ubuntu openvpn安装配置-证书方式V1.1

五月 31st, 2010 Posted in VPN | 阅读次数: 771 次

Author:gaojinbo
Time:2010-5-31

ubuntu openvpn安装配置-证书方式

1.环境
ubuntu 9.10    amd64
openvpn 2.1
eth0         192.168.1.195(这个是openvpn server的地址,请更换为自己的公网ip)
vpn网络    192.168.10.0/24(这个是openvpn连接后的虚拟私用ip网段,不能与物理网段相同)

 

 

2.启用ip转发
vi /etc/sysctl.conf 

net.ipv4.ip_forward = 1

 

 

3.防火墙的设置 

iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -j MASQUERADE
iptables -A INPUT -i tun0 -j ACCEPT
iptables -A FORWARD -i tun0 -j ACCEPT
iptables -A FORWARD -o tun0 -j ACCEPT

 

 

4.安装openvpn并生成证书

apt-get install openvpn

cp -R /usr/share/doc/openvpn/examples/easy-rsa /etc/openvpn

cd /etc/openvpn/easy-rsa/2.0

source ./vars

./clean-all

./build-ca

./build-key-server server  #出现…Sign the certificate… 按 y

./build-key gaojinbo  #username 自己定

./build-dh

openvpn –genkey –secret ta.key

cp ta.key keys

生成文件都在keys目录下

 

 

5.添加openvpn server配置文件

vi /etc/openvpn/server.conf 

port 1194
proto udp
dev tun 

ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem 

server 192.168.10.0 255.255.255.0
ifconfig-pool-persist ipp.txt 

push "redirect-gateway"
push "dhcp-option DNS 61.128.128.68" #你的dns

keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/2.0/keys/ta.key 0
comp-lzo

user nobody
group nogroup 

persist-key
persist-tun
status openvpn-status.log
verb 3
mute 20

 

 

6.openvpn客户端安装

windows下的openvpn客户端,到 http://openvpn.se/去下载,安装后在其安装目录的conf目录把服务器生成的ca.crt、ta.key、username.crt、username.key 拷过来,之后建立client.ovpn文件 

client
dev tun
proto udp 

remote 192.168.1.195 1194
resolv-retry infinite
nobind

persist-key
persist-tun 

ca ca.crt
cert gaojinbo.crt 

key gaojinbo.key
ns-cert-type server
tls-auth ta.key 1 

comp-lzo
verb 3

 

 

7.测试

在windows下通过openvpn gui建立到服务器的连接

 

 

完成!

相关日志:

Tags:

This entry was posted on 星期一, 五月 31st, 2010 at 13:11 and is filed under VPN. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses to “ubuntu openvpn安装配置-证书方式V1.1”

  1. Candida Treatment Says:

    五月 9th, 2011 at 21:43

    Recommended Sites…

    [...]below you’ll find my links page http://www.yeastinfectiontreatmentcure.net/links/ with some very good websites that I think you should visit[...]…


  2. strasbourg hotel Says:

    八月 18th, 2011 at 07:29

    You should check this out……

    [...] Wonderful story, reckoned we could combine a few unrelated data, nevertheless really worth taking a look, whoa did one learn about Mid East has got more problerms as well [...]………


留下您的脚印