topology lan (192.168.4.0/24)---wan 192.168.40.80 (openvpn server)--------------------------wan 192.168.40.20 (client) ----- lan (192.168.2.0/24)
Server / Client :
1. Download and run openvpn-install.sh script
wget https://git.io/vpn -O openvpn-install.sh
chmod +x openvpn-install.sh
sudo ./openvpn-install.sh
2. How do I start/stop/restart OpenVPN server on Ubuntu
systemctl restart/stop/start openvpn-server@server.service
3. openvpn client for windows
https://openvpn.net/community-downloads/
win32bit https://swupdate.openvpn.org/community/releases/OpenVPN-2.5.4-I604-x86.msi
win64bit https://swupdate.openvpn.org/community/releases/OpenVPN-2.5.4-I604-amd64.msi
4. Server config file : server.conf
local 192.168.40.80
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
#tls-crypt tc.key
topology subnet
server 10.8.0.0 255.255.255.0
#server-ipv6 fddd:1194:1194:1194::/64
#push "redirect-gateway def1 ipv6 bypass-dhcp"
#push "route 172.17.0.0 255.255.0.0"
#push "redirect-gateway def1 bypass-dhcp"
push "route 192.168.4.0 255.255.255.0" # server subnet
client-config-dir ccd
route 192.168.2.0 255.255.255.0 # client subnet
#route 192.168.10.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
verb 3
crl-verify crl.pem
explicit-exit-notify
#client-cert-not-required
script-security 2
#auth-user-pass-verify /etc/openvpn/ovpnauth.sh via-file
client-to-client
nano ccd/openvpn_client # client cn name
iroute 192.168.2.0 255.255.255.0
5. Client config : client.conf , need copy ca.crt , client.crt and client.key to here
client
dev tun
proto udp
remote 192.168.40.80 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
ignore-unknown-option block-outside-dns
#block-outside-dns
verb 3
<ca>
-----BEGIN CERTIFICATE-----
xxxxx
xxxxx
-----END CERTIFICATE-----
</ca>
<cert>
xxxxx
xxxxx
</cert>
<key>
-----BEGIN PRIVATE KEY-----
xxxxx
xxxxx
-----END PRIVATE KEY-----
</key>
6. Server restart
systemctl restart openvpn-server@server.service
7. Client start
openvpn --config client.conf
8. make sure server /client route table
9. client ping server lan subnet and server ping client lan subnet work well
留言列表