openvpn配置
来源:互联网 发布:旅行收纳袋 知乎 编辑:程序博客网 时间:2024/05/17 08:09
-- 防火墙配置
[root@xx ~]# service iptables status
Table: nat
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 MASQUERADE all -- 192.168.61.0/24 0.0.0.0/0
2 MASQUERADE all -- 192.168.61.0/24 0.0.0.0/0
3 MASQUERADE all -- 192.168.32.0/24 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
-- server.conf配置
[root@xxx openvpn]# pwd
/etc/openvpn
[root@xxx openvpn]# cat server.conf
;user nobody #定义openvpn运行时使用的用户及用户组
;group nobody
port 1194
# 改成tcp,默认使用udp,如果使用HTTP Proxy,必须使用tcp协议
dev tun
proto tcp
local 10.253.42.71
# 路径前面加keys,全路径▒?etc/openvpn/keys/ca.crt
ca keys/ca.crt
cert keys/server.crt
key keys/server.key # This file should be kept secret
dh keys/dh2048.pem
# 默认虚拟局域网网段,不要和实际的局域网冲突即可
server 192.168.32.0 255.255.255.0
ifconfig-pool-persist ipp.txt
# 10.0.0.0/8是我这台VPN服务器所在的内网的网段,读者应该根据自身实际情况进行修▒?
#push "redirect-gateway def1 bypass-dhcp"
push "route 10.0.0.0 255.0.0.0"
push "route 10.253.42.0 255.255.255.0"
push "route 10.139.40.0 255.255.255.0"
#push "route 192.168.1.0 255.255.255.0"
#push "dhcp-option DNS 208.67.222.222"
max-clients 100
;push "redirect-gateway def1 bypass-dhcp"
# 可以让客户端之间相互访问直接通过openvpn程序转发,根据需要设▒?
client-to-client
# 如果客户端都使用相同的证书和密钥连接VPN,一定要打开这个选项,否则每个证书只允许一个人连接VPN
duplicate-cn
keepalive 10 120
;tls-auth ta.key 0 # This file is secret
comp-lzo
persist-key
persist-tun
# OpenVPN的状态日志,默认▒?etc/openvpn/openvpn-status.log
status openvpn-status.log
# OpenVPN的运行日志,默认▒?etc/openvpn/openvpn.log
log-append openvpn.log
# 改成verb 5可以多查看一些调试信▒?
verb 5
-- 客户的生成
/usr/share/easy-rsa/2.0/keys
ca.crt
client1.crt
client1.key
online.ovpn
server.crt
server.key
[root@xx ~]# service iptables status
Table: nat
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 MASQUERADE all -- 192.168.61.0/24 0.0.0.0/0
2 MASQUERADE all -- 192.168.61.0/24 0.0.0.0/0
3 MASQUERADE all -- 192.168.32.0/24 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
-- server.conf配置
[root@xxx openvpn]# pwd
/etc/openvpn
[root@xxx openvpn]# cat server.conf
;user nobody #定义openvpn运行时使用的用户及用户组
;group nobody
port 1194
# 改成tcp,默认使用udp,如果使用HTTP Proxy,必须使用tcp协议
dev tun
proto tcp
local 10.253.42.71
# 路径前面加keys,全路径▒?etc/openvpn/keys/ca.crt
ca keys/ca.crt
cert keys/server.crt
key keys/server.key # This file should be kept secret
dh keys/dh2048.pem
# 默认虚拟局域网网段,不要和实际的局域网冲突即可
server 192.168.32.0 255.255.255.0
ifconfig-pool-persist ipp.txt
# 10.0.0.0/8是我这台VPN服务器所在的内网的网段,读者应该根据自身实际情况进行修▒?
#push "redirect-gateway def1 bypass-dhcp"
push "route 10.0.0.0 255.0.0.0"
push "route 10.253.42.0 255.255.255.0"
push "route 10.139.40.0 255.255.255.0"
#push "route 192.168.1.0 255.255.255.0"
#push "dhcp-option DNS 208.67.222.222"
max-clients 100
;push "redirect-gateway def1 bypass-dhcp"
# 可以让客户端之间相互访问直接通过openvpn程序转发,根据需要设▒?
client-to-client
# 如果客户端都使用相同的证书和密钥连接VPN,一定要打开这个选项,否则每个证书只允许一个人连接VPN
duplicate-cn
keepalive 10 120
;tls-auth ta.key 0 # This file is secret
comp-lzo
persist-key
persist-tun
# OpenVPN的状态日志,默认▒?etc/openvpn/openvpn-status.log
status openvpn-status.log
# OpenVPN的运行日志,默认▒?etc/openvpn/openvpn.log
log-append openvpn.log
# 改成verb 5可以多查看一些调试信▒?
verb 5
-- 客户的生成
/usr/share/easy-rsa/2.0/keys
ca.crt
client1.crt
client1.key
online.ovpn
server.crt
server.key
阅读全文
0 0
- openvpn配置
- OpenVPN 配置
- openvpn配置
- OpenVPN 配置和使用
- Linux下配置OpenVPN
- 深入OpenVPN的配置
- openvpn客户端配置
- Milestone上Openvpn配置
- openvpn配置详解
- OpenVPN On CentOS5 配置
- OpenVPN配置笔记
- openvpn安装配置
- openvpn成功配置思考
- BT5R3 OpenVPN的配置
- OpenVPN配置笔记
- openvpn安装配置
- 深入OpenVPN的配置
- OpenVPN安装配置
- 【转】快速搭建react的webpack初始环境
- Javascript整理
- 挑战程序竞赛系列(31):4.5剪枝
- var 有无的区别
- ccf认证窗口
- openvpn配置
- LeetCode oj 21. Merge Two Sorted Lists(分类:链表)(难度:easy)
- Unity教程之-Unity3d自带寻路Navmesh
- 搜索专题总结
- shell 脚本编程之算术运算符
- 关于MFC当中使用VC(C++)8位BMP提取Y通道平均值的笔记
- 设计模式六大原则
- com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Unknown column dd in where clause
- uva 12338