Erinevus lehekülje "OpenVPN" redaktsioonide vahel
Allikas: Kuutõrvaja
(→OpenVPN serveri seadistamine - OpenBSD) |
(→OpenVPN serveri seadistamine - OpenBSD) |
||
| 38. rida: | 38. rida: | ||
# /usr/local/share/examples/openvpn/easy-rsa/build-dh | # /usr/local/share/examples/openvpn/easy-rsa/build-dh | ||
| + | |||
| + | Serveri poolel sobib kasutada sellist seadistusfaili bridge režiimis | ||
| + | |||
| + | # cat /etc/openvpn/openvpn.conf | ||
| + | local 10.0.10.251 | ||
| + | port 1194 | ||
| + | proto udp | ||
| + | dev-type tap | ||
| + | dev tun0 | ||
| + | ca keys/ca.crt | ||
| + | cert keys/server.crt | ||
| + | key keys/server.key | ||
| + | dh keys/dh1024.pem | ||
| + | server-bridge 172.16.0.254 255.255.255.0 172.16.0.210 172.16.0.220 | ||
| + | ifconfig-pool-persist /tmp/ipp.txt | ||
| + | push "redirect-gateway local def1" | ||
| + | keepalive 10 120 | ||
| + | comp-lzo | ||
| + | user nobody | ||
| + | group nobody | ||
| + | persist-key | ||
| + | persist-tun | ||
| + | status /var/log/openvpn-status.log | ||
| + | verb 3 | ||
| + | |||
| + | Ning sellist seadistusfaili route režiimis | ||
| + | |||
| + | # cat /etc/openvpn/openvpn.conf | ||
| + | local 10.0.10.251 | ||
| + | port 1194 | ||
| + | proto udp | ||
| + | dev tun0 | ||
| + | ca keys/ca.crt | ||
| + | cert keys/server.crt | ||
| + | key keys/server.key | ||
| + | dh keys/dh1024.pem | ||
| + | server 10.8.0.0 255.255.255.0 | ||
| + | ifconfig-pool-persist /tmp/ipp.txt | ||
| + | push "redirect-gateway local def1" | ||
| + | keepalive 10 120 | ||
| + | comp-lzo | ||
| + | user nobody | ||
| + | group nobody | ||
| + | persist-key | ||
| + | persist-tun | ||
| + | status /var/log/openvpn-status.log | ||
| + | verb 3 | ||
===OpenVPN kliendi seadistamine - Debian=== | ===OpenVPN kliendi seadistamine - Debian=== | ||
Redaktsioon: 25. juuli 2008, kell 14:07
Sisukord
Eesmärk
Seadistada käima turvaline ühenduse OpenBSD ja Debian arvutite vahel, kusjuures OpenBSD juures töötab OpenVPN server režiimis ning Debianil klient režiimis.
OpenVPN serveri seadistamine - OpenBSD
Paigalda pakett openvpn
# pkg_add openvpn
Seejärel tuleb moodustada mõned kataloogid ja failid
# mkdir /etc/openvpn /etc/openvpn/keys # touch /etc/openvpn/keys/index.txt # echo 01 > /etc/openvpn/keys/serial # cp /usr/local/share/examples/openvpn/easy-rsa/openssl.cnf /etc/openvpn
Seada sobivab keskkonnamuutujad
# . /usr/local/share/examples/openvpn/easy-rsa/vars
Seejärel tuleb genereerida sertifikaadid
- CA
# cd /etc/openvpn/keys # /usr/local/share/examples/openvpn/easy-rsa/build-ca
- OpenVPN serveri sertifikaat
# /usr/local/share/examples/openvpn/easy-rsa/build-key-server server
- OpenVPN kliendi sertifikaat
# /usr/local/share/examples/openvpn/easy-rsa/build-key sid1
- Diffie-Hellmani ajad
# /usr/local/share/examples/openvpn/easy-rsa/build-dh
Serveri poolel sobib kasutada sellist seadistusfaili bridge režiimis
# cat /etc/openvpn/openvpn.conf local 10.0.10.251 port 1194 proto udp dev-type tap dev tun0 ca keys/ca.crt cert keys/server.crt key keys/server.key dh keys/dh1024.pem server-bridge 172.16.0.254 255.255.255.0 172.16.0.210 172.16.0.220 ifconfig-pool-persist /tmp/ipp.txt push "redirect-gateway local def1" keepalive 10 120 comp-lzo user nobody group nobody persist-key persist-tun status /var/log/openvpn-status.log verb 3
Ning sellist seadistusfaili route režiimis
# cat /etc/openvpn/openvpn.conf local 10.0.10.251 port 1194 proto udp dev tun0 ca keys/ca.crt cert keys/server.crt key keys/server.key dh keys/dh1024.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist /tmp/ipp.txt push "redirect-gateway local def1" keepalive 10 120 comp-lzo user nobody group nobody persist-key persist-tun status /var/log/openvpn-status.log verb 3
OpenVPN kliendi seadistamine - Debian
Paigaldada pakett openvpn
# apt-get install openvpn
