- [Show pagesource]
- [Old revisions]
- [[unknown link type]]
- []
Table of Contents
OpenVPN
Získání certifikátu
Vygenerujeme certifikat, ulozi se do souboru ta.key
openvpn –genkey –secret ta.key
server konfigurace
tls-auth ta.key 0
server konfigurace
tls-auth ta.key 1
Příklad
port 1194 proto tcp ;proto udp dev tun0 ca ca.crt cert server.crt key server.key dh dh2048.pem server 192.168.1.2 255.255.255.0 ifconfig-pool-persist ipp.txt client-config-dir ccd route 192.168.40.128 255.255.255.248 # Then create a file ccd/Thelonious with this line: iroute 192.168.40.128 255.255.255.248 ifconfig-push 10.9.0.1 10.9.0.2 # use this, if you wanna use fixed VPN IP push "route 192.168.182.0 255.255.255.0" push "redirect-gateway" push "dhcp-option DNS 192.168.183.1" push "dhcp-option WINS 10.8.0.1" client-to-client keepalive 10 120 tls-auth ta.key 0 # secret file cipher BF-CBC # Blowfish cipher AES-128-CBC # AES cipher DES-EDE3-CBC # Triple-DES comp-lzo # compresion ;max-clients 100 status openvpn-status.log
Statická IP
nejaka slozka pro konfiguraci jednotlivych klientu, jmeno souboru podle common name v certifikatu (lze jednoduse najit v openvpn-status.log)
Nijak moc to neresi kolize a celkem s klidem si vygeneruje adresu, ktera uz je pouzita staticky. Takze lepsi pouzit nejaky vyssi.
V main configu (“server.conf”):
client-config-dir clients.d
V prislusnem klientskem souboru staci-melo by stacit napsat virtualni ip klienta a serveru (dunno)
ifconfig-push 10.0.5.**X** 10.0.5.**Y**
Podle pseudokumentace (@ http://www.imped.net/oss/misc/openvpn-2.0-howto-edit.html ) je potreba pro obe adresy, u klienta pouzit nejaky z paru [X, Y]
[ 1, 2] [ 5, 6] [ 9, 10] [ 13, 14] [ 17, 18] [ 21, 22] [ 25, 26] [ 29, 30] [ 33, 34] [ 37, 38] [ 41, 42] [ 45, 46] [ 49, 50] [ 53, 54] [ 57, 58] [ 61, 62] [ 65, 66] [ 69, 70] [ 73, 74] [ 77, 78] [ 81, 82] [ 85, 86] [ 89, 90] [ 93, 94] [ 97, 98] [101,102] [105,106] [109,110] [113,114] [117,118] [121,122] [125,126] [129,130] [133,134] [137,138] [141,142] [145,146] [149,150] [153,154] [157,158] [161,162] [165,166] [169,170] [173,174] [177,178] [181,182] [185,186] [189,190] [193,194] [197,198] [201,202] [205,206] [209,210] [213,214] [217,218] [221,222] [225,226] [229,230] [233,234] [237,238] [241,242] [245,246] [249,250] [253,254]
Linky
Návod na spusteni VPN
- nainstalovat program OpneVPN (nejlepe bez GUI)
- naimportovat vsechny vygenerovany certifikaty do programfiles/openVPN/config
- spustit spravce uloh
- prepnout na sluzby
- KLIK : sluzby jako spravce
- Open VPN Service
Stav: spusteno
Typ spouštení: automaticky
- zrestartovat pc
- otestovat: CMD/ping 10.0.4.52
- DONE!
pak nastavit sitovy disk dle navodu