在客戶端方面, 用家大部份都會用 Windows + openvpn. 在 Windows 下安裝 openvpn 十分簡單, 只需要以下步驟
到這裡下載 openvpn 圖形介面客戶端
http://openvpn.se/files/install_packages/openvpn-2.0.9-gui-1.0.3-install.exe
雙click install.exe 安裝
到 C:\Program Files\OpenVPN\config 創建 / 編輯 ovpn 檔案 (yourservername.ovpn)
.opvn示範檔案如下
client
dev tap
proto udp
# change this to your server’s address
remote 123.123..123..123 1194
resolv-retry infinite
nobind
persist-key
persist-tun
#tls-client
ca keys/ca.crt
cert keys/keithyau.crt
key keys/keithyau.key
#ensure that we are talking to a server
ns-cert-type server
#confirm we are talking to the correct server
#tls-auth ta.key 1
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it her e.
cipher AES-128-CBC
# Enable compression on the VPN link.
comp-lzo
#fragment 1400
# enable user/pass authentication
# auth-user-pass
把鑰匙拷貝到 C:\Program Files\OpenVPN\config\keys , 以下是在服務器端上鑰匙的制法(把keithyau 換成你的使用者名字, 詳情參考http://keithyau.wordpress.com/2009/02/07/vpn-solution-2-openvpn/)
sudo su
cd /etc/openvpn/examples/easy-rsa/2.0/
source ./vars
./clean-all
./build-ca
./build-key-server server
./build-key keithyau
./build-dh
cd keys
openssl dhparam -out dh1024.pem 1024
cd ..
openvpn –genkey –secret ta.key #optional
在右下角 openvpn icon按連接
測試連線
令服務器能接受以上設定的請求, 相應需要以下的設定
# Which local IP address should OpenVPN
# listen on? (optional)
local 192.168.1.102
port 1194
proto udp
dev tap0
#direct these to your generated files
ca /etc/openvpn/examples/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/examples/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/examples/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/examples/easy-rsa/2.0/keys/dh1024.pem
ifconfig-pool-persist ipp.txt
#需要 dhcp 服務器 的配合
server 10.3.0.0 255.255.255.0
# 服務器上沒有 dhcp 服務器的請選這行
# server-bridge 192.168.1.102 255.255.255.0 192.168.1.230 192.168.1.231
keepalive 10 120
#encryption
cipher AES-128-CBC
#Push routing configuration
#push "route 192.168.2.0 255.255.255.0″
#tls-auth ta.key 0
comp-lzo
#fragment 1400
#limit the number of connections
max-clients 5
#some secuurity settings
# do not use if running server on Windows
user nobody
group nogroup
persist-key
persist-tun
#log file settings
status openvpn-status.log
verb 3
# authentication plugin
#forces client to have a linux acount in order to connect (Not for Windows user)
# plugin /usr/lib/openvpn/openvpn-auth-pam.so login
這裡有安裝 DHCP server 的方法
sudo apt-get install dhcp3-server
sudo vi /etc/default/dhcp3-server
更改 為 INTERFACES=”br0″ # br0 = 你的網卡名稱
sudo vi /etc/dhcp3/dhcpd.conf
把其中一個示範修改為 (10.3.0.0 是你打算指派的網絡)
subnet 10.3.0.0 netmask 255.255.255.0 {
range 10.3.0.100 10.3.0.200;
option routers 192.168.1.1;
}
/etc/init.d/dhcpd restart
/etc/init.d/openvpn restart
這樣你的 Openvpn 就能成功在 linux → windows 間建立起來了
乌班图