Use Openbsd and Openvpn to quickly establish an enterprise VPN

Source: Internet
Author: User
Article title: use Openbsd and Openvpn to quickly establish an enterprise VPN. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

Use openbsd + openvpn to quickly establish an enterprise vpn

Openvpn can work in two modes:

One is the IP route mode, which is mainly used for point-to-point

One is the Ethernet-based tunnel bridge mode, which is applicable to point-to-point and multi-point networks with multiple branches

The configuration example described in this article is the first

Lan 1:

Openbsd3.4 two NICs are installed on the OFFICE host

Connect rl1 to public network 61.131.58.x,

Rl0 connected to intranet 192.168.1.222

Vpn 10.1.0.1

A client host 192.168.1.22

Lan 2:

Redhat9.0 two NICs are installed on the HOME host

Connect rl1 to public network 218.85.158.244

Rl0 connected to intranet 192.168.0.222

Vpn 10.1.0.2

B client host 192.168.0.45

Environment: openbsd3.4 + lzo + openssl + openvpn

Openssl is used for encryption, and lzo is used for data compression.

Http://prdownloads.sourceforge.net/openvpn/openvpn-2.0_beta7.tar.gz

Http://www.oberhumer.com/opensource/lzo/download/lzo-1.08.tar.gz

Openbsd installation will not be mentioned

Openssl is installed by default in openbsd.

I will download openvpn-2.0.beta7.tar.gzand lzo-1.08.tar.gz to/home

# Cd/home

# Tar zxvf lzo-1.08.tar.gz

# Cd lzo-1.08.

#./Comfigure

# Make

# Make install

# Tar zxvf openvpn-2.0_beta7.tar.gz

# Cd openvpn-2.0_beta7

#./Configure -- with-lzo-headers =/usr/local/include -- with-lzo-lib =/usr/local/lib

# Make

# Make install

# Mkdir/etc/openvpn

# Cd/etc/openvpn

# Openvpn -- genkey -- secret static. key

Copy static. key from the office host to the/etc/openvpn Directory of the home host.

Office # scp static. key root@218.85.158.244:/etc/openvpn

Reference files under/home/openvpn-2.0_beta7/sample-config-files

Create the following configuration files and script files

Office. up and openvpn-startup.sh scripts

Static-office.conf profile

My office host configuration example is as follows:

Office. up is as follows

#! /Bin/sh

Route add-net 192.168.0.0/24 10.1.0.2

Openvpn-startup.sh as follows

#! /Bin/sh

/Usr/local/sbin/openvpn -- config/etc/openvpn/static-office.conf

Static-office.conf as follows

Dev tun0

Remote 218.85.158.244

Ifconfig 10.1.0.1 10.1.0.2

Up./office. up

Secret/etc/openvpn/static. key

Port 5000

Comp-lzo

Ping 15

Ping 15

Ping-restart 45

Ping-timer-rem

Persist-tun

Persist-key

Verb 3

[1] [2] Next page

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.