2017年5月29日 星期一
openvpn
被搞好幾次囉
1. install openvpn, easy-rsa
2. vars 修改,. ./vars
3. build-ca
4. build-key-server <server_name>
5. build-dh
6. build-key <client_name>
7. openvpn --genkey --secret ta.key
https://openvpn.net/index.php/open-source/documentation/howto.html#examples
server/client config example
server 端:走 tcp, ta 打開 (0)
client 端:放 ca.crt, ta.key, <client_name>.* 到 openvpn 設定目錄內
走 tcp, ta 打開 (1)
重點:
防火牆打開
ufw allow 1194/tcp
ufw allow 1194/udp
/etc/ufw/before.rules 內最後面加上
## NAT table rules
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
# Port Forwarding
-A POSTROUTING -s 192.168.95.0/24 -o ppp0 -j MASQUERADE
# don't delete the 'COMMIT' line or these rules won't be processed
COMMIT
/etc/ufw/sysctl.conf 裡打開 net/ipv4/ip_forward=1
然後要把來自 tun0 的封包都預設 allow 不然 client 丟過去的 ip 不一樣就會被擋
ufw allow in on tun0
訂閱:
文章 (Atom)