資源描述:
《openvpn安裝與配置》由會員上傳分享,免費(fèi)在線閱讀�,更多相關(guān)內(nèi)容在行業(yè)資料-天天文庫。
1�����、OpenVPN的安裝與配置1一��,基本安裝11.1相關(guān)軟件包:11.2具體安裝1二�,網(wǎng)絡(luò)配置1三,具體配置13.1創(chuàng)建證書配置文件:13.2建立服務(wù)器的認(rèn)證書和密匙:23.3建立客戶端證書:23.4創(chuàng)建DiffieHellman參數(shù):23.5拷貝證書相關(guān)的文件:23.6配置服務(wù)端:23.7啟動服務(wù)端openvpn33.8配置client端:33.9制作啟動服務(wù)4四,問題總結(jié):4OpenVPN的安裝與配置一��,基本安裝1.1相關(guān)軟件包:http://openvpn.net/Lzo-1.08.targzOpenvpn-2.09.tar.gzopenssl1.2具體安裝#
2�����、cd/root#tarzxvflzo-1.08.tar.gz#cdlzo-1.08#./configure#make#makeinstall#cd/root#tarzxvfopenvpn-2.0_beta7.tar.gz#cdopenvpn-2.0#./configure--with-lzo-headers=/usr/local/include--with-lzo-lib=/usr/local/lib#make#cp–Rfopenvpn-2.0/etc/openvpn二����,網(wǎng)絡(luò)配置網(wǎng)絡(luò)規(guī)劃:vpn使用路由模式還是網(wǎng)橋模式建議使用路由模式.私有子網(wǎng)網(wǎng)段的規(guī)劃建立VP
3、N往往會把各個地方的私有子網(wǎng)網(wǎng)段連接在一起.互聯(lián)網(wǎng)IP地址分配機(jī)構(gòu)(IANA)已經(jīng)保留了以下3個網(wǎng)段為私有子網(wǎng)網(wǎng)段所用(RFC1918):10.0.0.010.255.255.255(10/8prefix)172.16.0.0172.31.255.255(172.16/12prefix)192.168.0.0192.168.255.255(192.168/16prefix)三��,具體配置3.1創(chuàng)建證書配置文件:下面是linux/bsd/unix系統(tǒng)建立PKI:#cd/etc/openvpn/easy-rsa#vivarsexportKEY_COUNTRY=CNex
4���、portKEY_PROVINCE=BJexportKEY_CITY=BjexportKEY_ORG="leadtone"exportKEY_EMAIL=caojincheng@corp.leadtone.com#../vars(注意..之間有空格)#./clean-all#./build-ca最后的命令build-ca將認(rèn)證CA證書��,這些密匙跟openssl緊密結(jié)合.3.2建立服務(wù)器的認(rèn)證書和密匙:#./build-key-serverserver3.3建立客戶端證書:#./build-keyclient1#./build-keyclient2#./build-
5�����、keyclient3如果你想保護(hù)你的客戶端密匙���,請運(yùn)行build-key-pass腳本.為了區(qū)分每個客戶端,必須用適當(dāng)?shù)拿Q命名”CommonName”,比如."client1","client2",or"client3".通常是為每個客戶端指定唯一的”commonname”.3.4創(chuàng)建DiffieHellman參數(shù):openvpn服務(wù)必須創(chuàng)建DiffeHellman:#./build-dh#cd/etc/openvpn#mkdirconfkeys#cdeasy-rsa/keys3.5拷貝證書相關(guān)的文件:#cpca.crt/etc/openvpn/keys#cp
6�����、server.crt/etc/openvpn/keys#cpserver.key/etc/openvpn/keys#cpdh1024.pem/etc/openvpn/keys3.6配置服務(wù)端:#cdsample-config-files/#cpserver.conf/etc/openvpn/conf/#cd/etc/openvpn/conf#cpserver.confserver.conf.cao#viserver.conf---------------------------cutbegin-----------------------------------
7、------------------------port1194prototcpdevtunca/etc/openvpn/keys/ca.crtcert/etc/openvpn/keys/server.crtkey/etc/openvpn/keys/server.key#Thisfileshouldbekeptsecretdh/etc/openvpn/keys/dh1024.pemserver172.16.0.0255.255.255.0ifconfig-pool-persistipp.txtpush"route172.16.0.0255.255.255.0"p
8��、ush"route172
