nat123+OpenVPN连接校园网
来源:互联网 发布:获取所有股票信息 js 编辑:程序博客网 时间:2024/04/29 19:12
1.网络结构
服务器端:校园网 系统:xpsp3 pro vol 虚拟地址:10.8.0.1
客户端:任意 系统 win10 虚拟地址:10.8.0.6
2.软件安装
在两台电脑都安装OpenVPN xp专用版 和nat123软件(用于内网穿透 端口映射 也可以安花生壳)
操作系统 软件 Installer (32-bit), Windows XPopenvpn-install-2.3.10-I001-i686.exe
3.配置OpenVPN
服务器端
开始>所有程序>附件>右键以管理员权限 打开命令提示符,输入:
cd C:\Program Files\OpenVPN\easy-rsainit-configvarsclean-allbuild-ca 一路回车build-dhbuild-key-server server 一路回车 输入两次y结束build-key client 一路回车 输入两次y结束上面中 Common Name 分别改成 OpenVPN_CA server client1 client2 ...,密码随心情定openvpn –genkey –secret keys/ta.key
把 C:\Program Files\OpenVPN\easy-rsa\keys下文件放在C:\Program Files\OpenVPN\config下用写字板或记事本打开并修改C:\Program Files (x86)\OpenVPN\sample-config下server.ovpn文件 把文件放到C:\Program Files\OpenVPN\config下dh dh2048.pem改为dh dh1024.pem去除push "redirect-gateway def1 bypass-dhcp"注释删除comp-lzo注释删去tls-auth ta.key 0前的注释
客户端
把 C:\Program Files\OpenVPN\easy-rsa\keys下文件放在 C:\Program Files\OpenVPN\config下拷贝并修改服务器端C:\Program Files (x86)\OpenVPN\sample-config下client.ovpn文件把文件放到C:\Program Files\OpenVPN\config下修改remote 17075c29.all123.net 1194 修改为nat123分配的外网域名(服务器端地址)删除comp-lzo注释删去tls-auth ta.key 1 前的注释
4. 配置nat123
在官网注册一个账号登录
服务器端
点击添加映射 免费哦
主机地址localhost 选择全端口映射 并保存
客户端
登录nat123访问者
访问域名 为外网域名(17075c29.all123.net)
访问端口1194
5.XP开启NAT转发
win+R键 输入services.msc
在客户端和服务器两台机器上都设置Routing and remote access服务为自动启动 win+R 键 输入regedit打开注册表 修改键值为1HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\IPEnableRouter= 1 重启电脑打开网络适配器并重命名适配器 上网网卡为LOCAL OpenVPN生成的虚拟网卡为VPN
win+R cmd 打开命令提示符输入:
netshroutingipnatinstalladd interface name="VPN" mode=privateadd interface name="LOCAL" mode=full
输入show interface并回车,如果出现:
NAT VPN 配置—————————模式 : 专用接口NAT LOCAL 配置—————————模式 : 地址和端口转
则设置完成。分别启动OpenVPN GUI 并连接,图标变为绿色则连接成功。
6.配置文件示例
server.ovpn
################################################## Sample OpenVPN 2.0 config file for ## multi-client server. ## ## This file is for the server side ## of a many-clients <-> one-server ## OpenVPN configuration. ## ## OpenVPN also supports ## single-machine <-> single-machine ## configurations (See the Examples page ## on the web site for more info). ## ## This config should work on Windows ## or Linux/BSD systems. Remember on ## Windows to quote pathnames and use ## double backslashes, e.g.: ## "C:\\Program Files\\OpenVPN\\config\\foo.key" ## ## Comments are preceded with '#' or ';' ################################################### Which local IP address should OpenVPN# listen on? (optional);local a.b.c.d# Which TCP/UDP port should OpenVPN listen on?# If you want to run multiple OpenVPN instances# on the same machine, use a different port# number for each one. You will need to# open up this port on your firewall.port 1194# TCP or UDP server?proto tcp;proto udp# "dev tun" will create a routed IP tunnel,# "dev tap" will create an ethernet tunnel.# Use "dev tap0" if you are ethernet bridging# and have precreated a tap0 virtual interface# and bridged it with your ethernet interface.# If you want to control access policies# over the VPN, you must create firewall# rules for the the TUN/TAP interface.# On non-Windows systems, you can give# an explicit unit number, such as tun0.# On Windows, use "dev-node" for this.# On most systems, the VPN will not function# unless you partially or fully disable# the firewall for the TUN/TAP interface.;dev tapdev tun# Windows needs the TAP-Win32 adapter name# from the Network Connections panel if you# have more than one. On XP SP2 or higher,# you may need to selectively disable the# Windows firewall for the TAP adapter.# Non-Windows systems usually don't need this.;dev-node MyTap# SSL/TLS root certificate (ca), certificate# (cert), and private key (key). Each client# and the server must have their own cert and# key file. The server and all clients will# use the same ca file.## See the "easy-rsa" directory for a series# of scripts for generating RSA certificates# and private keys. Remember to use# a unique Common Name for the server# and each of the client certificates.## Any X509 key management system can be used.# OpenVPN can also use a PKCS #12 formatted key file# (see "pkcs12" directive in man page).ca ca.crtcert server.crtkey server.key # This file should be kept secret# Diffie hellman parameters.# Generate your own with:# openssl dhparam -out dh2048.pem 2048dh dh1024.pem# Network topology# Should be subnet (addressing via IP)# unless Windows clients v2.0.9 and lower have to# be supported (then net30, i.e. a /30 per client)# Defaults to net30 (not recommended);topology subnet# Configure server mode and supply a VPN subnet# for OpenVPN to draw client addresses from.# The server will take 10.8.0.1 for itself,# the rest will be made available to clients.# Each client will be able to reach the server# on 10.8.0.1. Comment this line out if you are# ethernet bridging. See the man page for more info.server 10.8.0.0 255.255.255.0# Maintain a record of client <-> virtual IP address# associations in this file. If OpenVPN goes down or# is restarted, reconnecting clients can be assigned# the same virtual IP address from the pool that was# previously assigned.ifconfig-pool-persist ipp.txt# Configure server mode for ethernet bridging.# You must first use your OS's bridging capability# to bridge the TAP interface with the ethernet# NIC interface. Then you must manually set the# IP/netmask on the bridge interface, here we# assume 10.8.0.4/255.255.255.0. Finally we# must set aside an IP range in this subnet# (start=10.8.0.50 end=10.8.0.100) to allocate# to connecting clients. Leave this line commented# out unless you are ethernet bridging.;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100# Configure server mode for ethernet bridging# using a DHCP-proxy, where clients talk# to the OpenVPN server-side DHCP server# to receive their IP address allocation# and DNS server addresses. You must first use# your OS's bridging capability to bridge the TAP# interface with the ethernet NIC interface.# Note: this mode only works on clients (such as# Windows), where the client-side TAP adapter is# bound to a DHCP client.;server-bridge# Push routes to the client to allow it# to reach other private subnets behind# the server. Remember that these# private subnets will also need# to know to route the OpenVPN client# address pool (10.8.0.0/255.255.255.0)# back to the OpenVPN server.;push "route 192.168.20.0 255.255.255.0"# To assign specific IP addresses to specific# clients or if a connecting client has a private# subnet behind it that should also have VPN access,# use the subdirectory "ccd" for client-specific# configuration files (see man page for more info).# EXAMPLE: Suppose the client# having the certificate common name "Thelonious"# also has a small subnet behind his connecting# machine, such as 192.168.40.128/255.255.255.248.# First, uncomment out these lines:;client-config-dir ccd;route 192.168.40.128 255.255.255.248# Then create a file ccd/Thelonious with this line:# iroute 192.168.40.128 255.255.255.248# This will allow Thelonious' private subnet to# access the VPN. This example will only work# if you are routing, not bridging, i.e. you are# using "dev tun" and "server" directives.# EXAMPLE: Suppose you want to give# Thelonious a fixed VPN IP address of 10.9.0.1.# First uncomment out these lines:;client-config-dir ccd;route 10.9.0.0 255.255.255.252# Then add this line to ccd/Thelonious:# ifconfig-push 10.9.0.1 10.9.0.2# Suppose that you want to enable different# firewall access policies for different groups# of clients. There are two methods:# (1) Run multiple OpenVPN daemons, one for each# group, and firewall the TUN/TAP interface# for each group/daemon appropriately.# (2) (Advanced) Create a script to dynamically# modify the firewall in response to access# from different clients. See man# page for more info on learn-address script.;learn-address ./script# If enabled, this directive will configure# all clients to redirect their default# network gateway through the VPN, causing# all IP traffic such as web browsing and# and DNS lookups to go through the VPN# (The OpenVPN server machine may need to NAT# or bridge the TUN/TAP interface to the internet# in order for this to work properly).push "redirect-gateway def1 bypass-dhcp"# Certain Windows-specific network settings# can be pushed to clients, such as DNS# or WINS server addresses. CAVEAT:# http://openvpn.net/faq.html#dhcpcaveats# The addresses below refer to the public# DNS servers provided by opendns.com.push "dhcp-option DNS 123.125.81.6";push "dhcp-option DNS 208.67.220.220"# Uncomment this directive to allow different# clients to be able to "see" each other.# By default, clients will only see the server.# To force clients to only see the server, you# will also need to appropriately firewall the# server's TUN/TAP interface.;client-to-client# Uncomment this directive if multiple clients# might connect with the same certificate/key# files or common names. This is recommended# only for testing purposes. For production use,# each client should have its own certificate/key# pair.## IF YOU HAVE NOT GENERATED INDIVIDUAL# CERTIFICATE/KEY PAIRS FOR EACH CLIENT,# EACH HAVING ITS OWN UNIQUE "COMMON NAME",# UNCOMMENT THIS LINE OUT.;duplicate-cn# The keepalive directive causes ping-like# messages to be sent back and forth over# the link so that each side knows when# the other side has gone down.# Ping every 10 seconds, assume that remote# peer is down if no ping received during# a 120 second time period.keepalive 10 120# For extra security beyond that provided# by SSL/TLS, create an "HMAC firewall"# to help block DoS attacks and UDP port flooding.## Generate with:# openvpn --genkey --secret ta.key## The server and each client must have# a copy of this key.# The second parameter should be '0'# on the server and '1' on the clients.tls-auth ta.key 0 # This file is secret# Select a cryptographic cipher.# This config item must be copied to# the client config file as well.# Note that 2.4 client/server will automatically# negotiate AES-256-GCM in TLS mode.# See also the ncp-cipher option in the manpagecipher AES-256-CBC# Enable compression on the VPN link and push the# option to the client (2.4+ only, for earlier# versions see below);compress lz4-v2;push "compress lz4-v2"# For compression compatible with older clients use comp-lzo# If you enable it here, you must also# enable it in the client config file.comp-lzo# The maximum number of concurrently connected# clients we want to allow.;max-clients 100# It's a good idea to reduce the OpenVPN# daemon's privileges after initialization.## You can uncomment this out on# non-Windows systems.;user nobody;group nobody# The persist options will try to avoid# accessing certain resources on restart# that may no longer be accessible because# of the privilege downgrade.persist-keypersist-tun# Output a short status file showing# current connections, truncated# and rewritten every minute.status openvpn-status.log# By default, log messages will go to the syslog (or# on Windows, if running as a service, they will go to# the "\Program Files\OpenVPN\log" directory).# Use log or log-append to override this default.# "log" will truncate the log file on OpenVPN startup,# while "log-append" will append to it. Use one# or the other (but not both).;log openvpn.log;log-append openvpn.log# Set the appropriate level of log# file verbosity.## 0 is silent, except for fatal errors# 4 is reasonable for general usage# 5 and 6 can help to debug connection problems# 9 is extremely verboseverb 3# Silence repeating messages. At most 20# sequential messages of the same message# category will be output to the log.;mute 20# Notify the client that when the server restarts so it# can automatically reconnect.
client.ovpn
############################################### Sample client-side OpenVPN 2.0 config file ## for connecting to multi-client server. ## ## This configuration can be used by multiple ## clients, however each client should have ## its own cert and key files. ## ## On Windows, you might want to rename this ## file so it has a .ovpn extension ################################################ Specify that we are a client and that we# will be pulling certain config file directives# from the server.client# Use the same setting as you are using on# the server.# On most systems, the VPN will not function# unless you partially or fully disable# the firewall for the TUN/TAP interface.;dev tapdev tun# Windows needs the TAP-Win32 adapter name# from the Network Connections panel# if you have more than one. On XP SP2,# you may need to disable the firewall# for the TAP adapter.;dev-node MyTap# Are we connecting to a TCP or# UDP server? Use the same setting as# on the server.proto tcp;proto udp# The hostname/IP and port of the server.# You can have multiple remote entries# to load balance between the servers.remote 17075c29.all123.net 1194;remote my-server-2 1194# Choose a random host from the remote# list for load-balancing. Otherwise# try hosts in the order specified.;remote-random# Keep trying indefinitely to resolve the# host name of the OpenVPN server. Very useful# on machines which are not permanently connected# to the internet such as laptops.resolv-retry infinite# Most clients don't need to bind to# a specific local port number.nobind# Downgrade privileges after initialization (non-Windows only);user nobody;group nobody# Try to preserve some state across restarts.persist-keypersist-tun# If you are connecting through an# HTTP proxy to reach the actual OpenVPN# server, put the proxy server/IP and# port number here. See the man page# if your proxy server requires# authentication.;http-proxy-retry # retry on connection failures;http-proxy [proxy server] [proxy port #]# Wireless networks often produce a lot# of duplicate packets. Set this flag# to silence duplicate packet warnings.;mute-replay-warnings# SSL/TLS parms.# See the server config file for more# description. It's best to use# a separate .crt/.key file pair# for each client. A single ca# file can be used for all clients.ca ca.crtcert client.crtkey client.key# Verify server certificate by checking that the# certicate has the correct key usage set.# This is an important precaution to protect against# a potential attack discussed here:# http://openvpn.net/howto.html#mitm## To use this feature, you will need to generate# your server certificates with the keyUsage set to# digitalSignature, keyEncipherment# and the extendedKeyUsage to# serverAuth# EasyRSA can do this for you.remote-cert-tls server# If a tls-auth key is used on the server# then every client must also have the key.tls-auth ta.key 1# Select a cryptographic cipher.# If the cipher option is used on the server# then you must also specify it here.# Note that 2.4 client/server will automatically# negotiate AES-256-GCM in TLS mode.# See also the ncp-cipher option in the manpagecipher AES-256-CBC# Enable compression on the VPN link.# Don't enable this unless it is also# enabled in the server config file.comp-lzo# Set log file verbosity.verb 3# Silence repeating messages;mute 20
0 0
- nat123+OpenVPN连接校园网
- Ubuntu连接校园网
- mac连接校园网,iNode
- Pppoe连接校园网
- ubuntu下连接校园网
- Ubuntu 命令行连接校园网
- 郑州大学校园网连接
- Ubuntu连接校园网
- NAT123
- OpenVPN连接问题排查
- 所有客户端连接Openvpn
- nat123 登陆时提示【连接服务器失败】
- 使用Mac Tunnelblick(OpenVPN)连接OpenVPN服务端
- Ubuntu利用ruijieclient连接校园网
- 如何使用MENTOHUST连接校园网
- 轻松应用Linux连接校园网
- 使用外网连接校园网
- Ubuntu下连接shanxun校园网
- ArrayList自动扩容解析
- 关于Unix网络编程卷一创建守护进程
- 关于Hybrid App 配置
- 445. Add Two Numbers II
- 扩展kmp(HDU4333)
- nat123+OpenVPN连接校园网
- 4.23
- 1001. A+B Format (20)
- 解决Failed to execute goal org.apache.maven.plugins
- HDU 4414 Finding crosses(爆搜)
- 友元函数
- Mybatis整合Spring之传统dao方法
- centos-7 部署zookeeper集群 >>>> 分布式 HDFS(二)
- AS中活动Activity的生命周期