OpenVPN

服务端:
生成证书等相关文件
/etc/openvpn/easy-rsa/2.0
生成证书

# ./build-ca

1	# ./build-ca

生成服务器认证

# ./build-key-server server

1	# ./build-key-server server

生成客户端

# ./build-key client1

1	# ./build-key client1

更新数据库

# ./build-dh

1	# ./build-dh

/etc/openvpn/server.conf

local 192.168.1.132
port 1194
proto udp
dev tap
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key  # This file should be kept secret
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
server 192.168.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.1.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 116.228.111.118"
push "dhcp-option DNS 180.168.255.18"
client-to-client
duplicate-cn
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3

local 192.168.1.132

port 1194

proto udp

dev tap

ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt

cert /etc/openvpn/easy-rsa/2.0/keys/server.crt

key /etc/openvpn/easy-rsa/2.0/keys/server.key # This file should be kept secret

dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem

server 192.168.0.0 255.255.255.0

ifconfig-pool-persist ipp.txt

push "route 192.168.1.0 255.255.255.0"

push "redirect-gateway def1 bypass-dhcp"

push "dhcp-option DNS 116.228.111.118"

push "dhcp-option DNS 180.168.255.18"

client-to-client

duplicate-cn

keepalive 10 120

comp-lzo

user nobody

group nobody

persist-key

persist-tun

status openvpn-status.log

verb 3

运行:

# openvpn --config /etc/openvpn/server.conf --daemon

1	# openvpn --config /etc/openvpn/server.conf --daemon

客户端:
Windows:

client1.ovpn

client
dev tap
proto udp
remote hostname 1194
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
comp-lzo

client

dev tap

proto udp

remote hostname 1194

persist-key

persist-tun

ca ca.crt

cert client1.crt

key client1.key

comp-lzo

其他需要文件为ca.crt, client1.crt, client1.key
放到安装目录的config中

连接外网:
#打开ipv4的ipforwad
#当次

# echo 1 > /proc/sys/net/ipv4/ip_forward

1	# echo 1 > /proc/sys/net/ipv4/ip_forward

#保存

sysctl -a | grep ip_forward
sysctl -w net.ipv4.ip_forward=1

1 2	sysctl -a \| grep ip_forward sysctl -w net.ipv4.ip_forward=1

#在server上将来自子网192.168.0.0的转换为来自192.168.1.100

iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j SNAT --to-source 192.168.1.100

1	iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j SNAT --to-source 192.168.1.100

发表评论 取消回复

发表评论取消回复