Compile with:
    gcc -Wall -o cisco-decrypt cisco-decrypt.c $(libgcrypt-config --libs --cflags)
   Usage:
    ./cisco-decrypt DEADBEEF...012345678 424242...7261
 */

#include <stdio.h>
#include <stdlib.h>
#include <gcrypt.h>
#include <errno.h>

int hex2bin_c(unsigned int c)
{
    if ((c >= '0')&&(c <= '9'))
        return c - '0';
    if ((c >= 'A')&&(c <= 'F'))
        return c - 'A' + 10;
    if ((c >= 'a')&&(c <= 'f'))
        return c - 'a' + 10;
    return -1;
}

int hex2bin(const char *str, char **bin, int *len)
{
    char *p;
    int i, l;

    if (!bin)
        return EINVAL;

    for (i = 0; str[i] != '\0'; i++)
        if (hex2bin_c(str[i]) == -1)
            return EINVAL;

    l = i;
    if ((l & 1) != 0)
        return EINVAL;
    l /= 2;

    p = malloc(l);
    if (p == NULL)
        return ENOMEM;

    for (i = 0; i < l; i++)
        p[i] = hex2bin_c(str[i*2]) << 4 | hex2bin_c(str[i*2+1]);

    *bin = p;
    if (len)
        *len = l;

    return 0;
}

int c_decrypt(char *ct, int len, char **resp, char *reslenp)
{
    const char *h1  = ct;
    const char *h4  = ct + 20;
    const char *enc = ct + 40;

    char ht[20], h2[20], h3[20], key[24];
    const char *iv = h1;
    char *res;
    gcry_cipher_hd_t ctx;
    int reslen;

    if (len < 48)
        return 0;
    len -= 40;

    memcpy(ht, h1, 20);

    ht[19]++;
    gcry_md_hash_buffer(GCRY_MD_SHA1, h2, ht, 20);

    ht[19] += 2;
    gcry_md_hash_buffer(GCRY_MD_SHA1, h3, ht, 20);

    memcpy(key, h2, 20);
    memcpy(key+20, h3, 4);
    /* who cares about parity anyway? */

    gcry_md_hash_buffer(GCRY_MD_SHA1, ht, enc, len);

    if (memcmp(h4, ht, 20) != 0)
        return -1;

    res = malloc(len);
    if (res == NULL)
        return -1;

    gcry_cipher_open(&ctx, GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC, 0);
    gcry_cipher_setkey(ctx, key, 24);
    gcry_cipher_setiv(ctx, iv, 8);
    gcry_cipher_decrypt(ctx, (unsigned char *)res, len, (unsigned char *)enc, len);
    gcry_cipher_close(ctx);

    reslen = len - res[len-1];
    res[reslen] = '\0';

    if (resp)
        *resp = res;
    if (reslenp)
        *reslenp = reslen;
    return 0;
}

int main(int argc, char *argv[])
{
    int i, len, ret = 0;
    char *bin, *pw;

    gcry_check_version(NULL);

    for (i = 1; i < argc; i++) {
        ret = hex2bin(argv[i], &bin, &len);
        if (ret != 0) {
            perror("decoding input");
            continue;
        }
        ret = c_decrypt(bin, len, &pw, NULL);
        free(bin);
        if (ret != 0) {
            perror("decrypting input");
            continue;
        }
        printf("%s\n", pw);
        free(pw);
    }

    exit(ret != 0);
}

如果我以某种方式违反了许可,请发表评论(或编辑此帖子)。

相关内容