Toggle navigation
VA伐木累
社区
VA伐木累
Proxy
JSON
BASE64
MyGit
登录
注册
×
登录
邮箱
密码
忘记密码?
Windows架设OpenVpn
•发布于
•作者
liuzy
•1056 次浏览
•最后一次编辑是
•来自
技术
## 一、服务器 ### 1. 下载 `openvpn-install-2.4.7-I603.exe` ### 2. 安装 - 勾选全部、安装到 D:\OpenVPN ### 3. 生成证书 #### 3.1 打开D:\OpenVPN\easy-rsa #### 3.2 编辑vars.bat.sample文件,最后面的默认参数 ``` set KEY_COUNTRY=CN set KEY_PROVINCE=ShangHai set KEY_CITY=ShangHai set KEY_ORG=liuzy88 set KEY_EMAIL=vpn@liuzy88.com set KEY_CN=liuzy set KEY_NAME=liuzy set KEY_OU=liuzy set PKCS11_MODULE_PATH=liuzy set PKCS11_PIN=1234 ``` #### 3.3 修改脚本 **unsupported certificate purpose** - 编辑`openssl-1.0.0.cnf`,在`[ server ]`下方添加 ``` [ client ] # JY ADDED -- Make a cert with nsCertType set to "client" basicConstraints=CA:FALSE nsCertType = client nsComment = "Easy-RSA Generated Client Certificate" subjectKeyIdentifier=hash authorityKeyIdentifier=keyid,issuer:always extendedKeyUsage=clientAuth keyUsage = digitalSignature, keyEncipherment ``` - 复制`build-key-server.bat`为`build-key-client.bat`并修改`-extensions server`为`-extensions client` #### 3.3 敲cmd,依次执行命令 - 注意Common Name分别为 CA、server、client ``` init-config vars clean-all build-ca build-dh build-key-server server build-key-client client ``` #### 3.4 添加新的client1 - 进入D:\OpenVPN\easy-rsa执行,注意Common Name为client1 ``` vars build-key-client client1 ``` ### 4. 配置server.ovpn ``` port 53 proto udp dev tap ca ../easy-rsa/keys/ca.crt cert ../easy-rsa/keys/server.crt key ../easy-rsa/keys/server.key dh ../easy-rsa/keys/dh2048.pem server 10.10.0.0 255.255.255.0 push "route 0.0.0.0 0.0.0.0" push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 114.114.114.114" push "dhcp-option DNS 8.8.8.8" client-to-client keepalive 10 120 tls-auth ../easy-rsa/keys/ta.key 0 comp-lzo persist-key persist-tun status openvpn-status.log verb 3 mute 20 ``` ### 5. 配置client.ovpn - 方式一: ``` client proto udp dev tap remote 142.252.251.237 53 resolv-retry infinite nobind persist-key persist-tun remote-cert-tls server reneg-sec 0 comp-lzo verb 3 ca ../easy-rsa/keys/ca.crt cert ../easy-rsa/keys/client.crt key ../easy-rsa/keys/client.key key-direction 1 tls-auth ../easy-rsa/keys/ta.key 1 ``` - 方式二: ``` client dev tap proto udp remote 142.252.251.237 53 resolv-retry infinite nobind persist-key persist-tun remote-cert-tls server reneg-sec 0 comp-lzo verb 3 <ca>...........</ca> <cert>................</cert> <key>................</key> key-direction 1 <tls-auth>............</tls-auth> ``` ### 5. 运行OpenVpn GUI
0 回复
作者
liuzy
积分: 841
“ 黑眼圈圈男 ”
无人回复话题
SonarQube 9.4 + PostgreSQL
shell倒计时
日常网络巧技
使用ssh创建socks5代理服务
NodeJS集群demo
作者其他话题
SonarQube 9.4 + PostgreSQL
shell倒计时
日常网络巧技
使用ssh创建socks5代理服务
NodeJS集群demo
回到顶部
友情链接:
JFinal
©2015 Powered by
jfinalbbs
沪ICP备15012258号
