How to Use OpenVPN and PrivacyIDEA to establish two-factor authentication Remote Access
For the company, IT has become a trend to allow employees to access the company's IT resources at home or on a business trip through the VPN remote access system. However, weak employee password management awareness and attacks by a
Use OPENVPN to implement Intranet mutual access between two locations (1) master server configurationMaster Server Configuration
Functions to be implemented:
Shenzhen:Master VPN Server: dns.dog.comInternet ip-eth1: 192.168.68.71Intranet ip-eth0: 10.1.1.254Guangzhou:VPN Server: lvs1.dog.comInternet ip-eth1: 192.168.68.73Intranet ip-eth0: 10.1.2.1Clients outside China:192.168.68.79Shenzhen-Guangzhou tunnel u
, password not to mention, all know.
Select the CA certificate from the provider.
3. Advanced Configuration [important!]
In the Configuration window, click "advanced" to bring up the following window:
Select the following options based on the server configuration (which can be found in the client. ovpn configuration file:
1. If your VPN provider uses a custom port, you need to check and set the port.
2. If your VPN provider uses a TCP connection, you also need to check it!
3. In general, you c
Rotten mud: ubuntu 14.04 OpenVPN server, 14.04 openvpn
This article is written by Xiuyi Lin FengProviding friendship sponsorship, first launched in the dark world
The company branch needs to connect to the company's internal server, but the server only allows access to the company's internal network.
To solve this problem, we plan to use VPN. PPTP is the most w
routing mode.
Ifconfig-pool-persist ipp.txt
Define the relationship between the client and the virtual IP address. Especially when openvpn is restarted, the client connected again will still be assigned and the previous IP address will be disconnected.
Server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
Defines the IP address segment allocated to the client when openvpn uses the tap Bridge Mode.
-----------------------
Openvpn is an open-source VPN software used on LINUX gateway servers. as its name implies, openvpn is used to connect a secure virtual private channel, allowing users to remotely work and obtain intranet resources.
The software can be used across platforms in Linux, xBSD, Mac OSX, and Windows. openssl is used as the encryption library and the encrypted certificate or user name/passw
.
Details of the four servers used in this article:
Code:
IP address of the operating system server in IDC Vpn Mode
Vpn server RedHat 9.0 public network IP1 (China Netcom)
Public Network IP2 (China Telecom)
Guangzhou IDC Vpn client FreeBSD4.9 10.1.0.1
Hebei data center Vpn client RedHat9.0 10.2.0.1
Hangzhou data center Vpn client FreeBsd4.9 10.3.0.1
3.2 Network Security
In addition to the vpn server, vpn clients in other data centers do not need public IP addresses, so the vpn server n
The first bottleneck of openvpn is that the Tun character device reads and writes frames at one link layer. The reason why the user-mode openvpn process must have the same link-MTU on both ends, it is because each time openvpn reads a complete Ethernet frame from the/dev/NET/TUN character device, there are not many, and the library interface: ssize_t read (int fd
bypass-dhcp"# Specify a DNS server for the clientPush "dhcp-option DNS 210.5.153.250"Push "dhcp-option DNS 192.168.0.1"# Configure to allow access between clientsClient-to-client# Enable allow multiple clients to connect at the same time. if the Common Name of the CA used by the Client is repeated, or the Client uses the same CA and keys to connect to the VPN, you must enable this option. Otherwise, only one person is allowed to connect.Duplicate-cn#
OpenVPN-ng: The application-layer tunnel for Mobile Life, And openvpn-ng Application LayerVPN makes people think that it is always a good thing and a way to escape from supervision. In fact, VPN has become the only synonym for escaping from supervision. You see, no matter what technology, IPSec, or WEB Proxy, as long as it is the technology that encrypts the original information, it can all be called VPN, s
10.8.0.0 255.255.255.0 Client-to-clientKeepAlive 10 120 Comp-lzo Persist-keyPersist-tunStatus/openvpn-2.0.5/easy-rsa/keys/openvpn-status.logVerb 4 Push "Dhcp-option DNS 10.8.0.1"Push "Dhcp-option DNS 70.88.98.10" # Name server address, how to obtain the following instructionsPush "Dhcp-option DNS 70.88.99.11" # Name server address, how to obtain the following instructionsDescription: Some domain is blocked
Build OpenVPN server with CentOS6
OpenVPN is a free open-source software used to create a Virtual Private Network (VPC) encrypted channel. OpenVPN allows you to easily build a dedicated network channel similar to a LAN between different network access sites, such as home, office, and hotel accommodation.
Using
: \ Program Files \ OpenVPN \ config directory.Right-click the icon in the lower right corner and select connect!3. Openvpn Internet access settings1. enable the routing functionIn linux, enabling the routing function is actually very simple. you only need to execute a command and it will be OK. In fact, this command is used to modify the/proc/sys/net/opv4/ip_for
1 openvpn OverviewVPN replaces expensive leased lines to implement a virtual network on the open Internet. The virtual network itself provides security protection for data on an insecure real network.Openvpn implements a flexible VPN. openvpn has the following advantages compared with the IPsec-based VPN implemented by modifying the Protocol Stack:1. openvpn does
1.Case Demand Analysis
This case uses the RHEL5 and Windows XP system environment to establish a secure ssl vpn connection 8.2 for two remote LAN and remote network management workstations across insecure Internet networks ).
The gateway servers of Beijing headquarters and Shanghai Branch both use the RHEL5 system. OpenVPN must be configured separately to connect two remote LAN LAN1 and lan2. In addition, the network management workstation located on
Download and install openvpn:Use flashget or any other method to download the openvpn installation package and install it. Remember to select the easy-RSA script,The bat script used to manage the CA.Http://openvpn.se/files/install_packages/openvpn-2.0.5-gui-1.0.3-install.exeAfter installation, easy-RSA is in the c: \ Program Files \ openvpn \ directory.Start conf
In windows, use openvpn in linux to log on to the Intranet of the remote server, and use linuxopenvpn.
Requirement: in some environments with strict network requirements, we are unable to remotely access the company's Intranet in a remote location, which brings us great inconvenience. However, we can achieve it easily through openvpn, next we will introduce it.
N
Use openvpn in linux to log on to the Intranet of the remote server
Requirement: in some environments with strict network requirements, we are unable to remotely access the company's Intranet in a remote location, which brings us great inconvenience. However, we can achieve it easily through openvpn, next we will introduce it.
1. Network Environment:
Company
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.