江苏龙网

  1. 主页 > 生活百科 > >

使用树莓派安装OpenVPN,在外部访问家庭内部网络( 二 )

OpenVPN

cp /etc/openvpn/server/easy-rsa/pki/ca.crt /etc/openvpn/servercp /etc/openvpn/server/easy-rsa/pki/issued/server.crt /etc/openvpn/servercp /etc/openvpn/server/easy-rsa/pki/private/server.key /etc/openvpn/servercp /etc/openvpn/server/easy-rsa/pki/dh.pem /etc/openvpn/server/编辑配置文件编辑server.conf配置,去除无用配置项
local 0.0.0.0port 1194proto tcp# dev tapdev tunca /etc/openvpn/server/easy-rsa/pki/ca.crtcert /etc/openvpn/server/easy-rsa/pki/issued/server.crtkey /etc/openvpn/server/easy-rsa/pki/private/server.keydh /etc/openvpn/server/easy-rsa/dh.pemserver 10.8.0.0 255.255.255.0ifconfig-pool-persist /etc/openvpn/server/ipp.txtpush "route 192.168.0.0 255.255.255.0"# If enabled, this directive will configure# all clients to redirect their default#.NETwork gateway through the VPN, causing# all IP traffic such as web browsing and# and DNS lookups to go through the VPN# (The OpenVPN server machine may need to NAT# or bridge the TUN/TAP interface to the internet# in order for this to work properly).# push "redirect-gateway def1 bypass-dhcp"# push "dhcp-option DNS 208.67.222.222"# push "dhcp-option DNS 208.67.220.220"client-to-clientkeepalive 10 120# For extra security beyond that provided# by SSL/TLS, create an "HMAC firewall"# to help block DoS attacks and UDP port flooding.## Generate with:#openvpn --genkey --secret ta.key## The server and each client must have# a copy of this key.# The second parameter should be '0'# on the server and '1' on the clients.tls-auth /etc/openvpn/server/ta.key 0 # This file is secret# Select a cryptographic cipher.# This config item must be copied to# the client config file as well.# Note that 2.4 client/server will automatically# negotiate AES-256-GCM in TLS mode.# See also the ncp-cipher option in the manpagecipher AES-256-CBCcomp-lzomax-clients 100persist-keypersist-tunstatus /var/log/openvpn/status.loglog/var/log/openvpn/openvpn.loglog-Append/var/log/openvpn/openvpn.logverb 3mute 20配置iptables配置iptables设置nat规则和打开路由转发
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j MASQUERADEiptables -vnL -t nat# 打开路由转发vim /etc/sysctl.conf# 修改net.ipv4.ip_forwardnet.ipv4.ip_forward = 1sysctl -p验证服务systemctl status openvpn@server.servicesystemctl restart openvpn@server.service配置OpenVPN客户端复制配置文件# 创建客户端配置文件mkdir -p ~/openvpn/client1# client.conf 如果client.conf不存在,需要对目录下的cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf ~/openvpn/client1/client1.ovpn复制证书及密钥文件然后将CA的证书、客户端的证书和密钥,以及Diffie-Hellman参数文件复制到 ~/openvpn/client1 目录下
cp /etc/openvpn/server/easy-rsa/pki/ca.crt ~/openvpn/client1/ca.crtcp /etc/openvpn/server/easy-rsa/ta.key ~/openvpn/client1/ta.keycp /etc/openvpn/server/easy-rsa/pki/private/client1.key ~/openvpn/client1/client1.keycp /etc/openvpn/server/easy-rsa/pki/issued/client1.crt ~/openvpn/client1/client1.crt编辑配置文件编辑client1.ovpn配置,去除无用配置项
clientdev tunproto tcp# remote <服务器端IP> <服务器端端口>remote 192.168.xx.xx 1194resolv-retry infinite# Most clients don't need to bind to# a specific local port number.nobindpersist-keypersist-tunca ca.crtcert client1.crtkey client1.keyremote-cert-tls servertls-auth ta.key 1comp-lzoverb 5# 不拉取服务端路由配置,可选可不选 。route-nopull# 指定访问哪些网段走vpn隧道route 192.168.0.0 255.255.0.0 vpn_gateway打包客户端配置文件cd ~/openvpntar -zcvf client1.tar.gz ./client1使用OpenVPN Connect客户端使用OpenVPN Connect客户端连接服务

使用树莓派安装OpenVPN,在外部访问家庭内部网络

文章插图
 

使用树莓派安装OpenVPN,在外部访问家庭内部网络

文章插图
 

使用树莓派安装OpenVPN,在外部访问家庭内部网络

文章插图
 

使用树莓派安装OpenVPN,在外部访问家庭内部网络

文章插图
 




推荐阅读


上一篇:python设置excel表格高度、宽度、背景颜色、字体样式/大小/粗细

下一篇:儿子早恋应该要怎么办 儿子早恋应该要怎么办呢