192.168.2.0 255.255.255.0 # the IP address range allocated by the openvpn server to the vpn Client. do not conflict with the company's actual IP address range.Verb 5[Root @ openvpn-server 2.0] # echo "1">/proc/sys/net/ipv4/ip_forward # enable ip forwarding to ensure data packets flow between different network segments.[Root @ openvpn-server ~] #/Usr/local/sbin/openvpn -- config/etc/server. conf # Start the vpn and add it to the background for running[Root @ openvpn-server ~] # Netstat-anpt | g
configuration file for OpenVPN 2.0 for multiple clients## This profile can be used by multiple clients, but each client should have its own certificate and key file## The suffix for this profile on Windows should be '. Ovpn ' and in the LINUX/BSD system it is '. conf '##############################################
# Specifies that this is a client and we will get some configuration file directives from the serverClient
# In most systems, VPN will n
comprehensive business SLA (service level negotiation).
Network management, in addition to the traditional SDH network performance, Alarm, configuration, security and other aspects of management, but also to achieve end-to-end link performance testing and monitoring, network resource optimization, billing data provision, CNM (Customer network Management), OVPN (Optical virtual private network) and other functions. Network resource optimization syste
each restart of openvpn.
Verb 3
Set the log record length level.
; Mute 20
Repeat log limit
The above is the content of the server. conf configuration file on the openvpn server.
3. client. conf client configuration file
The configuration file client. conf of the openvpn client is simple as follows:
Grep-vE "^ # | ^; | ^ $" client. ovpn
Client
Define this as a client, and pull the configuration from the server pull, such as the IP addre
openvpn Server:
# Serviceopenvpn start
Take windows as an example:
Client operation steps:
Download windows client:
Http://openvpn.ustc.edu.cn/openvpn-install-2.3.6-I603-x86_64.exe
After the client software is installed, extract the certificate required by the client packaged from the server to the config directory under the Client installation directory.
Create a client configuration file:
Client. ovpn
Client
Dev tun
Proto tcp
Remote 211.152.x.x 11
How to configure the openvpn client in linux, link the server through ssh, and openvpnssh
Openvpn InstallationApt-get install openvpnOpenvpn ConfigurationCopy the ovpn configuration file to the/etc/openvpn directory.Openvpn connection to the VPN ServerOpenvpn -- config/etc/openvpn/*. vnpInstall and configure openvpn on macHttp://www.lovessh.com/macosx-openvpn-client-tunnelblick-setup/Openvpn installation and configuration in ubuntuHttp://www.myhack58
. Use winscp to copy all the ca, server, and client. crt and. key Files generated on the server to the config folder in the client installation directory. Note that certificates and keys of different clients must correspond to different clients.
3. Copy the client. conf configuration file under the Server installation directory to the config directory of the client, and modify the suffix. ovpn.
4. Right-click the icon in the lower right corner and sel
server is successfully started.
Configure PF:
Remove # net. inet. ip. forwarding = 1 # Comment
Bash-3.2 # vi/etc/sysctl. conf
Add comfortable forwarding
Bash-3.2 # vi/etc/pf. conf. Note that my nic is em0. add:
Ext_if = "em0"
Int_if = "tun0"
Internal_net = "10.8.0.0/24"
Nat on $ ext_if from 10.8.0.0/24 to any-> $ ext_if
Pass quick on lo0 all
Configure the OpenVPN client:
Set/etc/openvpn/easy-rsa/keys/ca in the server. crt,/etc/openvpn/easy-rsa/keys/ta. key is saved locally, and the client fil
# Write the openvpn quota status information to the file on a regular basis, so that you can write your own program for billing or perform other operationsStatus/var/log/openvpn_status.log# Record logs. after openvpn is restarted, the original log information is deleted.; Log openvpn. log# Consistent with log, the original log information is retained after each restart of openvpn, and the new information is appended to the end of the file.Log-append/var/log/openvpn. logVerb 4; Mute 209. modify s
/weijunping/openvpn-2.0.9/easy-rsa/keysDownload ca. crt, ca. key, weijunping. crt, weijunping. csr, and weijunping. key to the local device.Download the client configuration file client. conf and rename it to client. ovpn.The content is as follows:ClientDev tunProto udpRemote 172.16.10.231 1194Resolv-retry infiniteNobindUser nobodyGroup nobodyPersist-keyPersist-tunCa "C: \ Program Files \ OpenVPN \ config \ ca. crt"Cert "C :\\ Program Files \ OpenVPN \ config \ weijunping. crt"Key "C :\\ Program
, and then start.
"OpenVPN Use"
HTTPS://IP:943/, Access this address, enter a username and password, and choose login (not the default connect) to log in:
Download Ovpn configuration file:
Download the save, then copy to the directory, or copy directly to the C:Program Filesopenvpnconfig directory;
Of course, there is a prerequisite for this directory, you must first install the OpenVPN client
Client digital certificate is abc during connection negotiation, the VPN Server will find the abc file in the configuration directory.
Configure OpenVPN Client
Create the following Client. ovpn file under the config Directory of the OpenVPN installation directory on the client machine:
Client
Dev tun
Proto udp
Remote vpn_server_ip 1494
Ca. crt
Cryptoapicert "SUBJ: abc"
Nobind
Persist-key
Persist-tun
Verb 2
Modify the remote line and
state -- state NEW-m udp -- dport 1194-j ACCEPT
-A input-I tun +-j ACCEPT
-A forward-d 10.8.0.0/24-j ACCEPT
-A forward-I tun +-j ACCEPT
-A input-j DROP
COMMIT
# Completed on Tue May 5 11:25:43 2015
Taking windows as an example:
Client operation steps:
Download windows client:
Http://openvpn.ustc.edu.cn/openvpn-install-2.3.6-I603-x86_64.exe
After the client software is installed, extract the certificate required by the client packaged from the server to the config directory under the Client ins
method. Here, the password + CA certificate is used as an example [DearVPN uses this method]
Username, password not to mention, all know.
Select the CA certificate from the provider.
3. Advanced Configuration [important!]
In the Configuration window, click "advanced" to bring up the following window:
Select the following options based on the server configuration (which can be found in the client. ovpn configuration file:
1. If your VPN provider use
config files
AlonWeb: Official, local download
UltraVPN: Local download
Set the VPN and add the VPN in network-manager. Here I use the pilot type, download the above two files, decompress them, and import the specified AlonWeb client. in the ovpn file, a dialog box is displayed. Enter the previously applied Alonweb account and password and click Apply. In the same way, import the configuration file of UltraVPN again.
Connect to the VPN and selec
. configure OPENVPN # check the following value: local 0.0.0.0 # route push "route 192.168.10.0 route 255.255.0" tls-auth ta to be advertised on your OPENVPN Server. key 0 # This file is secret log openvpn. log plugin. /openvpn-auth-pam.so openvpn client-cert-not-required username-as-common-name 6, start OPENVPN [root @ localhost openvpn] # service openvpn start 6, configure the client 1, install the client # # One-way carriage return installation successful 2. configure the client # enter the d
:---------------------------------------
Download openvpn to local:
Http://swupdate.openvpn.org/community/releases/openvpn-2.2.2-install.exe
Copy the downloaded key file to the config file,
Copy the client file in the local sample-config folder to the config file and change:
; Remote my-server-1 1194
; Remote my-server-2 1194
Changed:
Remote ligengsheng.chinacloudapp.cn 1194
; Remote my-server-2 1194
Change the key file name:
# File can be used for all cl
warning and click "continue ". Make sure that the TAP Win32 adapter V9 is correctly installed. After this step is complete, you can see a local connection in Control Panel-> network connection, property is TAP-Win32 adapter (if there are repeated installation before and after, you can use the delete all tap virtual Ethernet Adapter tool in utilities to clear it)
5. Finally, copy your ovpn file, CRT file, and key file to the config directory of t
:
#iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 192.168.122.180
Change 192.168.122.180 to the IP address of your VPs.
Use/Etc/init. d/iptables saveSave iptables settings, and then/Etc/init. d/iptables restartRestart.
Copy the keys directory to/etc/openvpn
Copy server. conf in the anti-template to/etc/openvpn and configure it according to your actual situation. The following is my Configuration:
local 192.168.122.180port 1194proto udp dev tun ca /etc/openvpn/keys/ca
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.