Rotten mud: ubuntu 14.04 OpenVPN server, 14.04 openvpn
This article is written by Xiuyi Lin FengProviding friendship sponsorship, first launched in the dark world
The company branch needs to connect to the company's internal server, but the server only allows access to the company's internal network.
To solve this problem, we plan to use VPN. PPTP is the most widely used solution for VPN in the past, but
Mud: openvpn configuration file details, openvpn configuration file
This document consistsXiuyi Lin FengProviding friendship sponsorship, first launchedThe world
In the previous article "build OpenVPN server in ubuntu 14.04", we mainly explained how to build and use openvpn. In this article, we will detail the config
address of the DNS server)Client-to-clientKeepalive 10 120Comp-lzoMax-client 100User nobodyGroup nobodyPersist-keyPersist-tunStatus/home/weijunping/openvpn-2.0.9/easy-rsa/keys/openvpn-status.logVerb 45. deploy the server key file# Mkdir/usr/local/openvpn/etc/keys# Cd/home/weijunping/openvpn-2.0.9/easy-rsa/keys# Cp ca.
The first bottleneck of openvpn is that the Tun character device reads and writes frames at one link layer. The reason why the user-mode openvpn process must have the same link-MTU on both ends, it is because each time openvpn reads a complete Ethernet frame from the/dev/NET/TUN character device, there are not many, and the library interface: ssize_t read (int fd
# Cd/etc/openvpn
# Vim server. conf (this file is not available by default)
Local 192.168.10.191
Port 1194
Proto udp
Dev tun
Ca. crt
Cert server. crt
Key server. key
Dh dh1024.pem
Server11.8.0.0255.255.255.0
Keepalive 10 120
Comp-lzo
Persist-key
Persist-tun
Logopenvpn. log
Log-append openvpn. log
Status openvpn-status.log
Verb 3
Start the server
#
listening port. The corresponding port 1194 must be enabled in the firewall # Set the TCP or UDP protocol? Proto tcp proto udp # Set the Route IP channel for creating tun or the Ethernet channel for creating tap # It is easy to control the Route IP, so we recommend using it; however, if IPX and so on must # use the second layer for communication, you can use the tap mode, that is, tap # Ethernet bridging; dev tap dev tun # Windows needs to give the NIC a name, set here, not required for linux;
firewall # Set the TCP or UDP protocol? Proto tcp proto udp # Set the Route IP channel for creating tun or the Ethernet channel for creating tap # It is easy to control the Route IP, so we recommend using it; however, if IPX and so on must # use the second layer for communication, you can use the tap mode, that is, tap # Ethernet bridging; dev tap dev tun # Windows needs to give the NIC a name, set here, not required for linux; dev-node MyTap # The key here. SSL/TLS root certificate (ca), # cer
-clientDuplicate-cnKeepalive 10 120Comp-lzoUser nobodyGroup nobodyPersist-keyPersist-tunStatus/data/logs/openvpn-status.logLog/data/logs/openvpn. logLog-append/data/logs/openvpn. logVerb 3
6. start OpenVPN
After modification, you can start the vpn. -- daemon is used to start
OpenVPN-ng: The application-layer tunnel for Mobile Life, And openvpn-ng Application LayerVPN makes people think that it is always a good thing and a way to escape from supervision. In fact, VPN has become the only synonym for escaping from supervision. You see, no matter what technology, IPSec, or WEB Proxy, as long as it is the technology that encrypts the original information, it can all be called VPN, s
OpenVPN server configuration file description (transfer), openvpn configuration file
This article describes how to configure the configuration file on the OpenVPN server. In Windows, this configuration file is generally called server. ovpn. in Linux/BSD, this configuration file is generally called server. conf. Although the configuration file name is different, t
client to access the private network address of the server backend, for example, 192.168.150.0/24client-config-dir CCD: Specify the client-config directory name.
Route 192.168.153.0 255.255.255.0: Allow a unique private network address to access the VPN, such as 192.168.153.0/24 keepalive 10 120: Ping every 10 seconds, if no response is received within 120 seconds, the client has been down to comp-lzo: the compression algorithm is used for VPN connections. The server/client must activate the us
Today, I saw someone in the group talking about openvpn. I just had a holiday at home, so I just studied it. I used the openvpn client when I was a little white two years ago when I was in the old unit and connected to the headquarters OA. I felt that the project should be usable in the future, SOgoogle has a lot of pieces of information on the Internet, and it has been around for a long time. according to
Based on the linux operating system architecture openvpn Summary-Linux Enterprise Application-Linux server application information, the following is a detailed description. Use OPENVPN to connect data centers 1
1 status quo 2
2 network structure 2
3. server information and network security 4
3.1 server information 4
3.2 Network Security 4
4 Use openvpn for
when the NIC is disabled and load iptables rules at startup:
# Vim/etc/network/if-post-down.d/iptables
Add the following content:
#! /Bin/bash
Iptables-save>/etc/iptables. rules
Grant execution permission:
# Chmod + x/etc/network/if-post-down.d/iptables
Create a/etc/network/if-pre-up.d/iptables File
Vim/etc/network/if-pre-up.d/iptables
Add the following content:
#! /Bin/bash
Iptables-restore
Grant execution permission:
# Chmod + x/etc/network/if-pre-up.d/iptable
Build openvpn server in Centos6.5
Because the new version of openvpn does not contain the most important certificate preparation part: easy-rsa, You need to download easyrsa in advance and download it on GitHub. The configuration process will be shown in the following step, this deployment uses the easy-rsa3, And the easy-rsa2.0 operation is completely different, other online on the easy-rsa2.0 of the tutor
I. openvpn introduction openvpn is an SSL-based vpn. it uses the industrial standard SSL/TLS protocol to implement the Layer 2 and Layer 3 secure data link VPN. it has the following advantages: 1. based on the SSL protocol, security, and using a single TCP or UDP port can achieve 2. using two-way authentication...
I. INTRODUCTION to openvpnOpenvpn is an SSL-based vpn. it uses the industrial standard SSL/TLS
Daemon 1, Guardian processMaster Process Creation DaemonOne: The daemon terminates after the execution of the main process code is completedSecond: The daemon can no longer open the child process, or throw an exception: Assertionerror:daemonic processes is not allowed to has childrenNote: Processes are independent of each other, the main process code is running a
Build an OpenVPN service environment using CentOS
I will not say much about the purpose of the OpenVPN environment, because friends who see this information should understand and need to use this tutorial. This tutorial has been prepared by @ qingliu for several hours. After multiple reinstallation drills, you can install and use it. The VPS environment is based on CENTOS6, if you want to install it, take a
Openvpn construction in linuxTags: original vpn files, which can be reprinted. During reprinting, you must use hyperlinks to indicate the original source, author information, and this statement. Otherwise, legal liability will be held. Http://304076020.blog.51cto.com/7503470/1605312
Lab EnvironmentSystem: centos 6.5Hostname: openvpn-serverIp: 192.168.1.236
Installation Package address: http://down.51cto.com
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.