RHEL5OpenVPN °²×°ºÍWindows OpenVPN GUI °²×°±Ê¼Ç
----------------- ¸§ÇÙÖó¾Æ
ÍøÉÏÉÙÓÐRHEL5ÅäÖÃopenVPNµÄ×ÊÁÏ,ËùÒÔÌؽ«RHEL5ϵÄÅäÖùý³ÌдÏÂÀ´,Æä¹ý³ÌÓëRHEL4´óͬСÒì,Ï£ÍûÄܸø´ó¼Ò´øÀ´°ïÖú,תÔØÇë×¢Ã÷ÎҵIJ©¿ÍµØÖ·http://hi.baidu.com/yuhongchun027
Ò»¡¢ °²×°·þÎñÆ÷
1¡¢ µ½http://openvpn.net/ÉÏÏÂÔØopenvpnµÄ×îа棬ʱÖÁ½ñÈÕÊÇopenvpn-2.0.9.tar.gz¡£
a) ÍøÉ϶¼Ëµ»¹ÐèÒªlzoÕâ¸öѹËõ¿â¡£ÎÒûÓа²×°£¬ÔÚ±àÒë³ÌÐòµÄʱºòÖ»ÐèÒª¼ÓÉÏ--disable-lzo¾Í¿ÉÒÔÁË¡£ÕâÑùËùÓÐÒª°²×°µÄ¾ÍÊÇÒ»¸ö°üopenvpn-2.0.9.tar.gz¡£
2¡¢ ÉÏ´«µ½·þÎñÆ÷gait.buaa.edu.cnÉÏ£¬½â¿ª³ÉΪ/root/openvpn-2.0.9¡£
3¡¢ cd /root/openvpn-2.0.9
4¡¢ ./configure --disable-lzo¡£
1)½¨Á¢CA
ÔÚOpenVPNÔ´´úÂëĿ¼ÏÂÓÐÒ»¸ö\easy-rsa\2.0Ŀ¼£¬½øÈëºóÐÞ¸ÄvarsÎļþ×îºó²¿·ÖµÄÐÅÏ¢£º
export KEY_COUNTRY="CN"
export KEY_PROVINCE="BJ"
export KEY_CITY="Beijing"
export KEY_ORG="PKU"
export KEY_EMAIL=" xxxxxx@pku.edu.cn"
±£´æÍ˳ö£¬ÔÙÔËÐУº
source vars
./clean-all
./build-ca
È»ºó¾ÍÊÇÒ»¶ÎÌáʾ£¬ÒªÇóÊäÈëÐÅÏ¢£¬´ó²¿·ÖÐÅϢĬÈϾÍÊÇÉÏÊövarsÎļþÀïµÄÐÅÏ¢£¬×Ô¼ºÖ»ÐèÒªÌîд¡°Organizational Unit Name¡±Ò»ÏÕâ¸öËæ±ãдһ¸ö¾ÍÊÇÁË£¬Ò²¿ÉÒÔ²»Ð´£¬ÎÒ¾ÍûÓÐд¡£
2)Ϊ·þÎñÆ÷Éú³ÉÖ¤ÊéºÍÃÜÔ¿
./build-key-server server
»¹ÊÇÓëÉÏÒ»²½ÀàËÆ£¬×Ô¼ºÖ»ÐèÒªÌîд¡°Organizational Unit Name¡±Ò»ÏҲ¿ÉÒÔ²»Ð´,´Ë²½²»Ð´µÄ»°½¨Á¢windows VPN clientÒªÄÜÕýÈ·½âÎöVPN·þÎñÆ÷Ãû,ÎÒ¸ü¸ÄµÄÊÇc:\windows\system32/drivers/etc/hostsÎļþ,½«VPN·þÎñÆ÷µÄÓòÃû½âÎöÎļþдÈë´Ë.
»¹»á³öÏÖ£º¡°Sign the certificate? [y/n]¡±ºÍ¡°1 out of 1 certificate requests certified, commit? [y/n]¡±£¬¶¼ÊäÈëyÈ»ºó»Ø³µ¡£
./build-key-server server
./build-key-server server
Generating a 1024 bit RSA private key
......++++++
....................++++++
writing new private key to 'server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CN]:
State or Province Name (full name) [BJ]:
Locality Name (eg, city) [BJ]:
Organization Name (eg, company) [buaa]:
Organizational Unit Name (eg, section) []:gait
Common Name (eg, your name or your server's hostname) []:server
Email Address [support@cooldvd.com]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:abcd1234
An optional company name []:dvdmaster
Using configuration from /openvpn-2.0.5/easy-rsa/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'CN'
stateOrProvinceName :PRINTABLE:'GD'
localityName :PRINTABLE:'SZ'
organizationName :PRINTABLE:'dvdmaster'
organizationalUnitName:PRINTABLE:'dvdmaster'
commonName :PRINTABLE:'server'
emailAddress :IA5STRING:'support@cooldvd.com'
Certificate is to be certified until Mar 19 08:15:31 2016 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
3)ÔÚopenvpnÖУ¬ÕâÖÖÅäÖ÷½·¨ÊÇÿһ¸öµÇ½µÄVPN¿Í»§¶ËÐèÒªÓÐÒ»¸öÖ¤Ê飬ÿ¸öÖ¤ÊéÔÚͬһʱ¿ÌÖ»Äܹ©Ò»¸ö¿Í»§¶ËÁ¬½Ó£¨Èç¹ûÓÐÁ½¸ö»úÆ÷°²×°Ïà֤ͬÊ飬ͬʱ²¦·þÎñÆ÷£¬¶¼Äܲ¦ÉÏ£¬µ«ÊÇÖ»ÓеÚÒ»¸ö²¦ÉϵIJÅÄÜÁ¬Í¨ÍøÂ磩¡£ËùÒÔÐèÒª½¨Á¢Ðí¶à·ÝÖ¤Êé¡£ÏÂÃ潨Á¢2·Ý£¬Ãû³Æ·Ö±ðΪclient1ºÍclient2
./build-key client1
Generating a 1024 bit RSA private key
.....++++++
......++++++
writing new private key to 'client1.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CN]:
State or Province Name (full name) [BJ]:
Locality Name (eg, city) [BJ]:
Organization Name (eg, company) [buaa]:
Organizational Unit Name (eg, section) []:gait
Common Name (eg, your name or your server's hostname) []:client1 #ÖØÒª: ÿ¸ö²»Í¬µÄ client Éú³ÉµÄÖ¤Êé, Ãû×Ö±ØÐ벻ͬ.
Email Address [support@cooldvd.com]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:abcd1234
An optional company name []:gait
Using configuration from /openvpn-2.0.5/easy-rsa/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'CN'
stateOrProvinceName :PRINTABLE:'GD'
localityName :PRINTABLE:'SZ'
organizationName :PRINTABLE:'dvdmaster'
organizationalUnitName:PRINTABLE:'dvdmaster'
commonName :PRINTABLE:'client1'
emailAddress :IA5STRING:'support@cooldvd.com'
Certificate is to be certified until Mar 19 08:22:00 2016 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
3)Ϊ¿Í»§¶ËÉú³ÉÖ¤ÊéºÍÃÜÔ¿ openvpnÖУ¬ÕâÖÖÅäÖ÷½·¨ÊÇÿһ¸öµÇ½µÄVPN¿Í»§¶ËÐèÒªÓÐÒ»¸öÖ¤Ê飬ÿ¸öÖ¤ÊéÔÚͬһʱ¿ÌÖ»Äܹ©Ò»¸ö¿Í»§¶ËÁ¬½Ó£¨Èç¹ûÓÐÁ½¸ö»úÆ÷°²×°Ïà֤ͬÊ飬ͬʱ²¦·þÎñÆ÷£¬¶¼Äܲ¦ÉÏ£¬µ«ÊÇÖ»ÓеÚÒ»¸ö²¦ÉϵIJÅÄÜÁ¬Í¨ÍøÂ磩¡£ËùÒÔÐèÒª½¨Á¢Ðí¶à·ÝÖ¤Êé¡£ÏÂÃ潨Á¢Èý·Ý£¬Ãû³Æ·Ö±ðΪclient1ºÍclient2
-key client1
Generating a 1024 bit RSA private key
.....++++++
......++++++
writing new private key to 'client1.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CN]:
State or Province Name (full name) [BJ]:
Locality Name (eg, city) [BJ]:
Organization Name (eg, company) [buaa]:
Organizational Unit Name (eg, section) []:gait
Common Name (eg, your name or your server's hostname) []:client1 #ÖØÒª: ÿ¸ö²»Í¬µÄ client Éú³ÉµÄÖ¤Êé, Ãû×Ö±ØÐ벻ͬ.
Email Address [support@cooldvd.com]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:abcd1234
An optional company name []:gait
Using configuration from /openvpn-2.0.5/easy-rsa/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'CN'
stateOrProvinceName :PRINTABLE:'GD'
localityName :PRINTABLE:'SZ'
organizationName :PRINTABLE:'dvdmaster'
organizationalUnitName:PRINTABLE:'dvdmaster'
commonName :PRINTABLE:'client1'
emailAddress :IA5STRING:'support@cooldvd.com'
Certificate is to be certified until Mar 19 08:22:00 2016 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
ÒÀ´ÎÀàÍÆÉú³ÉÆäËû¿Í»§¶ËÖ¤Êé/key:
./build-key client2
./build-dh
4)ÅäÖ÷þÎñÆ÷VPNÎļþ
a) cp /root/openvpn-2.0.9/sample-config-files/server.conf /usr/local/etc/server.conf
b) vi /usr/local/etc/server.conf
i. proto udp¸Ä³Éproto tcp
ii. caÄÇËÄÐиijÉ
ca /root/openvpn-2.0.9/easy-rsa/keys/2.0/ca.crt
cert /root/openvpn-2.0.9/easy-rsa/keys/2.0/server.crt
key /root/openvpn-2.0.9/easy-rsa/keys/2.0/server.key
dh /root/openvpn-2.0.9/easy-rsa/keys/2.0/dh1024.pem
iii. serverÄÇÐиijÉ
server 10.0.0.0 255.255.255.0
iv. ×¢Ê͵ôcomp-lzo
v. ¸Ä³Éverb 5¿ÉÒÔ¶à²é¿´Ò»Ð©µ÷ÊÔÐÅÏ¢
5) Æô¶¯·þÎñ£º
a) ¹Ø±Õ·þÎñÆ÷¡¢·À»ðǽÉÏËùÓжÔSSH£¨22£©¡¢openvpn£¨1194£©µÄÀ¹½Ø¡£
b) echo 1> /proc/sys/net/ipv4/ip_forward
c) /usr/local/sbin/openvpn --config /usr/local/etc/server.conf
¶þ.°²×°WidnowsVPN¿Í»§¶Ë
4. °²×°¿Í»§¶Ë
1¡¢ ´Óhttp://openvpn.se/ÉÏÏÂÔØÓëopenvpn·þÎñÆ÷°æ±¾Ò»ÖµÄWindows¿Í»§¶Ë¡°OpenVPN GUI For Windows¡±
a) ÀýÈç, ·þÎñÆ÷×°µÄÊÇ OpenVPN 2.09, ÄÇôÏÂÔØµÄ OpenVPN GUI fow windowsÓ¦¸ÃÊÇ: openvpn-2.0.9-gui-1.0.3-install.exe
2¡¢ Ö´ÐÐopenvpn-2.0.9-gui-1.0.3-install.exe¡£Ò»ÇвÉÓÃĬÈÏÉèÖá£
3¡¢ ½«ca.crt¡¢client1.crt¡¢client1.key¸´ÖƵ½C:\Program Files\OpenVPN\config¡££¨²»Í¬Óû§Ê¹Óò»Í¬µÄÖ¤Ê飬ÿ¸öÖ¤Êé°üÀ¨.crtºÍ.keyÁ½¸öÎļþ£¬Èçclient2.crtºÍclient2.key£©
4¡¢ ÔÚ/root/openvpn-2.0.9/sample-config-files/client.conf µÄ»ù´¡ÉϽ¨Á¢¿Í»§¶ËÅäÖÃÎļþ£¬¸ÄÃûΪC:\Program Files\OpenVPN\config\client.ovpn
a) proto udp¸Ä³Éproto tcp
b) remoteÄÇÐиijÉ
gait.buaa.edu.cn 1194
c) caÄÇ3ÐиÄΪ
ca ca.crt
cert client1.crt
key client1.key
d) ×¢Ê͵ôcomp-lzo
5¡¢ Á¬½Ó£ºÔÚÓÒϽǵÄopenvpnͼ±êÉÏÓÒ»÷£¬Ñ¡Ôñ¡°Connect¡±¡£Õý³£Çé¿öÏÂÓ¦¸ÃÄܹ»Á¬½Ó³É¹¦£¬·ÖÅäÕý³£µÄIP¡£
[ ±¾Ìû×îºóÓÉ yuhongchun ÓÚ 2008-6-16 11:33 ±à¼ ]
ljp50598313 ÓÚ 2009-09-28 11:02:19·¢±í:
ÄÇÈç¹ûÎÒÓÃRedrat 5.0×öÍøÂç¶ÔÍøÂçµÄVPNÄØ£¬ÊÇÔÚADSL¶¯Ì¬µÄIPÏ£¬ÓÖÒªÔõô×öÄØ£¡
yuhongchun ÓÚ 2008-06-16 11:33:42·¢±í:
http://hi.baidu.com/yuhongchun027,¸üеøüÏêϸЩ.
yuhongchun ÓÚ 2008-06-15 11:36:18·¢±í:
Ö§³ÖÔ´´°¡
yuhongchun ÓÚ 2008-06-15 11:36:00·¢±í:
ϲ»¶µÄÈËÇë°ï涥¹þ.
yuhongchun ÓÚ 2008-06-14 00:02:58·¢±í:
¾õµÃºÃ¾Í¶¥ÏÂ:0)1
Drcede ÓÚ 2008-06-13 20:49:02·¢±í:
ѧϰÁË
yuhongchun ÓÚ 2008-06-13 17:13:00·¢±í:
ÂÛ̳¶ÔͼƬ֧³ÖµÃ²»ÊÇÌ«ºÃ. ¿Í»§¶ËremoteÄÇÐÐ,д·þÎñÆ÷µÄÓòÃûÒ²¿É(hostsÎļþ)