日期:2014-05-16 浏览次数:21041 次
OpenVpn网桥模式1 客户端/服务端
????????????? 实现目的:远端机器通过安装OpenVpn客户端,配置证书,连接OpenVpn服务器,从而获得OpenVpn服务器分发所连接的内网Ip,实现与内网的通信(只是实验)
?
1.系统硬件环境
???? #openSSL,bridge-util 及相关依赖
????????
???????? Fedora5 系统,多网口网闸设备? 一台 ???????? PC??????????????????????????????????????????????????????????? 两台 ? 2.网络环境 ??? iptables off状态
??? ? ?
?
?3.OpenVpn(服务端)安装
??????? 所在目录 :?? /root/scripts/
??????? 1) 需要的软件包
????????????????? openvpn-2.0.9.tar.gz
??????????????????lzo-2.03.tar.gz
???????
??????? 2) 安装
?????????????????
# tar -zxvf lzo-2.03.tar.gz # cd lzo-2.03 && ./configure && make && make install # tar -zxvf openvpn-2.0.9.tar.gz # cd openvpn-2.0.9 && ./configure && make && make install
?
?
4.OpenVpn(服务端)配置
# cd /etc/openvpn/
?
????????1)拷贝创建CA证书的easy-rsa
????????????????
# cp -ra /root/scripts/openvpn-2.0.9/easy-rsa .
??????
??????? 2)拷贝示例配置文件
????????????????
# cp /root/scripts/openvpn-2.0.9/sample-config-files/server.conf config/ # cp /root/scripts/openvpn-2.0.9/sample-scripts/bridge-start . # cp /root/scripts/openvpn-2.0.9/sample-scripts/bridge-stop . # ln -s /etc/config/server.conf /etc/openvpn/
???????? 3)修改证书变量
???????????????
# vi easy-rsa/vars
?
export KEY_COUNTRY=ZN export KEY_PROVINCE=BeiJing export KEY_CITY=BeiJing export KEY_ORG="RFGZ" export KEY_EMAIL=yinchuan131@gmail.com
?
????????? 4)初始化PKI
# cd easy-rsa/ # source vars # ./clean-all # ./build-ca
?
?????????5)创建服务器密钥 !Common Name必须填写server,其余默认即可
# ./build-key-server server
?
??????????6)创建客户端密钥跟证书 !Common Name对应填写client1,其作为今后识别客户端的标识
# ./build-key client1
?
????????? 7)创建Diffie Hellman参数--Diffie Hellman参数是增强安全性的,在OpenVpn是必须的
# ./build-dh
?
???????? 8)修改配置文件
????????????????? 网桥配置文件:
# cd /etc/openvpn/ # vi bridge-start
?
#!/bin/bash ################################# # Set up Ethernet bridge on Linux # Requires: bridge-utils ################################# # Define Bridge Interface br="b