Directory
1. Install
2. Set up a serious organization to generate a certificate
3. Configure the server
4. Configure the client
1. Install
Install in UbuntuOpenvpnExtremely simple:
Code: |
Sudo apt-Get installOpenvpn |
We recommend that you useOpenvpnGUI for Windows installation package, which includesOpenvpnAnd a user-friendly GUI in windows.
2. Set up a serious organization to generate a certificate
ReferenceOpenvpnIn general, there is no problem.
In ubuntu, the directory/usr/share/doc/Openvpn/Examples/easy-RSA/2.0 copy your home directory and modify vars to conform to your actual situation (country, province, city, company, institution, email address ), then run
Code: |
./Vars ./Clean-all ./Build-ca ./Build-key-server <servername> ./Build-key <clientname> ./Build-DH |
Note: This is only the first time the certificate is generated. In this case, Build-Ca creates the root certificate. If you have not cleared all VPN certificates
Server/client, you should not run this command again; all the certificates and private keys created are under the keys of the current directory, and the command clean-all
All contents under the keys are cleared, so cliean-all runs only once before build-ca.
Then add the server certificate or client certificate to run
Code: |
./Vars ./Build-key-server <servername> Or ./Build-key <clientname> |
3. Configure the server
Extract server. conf from the example
Code: |
Sudo CP/usr/share/doc/Openvpn/Examples/sample-config-files/server.conf.gz/etc/Openvpn/ Sudo gzip-D/etc/Openvpn/Server.conf.gz |
/Etc/copy the certificate and Private Key/Openvpn
CA. CRT
Server. CRT
Server. Key
Dh1024.pem
Modify server. conf
Key 1: uncomment push "route A. B. C. d route 255.255.0" and replace the address and mask with the address and mask of the office network.
Contents
Is to add a route for the client, so that the client can access the office network out of the VPN
Other hosts outside the server (many VPN clients directly add default routes, so that all client connection requests are routed to the VPN
In the channel, the result is that the client cannot access the VPN at this time, but adding the route with the specified address will not cause this problem)
Key 2: Fetch
Push "DHCP-option dns a. B. C. D" and push "DHCP-option wins a. B. C. D ",
And replace the address with the actual DNS address and the address of the WINS server. It is best that the DNS server can forward the external DNS server that requires external domain name resolution
The purpose is that the client can still access the Internet after connecting to the VPN. (If the pushed DNS cannot resolve the external domain name, it is impossible to access the Internet even if the client's route configuration is correct)
Other server settings
Configure the server and run packet forwarding:
Code: |
Echo 1 | sudo tee/proc/sys/NET/IPv4/ip_forward |
Key 3: If the VPN Server is not the default gateway of the office network, you can add it to the route entry 10.8.0.0/24 on the default gateway. The Gateway is the internal IP address of the server.
Key 1 only allows the client to know how to Route packets to the company's network, and key 3 is to let the host in the company's network know how to Route packets to the VPN Client.
Pair
On netscreen 25 (screnos 5.3.0r3.0), network-routing-destination-
[Trust-VR] New-IP/mask [10.8.0.0]/[24]-select [gateway], Interface
[Ethernet1], gateway IP Address [internal IP of VPN Server]
4. Configure the client
In ubuntu,
4.1.1 copy client. conf from the example
Code: |
Sudo CP // usr/share/doc/Openvpn/Examples/sample-config-files/client. CONF/etc/Openvpn/ |
4.1.2 copy the certificate and private key to/etc/Openvpn:
CA. CRT
Client. CRT
Client. Key
4.1.3 Modify/etc/Openvpn/Client. conf:
In the remote my-server-1 1194 line, replace my-server-1 with the external IP address of the VPN Server.
Key 4: Add two lines at the end
Code: |
Up/etc/Openvpn/Update-resolv-Conf Down/etc/Openvpn/Update-resolv-Conf |
The purpose is to update domain name resolution settings based on DHCP-option pushed by the server.
4.1.4 other settings:
Key 5: Installing resolvconf
Code: |
Sudo apt-Get install resolvconf |
The script set in key 4 needs to use this software.
In Windows,
4.2.1 copy client. ovpn to the config directory
4.2.2 copy the certificate and related private keys to the config directory
CA. CRT
Client. CRT
Client. Key
4.2.3 Change My-server-1 in client. ovpn to the external IP address of the VPN Server.
From: http://hi.baidu.com/pc10/blog/item/a720502c6e14fee88b1399a7.html