OpenVPN

服务端:
生成证书等相关文件
/etc/openvpn/easy-rsa/2.0
生成证书

# ./build-ca

生成服务器认证

# ./build-key-server server

生成客户端

# ./build-key client1

更新数据库

# ./build-dh

/etc/openvpn/server.conf

local 192.168.1.132
port 1194
proto udp
dev tap
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key  # This file should be kept secret
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
server 192.168.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.1.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 116.228.111.118"
push "dhcp-option DNS 180.168.255.18"
client-to-client
duplicate-cn
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3

运行:

# openvpn --config /etc/openvpn/server.conf --daemon

客户端:
Windows:

client1.ovpn

client
dev tap
proto udp
remote hostname 1194
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
comp-lzo

其他需要文件为ca.crt, client1.crt, client1.key
放到安装目录的config中

连接外网:
#打开ipv4的ipforwad
#当次

# echo 1 > /proc/sys/net/ipv4/ip_forward 

#保存

sysctl -a | grep ip_forward
sysctl -w net.ipv4.ip_forward=1 

#在server上将来自子网192.168.0.0的转换为来自192.168.1.100

iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j SNAT --to-source 192.168.1.100

发表评论

您的电子邮箱地址不会被公开。