vpn solution2 – windows openvpn client 免費的vpn 客戶端

<!– @page { size: 8.5in 11in; margin: 0.79in } P { margin-bottom: 0.08in } –>

上文提及過 openvpn server的制作方法, 這篇文章會介紹服務器端與客戶端配合的一個例子.

在客戶端方面, 用家大部份都會用 Windows + openvpn. Windows 下安裝 openvpn 十分簡單, 只需要以下步驟

  1. 到這裡下載 openvpn 圖形介面客戶端
    http://openvpn.se/files/install_packages/openvpn-2.0.9-gui-1.0.3-install.exe

  2. click install.exe 安裝

  3. C:\Program Files\OpenVPN\config 創建 / 編輯 ovpn 檔案 (yourservername.ovpn)

  4. .opvn示範檔案如下

    1. client

    2. dev tap

    3. proto udp

    5. # change this to your server’s address

    6. remote 123.123..123..123 1194

    7. resolv-retry infinite

    8. nobind

    9. persist-key

    10. persist-tun

    12. #tls-client

    13. ca keys/ca.crt

    14. cert keys/keithyau.crt

    15. key keys/keithyau.key

    17. #ensure that we are talking to a server

    18. ns-cert-type server

    20. #confirm we are talking to the correct server

    21. #tls-auth ta.key 1

    22. # Select a cryptographic cipher.

    23. # If the cipher option is used on the server

    24. # then you must also specify it her e.

    25. cipher AES-128-CBC

    27. # Enable compression on the VPN link.

    28. comp-lzo

    30. #fragment 1400

    31. # enable user/pass authentication

    32. # auth-user-pass

  5. 把鑰匙拷貝到 C:\Program Files\OpenVPN\config\keys , 以下是在服務器端上鑰匙的制法 (keithyau 換成你的使用者名字, 詳情參考 http://keithyau.wordpress.com/2009/02/07/vpn-solution-2-openvpn/)

    1. sudo su
      cd /etc/openvpn/examples/easy-rsa/2.0/
      source ./vars
      ./clean-all
      ./build-ca

      ./build-key-server server
      ./build-key keithyau

      ./build-dh
      cd keys
      openssl dhparam -out dh1024.pem 1024
      cd ..
      openvpn –genkey –secret ta.key #optional

  6. 在右下角 openvpn icon按連接

    openvpnclient1

  7. 測試連線

令服務器能接受以上設定的請求, 相應需要以下的設定

    # Which local IP address should OpenVPN
    # listen on? (optional)
    local 192.168.1.102
    port 1194

    proto udp

    dev tap0
    #direct these to your generated files
    ca /etc/openvpn/examples/easy-rsa/2.0/keys/ca.crt
    cert /etc/openvpn/examples/easy-rsa/2.0/keys/server.crt
    key /etc/openvpn/examples/easy-rsa/2.0/keys/server.key
    dh /etc/openvpn/examples/easy-rsa/2.0/keys/dh1024.pem
    ifconfig-pool-persist ipp.txt
    #需要 dhcp 服務器 的配合
    server 10.3.0.0 255.255.255.0
    # 服務器上沒有 dhcp 服務器的請選這行
    # server-bridge 192.168.1.102 255.255.255.0 192.168.1.230 192.168.1.231

    keepalive 10 120
    #encryption
    cipher AES-128-CBC
    #Push routing configuration
    #push “route 192.168.2.0 255.255.255.0″

    #tls-auth ta.key 0

    comp-lzo
    #fragment 1400
    #limit the number of connections
    max-clients 5
    #some secuurity settings
    # do not use if running server on Windows
    user nobody
    group nogroup
    persist-key
    persist-tun
    #log file settings
    status openvpn-status.log
    verb 3
    # authentication plugin
    #forces client to have a linux acount in order to connect (Not for Windows user)
    # plugin /usr/lib/openvpn/openvpn-auth-pam.so login

這裡有安裝 DHCP server 的方法

sudo apt-get install dhcp3-server

sudo vi /etc/default/dhcp3-server

更改 為 INTERFACES=”br0″ # br0 = 你的網卡名稱

sudo vi /etc/dhcp3/dhcpd.conf

把其中一個示範修改為 (10.3.0.0 是你打算指派的網絡)

subnet 10.3.0.0 netmask 255.255.255.0 {

range 10.3.0.100 10.3.0.200;

option routers 192.168.1.1;

}

/etc/init.d/dhcpd restart

/etc/init.d/openvpn restart

這樣你的 Openvpn 就能成功在 linux windows 間建立起來了

About this entry

You’re currently reading “vpn solution2 – windows openvpn client 免費的vpn 客戶端,” an entry on keithyau

Published:
February 12, 2009 / 5:44 pm
Category:
Information Technology, security
Tags:
, , , , , , , , , ,