. I didn't add a firewall here, which is equivalent to putting the Openvpn server in the DMZ zone, the topology of the experiment is as follows:
1. Set up the experiment environment:
(1) Use Dynamips to simulate two cisco routers, configure the IP address on port f0/0, and configure the corresponding default route.
(2) VMware Workstation one install Ubuntu server 10.04,
OpenVPN server verified by account and password
EnvironmentServer: CentOS 6.7 32-bitClient: Windows XP
Server Configuration# Disable SELinuxSed-I '/^ SELINUX \ B/s/=. */= disabled/'/etc/selinux/configSetenforce 0
# Install mysql-serverYum-y install mysql-server
# Start the mysqld serviceService mysqld start
# Initialize the mysql administrator passwordMysqladmin-uroot password RedHat
# Create a radius DatabaseMysqladmin-uroot-predhat create radius
# I
The recent OpenVPN service abnormal quit many times, because the original in order to troubleshoot problems record a large number of debug log, resulting in problems when you want to locate the problem is very difficult, the instant log was brushed off, the process dropped, instantaneous start, instantaneous and dropped, resulting in a lot of orders lost! Because the day file records too much useless information, dare not to search the log to locate t
The recent OpenVPN service abnormal quit many times, because the original in order to troubleshoot problems record a large number of debug log, resulting in problems when you want to locate the problem is very difficult, the instant log was brushed off, the process dropped, instantaneous start, instantaneous and dropped, resulting in a lot of orders lost! Because the day file records too much useless information, dare not to search the log to locate t
VPN is a virtual private network, is provided to the enterprise or between the individual and the company security data transmission between the tunnel, OpenVPN is the Linux open source VPN leader, provides the good performance and the friendly user GUI, uses the OpenSSL library encryption and the authentication function. Supports UDP and TCP protocols and provides two kinds of virtual network interfaces: Tun/tap mode. The following is the installatio
OpenVPN is another VPN software package different from PPTP and L2TP. It is based on ssl vpn. The use of OpenVPN requires client support. Here the system is CentOS6.4.I. Check the environment required by OpenVPNOpenVPN requires support from TUN devices and the nat module of iptables.1. Check the TUN module:Modinfo tunShown as follows: If an error is reported, the TUN device is not supported. 2. In OpenVZ VP
Before installation, use cat/dev/net/tun to check whether tun/tap [root @ lx_web_s1 ~] is enabled. # Cat/dev/net/tuncat:/dev/net/tun: Filedescriptorinbadstate indicates that tun/tap has been enabled. you can install openVPN and configure the VPN server. 1. install and prepare yum-yinsta.
Run cat/dev/net/tun to check whether tun/tap is enabled before installation.[Root @ lx_web_s1 ~] # Cat/dev/net/tunCat:/dev/net/tun: File descriptor in bad stateIt ind
[Centos] install openvpn server (easy-rsa3)VPN is widely used in office and fan wall fields. We may use it in small office networks recently. Learn it first.The vpn server must have a public ip address, which can be used by clients in multiple environments.ConceptPKI: Public Key Infrastructure CA: core of Certificate Authority pkiCentos6.6 in virtual machine environmentNic
eth0 Link encap:Ethernet HWaddr 00:50:56:35:E7:EC inet addr:19
The difference between an OpenVPN internal route and a system route is that the system route completely follows the longest prefix matching principle. After finding the route, the data packet is forwarded from the corresponding Nic interface. Although the routes inside OpenVPN ultimately decide whether to forward and where to forward data packets, this "whether to forward" and "where to forward" is very dif
Details of the Linux neighbor subsystem: confirm-OpenVPN server mode MAC address learning, confirm-openvpnmacIn the article parsing the aging time principle of ARP cache implemented by Linux, I analyzed the conversion of the neighbor subsystem of IPv4 on the Linux protocol stack and again pasted the state machine Conversion Diagram, but this figure is more detailed, because it has an external input, that is, confirm:
Note that if the socket or routi
1.
Environment 1.1. server environment
Centos6, kernel version: 2.6.32-71. el6The IP address is 192.168.122.180, and the tunnel IP address is 10.8.0.1.
Kernel must support Tun devices and must load iptablesCheck whether Tun is installed:
# Modinfo Tun
Filename:/lib/modules/2.6.32-71. el6.i686/kernel/Drivers/NET/TUN. KoAlias: Char-Major-10-200License: GPLAuthor: (c) 1999-2004 Max kranyansky maxk@qualcomm.comDescription: Universal tun/TAP Device DriverSrcversion: 7d2aaef89c71c83bbffa0deDe
Use openvpn + linux to quickly establish an enterprise VPN
Openvpn introduction http://openvpn.sourceforge.net/, not much said.
Openvpn can work in two modes:
One is the IP Route mode, which is mainly used for point-to-point
One is the Ethernet-based Tunnel Bridge mode, which is applicable to point-to-point and multi-point networks with multiple branches
The conf
OpenVPN Increase the script for logging user log
Cat connect.sh
#!/bin/bash
time= ' Date +%f '
if [-f/etc/openvpn/log/openvpn_$time.log];then touch
/ Etc/openvpn/log/openvpn_$time.log
echo "' Date ' +%f%h:%m:%s ' User $common _name trust_ip $trusted _ip is login, REMOTE_IP is $ifconfig _pool_remote_ip, Mask is $route _netmask_1 ">>/etc/
By simply using the openvpn proxy, all traffic on the local machine will go through the Remote VPN Server. However, when we roll over the wall, it is generally the traffic webpage, that is, as long as the http traffic goes through the VPN. Openvpn combined with squid's http forward proxy can provide the wall-over function for Web browsing, while other traffic such as QQ and thunder still follows the normal
Openvpn is actually used for transmission at the application layer. You can select UDP/TCP as the transmission protocol. UDP is more commonly used. The reason is described in this article.
Why openvpn network?
If I want to access the network resources of the Organization at home, VPN is a good choice, but in general, setting up a VPN requires a VPN Server, that is, at least one real IP address, this is not
Use OPENVPN to implement Intranet mutual access between two locations (1) master server configurationMaster Server Configuration
Functions to be implemented:
Shenzhen:Master VPN Server: dns.dog.comInternet ip-eth1: 192.168.68.71Intranet ip-eth0: 10.1.1.254Guangzhou:VPN Server: lvs1.dog.comInternet ip-eth1: 192.168.68.73Intranet ip-eth0: 10.1.2.1Clients outside China:192.168.68.79Shenzhen-Guangzhou tunnel uses virtual IP addresses 10.8.0.1 and 10.8.0.
VPN protocols: PPTP, L2TP, and OpenVPN1. Concepts of PPTP, L2TP, and OpenVPN Tunneling Protocols 1. Default port number of PPTP (Point to Point Tunneling Protocol): 1723 PPTP, or PPTF Protocol. This protocol is a new enhanced security protocol developed on the basis of the PPP protocol. It supports multi-protocol Virtual Private Network (VPN) and can pass the password authentication protocol (PAP) and Extended Authentication Protocol (EAP) to enhance
First, the working principle of OpenVPN
VPN technology establishes a private tunnel on the public network through key exchange, encapsulation, authentication and encryption, which guarantees the integrity, privacy and effectiveness of the transmitted data. OpenVPN is a new open source project emerging in recent years, which realizes a sslvpn solution.
Traditional SSL VPN through the port proxy method, the
Article title: use Openbsd and Openvpn to quickly establish an enterprise VPN. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
Use openbsd + openvpn to quickly establish an enterprise vpn
Openvpn can work in two modes:
One is
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.