{"id":702,"date":"2018-07-08T00:13:01","date_gmt":"2018-07-07T17:13:01","guid":{"rendered":"https:\/\/lagonet.vn\/?p=702"},"modified":"2018-07-08T00:13:01","modified_gmt":"2018-07-07T17:13:01","slug":"cach-tao-ra-openvpn-server","status":"publish","type":"post","link":"https:\/\/kb.lagonet.vn\/?p=702","title":{"rendered":"C\u00c1CH T\u1ea0O RA OPENVPN SERVER"},"content":{"rendered":"<h1 id=\"OpenVPN\">OpenVPN<a id=\"section_1\" class=\"anchor\" title=\"Edit this section\" href=\"https:\/\/trac.coccoc.com\/coccoc\/wiki\/NCC\/Access-Openvpn\/Openvpn_VDC?action=edit&amp;section=1\"><\/a><\/h1>\n<h2 id=\"VDCServers\">VDC Servers<a id=\"section_2\" class=\"anchor\" title=\"Edit this section\" href=\"https:\/\/trac.coccoc.com\/coccoc\/wiki\/NCC\/Access-Openvpn\/Openvpn_VDC?action=edit&amp;section=2\"><\/a><\/h2>\n<ul>\n<li>vpn1.itim.vn (nas1v.itim.vn)<\/li>\n<li>vpn2.itim.vn (nas2v.itim.vn)<\/li>\n<\/ul>\n<h3 id=\"DebPackages\">Deb Packages<a id=\"section_3\" class=\"anchor\" title=\"Edit this section\" href=\"https:\/\/trac.coccoc.com\/coccoc\/wiki\/NCC\/Access-Openvpn\/Openvpn_VDC?action=edit&amp;section=3\"><\/a><\/h3>\n<ul>\n<li>coccoc-openvpn-ldap-tools<\/li>\n<li>openvpn<\/li>\n<li>openvpn-auth-ldap<\/li>\n<li>coccoc-libldap-conf<\/li>\n<li>libpam-ldap | libpam-ldapd<\/li>\n<\/ul>\n<h3 id=\"Serverconfiguration:Openvpn\">Server configuration: Openvpn<a id=\"section_4\" class=\"anchor\" title=\"Edit this section\" href=\"https:\/\/trac.coccoc.com\/coccoc\/wiki\/NCC\/Access-Openvpn\/Openvpn_VDC?action=edit&amp;section=4\"><\/a><\/h3>\n<p><em>\/etc\/openvpn\/tcp.conf<\/em>\u00a0from nas1v.itim.vn:<\/p>\n<pre class=\"wiki\">plugin \/usr\/lib\/openvpn\/openvpn-auth-pam.so openvpn\nport 1194\nproto tcp\ndev tun\nca \/etc\/openvpn\/easyrsa\/keys\/ca.crt\ncert \/etc\/openvpn\/easyrsa\/keys\/server.crt\nkey \/etc\/openvpn\/easyrsa\/keys\/server.key  # This file should be kept secret\nclient-cert-not-required\ndh \/etc\/openvpn\/easyrsa\/keys\/dh1024.pem\n\nserver 10.130.4.0 255.255.255.0\nifconfig-pool-persist \/var\/log\/openvpn\/ipp.txt\npush \"route 123.30.175.10 255.255.255.255 net_gateway\"\n\n# Note: do not use tabs here, windows vpn client does not see it at all!\n# here we are pushing routes and DNS for internal domain itim.vn\npush \"route 10.3.0.0 255.255.252.0\"\npush \"route 10.10.0.0 255.255.254.0\"\npush \"route 10.10.64.0 255.255.254.0\"\npush \"route 10.101.0.0 255.255.252.0\"\npush \"route 10.120.0.0 255.255.255.0\"\npush \"route 172.16.16.0 255.255.255.0\"\npush \"dhcp-option DNS 10.120.0.10\"\npush \"dhcp-option DNS 10.120.0.20\"\npush \"dhcp-option DOMAIN itim.vn\"\n\ntls-server\ntls-auth \/etc\/openvpn\/easyrsa\/keys\/ta.key 0\ntls-timeout 120\nauth MD5\ncipher BF-CBC\nkeepalive 10 120\ncomp-lzo\npersist-key\npersist-tun\nstatus  \/var\/log\/openvpn\/openvpn-status-tcp.log\nlog     \/var\/log\/openvpn\/openvpn-tcp.log\nverb 3\nmute 3\nmssfix 1300\n\nusername-as-common-name\nscript-security 2\nclient-connect \/etc\/openvpn\/ldap-group-access\/conn_start.sh\nclient-disconnect \/etc\/openvpn\/ldap-group-access\/conn_stop.sh\n\n# zabbix monitoring purposes\nmanagement 127.0.0.1 1150\n<\/pre>\n<h3 id=\"Serverconfiguration:LDAP\">Server configuration: LDAP<a id=\"section_5\" class=\"anchor\" title=\"Edit this section\" href=\"https:\/\/trac.coccoc.com\/coccoc\/wiki\/NCC\/Access-Openvpn\/Openvpn_VDC?action=edit&amp;section=5\"><\/a><\/h3>\n<ul>\n<li>We are using LDAP to check user&#8217;s credentials.<\/li>\n<li>We allows to connect to our Openvpn only for users in group Openvpn.<\/li>\n<\/ul>\n<p><em>\/etc\/openvpn\/tcp.conf<\/em>\u00a0from nas1v.itim.vn:<\/p>\n<pre class=\"wiki\">plugin \/usr\/lib\/openvpn\/openvpn-auth-pam.so openvpn\n<\/pre>\n<p><em>\/etc\/pam.d\/openvpn<\/em>\u00a0for linux PAM<\/p>\n<pre class=\"wiki\"># cat \/etc\/pam.d\/openvpn\n# OpenVPN\naccount\t\trequired pam_ldap.so config=\/etc\/openvpn\/pluginconf\/pam_ldap.conf\nauth\t\trequired pam_ldap.so config=\/etc\/openvpn\/pluginconf\/pam_ldap.conf\npassword\trequired pam_ldap.so config=\/etc\/openvpn\/pluginconf\/pam_ldap.conf\nsession\t\trequired pam_ldap.so config=\/etc\/openvpn\/pluginconf\/pam_ldap.conf\n<\/pre>\n<p><strong>libpam-ldap<\/strong>\u00a0config (\/etc\/openvpn\/pluginconf\/pam_ldap.conf)from nas{1,2}v:<\/p>\n<pre class=\"wiki\">base dc=itim,dc=vn\nuri ldaps:\/\/ldap1.itim.vn ldaps:\/\/ldap2.itim.vn # Failover for ldaps servers\nldap_version 3\nssl on # Enabled SSL\nbind_timelimit 1 # Timelimit for tcp connection to remote ldaps server\npam_groupdn cn=openvpn,ou=Group,dc=itim,dc=vn\npam_member_attribute memberUid\n<\/pre>\n<p>&nbsp;<\/p>\n<hr \/>\n<h2 id=\"Clientconfiguration\">Client configuration<a id=\"section_7\" class=\"anchor\" title=\"Edit this section\" href=\"https:\/\/trac.coccoc.com\/coccoc\/wiki\/NCC\/Access-Openvpn\/Openvpn_VDC?action=edit&amp;section=7\"><\/a><\/h2>\n<p>You can see HOWTOs, if you are an user:<\/p>\n<ul>\n<li>OpenVPN Windows Vista\/7 client HOWTO<\/li>\n<li>OpenVPN Linux client HOWTO<\/li>\n<li>OpenVPN Mac client HOWTO<\/li>\n<\/ul>\n<h3 id=\"Generalclientconfigfilenewlogin-passbased\">General client config file (new, login-pass based)<a id=\"section_8\" class=\"anchor\" title=\"Edit this section\" href=\"https:\/\/trac.coccoc.com\/coccoc\/wiki\/NCC\/Access-Openvpn\/Openvpn_VDC?action=edit&amp;section=8\"><\/a><\/h3>\n<p><tt>\/etc\/openvpn\/client.conf<\/tt>\u00a0(Linux) or\u00a0<tt>itim-pwd.opvn<\/tt>\u00a0(Windows):<\/p>\n<pre class=\"wiki\">client\ndev tun\nproto tcp\n# start of failover config\nremote vpn1.itim.vn 1194\nremote vpn2.itim.vn 1194\nremote-random\n# end of failover options\nresolv-retry infinite\npersist-key\npersist-tun\nca ca-pwd.crt\ntls-client\ntls-auth ta-pwd.key 1\nauth-user-pass\nauth MD5\ncipher BF-CBC\nns-cert-type server\ncomp-lzo\nverb 5\n#mtu-test\nscript-security 2\nup \/etc\/openvpn\/update-resolv-conf\ndown \/etc\/openvpn\/update-resolv-conf\n<\/pre>\n<h3 id=\"Usefulfeatures\">Useful features<a id=\"section_9\" class=\"anchor\" title=\"Edit this section\" href=\"https:\/\/trac.coccoc.com\/coccoc\/wiki\/NCC\/Access-Openvpn\/Openvpn_VDC?action=edit&amp;section=9\"><\/a><\/h3>\n<h4 id=\"HowtosendallyourtrafficviaOpenVPN\">How to send all your traffic via OpenVPN<a id=\"section_10\" class=\"anchor\" title=\"Edit this section\" href=\"https:\/\/trac.coccoc.com\/coccoc\/wiki\/NCC\/Access-Openvpn\/Openvpn_VDC?action=edit&amp;section=10\"><\/a><\/h4>\n<p>If we wanna send all our traffic via the VPN, add the next string to your client config ():<\/p>\n<pre class=\"wiki\"># make a vpn as a default route\nredirect-gateway def1\n<\/pre>\n<p>Warning: if you have more than 1 VPN tunnels, this feature may cause routing bugs.<\/p>\n<h4 id=\"OpenVPNFT\">OpenVPN FT<a id=\"section_11\" class=\"anchor\" title=\"Edit this section\" href=\"https:\/\/trac.coccoc.com\/coccoc\/wiki\/NCC\/Access-Openvpn\/Openvpn_VDC?action=edit&amp;section=11\"><\/a><\/h4>\n<p>Client<\/p>\n<p>The OpenVPN client configuration can refer to multiple servers for load balancing and failover. For example:<\/p>\n<pre class=\"wiki\">remote server1.mydomain\nremote server2.mydomain\nremote server3.mydomain\n<\/pre>\n<p>will direct the OpenVPN client to attempt a connection with server1, server2, and server3 in that order. If an existing connection is broken, the OpenVPN client will retry the most recently connected server, and if that fails, will move on to the next server in the list. You can also direct the OpenVPN client to randomize its server list on startup, so that the client load will be probabilistically spread across the server pool.<\/p>\n<pre class=\"wiki\">remote-random\n<\/pre>\n<h3 id=\"Newuser-ASKouradminstoaddnewuser\">New user &#8211; ASK our admins to add new user!!!<a id=\"section_12\" class=\"anchor\" title=\"Edit this section\" href=\"https:\/\/trac.coccoc.com\/coccoc\/wiki\/NCC\/Access-Openvpn\/Openvpn_VDC?action=edit&amp;section=12\"><\/a><\/h3>\n<p><strong>We don&#8217;t use Key management right now, kept as note!!&#8221;&#8217;<\/strong><\/p>\n<h4 id=\"Keymanagement\">Key management<a id=\"section_13\" class=\"anchor\" title=\"Edit this section\" href=\"https:\/\/trac.coccoc.com\/coccoc\/wiki\/NCC\/Access-Openvpn\/Openvpn_VDC?action=edit&amp;section=13\"><\/a><\/h4>\n<pre class=\"wiki\">cd \/etc\/openvpn\/easy-rsa\/2.0\nsource .\/vars\n.\/pkitool &lt;username&gt;\n<\/pre>\n<p>send to a user files\u00a0<tt>keys\/{ca.crt,&lt;username&gt;.{key,crt}}<\/tt><\/p>\n<h3 id=\"Revokeuserkey\">Revoke user key<a id=\"section_14\" class=\"anchor\" title=\"Edit this section\" href=\"https:\/\/trac.coccoc.com\/coccoc\/wiki\/NCC\/Access-Openvpn\/Openvpn_VDC?action=edit&amp;section=14\"><\/a><\/h3>\n<pre class=\"wiki\">cd \/etc\/openvpn\/easy-rsa\/2.0\nsource .\/vars\n.\/revoke-full &lt;username&gt;\n<\/pre>\n<p>Citation:<\/p>\n<blockquote><p>Note the &#8220;error 23&#8221; in the last line. That is what you want to see, as it indicates that a certificate verification of the revoked certificate failed.<\/p><\/blockquote>\n<h2 id=\"References\">References<a id=\"section_15\" class=\"anchor\" title=\"Edit this section\" href=\"https:\/\/trac.coccoc.com\/coccoc\/wiki\/NCC\/Access-Openvpn\/Openvpn_VDC?action=edit&amp;section=15\"><\/a><\/h2>\n<ul>\n<li><a class=\"ext-link\" href=\"http:\/\/www.openvpn.net\/index.php\/open-source\/documentation\/howto.html\"><span class=\"icon\">\u200b<\/span>OpenVPN 2.0 HOWTO<\/a><\/li>\n<li><a class=\"ext-link\" href=\"http:\/\/www.annoying.dk\/2007\/10\/14\/quick-simple-tutorialhowto-on-openvpn-with-debian\/\"><span class=\"icon\">\u200b<\/span>Debian installation OpenVPN server HOWTO<\/a><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<hr \/>\n<p>Configuration files: [root@samba2o:~]# tree 1 \/etc\/openvpn\/<\/p>\n<pre class=\"wiki\">\/etc\/openvpn\/\n\u251c\u2500\u2500 easyrsa\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 keys # keys and certificate files\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 ca.crt # this file need for client configure\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 ca.key\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 dh1024.pem\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 server.crt\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 server.csr\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 server.key\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2514\u2500\u2500 ta.key # this file need for client configure\n\u251c\u2500\u2500 ldap-group-access\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 confs\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 ldap-groups.conf # Define groups in ldap can establish openvpn connect\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 ldap-search.conf #\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2514\u2500\u2500 ldap-servers.conf # list of ldap severs\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 conn_start.sh # Script to write log and add firewall to allow new connection\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 conn_stop.sh # Script to write log and flush firewall rule\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 func.lib # library used for above scripts\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 ldap_test.sh # Test alive ldap servers\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 services\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 admins.services\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 assessor.services\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2514\u2500\u2500 example.services.example\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 serv-test\n\u251c\u2500\u2500 pluginconf\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 pam_ldap.conf\n\u251c\u2500\u2500 tcp.conf # Main configuration file for tcp protocol connection method\n\u251c\u2500\u2500 udp.conf # Main configuration file for udp protocol connection method\n\u2514\u2500\u2500 update-resolv-conf # update dns to client when client establish connection\n<\/pre>\n<p>Detail of main configuration files:<\/p>\n<p>root@samba2o:\/etc\/openvpn]# cat tcp.conf<\/p>\n<pre class=\"wiki\">plugin \/usr\/lib\/openvpn\/openvpn-auth-pam.so openvpn\nport 1194\nproto tcp\ndev tun\nca \/etc\/openvpn\/easyrsa\/keys\/ca.crt\ncert \/etc\/openvpn\/easyrsa\/keys\/server.crt\nkey \/etc\/openvpn\/easyrsa\/keys\/server.key  # This file should be kept secret\nclient-cert-not-required\ndh \/etc\/openvpn\/easyrsa\/keys\/dh1024.pem\n\nserver 192.168.100.0 255.255.255.0\nifconfig-pool-persist \/var\/log\/openvpn\/ipp-tcp.txt\npush \"redirect-gateway def1\"\n\npush \"dhcp-option DNS 192.168.100.1\"\npush \"dhcp-option DOMAIN itim.vn\"\n\n# Note: do not use tabs here, windows vpn client does not see it at all!\npush \"route 10.0.0.0 255.128.0.0\"\npush \"route 172.16.0.0 255.255.0.0\"\n\n#client-config-dir \/etc\/openvpn\/ccd\n#route 192.168.0.0 255.255.0.0\n#client-to-client\ntls-server\ntls-auth \/etc\/openvpn\/easyrsa\/keys\/ta.key 0\ntls-timeout 120\nauth MD5\ncipher BF-CBC\nkeepalive 10 30\ncomp-lzo\npersist-key\npersist-tun\nstatus\t\/var\/log\/openvpn\/openvpn-status-tcp.log\nlog\t\/var\/log\/openvpn\/openvpn-tcp.log\nverb 3\nmute 3\n#mssfix 1300\n#push \"mssfix 1437\"\ntcp-nodelay\n\nusername-as-common-name\nscript-security 2\nclient-connect \/etc\/openvpn\/ldap-group-access\/conn_start.sh\nclient-disconnect \/etc\/openvpn\/ldap-group-access\/conn_stop.sh\n\n# zabbix monitoring purposes\nmanagement 127.0.0.1 1150\n<\/pre>\n<p>[root@samba2o:\/etc\/openvpn]# cat \/etc\/openvpn\/udp.conf<\/p>\n<pre class=\"wiki\">plugin \/usr\/lib\/openvpn\/openvpn-auth-pam.so openvpn\nport 1194\nproto udp\ndev tun\nca \/etc\/openvpn\/easyrsa\/keys\/ca.crt\ncert \/etc\/openvpn\/easyrsa\/keys\/server.crt\nkey \/etc\/openvpn\/easyrsa\/keys\/server.key  # This file should be kept secret\nclient-cert-not-required\ndh \/etc\/openvpn\/easyrsa\/keys\/dh1024.pem\n\nserver 192.168.101.0 255.255.255.0\nifconfig-pool-persist \/var\/log\/openvpn\/ipp-udp.txt\npush \"redirect-gateway def1\"\n\npush \"dhcp-option DNS 192.168.101.1\"\npush \"dhcp-option DOMAIN itim.vn\"\n\n# Note: do not use tabs here, windows vpn client does not see it at all!\npush \"route 10.0.0.0 255.128.0.0\"\npush \"route 172.16.0.0 255.255.0.0\"\n\n\n#client-config-dir \/etc\/openvpn\/ccd\n#route 192.168.0.0 255.255.0.0\n#client-to-client\ntls-server\ntls-auth \/etc\/openvpn\/easyrsa\/keys\/ta.key 0\ntls-timeout 120\nauth MD5\ncipher BF-CBC\nkeepalive 10 30\ncomp-lzo\npersist-key\npersist-tun\nstatus\t\/var\/log\/openvpn\/openvpn-status-udp.log\nlog\t\/var\/log\/openvpn\/openvpn-udp.log\nverb 3\nmute 3\nmtu-test\nmssfix 1300\n#push \"mssfix 1437\"\ntcp-nodelay\n\nusername-as-common-name\nscript-security 2\nclient-connect \/etc\/openvpn\/ldap-group-access\/conn_start.sh\nclient-disconnect \/etc\/openvpn\/ldap-group-access\/conn_stop.sh\n\n# zabbix monitoring purposes\nmanagement 127.0.0.1 1151<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>OpenVPN VDC Servers vpn1.itim.vn (nas1v.itim.vn) vpn2.itim.vn (nas2v.itim.vn) Deb Packages coccoc-openvpn-ldap-tools openvpn openvpn-auth-ldap coccoc-libldap-conf libpam-ldap | libpam-ldapd Server configuration: Openvpn \/etc\/openvpn\/tcp.conf\u00a0from [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[6],"tags":[],"class_list":["post-702","post","type-post","status-publish","format-standard","hentry","category-networking"],"_links":{"self":[{"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=\/wp\/v2\/posts\/702","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=702"}],"version-history":[{"count":0,"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=\/wp\/v2\/posts\/702\/revisions"}],"wp:attachment":[{"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=702"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=702"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kb.lagonet.vn\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=702"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}