config openvpn

= "netops@netops.com" Export KEY_OU = "netops" # Initializing Environment Variables Source vars # Generate the root certificate, Root key, server certificate, server key, Diffie-Hellman key, and ta. key Files. ./Clean-all ./Build-ca ./Build-key-server OpenVPN ./Build-dh Openvpn -- genkey -- secret keys/ta. key The generated Certificate file is under the keys directory of the current directory.

such as winscp. 6. create a server configuration fileDecompress the source code and copy the standard configuration file in the directory.Mkdir/etc/openvpn/easy-rsa/2.0/conf/Cp/tmp/openvpn-2.2.2/sample-config-files/server. conf/etc/openvpn/easy-rsa/2.0/conf/Edit the configuration file:Vim/etc/

mode to listen to the default UDP port 1194. The Virtual Interface uses the tun0 device. See the configuration example openvpn-2.0.9/sample-config-files/server. conf in the openvpn source code directory) [Root @ gw1 ~] # Vim/etc/openvpn/gw1_tun0.conf Local 173.74.75.76 // specify the IP address of the lis

signatureSignature okThe Subj Ect's Distinguished Name is as followscountryName: PRINTABLE: 'cn' region: PRINTABLE: 'sh' localityName: PRINTABLE: 'PD 'organizationname: PRINTABLE: 'zyfmaster' organizationalUnitName: PRINTABLE: 'zyfmaster' commonName: PRINTABLE: 'client1' emailAddress: IA5STRING: '2017 @ qq.com 'Certificate is to be certified until Dec 2 04:15:50 905407204 GMT (2022 days) Sign the certificate? [Y/n]: y 1 out of 1 certificate requests certified, commit? [Y/n] yWrite out database

are generated in the keys directory. ./Build-dh # Generate the Diffie-Hellman file for encryption. The dh1024.pem file will be generated in the keys directory. ./Build-key-server xuyou # Generate the server certificate and key file. You only need to enter y in the last two places. xuyou. crt xuyou. csr xuyou. key is generated in the keys directory. Copy the generated server-side ca certificate and key file to/etc/openvpn/ Cp ca. crt ca. key xuyou.

xuyou # Generate the server certificate and key file. You only need to enter y in the last two places. xuyou. crt xuyou. csr xuyou. key is generated in the keys directory. VcD4KPHA + pgltzybzcm9 "http://www.2cto.com/uploadfile/Collfiles/20140905/2014090509150260.png" alt = "\"> Copy the generated server-side ca certificate and key file to/etc/openvpn/ Cp ca. crt ca. key xuyou. crt xuyou. csr xuyou. key/etc/

-TunStatus openvpn-status.logVerb 3-------------- Cut here -----------------Place the configuration file in the c: \ Program Files \ openvpn \ config \ directory.Set ca. CRT server01.crt server01.key ta. Key dh1024.pem under easy-RSA \ keys \.Copy to the directory where server01.ovpn is located.Server configuration has ended. You can start the server. Right-click

# Cd/etc/openvpn # Vim server. conf (this file is not available by default) Local 192.168.10.191 Port 1194 Proto udp Dev tun Ca. crt Cert server. crt Key server. key Dh dh1024.pem Server11.8.0.0255.255.255.0 Keepalive 10 120 Comp-lzo Persist-key Persist-tun Logopenvpn. log Log-append openvpn. log Status openvpn-status.log Verb 3 Start the server #

, ESTABLISHED-j ACCEPT -A input-s 10.8.0.0/24-j ACCEPT -A input-p tcp-m state -- state NEW-m tcp -- dport 22-j ACCEPT -A input-p tcp-m state -- state NEW-m tcp -- dport 1194-j ACCEPT -A input-p udp-m state -- state NEW-m udp -- dport 1194-j ACCEPT -A input-I tun +-j ACCEPT -A forward-d 10.8.0.0/24-j ACCEPT -A forward-I tun +-j ACCEPT -A input-j DROP COMMIT # Completed on Tue May 5 11:25:43 2015 Taking windows as an example: Client operation steps: Download windows client: Http://openvpn.ustc.ed

sample and then modify it on this basis: # Cp/usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz/etc/openvpn/ # Cd/etc/openvpn/ # Gunzip server.conf.gz This will decompress a server. open the conf file and edit it. If you follow my steps from the beginning, you can copy my configuration directly. In thi

will be hosted to ensure that each customer's key identifier is unique. Sudo. /etc/openvpn/easy-rsa/2.0/build-key Client Move the file server certificate and key to the/etc/openvpn directory. Replace the server. CRT and server. The file name that is used primarily. sudo cp/etc/openvpn/easy-rsa/2.0/keys/ca.crt/etc/openvpnsudo cp/etc/

=Export PKCS11_MODULE_PATH =Export PKCS11_PIN = Enter "=" next to ". I don't know whether the case sensitivity is affected. To avoid this, write it in the default format. Remember to save after editing.4. Generate a certificate # Cd/etc/openvpn/easy-rsa/2.0/# Chown-R root: admin.# Chmod g + w. # Source./vars // if this step prompts no openssl. cnf, rename the openssl-1.0.0.cnf to openssl. cnf. #./Build-ca option by default. #./Build-key-server #./Bui

Before installation, use cat/dev/net/tun to check whether tun/tap [root @ lx_web_s1 ~] is enabled. # Cat/dev/net/tuncat:/dev/net/tun: Filedescriptorinbadstate indicates that tun/tap has been enabled. you can install openVPN and configure the VPN server. 1. install and prepare yum-yinsta. Run cat/dev/net/tun to check whether tun/tap is enabled before installation.[Root @ lx_web_s1 ~] # Cat/dev/net/tunCat:/dev/net/tun: File descriptor in bad stateIt ind

One, OpenVPN server-side configuration file details ################################################## Example of a server-side configuration file for OpenVPN 2.0 for multiple clients## This file is used for multi-client ## OpenVPN also supports stand-alone ## This configuration supports Windows or LINUX/BSD systems. Also, on Windows, remember to enclose the pat

OpenVPN-ng: The application-layer tunnel for Mobile Life, And openvpn-ng Application LayerVPN makes people think that it is always a good thing and a way to escape from supervision. In fact, VPN has become the only synonym for escaping from supervision. You see, no matter what technology, IPSec, or WEB Proxy, as long as it is the technology that encrypts the original information, it can all be called VPN, s

network IP, because my server is a local area network of a machine, only LAN IP, So here is the IP of this machine. If you do not add a iptables rule, the result is that you can connect to the VPN server but not the Internet. Additional rules that may be required are as follows: Iptables-a forward-i tun0-s 10.1.1.0/24-j ACCEPTIptables-a forward-i eth0-d 10.1.1.0/24-j ACCEPTIptables-i input-p TCP--dport 1194-m comment--comment "OpenVPN"-jIptables-t

NO Server. key Server only Server Key YES Client1.crt Client1 only Client1 Certificate NO Client1.key

easy-rsa3 Generate Certificate # Configuration file directories are generally in a similar directory cp/usr/share/doc/openvpn-2.3.6/sample-config-files/server. conf/etc/openvpn/#2.3 needs to download an easy-rsa package independently. This package is used to create ca certificates and server certificates, client certificate wget-c https://github.com/

@vpnserver 2.0]# Cp-ap keys/etc/openvpn/[Root@vpnserver 2.0]# ############# #cp. /.. /sample-config-files/client.conf/etc/openvpn/[Root@vpnserver 2.0]# CP. /.. /sample-config-files/server.conf/etc/openvpn/[Root@vpnserver 2.0]# ll/etc/ope