OpenVpn网桥模式1 客户端/服务端

????????????? 实现目的:远端机器通过安装OpenVpn客户端，配置证书，连接OpenVpn服务器，从而获得OpenVpn服务器分发所连接的内网Ip，实现与内网的通信(只是实验)

?

1.系统硬件环境

???? #openSSL，bridge-util 及相关依赖

????????

???????? Fedora5 系统，多网口网闸设备? 一台

???????? PC??????????????????????????????????????????????????????????? 两台

?

2.网络环境

??? iptables off状态

???

?

?

?

?3.OpenVpn(服务端)安装

??????? 所在目录 :?? /root/scripts/

??????? 1) 需要的软件包

????????????????? openvpn-2.0.9.tar.gz

??????????????????lzo-2.03.tar.gz

???????

??????? 2) 安装

?????????????????

# tar -zxvf lzo-2.03.tar.gz
# cd lzo-2.03 && ./configure && make && make install
                 

# tar -zxvf openvpn-2.0.9.tar.gz
# cd openvpn-2.0.9 && ./configure && make && make install

?

?

4.OpenVpn(服务端)配置

# cd /etc/openvpn/

?

????????1)拷贝创建CA证书的easy-rsa

????????????????

# cp -ra /root/scripts/openvpn-2.0.9/easy-rsa .

??????

??????? 2)拷贝示例配置文件

????????????????

# cp /root/scripts/openvpn-2.0.9/sample-config-files/server.conf config/
# cp /root/scripts/openvpn-2.0.9/sample-scripts/bridge-start .
# cp /root/scripts/openvpn-2.0.9/sample-scripts/bridge-stop .
# ln -s /etc/config/server.conf /etc/openvpn/

???????? 3)修改证书变量

???????????????

# vi easy-rsa/vars

?

export KEY_COUNTRY=ZN
export KEY_PROVINCE=BeiJing
export KEY_CITY=BeiJing
export KEY_ORG="RFGZ"
export KEY_EMAIL=yinchuan131@gmail.com

?

????????? 4)初始化PKI

# cd easy-rsa/
# source vars
# ./clean-all
# ./build-ca

?

?????????5)创建服务器密钥 !Common Name必须填写server，其余默认即可

# ./build-key-server server

?

??????????6)创建客户端密钥跟证书 !Common Name对应填写client1，其作为今后识别客户端的标识

# ./build-key client1

?

????????? 7)创建Diffie Hellman参数--Diffie Hellman参数是增强安全性的，在OpenVpn是必须的

# ./build-dh

?

???????? 8)修改配置文件

????????????????? 网桥配置文件：

# cd /etc/openvpn/
# vi bridge-start

?

#!/bin/bash
#################################
# Set up Ethernet bridge on Linux
# Requires: bridge-utils
#################################
# Define Bridge Interface
br="b