{"id":8709,"date":"2024-09-14T09:58:53","date_gmt":"2024-09-14T01:58:53","guid":{"rendered":"http:\/\/999.zuizhuai.cn\/?p=8709"},"modified":"2024-09-14T09:58:53","modified_gmt":"2024-09-14T01:58:53","slug":"%e6%89%8b%e6%8a%8a%e6%89%8b%e6%95%99%e4%bd%a0%e6%90%ad%e5%bb%baopenvpn%ef%bc%88%e4%bf%9d%e5%a7%86%e7%ba%a7%e6%95%99%e7%a8%8b%ef%bc%89%ef%bc%81","status":"publish","type":"post","link":"http:\/\/puo.cn\/?p=8709","title":{"rendered":"\u624b\u628a\u624b\u6559\u4f60\u642d\u5efaOpenVPN\uff08\u4fdd\u59c6\u7ea7\u6559\u7a0b\uff09\uff01"},"content":{"rendered":"

OpenVPN\u539f\u7406\u53ca\u90e8\u7f72\u4f7f\u7528<\/h1>\n

1. \u7b80\u4ecb<\/h3>\n
\n

\u2002\u2002\u2002\u2002VPN\u6280\u672f\u901a\u8fc7\u5bc6\u94a5\u4ea4\u6362\u3001\u5c01\u88c5\u3001\u8ba4\u8bc1\u3001\u52a0\u5bc6\u624b\u6bb5\u5728\u516c\u5171\u7f51\u7edc\u4e0a\u5efa\u7acb\u8d77\u79c1\u5bc6\u7684\u96a7\u9053\uff0c\u4fdd\u969c\u4f20\u8f93\u6570\u636e\u7684\u5b8c\u6574\u6027\u3001\u79c1\u5bc6\u6027\u548c\u6709\u6548\u6027\u3002OpenVPN\u662f\u8fd1\u5e74\u6765\u65b0\u51fa\u73b0\u7684\u5f00\u653e\u6e90\u7801\u9879\u76ee\uff0c\u5b9e\u73b0\u4e86SSL VPN\u7684\u4e00\u79cd\u89e3\u51b3\u65b9\u6848\u3002<\/p>\n<\/blockquote>\n

2.\u5e94\u7528\u573a\u666f<\/h3>\n
\n

\u6709\u4e00\u4e9b\u7c7b\u4f3c\u8fd9\u6837\u7684\u60c5\u5f62\u6216\u9700\u6c42\uff1a<\/p>\n

1\u3001\u5f00\u53d1:\u901a\u8fc7OpenVPN\u8ba9\u5f00\u53d1\u4eba\u5458\u8fde\u63a5\u7f51\u7ad9,\u8fdb\u884c\u5f00\u53d1\u6d4b\u8bd5(\u5728\u5bb6\u7684\u65f6\u5019)<\/p>\n

2\u3001\u8fd0\u7ef4:\u901a\u8fc7OpenVPN\u8ba9\u8fd0\u7ef4\u8fde\u63a5\u5185\u7f51\u670d\u52a1\u5668,\u6216\u8005\u662f\u8fde\u63a5JUMPSERVER<\/p>\n

\n

\u5728\u5bb6\u91cc\u60f3\u8fdb\u5165\u516c\u53f8\u7f51\u7ad9\u7684\u7ba1\u7406\u754c\u9762\uff0c\u4f46\u7ba1\u7406\u7cfb\u7edf\u9650\u5236\u4e86\u4ec5\u5141\u8bb8\u6765\u81ea\u516c\u53f8IP\u53ef\u4ee5\u8bbf\u95ee\u60f3\u8fde\u63a5\u5230\u67d0\u4e2a\u7279\u522b\u7f51\u7ad9\u7684\u7279\u522b\u7f51\u7edc\u5e94\u7528\uff0c\u4f46\u672c\u5730\u7684ISP\u6216\u8def\u7531\u8282\u70b9\u4e0d\u5141\u8bb8\u60a8\u53bb\u8fde\u63a5\u5b83\u672c\u5730\u7684ISP\u6216\u8def\u7531\u8282\u70b9\u53ef\u80fd\u4f1a\u76d1\u542c\u60a8\u7684\u6570\u636e\u800c\u60a8\u4e0d\u60f3\u88ab\u5b83\u62e6\u622a\uff0c\u60f3\u627e\u4e00\u79cd\u53ef\u4ee5\u8df3\u8fc7\u5b83\u7684\u529e\u6cd5,\u60a8\u60f3\u8bbf\u95ee\u7684\u7f51\u7ad9\u548c\u5e94\u7528\u662f\u57fa\u4e8e\u660e\u6587\u4f20\u8f93\uff0c\u4f46\u60a8\u5e0c\u671b\u8fd9\u4e2a\u7ebf\u8def\u662f\u79c1\u5bc6\u7684\u548c\u53ef\u9760\u7684\u3002\u8fd9\u65f6\u5019\u5c31\u9700\u8981\u7528\u5230VPN\u6765\u5b9e\u73b0\u3002<\/p>\n<\/blockquote>\n

3.OpenVPN\u670d\u52a1\u7aef\u914d\u7f6e<\/h3>\n

3.1 \u73af\u5883\u51c6\u5907<\/h4>\n
\n\n\n\n\n\n\n
server<\/td>\nIP<\/td>\n<\/tr>\n<\/thead>\n
openvpn-server<\/td>\n\u516c\u7f51:100.100.1.1
\n\u5185\u7f51:10.100.240.3<\/td>\n<\/tr>\n
client<\/td>\n\u80fd\u8bbf\u95eeInternet<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/section>\n

3.2 \u8bc1\u4e66\u51c6\u5907\u6d41\u7a0b<\/h4>\n

1) \u5b89\u88c5openvpn\u670d\u52a1\u7aef\u3001\u8bc1\u4e66\u521b\u5efa\u5de5\u5177<\/h4>\n
#openvpn\u00a0\u670d\u52a1\u7aef\u3001\u8bc1\u4e66\u5de5\u5177\u5b89\u88c5<\/span>\n[root@openvpn-server\u00a0~]#\u00a0yum\u00a0install\u00a0-y\u00a0openvpn\u00a0easy-rsa<\/span>\n\n#\u8bc1\u4e66\u5de5\u5177\u76ee\u5f55<\/span>\n[root@openvpn-server\u00a0~]#\u00a0rpm\u00a0-ql\u00a0easy-rsa<\/span>\n\/usr\/share\/easy-rsa\/3.0.8\/easyrsa\n...<\/code><\/pre>\n
2) \u670d\u52a1\u5668\u5145\u5f53\u6743\u5a01\u673a\u6784\uff0c\u521b\u5efaca\u8bc1\u4e66<\/h4>\n
#\u8def\u5f84\u592a\u6df1\uff0c\u65b0\u5efa\u76ee\u5f55<\/span>\n[root@openvpn-server\u00a0~]#\u00a0mkdir\u00a0-p\u00a0\u00a0\u00a0\/opt\/easy-rsa\u00a0<\/span>\n[root@openvpn-server\u00a0~]#\u00a0cp\u00a0-a\u00a0\/usr\/share\/easy-rsa\/3.0.8\/*\u00a0\/opt\/easy-rsa\/<\/span>\n[root@openvpn-server\u00a0~]#\u00a0cp\u00a0\/usr\/share\/doc\/easy-rsa-3.0.8\/vars.example\u00a0\/opt\/easy-rsa\/vars<\/span>\n\n#\u4fee\u6539vars\u6587\u4ef6\uff0c\u914d\u7f6e\u9ed8\u8ba4\u53c2\u6570\u503c<\/span>\n[root@openvpn-server\u00a0~]#\u00a0cat\u00a0>\u00a0\/opt\/easy-rsa\/vars<\/span>\nif\u00a0[\u00a0-z\u00a0\"$EASYRSA_CALLER\"\u00a0];\u00a0then\n\u00a0echo\u00a0\"You\u00a0appear\u00a0to\u00a0be\u00a0sourcing\u00a0an\u00a0Easy-RSA\n'vars'\u00a0file.\"\u00a0>&2\n\u00a0echo\u00a0\"This\u00a0is\u00a0no\u00a0longer\u00a0necessary\u00a0and\u00a0is\ndisallowed.\u00a0See\u00a0the\u00a0section\u00a0called\"\u00a0>&2\n\u00a0echo\u00a0\"'How\u00a0to\u00a0use\u00a0this\u00a0file'\u00a0near\u00a0the\u00a0top\ncomments\u00a0for\u00a0more\u00a0details.\"\u00a0>&2\n\u00a0return\u00a01\nfi\n\nset_var\u00a0EASYRSA_DN\u00a0\"cn_only\"\nset_var\u00a0EASYRSA_REQ_COUNTRY\u00a0\"CN\"\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u00a0\u56fd\u5bb6<\/span>\nset_var\u00a0EASYRSA_REQ_PROVINCE\u00a0\"Beijing\"\u00a0\u00a0\u00a0\u00a0#\u00a0\u7701<\/span>\nset_var\u00a0EASYRSA_REQ_CITY\u00a0\"ShangHai\"\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u00a0\u57ce\u5e02<\/span>\nset_var\u00a0EASYRSA_REQ_ORG\u00a0\"zxc.com\"\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u00a0\u7ec4\u7ec7<\/span>\nset_var\u00a0EASYRSA_REQ_EMAIL\u00a0\"123456@qq.com\"\u00a0#\u00a0\u90ae\u7bb1<\/span>\nset_var\u00a0EASYRSA_NS_SUPPORT\u00a0\"yes\"\nEOF\n\n#\u914d\u7f6e\u5b8cvar\u540e\u00a0\u68c0\u67e5\u00a0\u6743\u5a01\u673a\u6784\u4fe1\u606f<\/span>\n[root@openvpn-server\u00a0easy-rsa]#\u00a0tree<\/span>\n.\n|--\u00a0easyrsa\n|--\u00a0openssl-easyrsa.cnf\n|--\u00a0vars\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#var\u00a0ca\u6743\u5a01\u673a\u6784\u4fe1\u606f<\/span>\n`--\u00a0x509-types\n\u00a0\u00a0\u00a0\u00a0|--\u00a0ca\n\u00a0\u00a0\u00a0\u00a0|--\u00a0client\n\u00a0\u00a0\u00a0\u00a0|--\u00a0code-signing\n\u00a0\u00a0\u00a0\u00a0|--\u00a0COMMON\n\u00a0\u00a0\u00a0\u00a0|--\u00a0email\n\u00a0\u00a0\u00a0\u00a0|--\u00a0kdc\n\u00a0\u00a0\u00a0\u00a0|--\u00a0server\n\u00a0\u00a0\u00a0\u00a0`--\u00a0serverClient\n1\u00a0directory,\u00a011\u00a0files\n\n#\u521d\u59cb\u5316\uff0c\u4f1a\u5728\u5f53\u524d\u76ee\u5f55\u521b\u5efaPKI\u76ee\u5f55\uff0c\u7528\u4e8e\u5b58\u50a8\u8bc1\u4e66<\/span>\n[root@openvpn-server\u00a0easy-rsa]#\u00a0.\/easyrsa\u00a0init-pki<\/span>\nNote:\u00a0using\u00a0Easy-RSA\u00a0configuration\u00a0from:\u00a0\/opt\/easy-rsa\/vars\u00a0\u00a0\u00a0\u00a0#\u6b63\u5728\u4f7f\u7528\u6765\u81ea\u4e8evars<\/span>\n\ninit-pki\u00a0complete;\u00a0you\u00a0may\u00a0now\u00a0create\u00a0a\u00a0CA\u00a0or\u00a0requests.\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u521d\u59cb\u5316\u5b8c\u6210\u00a0\u663e\u793a\u4f60\u53ef\u4ee5\u5c1d\u8bd5\u521b\u5efa\u00a0CA\u8bc1\u4e66<\/span>\nYour\u00a0newly\u00a0created\u00a0PKI\u00a0dir\u00a0is:\u00a0\/opt\/easy-rsa\/pki\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u521d\u59cb\u5316\u540e\u7684\u76ee\u5f55\u5728\u00a0pki\u4e0b\u9762<\/span>\n\n\n#\u521b\u5efa\u6839\u8bc1\u4e66\uff0c\u4f1a\u63d0\u793a\u8bbe\u7f6e\u5bc6\u7801\uff0c\u7528\u4e8eca\u5bf9\u4e4b\u540e\u751f\u6210\u7684server\u548cclient\u8bc1\u4e66\u7b7e\u540d\u65f6\u4f7f\u7528\uff0c\u5176\u4ed6\u53ef\u9ed8\u8ba4<\/span>\n[root@openvpn-server\u00a0easy-rsa]#\u00a0.\/easyrsa\u00a0build-ca<\/span>\nNote:\u00a0using\u00a0Easy-RSA\u00a0configuration\u00a0from:\u00a0\/opt\/easy-rsa\/vars\nUsing\u00a0SSL:\u00a0openssl\u00a0OpenSSL\u00a01.0.2k-fips\u00a0\u00a026\u00a0Jan\u00a02017\n\nEnter\u00a0New\u00a0CA\u00a0Key\u00a0Passphrase:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u5bc6\u78011234<\/span>\nRe-Enter\u00a0New\u00a0CA\u00a0Key\u00a0Passphrase:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u5bc6\u78011234<\/span>\nGenerating\u00a0RSA\u00a0private\u00a0key,\u00a02048\u00a0bit\u00a0long\u00a0modulus\n..............+++\n...............................................+++\ne\u00a0is\u00a065537\u00a0(0x10001)\nYou\u00a0are\u00a0about\u00a0to\u00a0be\u00a0asked\u00a0to\u00a0enter\u00a0information\u00a0that\u00a0will\u00a0be\u00a0incorporated\ninto\u00a0your\u00a0certificate\u00a0request.\nWhat\u00a0you\u00a0are\u00a0about\u00a0to\u00a0enter\u00a0is\u00a0what\u00a0is\u00a0called\u00a0a\u00a0Distinguished\u00a0Name\u00a0or\u00a0a\u00a0DN.\nThere\u00a0are\u00a0quite\u00a0a\u00a0few\u00a0fields\u00a0but\u00a0you\u00a0can\u00a0leave\u00a0some\u00a0blank\nFor\u00a0some\u00a0fields\u00a0there\u00a0will\u00a0be\u00a0a\u00a0default\u00a0value,\nIf\u00a0you\u00a0enter\u00a0'.',\u00a0the\u00a0field\u00a0will\u00a0be\u00a0left\u00a0blank.\n-----\nCommon\u00a0Name\u00a0(eg:\u00a0your\u00a0user,\u00a0host,\u00a0or\u00a0server\u00a0name)\u00a0[Easy-RSA\u00a0CA]:zxc.com\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u57df\u540d\u5373\u53ef<\/span>\n\nCA\u00a0creation\u00a0complete\u00a0and\u00a0you\u00a0may\u00a0now\u00a0import\u00a0and\u00a0sign\u00a0cert\u00a0requests.\nYour\u00a0new\u00a0CA\u00a0certificate\u00a0file\u00a0for\u00a0publishing\u00a0is\u00a0at:\n\/opt\/easy-rsa\/pki\/ca.crt\n\n\n#\u67e5\u770bca\u8bc1\u4e66\u548c\u79c1\u94a5<\/span>\n[root@openvpn-server\u00a0easy-rsa]#\u00a0tree\u00a0pki\/<\/span>\npki\/\n|--\u00a0ca.crt\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#ca\u8bc1\u4e66<\/span>\n|--\u00a0certs_by_serial\n|--\u00a0index.txt\n|--\u00a0index.txt.attr\n|--\u00a0issued\n|--\u00a0openssl-easyrsa.cnf\n|--\u00a0private\n|\u00a0\u00a0\u00a0`--\u00a0ca.key\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#ca\u79c1\u94a5<\/span>\n|--\u00a0renewed\n|\u00a0\u00a0\u00a0|--\u00a0certs_by_serial\n|\u00a0\u00a0\u00a0|--\u00a0private_by_serial\n|\u00a0\u00a0\u00a0`--\u00a0reqs_by_serial\n|--\u00a0reqs\n|--\u00a0revoked\n|\u00a0\u00a0\u00a0|--\u00a0certs_by_serial\n|\u00a0\u00a0\u00a0|--\u00a0private_by_serial\n|\u00a0\u00a0\u00a0`--\u00a0reqs_by_serial\n|--\u00a0safessl-easyrsa.cnf\n`--\u00a0serial\n\n12\u00a0directories,\u00a07\u00a0files\n\n<\/code><\/pre>\n
3) \u521b\u5efaserver\u7aef\u8bc1\u4e66<\/h4>\n
#\u521b\u5efaserver\u7aef\u8bc1\u4e66\u548c\u79c1\u94a5\u6587\u4ef6<\/span>\n#\u00a0\u521b\u5efa\u8bf7\u6c42\u6587\u4ef6\u53ca\u670d\u52a1\u7aef\u79c1\u94a5\uff0cgen-req\u8bf7\u6c42\u6587\u4ef6\u3001server\u53ef\u4ee5\u81ea\u5b9a\u4e49\u3001nopass\u8868\u793a\u4e0d\u52a0\u5bc6\u79c1\u94a5\u6587\u4ef6\uff0c\u5176\u4ed6\u53ef\u9ed8\u8ba4<\/span>\n[root@openvpn-server\u00a0easy-rsa]#\u00a0\u00a0.\/easyrsa\u00a0gen-req\u00a0server\u00a0nopass<\/span>\n\nNote:\u00a0using\u00a0Easy-RSA\u00a0configuration\u00a0from:\u00a0\/opt\/easy-rsa\/vars\nUsing\u00a0SSL:\u00a0openssl\u00a0OpenSSL\u00a01.0.2k-fips\u00a0\u00a026\u00a0Jan\u00a02017\nGenerating\u00a0a\u00a02048\u00a0bit\u00a0RSA\u00a0private\u00a0key\n....................................................+++\n......................................+++\nwriting\u00a0new\u00a0private\u00a0key\u00a0to\u00a0'\/opt\/easy-rsa\/pki\/easy-rsa-5343.MYL42w\/tmp.4slsGH'\n-----\nYou\u00a0are\u00a0about\u00a0to\u00a0be\u00a0asked\u00a0to\u00a0enter\u00a0information\u00a0that\u00a0will\u00a0be\u00a0incorporated\ninto\u00a0your\u00a0certificate\u00a0request.\nWhat\u00a0you\u00a0are\u00a0about\u00a0to\u00a0enter\u00a0is\u00a0what\u00a0is\u00a0called\u00a0a\u00a0Distinguished\u00a0Name\u00a0or\u00a0a\u00a0DN.\nThere\u00a0are\u00a0quite\u00a0a\u00a0few\u00a0fields\u00a0but\u00a0you\u00a0can\u00a0leave\u00a0some\u00a0blank\nFor\u00a0some\u00a0fields\u00a0there\u00a0will\u00a0be\u00a0a\u00a0default\u00a0value,\nIf\u00a0you\u00a0enter\u00a0'.',\u00a0the\u00a0field\u00a0will\u00a0be\u00a0left\u00a0blank.\n-----\nCommon\u00a0Name\u00a0(eg:\u00a0your\u00a0user,\u00a0host,\u00a0or\u00a0server\u00a0name)\u00a0[server]:\n\nKeypair\u00a0and\u00a0certificate\u00a0request\u00a0completed.\u00a0Your\u00a0files\u00a0are:\nreq:\u00a0\/opt\/easy-rsa\/pki\/reqs\/server.req\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#server.req\u00a0\u7528\u4e8e\u521b\u5efa\u8bc1\u4e66(\u8bc1\u4e66\u8d44\u6599)\u00a0<\/span>\nkey:\u00a0\/opt\/easy-rsa\/pki\/private\/server.key\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#server\u79c1\u94a5\u6587\u4ef6<\/span>\n\n\n\n\n#\u7ed9server\u7aef\u8bc1\u4e66\u7b7e\u540d\uff0csign\u7b7e\u540d\u3001\u7b2c\u4e00\u4e2aserver\u662f\u670d\u52a1\u5668\u7c7b\u578b\u3001\u7b2c\u4e8c\u4e2aserver\u662f\u9700\u8981\u7b7e\u540d\u7684\u8bc1\u4e66\u540d\u79f0<\/span>\n#\u9996\u5148\u662f\u5bf9\u4e00\u4e9b\u4fe1\u606f\u7684\u786e\u8ba4\uff0c\u8f93\u5165yes\uff0c\u7136\u540e\u8f93\u5165\u521b\u5efaca\u6839\u8bc1\u4e66\u65f6\u8bbe\u7f6e\u7684\u5bc6\u7801<\/span>\n[root@openvpn-server\u00a0easy-rsa]#\u00a0.\/easyrsa\u00a0sign\u00a0server\u00a0server<\/span>\n\nNote:\u00a0using\u00a0Easy-RSA\u00a0configuration\u00a0from:\u00a0\/opt\/easy-rsa\/vars\nUsing\u00a0SSL:\u00a0openssl\u00a0OpenSSL\u00a01.0.2k-fips\u00a0\u00a026\u00a0Jan\u00a02017\n\n\nYou\u00a0are\u00a0about\u00a0to\u00a0sign\u00a0the\u00a0following\u00a0certificate.\nPlease\u00a0check\u00a0over\u00a0the\u00a0details\u00a0shown\u00a0below\u00a0for\u00a0accuracy.\u00a0Note\u00a0that\u00a0this\u00a0request\nhas\u00a0not\u00a0been\u00a0cryptographically\u00a0verified.\u00a0Please\u00a0be\u00a0sure\u00a0it\u00a0came\u00a0from\u00a0a\u00a0trusted\nsource\u00a0or\u00a0that\u00a0you\u00a0have\u00a0verified\u00a0the\u00a0request\u00a0checksum\u00a0with\u00a0the\u00a0sender.\n\nRequest\u00a0subject,\u00a0to\u00a0be\u00a0signed\u00a0as\u00a0a\u00a0server\u00a0certificate\u00a0for\u00a0825\u00a0days:\n\nsubject=\n\u00a0\u00a0\u00a0\u00a0commonName\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0=\u00a0server\n\n\nType\u00a0the\u00a0word\u00a0'yes'\u00a0to\u00a0continue,\u00a0or\u00a0any\u00a0other\u00a0input\u00a0to\u00a0abort.\n\u00a0\u00a0Confirm\u00a0request\u00a0details:\u00a0yes\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u8f93\u5165yes<\/span>\nUsing\u00a0configuration\u00a0from\u00a0\/opt\/easy-rsa\/pki\/easy-rsa-7938.RZEfrP\/tmp.NCVg6D\nEnter\u00a0pass\u00a0phrase\u00a0for\u00a0\/opt\/easy-rsa\/pki\/private\/ca.key:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u8f93\u5165\u521b\u5efaca\u65f6\u8bbe\u7f6e\u7684\u5bc6\u7801<\/span>\nCheck\u00a0that\u00a0the\u00a0request\u00a0matches\u00a0the\u00a0signature\nSignature\u00a0ok\nThe\u00a0Subject's\u00a0Distinguished\u00a0Name\u00a0is\u00a0as\u00a0follows\ncommonName\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0:ASN.1\u00a012:'server'\nCertificate\u00a0is\u00a0to\u00a0be\u00a0certified\u00a0until\u00a0May\u00a0\u00a07\u00a015:26:38\u00a02026\u00a0GMT\u00a0(825\u00a0days)\n\nWrite\u00a0out\u00a0database\u00a0with\u00a01\u00a0new\u00a0entries\nData\u00a0Base\u00a0Updated\n\nCertificate\u00a0created\u00a0at:\u00a0\/opt\/easy-rsa\/pki\/issued\/server.crt\u00a0\u00a0\u00a0\u00a0#\u751f\u6210\u670d\u52a1\u7aef\u8bc1\u4e66\n\n\n#\u9a8c\u8bc1\u662f\u5426\u521b\u5efa\u4e86server\u7684\u8bc1\u4e66\n[root@openvpn-server\u00a0easy-rsa]#\u00a0tree\u00a0pki\/\npki\/\n|--\u00a0ca.crt\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#ca\u8bc1\u4e66\n|--\u00a0certs_by_serial\n|\u00a0\u00a0\u00a0`--\u00a063D708FF122452B7558651207A1AF01B.pem\n|--\u00a0index.txt\n|--\u00a0index.txt.attr\n|--\u00a0index.txt.attr.old\n|--\u00a0index.txt.old\n|--\u00a0issued\n|\u00a0\u00a0\u00a0`--\u00a0server.crt\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#server\u8bc1\u4e66\u00a0\n|--\u00a0openssl-easyrsa.cnf\n|--\u00a0private\n|\u00a0\u00a0\u00a0|--\u00a0ca.key\n|\u00a0\u00a0\u00a0`--\u00a0server.key\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#server\u79c1\u94a5\u00a0\n|--\u00a0renewed\n|\u00a0\u00a0\u00a0|--\u00a0certs_by_serial\n|\u00a0\u00a0\u00a0|--\u00a0private_by_serial\n|\u00a0\u00a0\u00a0`--\u00a0reqs_by_serial\n|--\u00a0reqs\n|\u00a0\u00a0\u00a0`--\u00a0server.req\n|--\u00a0revoked\n|\u00a0\u00a0\u00a0|--\u00a0certs_by_serial\n|\u00a0\u00a0\u00a0|--\u00a0private_by_serial\n|\u00a0\u00a0\u00a0`--\u00a0reqs_by_serial\n|--\u00a0safessl-easyrsa.cnf\n|--\u00a0serial\n`--\u00a0serial.old\n\n12\u00a0directories,\u00a014\u00a0files\n<\/code><\/pre>\n
4) \u521b\u5efaclient\u7aef\u8bc1\u4e66<\/h4>\n
#\u521b\u5efaclient\u7aef\u8bc1\u4e66\u548c\u79c1\u94a5\u6587\u4ef6<\/span>\n#\u00a0\u521b\u5efa\u8bf7\u6c42\u6587\u4ef6\u53ca\u670d\u52a1\u7aef\u79c1\u94a5\uff0cgen-req\u8bf7\u6c42\u6587\u4ef6\u3001client\u53ef\u4ee5\u81ea\u5b9a\u4e49\u3001nopass\u8868\u793a\u4e0d\u52a0\u5bc6\u79c1\u94a5\u6587\u4ef6\uff0c\u5176\u4ed6\u53ef\u9ed8\u8ba4<\/span>\n[root@openvpn-server\u00a0easy-rsa]#\u00a0.\/easyrsa\u00a0gen-req\u00a0client\u00a0nopass<\/span>\n\n\nCommon\u00a0Name\u00a0(eg:\u00a0your\u00a0user,\u00a0host,\u00a0or\u00a0server\u00a0name)\u00a0[client]:\u00a0\u00a0\u00a0\u00a0#\u76f4\u63a5\u56de\u8f66<\/span>\n\nKeypair\u00a0and\u00a0certificate\u00a0request\u00a0completed.\u00a0Your\u00a0files\u00a0are:\nreq:\u00a0\/opt\/easy-rsa\/pki\/reqs\/client.req\nkey:\u00a0\/opt\/easy-rsa\/pki\/private\/client.key\n\n\n#\u7ed9client\u7aef\u8bc1\u4e66\u7b7e\u540d\uff0csign\u7b7e\u540d\u3001\u7b2c\u4e00\u4e2aclient\u662f\u670d\u52a1\u5668\u7c7b\u578b\u3001\u7b2c\u4e8c\u4e2aclient\u662f\u9700\u8981\u7b7e\u540d\u7684\u8bc1\u4e66\u540d\u79f0<\/span>\n#\u7ed9client\u7aef\u8bc1\u4e66\u7b7e\u540d\u65f6\uff0c\u9996\u5148\u662f\u5bf9\u4e00\u4e9b\u4fe1\u606f\u7684\u786e\u8ba4\uff0c\u53ef\u4ee5\u8f93\u5165yes\uff0c\u7136\u540e\u521b\u5efaca\u6839\u8bc1\u4e66\u65f6\u8bbe\u7f6e\u7684\u5bc6\u7801<\/span>\n[root@openvpn-server\u00a0easy-rsa]#\u00a0.\/easyrsa\u00a0sign\u00a0client\u00a0client<\/span>\n......\nType\u00a0the\u00a0word\u00a0'yes'\u00a0to\u00a0continue,\u00a0or\u00a0any\u00a0other\u00a0input\u00a0to\u00a0abort.\n\u00a0\u00a0Confirm\u00a0request\u00a0details:\u00a0yes\nUsing\u00a0configuration\u00a0from\u00a0\/opt\/easy-rsa\/pki\/easy-rsa-32687.69KFgb\/tmp.y1hokA\nEnter\u00a0pass\u00a0phrase\u00a0for\u00a0\/opt\/easy-rsa\/pki\/private\/ca.key:\n......\n\nCertificate\u00a0created\u00a0at:\u00a0\/opt\/easy-rsa\/pki\/issued\/client.crt<\/code><\/pre>\n
5) \u521b\u5efadh-pem\u7b97\u6cd5\u6587\u4ef6\u548c\u76ee\u5f55\u6c47\u603b<\/h4>\n
#\u521b\u5efaDiffie-Hellman\u6587\u4ef6\uff0c\u79d8\u94a5\u4ea4\u6362\u65f6\u7684Diffie-Hellman\u7b97\u6cd5<\/span>\n[root@openvpn-server\u00a0easy-rsa]#\u00a0.\/easyrsa\u00a0gen-dh<\/span>\n.......\nDH\u00a0parameters\u00a0of\u00a0size\u00a02048\u00a0created\u00a0at\u00a0\/opt\/easy-rsa\/pki\/dh.pem\n\n\n#\u76ee\u5f55\u6c47\u603b<\/span>\n[root@openvpn-server\u00a0easy-rsa]#\u00a0tree<\/span>\n.\n|--\u00a0easyrsa\n|--\u00a0openssl-easyrsa.cnf\n|--\u00a0pki\n|\u00a0\u00a0\u00a0|--\u00a0ca.crt\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#ca\u8bc1\u4e66\u00a0\u00a0\u00a0<\/span>\n|\u00a0\u00a0\u00a0|--\u00a0certs_by_serial\n|\u00a0\u00a0\u00a0|\u00a0\u00a0\u00a0|--\u00a058D4C3BEB5AA4931D7CE3D9D0119C3CF.pem\n|\u00a0\u00a0\u00a0|\u00a0\u00a0\u00a0`--\u00a063D708FF122452B7558651207A1AF01B.pem\n|\u00a0\u00a0\u00a0|--\u00a0dh.pem\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#df\u7b97\u6cd5\u6587\u4ef6<\/span>\n|\u00a0\u00a0\u00a0|--\u00a0index.txt\n|\u00a0\u00a0\u00a0|--\u00a0index.txt.attr\n|\u00a0\u00a0\u00a0|--\u00a0index.txt.attr.old\n|\u00a0\u00a0\u00a0|--\u00a0index.txt.old\n|\u00a0\u00a0\u00a0|--\u00a0issued\n|\u00a0\u00a0\u00a0|\u00a0\u00a0\u00a0|--\u00a0client.crt\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#client\u8bc1\u4e66<\/span>\n|\u00a0\u00a0\u00a0|\u00a0\u00a0\u00a0`--\u00a0server.crt\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#server\u8bc1\u4e66<\/span>\n|\u00a0\u00a0\u00a0|--\u00a0openssl-easyrsa.cnf\n|\u00a0\u00a0\u00a0|--\u00a0private\n|\u00a0\u00a0\u00a0|\u00a0\u00a0\u00a0|--\u00a0ca.key\n|\u00a0\u00a0\u00a0|\u00a0\u00a0\u00a0|--\u00a0client.key\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u5ba2\u6237\u7aef\u79c1\u94a5<\/span>\n|\u00a0\u00a0\u00a0|\u00a0\u00a0\u00a0`--\u00a0server.key\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u670d\u52a1\u7aef\u79c1\u94a5<\/span>\n|\u00a0\u00a0\u00a0|--\u00a0renewed\n|\u00a0\u00a0\u00a0|\u00a0\u00a0\u00a0|--\u00a0certs_by_serial\n|\u00a0\u00a0\u00a0|\u00a0\u00a0\u00a0|--\u00a0private_by_serial\n|\u00a0\u00a0\u00a0|\u00a0\u00a0\u00a0`--\u00a0reqs_by_serial\n|\u00a0\u00a0\u00a0|--\u00a0reqs\n|\u00a0\u00a0\u00a0|\u00a0\u00a0\u00a0|--\u00a0client.req\n|\u00a0\u00a0\u00a0|\u00a0\u00a0\u00a0`--\u00a0server.req\n|\u00a0\u00a0\u00a0|--\u00a0revoked\n|\u00a0\u00a0\u00a0|\u00a0\u00a0\u00a0|--\u00a0certs_by_serial\n|\u00a0\u00a0\u00a0|\u00a0\u00a0\u00a0|--\u00a0private_by_serial\n|\u00a0\u00a0\u00a0|\u00a0\u00a0\u00a0`--\u00a0reqs_by_serial\n|\u00a0\u00a0\u00a0|--\u00a0safessl-easyrsa.cnf\n|\u00a0\u00a0\u00a0|--\u00a0serial\n|\u00a0\u00a0\u00a0`--\u00a0serial.old\n|--\u00a0vars\n`--\u00a0x509-types\n\u00a0\u00a0\u00a0\u00a0|--\u00a0ca\n\u00a0\u00a0\u00a0\u00a0|--\u00a0client\n\u00a0\u00a0\u00a0\u00a0|--\u00a0code-signing\n\u00a0\u00a0\u00a0\u00a0|--\u00a0COMMON\n\u00a0\u00a0\u00a0\u00a0|--\u00a0email\n\u00a0\u00a0\u00a0\u00a0|--\u00a0kdc\n\u00a0\u00a0\u00a0\u00a0|--\u00a0server\n\u00a0\u00a0\u00a0\u00a0`--\u00a0serverClient<\/code><\/pre>\n
6) \u5c0f\u7ed3<\/h4>\n
\n
1\u3001\u521b\u5efavars\u6587\u4ef6(\u4f2a\u88c5ca\u673a\u6784),\u521b\u5efaca\u8bc1\u4e66 build-ca
\n2\u3001\u521b\u5efaserver\u8bc1\u4e66\u548c\u79c1\u94a5
\ngen-req server nopass
\nsign server server
\n3\u3001\u521b\u5efaclient\u8bc1\u4e66\u548c\u79c1\u94a5
\ngen-req client nopass
\nsign client client
\n4\u3001dh.pem \u6587\u4ef6<\/p>\n<\/blockquote>\n
3.3 \u670d\u52a1\u7aef\u914d\u7f6e\u6587\u4ef6<\/h3>\n
#\u914d\u7f6e\u6587\u4ef6\u4e2d\u00a0\u5404\u79cd\u8def\u5f84\u9ed8\u8ba4\u76f8\u5bf9\u4e8e\u00a0\/etc\/openvpn<\/span>\n[root@openvpn-server\u00a0~]#\u00a0tree\u00a0-F\u00a0\/etc\/openvpn\/<\/span>\n\/etc\/openvpn\/\n|--\u00a0client\/\n`--\u00a0server\/\n\n2\u00a0directories,\u00a00\u00a0files\n\n#\u670d\u52a1\u7aef\u914d\u7f6e\u6587\u4ef6<\/span>\n[root@openvpn-server\u00a0~]#\u00a0vim\u00a0\/etc\/opnvpn\/server\/server.conf<\/span>\n[root@openvpn-server\u00a0server]#\u00a0cat\u00a0server.conf<\/span>\nport\u00a01194\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u7aef\u53e3<\/span>\nproto\u00a0udp\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u534f\u8bae<\/span>\ndev\u00a0tun\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u91c7\u7528\u8def\u7531\u96a7\u9053\u6a21\u5f0ftun<\/span>\nca\u00a0ca.crt\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#ca\u8bc1\u4e66\u6587\u4ef6\u4f4d\u7f6e\u00a0\u00a0\u00a0\/etc\/openvpn\u00a0\u00a0\u00a0\/etc\/opnevpn\/server<\/span>\ncert\u00a0server\/server.crt\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u670d\u52a1\u7aef\u516c\u94a5\u540d\u79f0\u00a0\/etc\/openvpn<\/span>\nkey\u00a0server\/server.key\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u670d\u52a1\u7aef\u79c1\u94a5\u540d\u79f0\u00a0\/etc\/openvpn<\/span>\ndh\u00a0server\/dh.pem\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u52a0\u5bc6\u7b97\u6cd5\u6587\u4ef6,\u00a0\u4ea4\u6362\u8bc1\u4e66\u00a0\u6821\u9a8c\u7b97\u6cd5\u00a0\/etc\/openvpn<\/span>\nserver\u00a0192.168.1.0\u00a0255.255.255.0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u7ed9\u5ba2\u6237\u7aef\u5206\u914d\u5730\u5740\u6c60(ip\u5730\u5740\u8303\u56f4)\uff0c\u6ce8\u610f\uff1a\u4e0d\u80fd\u548cVPN\u670d\u52a1\u5668\u5185\u7f51\u7f51\u6bb5\u6709\u76f8\u540c<\/span>\npush\u00a0\"route\u00a010.100.240.0\u00a0255.255.255.0\"\u00a0#\u5ba2\u6237\u7aef\u8fde\u63a5\u540e,\u63a8\u9001\u7ed9\u5ba2\u6237\u7aef\u7684\u8def\u7531\u89c4\u5219<\/span>\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u5ba2\u6237\u7aef\u60f3\u8bbf\u95ee10.100.240.0\/24\u7f51\u6bb5\u8054\u7cfbopenvpn\u670d\u52a1\u7aef<\/span>\n#ifconfig-pool-persist\u00a0ipp.txt\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u5730\u5740\u6c60\u8bb0\u5f55\u6587\u4ef6\u4f4d\u7f6e\u00a0\u672a\u6765\u8ba9openvpn\u00a0\u5ba2\u6237\u7aef\u56fa\u5b9aip\u5730\u5740\u4f7f\u7528\u7684.<\/span>\nkeepalive\u00a010\u00a0120\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u5b58\u6d3b\u65f6\u95f4\uff0c10\u79d2ping\u4e00\u6b21,120\u00a0\u5982\u672a\u6536\u5230\u54cd\u5e94\u5219\u89c6\u4e3a\u65ad\u7ebf<\/span>\nmax-clients\u00a0100\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u6700\u591a\u5141\u8bb8100\u4e2a\u5ba2\u6237\u7aef\u8fde\u63a5<\/span>\nstatus\u00a0\/var\/log\/openvpn-status.log\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u65e5\u5fd7\u8bb0\u5f55\u4f4d\u7f6eopenvpn\u72b6\u6001<\/span>\nlog\u00a0\/var\/log\/openvpn.log\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#openvpn\u65e5\u5fd7\u8bb0\u5f55\u4f4d\u7f6e<\/span>\nverb\u00a03\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#verbose\u00a0\u65e5\u5fd7\u8f93\u51fa\u7ea7\u522b\u00a0\u00a0\u00a0\u6570\u5b57\u8d8a\u5927\u8d8a\u8be6\u7ec6\u6700\u591a11(debug)<\/span>\nclient-to-client\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u5ba2\u6237\u7aef\u4e0e\u5ba2\u6237\u7aef\u4e4b\u95f4\u652f\u6301\u901a\u4fe1<\/span>\npersist-key\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u901a\u8fc7keepalive\u68c0\u6d4b\u8d85\u65f6\u540e\uff0c\u91cd\u65b0\u542f\u52a8VPN\uff0c\u4e0d\u91cd\u65b0\u8bfb\u53d6keys\uff0c\u4fdd\u7559\u7b2c\u4e00\u6b21\u4f7f\u7528\u7684keys\u00a0\u5bf9\u79c1\u94a5\u8fdb\u884c\u7f13\u5b58.<\/span>\npersist-tun\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u68c0\u6d4b\u8d85\u65f6\u540e\uff0c\u91cd\u65b0\u542f\u52a8VPN\uff0c\u4e00\u76f4\u4fdd\u6301tun\u662flinkup\u7684\u3002\u5426\u5219\u7f51\u7edc\u4f1a\u5148linkdown\u7136\u540e\u518dlinkup<\/span>\nduplicate-cn\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u5ba2\u6237\u7aef\u5bc6\u94a5(\u8bc1\u4e66\u548c\u79c1\u94a5)\u662f\u5426\u53ef\u4ee5\u91cd\u590d<\/span>\n\n\n\n#\u590d\u5236\u8bc1\u4e66\u53ca\u5bc6\u94a5<\/span>\n[root@openvpn-server\u00a0server]#\u00a0sudo\u00a0vim\u00a0server.conf<\/span>\n[root@openvpn-server\u00a0server]#\u00a0cd\u00a0\/opt\/easy-rsa\/pki\/<\/span>\n[root@openvpn-server\u00a0pki]#\u00a0cp\u00a0ca.crt\u00a0\/etc\/openvpn\/<\/span>\n[root@openvpn-server\u00a0pki]#\u00a0cp\u00a0dh.pem\u00a0\u00a0\u00a0\/etc\/openvpn\/server\/<\/span>\n[root@openvpn-server\u00a0pki]#\u00a0cp\u00a0issued\/server.crt\u00a0private\/server.key\u00a0\/etc\/openvpn\/server\/<\/span>\n\n#\u4fee\u6539systemctl\u00a0\u914d\u7f6e,\u56e0\u4e3a\u65b0\u5efa\u7684\u6587\u4ef6\u5939\u901a\u8fc7systemctl\u542f\u52a8openvpn\u65f6\u627e\u4e0d\u5230\u8def\u5f84<\/span>\n[root@openvpn-server\u00a0server]#\u00a0cat\u00a0\/usr\/lib\/systemd\/system\/openvpn@.service<\/span>\n[Unit]\nDescription=OpenVPN\u00a0Robust\u00a0And\u00a0Highly\u00a0Flexible\u00a0Tunneling\u00a0Application\u00a0On\u00a0%I\nAfter=network.target\n\n[Service]\nType=notify\nPrivateTmp=true\nExecStart=\/usr\/sbin\/openvpn\u00a0--cd\u00a0\/etc\/openvpn\/\u00a0--config\u00a0%i\/%i.conf\u00a0\u00a0\u00a0#\u589e\u52a0%i\u5373\u53ef\uff0c\u53ea\u4fee\u6539\u8fd9\u4e00\u884c<\/span>\n#%i\/%i\u00a0\u00a0\u5c31\u662f\u8fd0\u884csystemctl\u00a0start\u00a0openvpn@server\u65f6\uff0c\u4f1a\u628a@\u540e\u9762\u7684server\u4f20\u7ed9%i\uff0c\u5c31\u4f1a\u8bfb\u5230server\/server.conf<\/span>\n\n[Install]\nWantedBy=multi-user.target\n\n#\u91cd\u65b0\u52a0\u8f7d<\/span>\n[root@openvpn-server\u00a0server]#\u00a0systemctl\u00a0daemon-reload<\/span>\n\n#\u542f\u52a8\u548c\u52a0\u5165\u5f00\u673a\u81ea\u542f<\/span>\n[root@openvpn-server\u00a0server]#\u00a0systemctl\u00a0enable\u00a0openvpn@server<\/span>\n[root@openvpn-server\u00a0server]#\u00a0systemctl\u00a0start\u00a0openvpn@server<\/span>\n\n#\u68c0\u67e5\u8fdb\u7a0b\u4e0e\u7aef\u53e3<\/span>\n[root@openvpn-server\u00a0openvpn]#\u00a0ss\u00a0-lntup\u00a0|grep\u00a01194<\/span>\nudp\u00a0\u00a0\u00a0\u00a0UNCONN\u00a0\u00a0\u00a0\u00a0\u00a00\u00a0\u00a0\u00a0\u00a0\u00a0\u00a00\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0*:1194\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0*:*\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0users:((\"openvpn\",pid=31362,fd=5))\n\n[root@openvpn-server\u00a0openvpn]#\u00a0\u00a0ps\u00a0-ef\u00a0|grep\u00a0openvpn<\/span>\nroot\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0960\u00a0\u00a0\u00a0\u00a0\u00a01\u00a0\u00a00\u00a0Feb02\u00a0?\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a000:00:00\u00a0\/sbin\/dhclient\u00a0-q\u00a0-lf\u00a0\/var\/lib\/dhclient\/dhclient--eth0.lease\u00a0-pf\u00a0\/var\/run\/dhclient-eth0.pid\u00a0-H\u00a0openvpn-server\u00a0eth0\nroot\u00a0\u00a0\u00a0\u00a0\u00a031362\u00a0\u00a0\u00a0\u00a0\u00a01\u00a0\u00a00\u00a003:05\u00a0?\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a000:00:00\u00a0\/usr\/sbin\/openvpn\u00a0--cd\u00a0\/etc\/openvpn\/\u00a0--config\u00a0server\/server.conf\nroot\u00a0\u00a0\u00a0\u00a0\u00a031912\u00a010767\u00a0\u00a00\u00a003:07\u00a0pts\/1\u00a0\u00a0\u00a0\u00a000:00:00\u00a0grep\u00a0--color=auto\u00a0openvpn\n\n[root@openvpn-server\u00a0openvpn]#\u00a0ip\u00a0a\u00a0s\u00a0tun0<\/span>\n3:\u00a0tun0:\u00a0<POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP>\u00a0mtu\u00a01500\u00a0qdisc\u00a0pfifo_fast\u00a0state\u00a0UNKNOWN\u00a0group\u00a0default\u00a0qlen\u00a0100\n\u00a0\u00a0\u00a0\u00a0link\/none\n\u00a0\u00a0\u00a0\u00a0inet\u00a0192.168.1.1\u00a0peer\u00a0192.168.1.2\/32\u00a0scope\u00a0global\u00a0tun0\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0valid_lft\u00a0forever\u00a0preferred_lft\u00a0forever\n\u00a0\u00a0\u00a0\u00a0inet6\u00a0fe80::6813:2c79:d971:d16e\/64\u00a0scope\u00a0link\u00a0flags\u00a0800\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0valid_lft\u00a0forever\u00a0preferred_lft\u00a0forever<\/code><\/pre>\n
3.4 \u5ba2\u6237\u7aef\u914d\u7f6e\u6587\u4ef6<\/h3>\n
1) windows<\/h4>\n
#openvpn\u5ba2\u6237\u7aef\u4e0b\u8f7d\uff1ahttps:\/\/swupdate.openvpn.org\/community\/releases\/OpenVPN-2.6.8-I001-amd64.msi<\/span>\n\n#\u628a\u9700\u8981\u7684\u8bc1\u4e66\u5148\u653e\u5230client\uff0c\u65b9\u4fbf\u4e0b\u8f7d<\/span>\n[root@openvpn-server\u00a0openvpn]#\u00a0cp\u00a0\/opt\/easy-rsa\/pki\/private\/client.key\u00a0\/opt\/easy-rsa\/pki\/issued\/client.crt\u00a0\/etc\/openvpn\/client\/<\/span>\n\n#\u521b\u5efa\u5ba2\u6237\u7aef\u914d\u7f6e\u6587\u4ef6<\/span>\n[root@openvpn-server\u00a0openvpn]#\u00a0cat\u00a0\/etc\/openvpn\/client\/clinet.ovpn<\/span>\nclient\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u6307\u5b9a\u5f53\u524dVPN\u662f\u5ba2\u6237\u7aef<\/span>\ndev\u00a0tun\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u4f7f\u7528tun\u96a7\u9053\u4f20\u8f93\u534f\u8bae<\/span>\nproto\u00a0udp\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u4f7f\u7528udp\u534f\u8bae\u4f20\u8f93\u6570\u636e<\/span>\nremote\u00a0100.100.1.1\u00a01194\u00a0#openvpn\u670d\u52a1\u5668IP\u5730\u5740\uff08\u516c\u7f51\uff09\u3001\u7aef\u53e3\u53f7<\/span>\nresolv-retry\u00a0infinite\u00a0\u00a0\u00a0#\u65ad\u7ebf\u81ea\u52a8\u91cd\u65b0\u8fde\u63a5\uff0c\u5728\u7f51\u7edc\u4e0d\u7a33\u5b9a\u7684\u60c5\u51b5\u4e0b\u975e\u5e38\u6709\u7528<\/span>\nnobind\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u4e0d\u7ed1\u5b9a\u672c\u5730\u7279\u5b9a\u7684\u7aef\u53e3\u53f7<\/span>\nca\u00a0ca.crt\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u6307\u5b9aCA\u8bc1\u4e66\u7684\u6587\u4ef6\u8def\u5f84<\/span>\ncert\u00a0client.crt\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u6307\u5b9a\u5f53\u524d\u5ba2\u6237\u7aef\u7684\u8bc1\u4e66\u6587\u4ef6\u8def\u5f84<\/span>\nkey\u00a0client.key\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u6307\u5b9a\u5f53\u524d\u5ba2\u6237\u7aef\u7684\u79c1\u94a5\u6587\u4ef6\u8def\u5f84<\/span>\nverb\u00a03\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u6307\u5b9a\u65e5\u5fd7\u6587\u4ef6\u7684\u8bb0\u5f55\u8be6\u7ec6\u7ea7\u522b\uff0c\u53ef\u90090-9\uff0c\u7b49\u7ea7\u8d8a\u9ad8\u65e5\u5fd7\u5185\u5bb9\u8d8a\u8be6\u7ec6<\/span>\npersist-key\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u901a\u8fc7keepalive\u68c0\u6d4b\u8d85\u65f6\u540e\uff0c\u91cd\u65b0\u542f\u52a8VPN\uff0c\u4e0d\u91cd\u65b0\u8bfb\u53d6keys\uff0c\u4fdd\u7559\u7b2c\u4e00\u6b21\u4f7f\u7528\u7684keys<\/span>\n\n#\u5b89\u88c5\u5b8c\u5ba2\u6237\u7aef<\/span>\n\u5728C:Program\u00a0FilesOpenVPNconfigzxc.com\nca.crt\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#ca\u8bc1\u4e66<\/span>\nclient.crt\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u5ba2\u6237\u7aef\u8bc1\u4e66<\/span>\nclient.key\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u5ba2\u6237\u7aef\u79c1\u94a5<\/span>\nclient.ovpn\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u5ba2\u6237\u7aef\u914d\u7f6e\u6587\u4ef6\u00a0\u7c7b\u4f3c\u4e8eclient.conf<\/span>\n\n\u6709\u591a\u4e2aVPN\uff0c\u53ef\u4ee5\u65b0\u5efaconfigzxc1.com\u76ee\u5f55<\/code><\/pre>\n
2) OpenVPN\u5ba2\u6237\u7aef\u914d\u7f6e\uff08linux\u7aef\uff09<\/h4>\n
root@openvpn-client\u00a0~]#\u00a0cat\u00a0\/etc\/openvpn\/client\/clinet.conf<\/span>\nclient\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u6307\u5b9a\u5f53\u524dVPN\u662f\u5ba2\u6237\u7aef<\/span>\ndev\u00a0tun\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u4f7f\u7528tun\u96a7\u9053\u4f20\u8f93\u534f\u8bae<\/span>\nproto\u00a0udp\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u4f7f\u7528udp\u534f\u8bae\u4f20\u8f93\u6570\u636e<\/span>\nremote\u00a0100.100.1.1\u00a01194\u00a0#openvpn\u670d\u52a1\u5668IP\u5730\u5740\uff08\u516c\u7f51\uff09\u3001\u7aef\u53e3\u53f7<\/span>\nresolv-retry\u00a0infinite\u00a0\u00a0\u00a0#\u65ad\u7ebf\u81ea\u52a8\u91cd\u65b0\u8fde\u63a5\uff0c\u5728\u7f51\u7edc\u4e0d\u7a33\u5b9a\u7684\u60c5\u51b5\u4e0b\u975e\u5e38\u6709\u7528<\/span>\nnobind\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u4e0d\u7ed1\u5b9a\u672c\u5730\u7279\u5b9a\u7684\u7aef\u53e3\u53f7<\/span>\nca\u00a0ca.crt\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u6307\u5b9aCA\u8bc1\u4e66\u7684\u6587\u4ef6\u8def\u5f84<\/span>\ncert\u00a0client\/client.crt\u00a0\u00a0#\u6307\u5b9a\u5f53\u524d\u5ba2\u6237\u7aef\u7684\u8bc1\u4e66\u6587\u4ef6\u8def\u5f84<\/span>\nkey\u00a0client\/client.key\u00a0\u00a0\u00a0#\u6307\u5b9a\u5f53\u524d\u5ba2\u6237\u7aef\u7684\u79c1\u94a5\u6587\u4ef6\u8def\u5f84<\/span>\nverb\u00a03\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u6307\u5b9a\u65e5\u5fd7\u6587\u4ef6\u7684\u8bb0\u5f55\u8be6\u7ec6\u7ea7\u522b\uff0c\u53ef\u90090-9\uff0c\u7b49\u7ea7\u8d8a\u9ad8\u65e5\u5fd7\u5185\u5bb9\u8d8a\u8be6\u7ec6<\/span>\n\n\n#\u4fee\u6539systemctl\u00a0\u914d\u7f6e<\/span>\n[root@openvpn-client\u00a0~]#\u00a0cat\u00a0\/usr\/lib\/systemd\/system\/openvpn@.serv<\/span>\n[Unit]\nDescription=OpenVPN\u00a0Robust\u00a0And\u00a0Highly\u00a0Flexible\nTunneling\u00a0Application\u00a0On\u00a0%I\nAfter=network.target\n\n[Service]\nType=notify\nPrivateTmp=true\nExecStart=\/usr\/sbin\/openvpn\u00a0--cd\u00a0\/etc\/openvpn\/\u00a0--config\u00a0%i\/%i.conf\u00a0\u00a0\u00a0#\u589e\u52a0%i\u5373\u53ef\uff0c\u53ea\u4fee\u6539\u8fd9\u4e00\u884c<\/span>\n#%i\/%i\u00a0\u00a0\u5c31\u662f\u8fd0\u884csystemctl\u00a0start\u00a0openvpn@client\u65f6\uff0c\u4f1a\u628a@\u540e\u9762\u7684client\u4f20\u7ed9%i\uff0c\u5c31\u4f1a\u8bfb\u5230client\/client.conf<\/span>\n\n[Install]\nWantedBy=multi-user.target\n\n#\u91cd\u65b0\u52a0\u8f7d<\/span>\n[root@openvpn-client\u00a0~]#\u00a0systemctl\u00a0daemon-reload<\/span>\n\n#\u542f\u52a8\u548c\u52a0\u5165\u5f00\u673a\u81ea\u542f<\/span>\n[root@openvpn-client\u00a0~]#\u00a0systemctl\u00a0enable\u00a0openvpn@client<\/span>\n[root@openvpn-client\u00a0~]#\u00a0systemctl\u00a0start\u00a0openvpn@client<\/span>\n\n#\u68c0\u67e5\u8fdb\u7a0b\u4e0e\u7aef\u53e3<\/span>\n[root@openvpn-client\u00a0~]#\u00a0ss\u00a0-lntup\u00a0|grep\u00a0openvpn<\/span>\nudp\u00a0\u00a0\u00a0UNCONN\u00a0\u00a0\u00a0\u00a0\u00a00\u00a0\u00a0\u00a0\u00a0\u00a0\u00a00\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0*:53781\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0*:*\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0users:((\"openvpn\",pid=12553,fd=3))\n\n[root@openvpn-client\u00a0~]#\u00a0ip\u00a0a<\/span>\n4:\u00a0tun0:\u00a0<POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP>\u00a0mtu\u00a01500\u00a0qdisc\u00a0pfifo_fast\u00a0state\u00a0UNKNOWN\u00a0group\u00a0default\u00a0qlen\u00a0100\n\u00a0\u00a0\u00a0\u00a0link\/none\u00a0\n\u00a0\u00a0\u00a0\u00a0inet\u00a0192.168.1.6\u00a0peer\u00a0192.168.1.5\/32\u00a0scope\u00a0global\u00a0tun0\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0valid_lft\u00a0forever\u00a0preferred_lft\u00a0forever\n\u00a0\u00a0\u00a0\u00a0inet6\u00a0fe80::b198:27bb:5967:356b\/64\u00a0scope\u00a0link\u00a0flags\u00a0800\u00a0\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0valid_lft\u00a0forever\u00a0preferred_lft\u00a0forever\n\u00a0<\/code><\/pre>\n
3\uff09\u6548\u679c<\/h4>\n
\"20240916012340954\"<\/p>\n
\"20240916012341296\"<\/p>\n
4\u3001OpenVPN\u52a0\u5bc6\/\u8ba4\u8bc1<\/h3>\n
\n
\u8003\u8651\u5230\u4e07\u4e00\u8bc1\u4e66\u88ab\u6cc4\u9732\u6216\u8005\u4e22\u5931\uff0c\u5916\u4eba\u76f4\u63a5\u5c31\u53ef\u4ee5\u8fde\u63a5\u5230\u5185\u7f51\uff0c\u6240\u4ee5\u518d\u52a0\u4e0a \u7528\u6237\/\u5bc6\u7801 \u9a8c\u8bc1<\/p>\n<\/blockquote>\n
4.1 \u5148\u914d\u7f6e\u670d\u52a1\u7aef\u652f\u6301\u5bc6\u7801\u8ba4\u8bc1<\/h4>\n
[root@openvpn-server\u00a0~]#\u00a0\u00a0cat\u00a0\/etc\/openvpn\/server\/server.conf<\/span>\nport\u00a01194\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u7aef\u53e3<\/span>\nproto\u00a0udp\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u534f\u8bae<\/span>\ndev\u00a0tun\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u91c7\u7528\u8def\u7531\u96a7\u9053\u6a21\u5f0ftun<\/span>\nca\u00a0ca.crt\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#ca\u8bc1\u4e66\u6587\u4ef6\u4f4d\u7f6e\u00a0\u00a0\u00a0\/etc\/openvpn\u00a0\u00a0\u00a0\/etc\/opnevpn\/server<\/span>\ncert\u00a0server\/server.crt\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u670d\u52a1\u7aef\u516c\u94a5\u540d\u79f0\u00a0\/etc\/openvpn<\/span>\nkey\u00a0server\/server.key\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u670d\u52a1\u7aef\u79c1\u94a5\u540d\u79f0\u00a0\/etc\/openvpn<\/span>\ndh\u00a0server\/dh.pem\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u52a0\u5bc6\u7b97\u6cd5\u6587\u4ef6,\u00a0\u4ea4\u6362\u8bc1\u4e66\u00a0\u6821\u9a8c\u7b97\u6cd5\u00a0\/etc\/openvpn<\/span>\nserver\u00a0192.168.1.0\u00a0255.255.255.0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u7ed9\u5ba2\u6237\u7aef\u5206\u914d\u5730\u5740\u6c60(ip\u5730\u5740\u8303\u56f4)\uff0c\u6ce8\u610f\uff1a\u4e0d\u80fd\u548cVPN\u670d\u52a1\u5668\u5185\u7f51\u7f51\u6bb5\u6709\u76f8\u540c<\/span>\npush\u00a0\"route\u00a010.100.240.0\u00a0255.255.255.0\"\u00a0#\u5ba2\u6237\u7aef\u8fde\u63a5\u540e,\u63a8\u9001\u7ed9\u5ba2\u6237\u7aef\u7684\u8def\u7531\u89c4\u5219\u00a0\u00a0#\u5ba2\u6237\u7aef\u60f3\u8bbf\u95ee10.100.240.0\/24\u7f51\u6bb5\u8054\u7cfbopenvpn\u670d\u52a1\u7aef<\/span>\n#ifconfig-pool-persist\u00a0ipp.txt\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u5730\u5740\u6c60\u8bb0\u5f55\u6587\u4ef6\u4f4d\u7f6e\u00a0\u672a\u6765\u8ba9openvpn\u00a0\u5ba2\u6237\u7aef\u56fa\u5b9aip\u5730\u5740\u4f7f\u7528\u7684.<\/span>\nkeepalive\u00a010\u00a0120\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u5b58\u6d3b\u65f6\u95f4\uff0c10\u79d2ping\u4e00\u6b21,120\u00a0\u5982\u672a\u6536\u5230\u54cd\u5e94\u5219\u89c6\u4e3a\u65ad\u7ebf<\/span>\nmax-clients\u00a0100\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u6700\u591a\u5141\u8bb8100\u4e2a\u5ba2\u6237\u7aef\u8fde\u63a5<\/span>\nstatus\u00a0\/var\/log\/openvpn-status.log\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u65e5\u5fd7\u8bb0\u5f55\u4f4d\u7f6eopenvpn\u72b6\u6001<\/span>\nlog\u00a0\/var\/log\/openvpn.log\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#openvpn\u65e5\u5fd7\u8bb0\u5f55\u4f4d\u7f6e<\/span>\nverb\u00a03\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#verbose\u00a0\u65e5\u5fd7\u8f93\u51fa\u7ea7\u522b\u00a0\u00a0\u00a0\u6570\u5b57\u8d8a\u5927\u8d8a\u8be6\u7ec6\u6700\u591a11(debug)<\/span>\nclient-to-client\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u5ba2\u6237\u7aef\u4e0e\u5ba2\u6237\u7aef\u4e4b\u95f4\u652f\u6301\u901a\u4fe1<\/span>\npersist-key\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u901a\u8fc7keepalive\u68c0\u6d4b\u8d85\u65f6\u540e\uff0c\u91cd\u65b0\u542f\u52a8VPN\uff0c\u4e0d\u91cd\u65b0\u8bfb\u53d6keys\uff0c\u4fdd\u7559\u7b2c\u4e00\u6b21\u4f7f\u7528\u7684keys\u00a0\u5bf9\u79c1\u94a5\u8fdb\u884c\u7f13\u5b58.<\/span>\npersist-tun\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u68c0\u6d4b\u8d85\u65f6\u540e\uff0c\u91cd\u65b0\u542f\u52a8VPN\uff0c\u4e00\u76f4\u4fdd\u6301tun\u662flinkup\u7684\u3002\u5426\u5219\u7f51\u7edc\u4f1a\u5148linkdown\u7136\u540e\u518dlinkup<\/span>\nduplicate-cn\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u5ba2\u6237\u7aef\u5bc6\u94a5(\u8bc1\u4e66\u548c\u79c1\u94a5)\u662f\u5426\u53ef\u4ee5\u91cd\u590d<\/span>\n\n#\u4e0b\u9762\u662f\u8981\u7528\u6237\u8ba4\u8bc1\u65f6\u624d\u914d\u7f6e<\/span>\nscript-security\u00a03\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u5141\u8bb8\u4f7f\u7528\u81ea\u5b9a\u4e49\u811a\u672c<\/span>\nauth-user-pass-verify\u00a0\/etc\/openvpn\/check.sh\u00a0via-env\u00a0\u00a0#\u6307\u5b9a\u8ba4\u8bc1\u811a\u672c<\/span>\nusername-as-common-name\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0#\u7528\u6237\u5bc6\u7801\u767b\u9646\u65b9\u5f0f\u9a8c\u8bc1<\/span><\/code><\/pre>\n
4.2 \u7f16\u5199\u7528\u6237\u9a8c\u8bc1 check.sh \u811a\u672c<\/h4>\n
[root@openvpn-server\u00a0~]#\u00a0cat\u00a0\/etc\/openvpn\/check.sh<\/span>\n#!\/bin\/bash<\/span>\nPASSFILE=\"\/etc\/openvpn\/openvpnfile\"\u00a0\u00a0\u00a0#\u5bc6\u7801\u6587\u4ef6\u00a0\u7528\u6237\u540d\u00a0\u5bc6\u7801\u660e\u6587<\/span>\nLOG_FILE=\"\/var\/log\/openvpn-password.log\"\u00a0\u00a0#\u7528\u6237\u767b\u5f55\u60c5\u51b5\u7684\u65e5\u5fd7<\/span>\nTIME_STAMP=`date\u00a0\"+%Y-%m-%d\u00a0%T\"`\nif\u00a0[\u00a0!\u00a0-r\u00a0\"${PASSFILE}\"\u00a0];\u00a0then\n\u00a0\u00a0\u00a0\u00a0echo\u00a0\"${TIME_STAMP}:\u00a0Could\u00a0not\u00a0open\u00a0password\u00a0file\u00a0\"${PASSFILE}\"\u00a0for\u00a0reading.\"\u00a0>>\u00a0${LOG_FILE}\n\u00a0\u00a0\u00a0\u00a0exit\u00a01\nfi\nCORRECT_PASSWORD=`awk\u00a0'!\/^;\/&&!\/^#\/&&$1==\"'${username}'\"{print\u00a0$2;exit}'\u00a0\u00a0\u00a0\u00a0${PASSFILE}`\nif\u00a0[\u00a0\"${CORRECT_PASSWORD}\"\u00a0=\u00a0\"\"\u00a0];\u00a0then\n\u00a0\u00a0\u00a0\u00a0echo\u00a0\"${TIME_STAMP}:\u00a0User\u00a0does\u00a0not\u00a0exist:\u00a0username=\"${username}\",password=\"${password}\".\"\u00a0>>\u00a0${LOG_FILE}\n\u00a0\u00a0\u00a0\u00a0exit\u00a01\nfi\nif\u00a0[\u00a0\"${password}\"\u00a0=\u00a0\"${CORRECT_PASSWORD}\"\u00a0];\u00a0then\n\u00a0\u00a0\u00a0\u00a0echo\u00a0\"${TIME_STAMP}:\u00a0Successful\u00a0authentication:\u00a0username=\"${username}\".\"\u00a0>>\u00a0${LOG_FILE}\n\u00a0\u00a0\u00a0\u00a0exit\u00a00\nfi\necho\u00a0\"${TIME_STAMP}:\u00a0Incorrect\u00a0password:\u00a0username=\"${username}\",\u00a0password=\"${password}\".\"\u00a0>>\u00a0${LOG_FILE}\nexit\u00a01<\/code><\/pre>\n
4.3 \u811a\u672c\u6388\u6743<\/h4>\n
[root@openvpn-server\u00a0~]#\u00a0chmod\u00a0700\u00a0\/etc\/openvpn\/check.sh<\/span><\/code><\/pre>\n
4.4 \u6dfb\u52a0\u7528\u6237<\/h4>\n
[root@openvpn-server\u00a0~]#\u00a0cat\u00a0\/etc\/openvpn\/openvpnfile<\/span>\nzxc\u00a0123456<\/code><\/pre>\n
4.5 \u91cd\u542fopenvpn\u670d\u52a1<\/h4>\n
[root@openvpn-server\u00a0~]#\u00a0systemctl\u00a0restart\u00a0openvpn@server<\/span><\/code><\/pre>\n
4.6 \u5ba2\u6237\u7aef\u53ea\u9700\u8981\u5728\u914d\u7f6e\u6587\u4ef6\u52a0\u4e2a\u53c2\u6570<\/h4>\n
\u5728client.ovpn\u6216\u8005client.conf\u6587\u4ef6\u6700\u540e\u4e00\u884c\u6dfb\u52a0\nauth-user-pass<\/code><\/pre>\n
4.7 \u6700\u7ec8\u6548\u679c<\/h4>\n
\"20240916012342744\"<\/p>\n
5\u3001OpenVPN\u8fde\u63a5\u5185\u7f51\u5176\u5b83\u670d\u52a1\u5668<\/h3>\n
#\u5148\u5728openvpn\u670d\u52a1\u7aef\u5f00\u542f\u5185\u6838\u8f6c\u53d1\u3002<\/span>\n[root@openvpn-server\u00a0~]#\u00a0echo\u00a0'net.ipv4.ip_forward\u00a0=\u00a01'\u00a0>>\/etc\/sysctl.conf<\/span>\n[root@openvpn-server\u00a0~]#\u00a0sysctl\u00a0-p<\/span>\nnet.ipv4.ip_forward\u00a0=\u00a01\n\n\n\n#\u5ba2\u6237\u7aef\u5c1d\u8bd5ping\u5176\u4ed6\u5185\u7f51\u670d\u52a1\u5668\uff0c\u4f1a\u663e\u793a\u8bf7\u6c42\u8d85\u65f6\u3002<\/span>\n[c:~]$\u00a0ping\u00a010.100.240.14\u00a0-t\n\u6b63\u5728\u00a0Ping\u00a010.100.240.14\u00a0\u5177\u6709\u00a032\u00a0\u5b57\u8282\u7684\u6570\u636e:\n\u8bf7\u6c42\u8d85\u65f6\u3002\n\u8bf7\u6c42\u8d85\u65f6\u3002\n\u8bf7\u6c42\u8d85\u65f6\u3002\n\u8bf7\u6c42\u8d85\u65f6\u3002\n\u8bf7\u6c42\u8d85\u65f6\u3002\n\u8bf7\u6c42\u8d85\u65f6\u3002\n\n#\u670d\u52a1\u7aef\u6293\u5305\uff0c\u53d1\u73b0\u53ea\u6709\u8bf7\u6c42\u7684\u5305\uff0c\u6ca1\u6709\u54cd\u5e94\u7684\u5305\u3002<\/span>\n[root@openvpn-server\u00a0~]#\u00a0tcpdump\u00a0-i\u00a0eth0\u00a0host\u00a010.100.240.14<\/span>\ntcpdump:\u00a0verbose\u00a0output\u00a0suppressed,\u00a0use\u00a0-v\u00a0or\u00a0-vv\u00a0for\u00a0full\u00a0protocol\u00a0decode\nlistening\u00a0on\u00a0eth0,\u00a0link-type\u00a0EN10MB\u00a0(Ethernet),\u00a0capture\u00a0size\u00a0262144\u00a0bytes\n16:15:48.527017\u00a0IP\u00a0192.168.1.6\u00a0>\u00a010.100.240.14:\u00a0ICMP\u00a0echo\u00a0request,\u00a0id\u00a01,\u00a0seq\u00a0738,\u00a0length\u00a040\n16:15:53.087817\u00a0IP\u00a0192.168.1.6\u00a0>\u00a010.100.240.14:\u00a0ICMP\u00a0echo\u00a0request,\u00a0id\u00a01,\u00a0seq\u00a0739,\u00a0length\u00a040\n16:15:58.101622\u00a0IP\u00a0192.168.1.6\u00a0>\u00a010.100.240.14:\u00a0ICMP\u00a0echo\u00a0request,\u00a0id\u00a01,\u00a0seq\u00a0740,\u00a0length\u00a040\n16:16:03.083202\u00a0IP\u00a0192.168.1.6\u00a0>\u00a010.100.240.14:\u00a0ICMP\u00a0echo\u00a0request,\u00a0id\u00a01,\u00a0seq\u00a0741,\u00a0length\u00a040\n\n#\u4e00\u822c\u90fd\u662f10.100.240.14\u4e0a\u6ca1\u6709192.168.1.0\u7684\u8def\u7531\uff0c\u572810.100.240.14\u4e0a\u6dfb\u52a0\u8def\u7531<\/span>\n[root@localhost\u00a0~]#\u00a0route\u00a0add\u00a0\u00a0-net\u00a0\u00a0\u00a0192.168.1.0\/24\u00a0\u00a0\u00a0gw\u00a010.100.240.3<\/span>\n\n#\u5728\u91cd\u65b0\u8fdevpn\uff0c\u518dping\u00a010.100.240.14\u00a0\u4f1a\u901a<\/span>\n[c:~]$\u00a0ping\u00a010.100.240.14\u00a0-t\n\u6b63\u5728\u00a0Ping\u00a010.100.240.14\u00a0\u5177\u6709\u00a032\u00a0\u5b57\u8282\u7684\u6570\u636e:\n\u6765\u81ea\u00a010.100.240.14\u00a0\u7684\u56de\u590d:\u00a0\u5b57\u8282=32\u00a0\u65f6\u95f4=1ms\u00a0TTL=64\n\u6765\u81ea\u00a010.100.240.14\u00a0\u7684\u56de\u590d:\u00a0\u5b57\u8282=32\u00a0\u65f6\u95f4<1ms\u00a0TTL=64\n\u6765\u81ea\u00a010.100.240.14\u00a0\u7684\u56de\u590d:\u00a0\u5b57\u8282=32\u00a0\u65f6\u95f4=1ms\u00a0TTL=64\n\u6765\u81ea\u00a010.100.240.14\u00a0\u7684\u56de\u590d:\u00a0\u5b57\u8282=32\u00a0\u65f6\u95f4<1ms\u00a0TTL=64<\/code><\/pre>\n
\u4ee5\u4e0a\u5c31\u662f\u624b\u628a\u624b\u6559\u4f60\u642d\u5efaOpenVPN\uff08\u4fdd\u59c6\u7ea7\u6559\u7a0b\uff09\uff01<\/p>\n
 <\/p>\n","protected":false},"excerpt":{"rendered":"
OpenVPN\u539f\u7406\u53ca\u90e8\u7f72\u4f7f\u7528 1. \u7b80\u4ecb \u2002\u2002\u2002\u2002VPN\u6280\u672f\u901a\u8fc7\u5bc6\u94a5\u4ea4\u6362\u3001\u5c01\u88c5\u3001\u8ba4\u8bc1\u3001\u52a0\u5bc6\u624b\u6bb5\u5728\u516c\u5171\u7f51\u7edc\u4e0a\u5efa\u7acb\u8d77\u79c1\u5bc6\u7684\u96a7\u9053\uff0c\u4fdd\u969c\u4f20\u8f93\u6570\u636e\u7684\u5b8c\u6574\u6027\u3001\u79c1\u5bc6\u6027\u548c\u6709\u6548\u6027\u3002OpenVPN\u662f\u8fd1\u5e74\u6765\u65b0\u51fa\u73b0\u7684\u5f00\u653e\u6e90\u7801\u9879\u76ee\uff0c\u5b9e\u73b0\u4e86SSL VPN\u7684\u4e00\u79cd\u89e3\u51b3\u65b9\u6848…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[141],"tags":[186],"topic":[],"class_list":["post-8709","post","type-post","status-publish","format-standard","hentry","category-tools-soft","tag-vpn"],"_links":{"self":[{"href":"http:\/\/puo.cn\/index.php?rest_route=\/wp\/v2\/posts\/8709","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/puo.cn\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/puo.cn\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/puo.cn\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/puo.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=8709"}],"version-history":[{"count":0,"href":"http:\/\/puo.cn\/index.php?rest_route=\/wp\/v2\/posts\/8709\/revisions"}],"wp:attachment":[{"href":"http:\/\/puo.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=8709"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/puo.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=8709"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/puo.cn\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=8709"},{"taxonomy":"topic","embeddable":true,"href":"http:\/\/puo.cn\/index.php?rest_route=%2Fwp%2Fv2%2Ftopic&post=8709"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}