close

topology     lan  (192.168.4.0/24)---wan 192.168.40.80 (openvpn server)--------------------------wan 192.168.40.20 (client) ----- lan (192.168.2.0/24) 

 

Server / Client  :

1.  Download and run openvpn-install.sh script

wget https://git.io/vpn -O openvpn-install.sh

chmod +x openvpn-install.sh

sudo ./openvpn-install.sh

2.  How do I start/stop/restart OpenVPN server on Ubuntu

systemctl restart/stop/start  openvpn-server@server.service

3. openvpn client for windows 

https://openvpn.net/community-downloads/

win32bit https://swupdate.openvpn.org/community/releases/OpenVPN-2.5.4-I604-x86.msi

win64bit https://swupdate.openvpn.org/community/releases/OpenVPN-2.5.4-I604-amd64.msi

 

4.  Server config file :  server.conf

local 192.168.40.80
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
#tls-crypt tc.key
topology subnet
server 10.8.0.0 255.255.255.0
#server-ipv6 fddd:1194:1194:1194::/64
#push "redirect-gateway def1 ipv6 bypass-dhcp"
#push "route 172.17.0.0 255.255.0.0"
#push "redirect-gateway def1 bypass-dhcp"
push "route 192.168.4.0 255.255.255.0"   # server subnet
client-config-dir ccd 
route 192.168.2.0 255.255.255.0   # client subnet
#route 192.168.10.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
verb 3
crl-verify crl.pem
explicit-exit-notify
#client-cert-not-required
script-security 2
#auth-user-pass-verify /etc/openvpn/ovpnauth.sh via-file
client-to-client

nano  ccd/openvpn_client  # client cn name
iroute 192.168.2.0 255.255.255.0

5. Client config :   client.conf   , need copy ca.crt , client.crt and client.key to here

client
dev tun
proto udp
remote 192.168.40.80 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
ignore-unknown-option block-outside-dns
#block-outside-dns
verb 3
<ca>
-----BEGIN CERTIFICATE-----
xxxxx

xxxxx
-----END CERTIFICATE-----
</ca>
<cert>
xxxxx

xxxxx
</cert>
<key>
-----BEGIN PRIVATE KEY-----
xxxxx

xxxxx

-----END PRIVATE KEY-----
</key>

 

6. Server restart

 systemctl restart openvpn-server@server.service

7. Client start

openvpn --config  client.conf

 

8. make sure server /client route table 

9. client ping server lan subnet and server ping client lan subnet work well

 

 

 

 

 

 

 

arrow
arrow
    全站熱搜

    yves2005 發表在 痞客邦 留言(0) 人氣()

    E-mail轉寄