OpenVPN for OpenBSD
2009-05-13 12:02:08来源:未知 阅读 ()
openvpn 能在多平台上运行,如:BSD,Linux,M$等.在两个点的网关上跑OpenVPN,让两点的LAN能互相访问.拓扑如下:
[ Lan A (10.0.0.0/16) ] --- [ Vpn Server/Gateway ]
|
[ Internet ]
|
[ Vpn Client/Gateway ] --- [ Lan B (172.16.250.0/24) ]
OpenVPN验证方式有证书及用户名/密码两种,下面
[url=javascript:;]使用[/url]
证书来验证.
所需要
[url=javascript:;]安装[/url]
包:
bash, openvpn等.
1. 建立配置目录
# mkdir /etc/openvpn
# cp -r /usr/local/share/examples/openvpn/easy-rsa/ /etc/openvpn/
2. 修改vars
# cd /etc/openvpn/easy-rsa
# vi vars
export KEY_COUNTRY=CN
export KEY_PROVINCE=GuangDong
export KEY_CITY=GuangZhou
export KEY_ORG="OpenVPN-Congli"
export KEY_EMAIL="congli@congli.org.cn"
3. 令环境变量生效
# bash
# . vars
4. 初始化keys目录
# ./clean-all
5. 生成Root CA证书, 用于签发Server及Client证书.
# ./build-ca
(注: 如无需要修改按回车即可)
Country Name (2 letter code) [CN]:
State or Province Name (full name) [GuangDong]:
Locality Name (eg, city) [GuangZhou]:
Organization Name (eg, company) [OpenVPN-Congli]:
Organizational Unit Name (eg, section) []:OpenVPN Service
Common Name (eg, your name or your server's hostname) []:OpenVPN Root CA
Email Address [
congli@congli.org.cn
]:
6. 为服务器生成Diffie-Hellman文件
# ./build-dh
(注: 在keys目录下, 生成dh1024.pem文件)
7. 创建并签发VPN Server使用的证书,Common Name与命令行参数一致,生成文件keys/server.*.
# ./build-key-serverserver
(注: "server"为创建后的文件名,分别为server.crt, server.key)
Country Name (2 letter code) [CN]:
State or Province Name (full name) [GuangDong]:
Locality Name (eg, city) [GuangZhou]:
Organization Name (eg, company) [OpenVPN-Congli]:
Organizational Unit Name (eg, section) []:OpenVPN Service
Common Name (eg, your name or your server's hostname) []:server
Email Address [
congli@congli.org.cn
]:
A challenge password []:
An optional company name []:
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
8. 为防止恶意攻击(如DOS, UDP port flooding), 生成一个"HMAC firewall"
# openvpn --genkey --secret keys/ta.key
9. 创建并签发VPN Client使用的证书,Common Name与命令行参数一致,生成文件keys/client.*.
# ./build-keyclient
Country Name (2 letter code) [CN]:
State or Province Name (full name) [GuangDong]:
Locality Name (eg, city) [GuangZhou]:
Organization Name (eg, company) [OpenVPN-Congli]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:client
Email Address [
congli@congli.org.cn
]:
10. 在keys目录下面,保存了上面所生成的证书等文件,
Server端需要下面文件并复制到/etc/openvpn:
ca.crt (Root CA)
标签:
版权申明:本站文章部分自网络,如有侵权,请联系:west999com@outlook.com
特别注意:本站所有转载文章言论不代表本站观点,本站所提供的摄影照片,插画,设计作品,如需使用,请与原作者联系,版权归原作者所有
- OpenBSD 4.5 2009-05-13
- DragonFly BSD 2.2.1发布 2009-05-13
- NetBSD 5.0发布 2009-05-13
- Flash 9 for FreeBSD 7.1 2009-05-13
- FreeBSD中启用SSH 2009-05-13
IDC资讯: 主机资讯 注册资讯 托管资讯 vps资讯 网站建设
网站运营: 建站经验 策划盈利 搜索优化 网站推广 免费资源
网络编程: Asp.Net编程 Asp编程 Php编程 Xml编程 Access Mssql Mysql 其它
服务器技术: Web服务器 Ftp服务器 Mail服务器 Dns服务器 安全防护
软件技巧: 其它软件 Word Excel Powerpoint Ghost Vista QQ空间 QQ FlashGet 迅雷
网页制作: FrontPages Dreamweaver Javascript css photoshop fireworks Flash
