1.新增模組 tun /etc/modules
2.安裝相關套件及軟體
openvpnz.lrp easyrsa.lrp openssl.lrp
wget https://raw.githubusercontent.com/OpenVPN/easy-rsa-old/master/easy-rsa/1.0/build-key-server -O /usr/bin/build-key-server
wget https://raw.githubusercontent.com/OpenVPN/easy-rsa-old/master/easy-rsa/1.0/build-key -O /usr/bin/build-key
3.編輯 /etc/easyrsa/vars
4.產生 CA
. /etc/easyrsa/vars
cd /etc/easyrsa
./clean-all
build-ca
build-dh
5.產生 Server 及 client 金鑰
build-key-server server
build-key client
openvpn --genkey --secret ta.key
6.設定 /etc/openvpn/server.conf 內容如下
port 443
proto tcp
dev tap
ca /etc/easyrsa/keys/ca.crt
cert /etc/easyrsa/keys/server.crt
dh /etc/easyrsa/keys/dh2048.pem
topology subnet
server 10.8.0.0 255.255.255.0
client-config-dir /etc/openvpn/ccd
client-to-client
duplicate-cn
keepalive 10 120
cipher AES-256-CBC
persist-key
persist-tun
status /var/log/openvpn-status.log
verb 3
;route 10.72.198.0 255.255.255.0 10.8.0.2
7.shorewall 相關設定
編輯 /etc/shorewall/zones 加入
vpn ipv4
編輯 /etc/shorewall/interfaces 加入
vpn tap0
編輯
/etc/shorewall/policy
/etc/shorewall/rules
編輯 /etc/shorewall/snat 加入
;MASQUERADE 10.8.0.0/24 eth0
;MASQUERADE 10.8.0.0/24 eth1
沒有留言:
張貼留言