Use Openbsd and Openvpn to quickly establish an enterprise VPN

Article title: use Openbsd and Openvpn to quickly establish an enterprise VPN. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

Use openbsd + openvpn to quickly establish an enterprise vpn

Openvpn can work in two modes:

One is the IP route mode, which is mainly used for point-to-point

One is the Ethernet-based tunnel bridge mode, which is applicable to point-to-point and multi-point networks with multiple branches

The configuration example described in this article is the first

Lan 1:

Openbsd3.4 two NICs are installed on the OFFICE host

Connect rl1 to public network 61.131.58.x,

Rl0 connected to intranet 192.168.1.222

Vpn 10.1.0.1

A client host 192.168.1.22

Lan 2:

Redhat9.0 two NICs are installed on the HOME host

Connect rl1 to public network 218.85.158.244

Rl0 connected to intranet 192.168.0.222

Vpn 10.1.0.2

B client host 192.168.0.45

Environment: openbsd3.4 + lzo + openssl + openvpn

Openssl is used for encryption, and lzo is used for data compression.

Http://prdownloads.sourceforge.net/openvpn/openvpn-2.0_beta7.tar.gz

Http://www.oberhumer.com/opensource/lzo/download/lzo-1.08.tar.gz

Openbsd installation will not be mentioned

Openssl is installed by default in openbsd.

I will download openvpn-2.0.beta7.tar.gzand lzo-1.08.tar.gz to/home

# Cd/home

# Tar zxvf lzo-1.08.tar.gz

# Cd lzo-1.08.

#./Comfigure

# Make

# Make install

# Tar zxvf openvpn-2.0_beta7.tar.gz

# Cd openvpn-2.0_beta7

#./Configure -- with-lzo-headers =/usr/local/include -- with-lzo-lib =/usr/local/lib

# Make

# Make install

# Mkdir/etc/openvpn

# Cd/etc/openvpn

# Openvpn -- genkey -- secret static. key

Copy static. key from the office host to the/etc/openvpn Directory of the home host.

Office # scp static. key root@218.85.158.244:/etc/openvpn

Reference files under/home/openvpn-2.0_beta7/sample-config-files

Create the following configuration files and script files

Office. up and openvpn-startup.sh scripts

Static-office.conf profile

My office host configuration example is as follows:

Office. up is as follows

#! /Bin/sh

Route add-net 192.168.0.0/24 10.1.0.2

Openvpn-startup.sh as follows

#! /Bin/sh

/Usr/local/sbin/openvpn -- config/etc/openvpn/static-office.conf

Static-office.conf as follows

Dev tun0

Remote 218.85.158.244

Ifconfig 10.1.0.1 10.1.0.2

Up./office. up

Secret/etc/openvpn/static. key

Port 5000

Comp-lzo

Ping 15

Ping 15

Ping-restart 45

Ping-timer-rem

Persist-tun

Persist-key

Verb 3

[1] [2] Next page