侧边栏壁纸
博主头像
落叶人生博主等级

走进秋风,寻找秋天的落叶

  • 累计撰写 130562 篇文章
  • 累计创建 28 个标签
  • 累计收到 9 条评论
标签搜索

目 录CONTENT

文章目录
系统/网络安全

centos6.2下安装open***

2023-04-26 星期三 / 0 评论 / 0 点赞 / 75 阅读 / 30448 字

一,系统环境 服务器:centos6.2 x86_64 IP:192.168.0.31 客户端:windows xp IP:192.168.0.42二,开始安装 1,检查 tun 是否安装[

.

一,系统环境

   服务器:centos6.2 x86_64

   IP:192.168.0.31

   客户端:windows xp

   IP:192.168.0.42

二,开始安装

   1,检查 tun 是否安装

[root@localhost ~]# modinfo tunfilename:       /lib/modules/2.6.32-220.el6.x86_64/kernel/drivers/net/tun.koalias:          char-major-10-200license:        GPLauthor:         (C) 1999-2004 Max Krasnyansky <[email protected]>description:    Universal TUN/TAP device driversrcversion:     5A72C0DB4EBDF9E4B1D5016depends:     vermagic:       2.6.32-220.el6.x86_64 SMP mod_unload modversions

   2,yum安装关联包


yum install -y openssl openssl-devel lzo lzo-devel pam pam-devel

   3,解压软件


[root@localhost ~]# tar -zxvf open***-2.2.2.tar.gz

   4,进入目录


[root@localhost ~]# cd open***-2.2.2

   5,编译安装


[root@localhost open***-2.2.2]# ./configure[root@localhost open***-2.2.2]# make && make install

   6,创建配置文件目录


[root@localhost ~]# mkdir /etc/open***

   7,拷贝制作证书的目录到配置文件目录中


[root@localhost ~]# cp -R open***-2.2.2/easy-rsa/ /etc/open***/

   8,进入目录


[root@localhost ~]# cd /etc/open***/easy-rsa/2.0/

   9,编辑vars


[root@localhost ~]# vi varsexport KEY_COUNTRY="CN"export KEY_PROVINCE="SHANGHAI"export KEY_CITY="SHANGHAI"export KEY_ORG="LECAKE"export KEY_EMAIL="[email protected]"export [email protected]

   10,复制文件


[root@localhost 2.0]# cp openssl-1.0.0.cnf openssl.cnf

   11,执行vars文件


[root@localhost 2.0]# . ./varsNOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/open***/easy-rsa/2.0/keys

   12,执行clean-all


[root@localhost 2.0]# ./clean-all

   13,创建server证书


[root@localhost 2.0]# ./build-ca serverGenerating a 1024 bit RSA private key....................++++++.......................................................++++++writing new private key to 'ca.key'-----You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [CN]:State or Province Name (full name) [SHANGHAI]:Locality Name (eg, city) [SHANGHAI]:Organization Name (eg, company) [LECAKE]:Organizational Unit Name (eg, section) [changeme]:Common Name (eg, your name or your server's hostname) [changeme]:Name [changeme]:Email Address [[email protected]]:

一路回车下去

   14,创建server密钥


[root@localhost 2.0]# ./build-key-server serverGenerating a 1024 bit RSA private key..........++++++........++++++writing new private key to 'server.key'-----You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [CN]:State or Province Name (full name) [SHANGHAI]:Locality Name (eg, city) [SHANGHAI]:Organization Name (eg, company) [LECAKE]:Organizational Unit Name (eg, section) [changeme]:Common Name (eg, your name or your server's hostname) [server]:Name [changeme]:Email Address [[email protected]]:Please enter the following 'extra' attributesto be sent with your certificate requestA challenge password []:An optional company name []:Using configuration from /etc/open***/easy-rsa/2.0/openssl.cnfCheck that the request matches the signatureSignature okThe Subject's Distinguished Name is as followscountryName           :PRINTABLE:'CN'stateOrProvinceName   :PRINTABLE:'SHANGHAI'localityName          :PRINTABLE:'SHANGHAI'organizationName      :PRINTABLE:'LECAKE'organizationalUnitName:PRINTABLE:'changeme'commonName            :PRINTABLE:'server'name                  :PRINTABLE:'changeme'emailAddress          :IA5STRING:'[email protected]'Certificate is to be certified until Mar 23 23:51:50 2023 GMT (3650 days)Sign the certificate? [y/n]:y1 out of 1 certificate requests certified, commit? [y/n]yWrite out database with 1 new entriesData Base Updated

   15,创建client端密钥


[root@localhost 2.0]# ./build-key client1Generating a 1024 bit RSA private key...........................++++++.++++++writing new private key to 'client1.key'-----You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [CN]:State or Province Name (full name) [CN]:Locality Name (eg, city) [SHANGHAI]:Organization Name (eg, company) [LECAKE]:Organizational Unit Name (eg, section) [changeme]:Common Name (eg, your name or your server's hostname) [client1]:Name [changeme]:Email Address [[email protected]]:Please enter the following 'extra' attributesto be sent with your certificate requestA challenge password []:An optional company name []:Using configuration from /etc/open***/easy-rsa/2.0/openssl.cnfCheck that the request matches the signatureSignature okThe Subject's Distinguished Name is as followscountryName           :PRINTABLE:'CN'stateOrProvinceName   :PRINTABLE:'SHANGHAI'localityName          :PRINTABLE:'SHANGHAI'organizationName      :PRINTABLE:'LECAKE'organizationalUnitName:PRINTABLE:'changeme'commonName            :PRINTABLE:'client1'name                  :PRINTABLE:'changeme'emailAddress          :IA5STRING:'[email protected]'Certificate is to be certified until Mar 23 23:52:15 2023 GMT (3650 days)Sign the certificate? [y/n]:y1 out of 1 certificate requests certified, commit? [y/n]yWrite out database with 1 new entriesData Base Updated

   16,生成的Diffie-Hellman文件


[root@localhost 2.0]# ./build-dhGenerating DH parameters, 1024 bit long safe prime, generator 2This is going to take a long time................+...................+.....................+......................+........+.................+..............................................................................+.....+...............................+..............+................+.......+.....................................................+..+...............+.....................................................................+.............................................................................+.........+.......................................+.................................................................................................+...........+..+..................+..........................+...........................................................................+.............................................+.........................+.........................................................................................+................................................................................................................+........+.............+.......................................................................................................+.............................+..+...............................................................................................................................+...............................................................+...........+........................+...................................................+................+.+........................................+......................................................................................................................................+...................................................................................+..........+.....................................................................+.............................+....................................................................................................................................+.....+.............................................................+......................................................................+.........................+............................................................................................................+.....................................................+....................+.+....................+.......................................+.....+.....................................+..........................+........+.............................................................................+..........................................................+...........................+...................................................................................+...............................................................................................+...............+..............................................+.......+.............................................................+....................................+............+..............................................................................................................................................+..................+..+.......................................++*++*++*

   17,创建配置文件


[root@localhost open***]# vi /etc/open***/server.conf
#申明本机使用的IP地址,也可以不说明local 192.168.0.31#申明使用的端口,默认1194port 1194#申明使用的协议,默认使用UDP,如果使用HTTP proxy,必须使用TCP协议proto udp#申明使用的设备可选tap和tun,tap是二层设备,支持链路层协议。#tun是ip层的点对点协议,限制稍微多一些,建议使用tundev tun#Open×××使用的ROOT CA,使用build-ca生成的,用于验证客户是证书是否合法ca /etc/open***/keys/ca.crt#Server使用的证书文件cert /etc/open***/keys/server.crt#Server使用的证书对应的key,注意文件的权限,防止被盗key /etc/open***/keys/server.key # This file should be kept secret#上面提到的生成的Diffie-Hellman文件dh /etc/open***/keys/dh1024.pem#客户端使用的地址、子网掩码server 10.8.0.0 255.255.255.0#用于记录某个Client获得的IP地址,类似于dhcpd.lease文件,#防止open***重新启动后“忘记”Client曾经使用过的IP地址ifconfig-pool-persist ipp.txt#DHCP的一些选项,具体查看Manualpush “dhcp-option DNS 192.168.0.12"push “dhcp-option DNS 8.8.8.8"#通过××× Server往Client push路由,client通过pull指令获得Server push的所有选项并应用push "route 10.8.0.0 255.255.255.0"#如果可以让××× Client之间相互访问直接通过open***程序转发,#不用发送到tun或者tap设备后重新转发,优化Client to Client的访问效率client-to-client#如果Client使用的CA的Common Name有重复了,或者说客户都使用相同的CA#和keys连接×××,一定要打开这个选项,否则只允许一个人连接×××duplicate-cn#定义最大连接数max-clients 10#NAT后面使用×××,如果×××长时间不通信,NAT Session可能会失效,#导致×××连接丢失,为防止之类事情的发生,keepalive提供一个类似于ping的机制,#下面表示每10秒通过×××的Control通道ping对方,如果连续120秒无法ping通,#认为连接丢失,并重新启动×××,重新连接#(对于mode server模式下的open***不会重新连接)。keepalive 10 120#对数据进行压缩,注意Server和Client一致comp-lzo#通过keepalive检测超时后,重新启动×××,不重新读取keys,保留第一次使用的keyspersist-key#通过keepalive检测超时后,重新启动×××,一直保持tun或者tap设备是linkup的,#否则网络连接会先linkdown然后linkuppersist-tun#定期把open***的一些状态信息写到文件中,以便自己写程序计费或者进行其它操作status open***-status.log#和log一致,每次重新启动open***后保留原有的log信息,新信息追加到文件最后log-append open***.log#相当于debug level,具体查看manualverb 4

   18,拷贝证书密钥到指定的目录


[root@localhost open***]#  cp /etc/open***/easy-rsa/2.0/keys/ca.crt ./keys[root@localhost open***]#  cp /etc/open***/easy-rsa/2.0/keys/server.crt ./keys[root@localhost open***]#  cp /etc/open***/easy-rsa/2.0/keys/server.key ./keys[root@localhost open***]#  cp /etc/open***/easy-rsa/2.0/keys/dh1024.pem ./keys

19,修改系统参数

[root@localhost open***]# vi /etc/sysctl.confnet.ipv4.ip_forward = 1[root@localhost open***]# sysctl -p




20,打开防火墙端口

[root@localhost open***]# iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE[root@localhost open***]# iptables -A INPUT -m state --state NEW -m udp -p udp --dport 1194 -j ACCEPT[root@localhost open***]# iptables -A FORWARD -s 10.8.0.0/24 -p udp --dport 1194 -j ACCEPT

   21,保存防火墙

[root@localhost open***]# /etc/init.d/iptables saveiptables:将防火墙规则保存到 /etc/sysconfig/iptables:[确定][root@localhost open***]# /etc/init.d/iptables restartiptables:清除防火墙规则:[确定]iptables:将链设置为政策 ACCEPT:nat filter [确定]iptables:正在卸载模块:[确定]iptables:应用防火墙规则:[确定]

   22,启动服务

[root@localhost open***]# open*** --config /etc/open***/server.conf &[1] 6748Tue Mar 26 08:00:14 2013 us=869421 Current Parameter Settings:Tue Mar 26 08:00:14 2013 us=869572   config = '/etc/open***/server.conf'Tue Mar 26 08:00:14 2013 us=869601   mode = 1Tue Mar 26 08:00:14 2013 us=869622   persist_config = DISABLEDTue Mar 26 08:00:14 2013 us=869655   persist_mode = 1Tue Mar 26 08:00:14 2013 us=869688   show_ciphers = DISABLEDTue Mar 26 08:00:14 2013 us=869707   show_digests = DISABLEDTue Mar 26 08:00:14 2013 us=869726   show_engines = DISABLEDTue Mar 26 08:00:14 2013 us=869744   genkey = DISABLEDTue Mar 26 08:00:14 2013 us=869763   key_pass_file = '[UNDEF]'Tue Mar 26 08:00:14 2013 us=869781   show_tls_ciphers = DISABLEDTue Mar 26 08:00:14 2013 us=869800 Connection profiles [default]:Tue Mar 26 08:00:14 2013 us=869821   proto = udpTue Mar 26 08:00:14 2013 us=869840   local = '192.168.0.31'Tue Mar 26 08:00:14 2013 us=869872   local_port = 1194Tue Mar 26 08:00:14 2013 us=869891   remote = '[UNDEF]'Tue Mar 26 08:00:14 2013 us=869909   remote_port = 1194Tue Mar 26 08:00:14 2013 us=869927   remote_float = DISABLEDTue Mar 26 08:00:14 2013 us=869945   bind_defined = DISABLEDTue Mar 26 08:00:14 2013 us=869963   bind_local = ENABLEDTue Mar 26 08:00:14 2013 us=869982   connect_retry_seconds = 5Tue Mar 26 08:00:14 2013 us=870000   connect_timeout = 10Tue Mar 26 08:00:14 2013 us=870018   connect_retry_max = 0Tue Mar 26 08:00:14 2013 us=870037   socks_proxy_server = '[UNDEF]'Tue Mar 26 08:00:14 2013 us=870069   socks_proxy_port = 0Tue Mar 26 08:00:14 2013 us=870087   socks_proxy_retry = DISABLEDTue Mar 26 08:00:14 2013 us=870195 Connection profiles ENDTue Mar 26 08:00:14 2013 us=870229   remote_random = DISABLEDTue Mar 26 08:00:14 2013 us=870249   ipchange = '[UNDEF]'Tue Mar 26 08:00:14 2013 us=870268   dev = 'tun'Tue Mar 26 08:00:14 2013 us=870287   dev_type = '[UNDEF]'Tue Mar 26 08:00:14 2013 us=870305   dev_node = '[UNDEF]'Tue Mar 26 08:00:14 2013 us=870324   lladdr = '[UNDEF]'Tue Mar 26 08:00:14 2013 us=870342   topology = 1Tue Mar 26 08:00:14 2013 us=870361   tun_ipv6 = DISABLEDTue Mar 26 08:00:14 2013 us=870394   ifconfig_local = '10.8.0.1'Tue Mar 26 08:00:14 2013 us=870413   ifconfig_remote_netmask = '10.8.0.2'Tue Mar 26 08:00:14 2013 us=870433   ifconfig_noexec = DISABLEDTue Mar 26 08:00:14 2013 us=870452   ifconfig_nowarn = DISABLEDTue Mar 26 08:00:14 2013 us=870470   shaper = 0Tue Mar 26 08:00:14 2013 us=870489   tun_mtu = 1500Tue Mar 26 08:00:14 2013 us=870507   tun_mtu_defined = ENABLEDTue Mar 26 08:00:14 2013 us=870528   link_mtu = 1500Tue Mar 26 08:00:14 2013 us=870548   link_mtu_defined = DISABLEDTue Mar 26 08:00:14 2013 us=870580   tun_mtu_extra = 0Tue Mar 26 08:00:14 2013 us=870599   tun_mtu_extra_defined = DISABLEDTue Mar 26 08:00:14 2013 us=870618   fragment = 0Tue Mar 26 08:00:14 2013 us=870637   mtu_discover_type = -1Tue Mar 26 08:00:14 2013 us=870657   mtu_test = 0Tue Mar 26 08:00:14 2013 us=870675   mlock = DISABLEDTue Mar 26 08:00:14 2013 us=870694   keepalive_ping = 10Tue Mar 26 08:00:14 2013 us=870713   keepalive_timeout = 120Tue Mar 26 08:00:14 2013 us=870732   inactivity_timeout = 0Tue Mar 26 08:00:14 2013 us=870758   ping_send_timeout = 10Tue Mar 26 08:00:14 2013 us=870781   ping_rec_timeout = 240Tue Mar 26 08:00:14 2013 us=870801   ping_rec_timeout_action = 2Tue Mar 26 08:00:14 2013 us=870819   ping_timer_remote = DISABLEDTue Mar 26 08:00:14 2013 us=870839   remap_sigusr1 = 0Tue Mar 26 08:00:14 2013 us=870858   explicit_exit_notification = 0Tue Mar 26 08:00:14 2013 us=870991   persist_tun = ENABLEDTue Mar 26 08:00:14 2013 us=871017   persist_local_ip = DISABLEDTue Mar 26 08:00:14 2013 us=871038   persist_remote_ip = DISABLEDTue Mar 26 08:00:14 2013 us=871057   persist_key = ENABLEDTue Mar 26 08:00:14 2013 us=871076   mssfix = 1450Tue Mar 26 08:00:14 2013 us=871095   passtos = DISABLEDTue Mar 26 08:00:14 2013 us=871159   resolve_retry_seconds = 1000000000Tue Mar 26 08:00:14 2013 us=871183   username = '[UNDEF]'Tue Mar 26 08:00:14 2013 us=871215   groupname = '[UNDEF]'Tue Mar 26 08:00:14 2013 us=871234   chroot_dir = '[UNDEF]'Tue Mar 26 08:00:14 2013 us=871252   cd_dir = '[UNDEF]'Tue Mar 26 08:00:14 2013 us=871270   selinux_context = '[UNDEF]'Tue Mar 26 08:00:14 2013 us=871288   writepid = '[UNDEF]'Tue Mar 26 08:00:14 2013 us=871306   up_script = '[UNDEF]'Tue Mar 26 08:00:14 2013 us=871324   down_script = '[UNDEF]'Tue Mar 26 08:00:14 2013 us=871356   down_pre = DISABLEDTue Mar 26 08:00:14 2013 us=871374   up_restart = DISABLEDTue Mar 26 08:00:14 2013 us=871392   up_delay = DISABLEDTue Mar 26 08:00:14 2013 us=871423   daemon = DISABLEDTue Mar 26 08:00:14 2013 us=871441   inetd = 0Tue Mar 26 08:00:14 2013 us=871459   log = DISABLEDTue Mar 26 08:00:14 2013 us=871491   suppress_timestamps = DISABLEDTue Mar 26 08:00:14 2013 us=871523   nice = 0Tue Mar 26 08:00:14 2013 us=871540   verbosity = 4Tue Mar 26 08:00:14 2013 us=871558   mute = 0Tue Mar 26 08:00:14 2013 us=871590   gremlin = 0Tue Mar 26 08:00:14 2013 us=871608   status_file = 'open***-status.log'Tue Mar 26 08:00:14 2013 us=871626   status_file_version = 1Tue Mar 26 08:00:14 2013 us=871644   status_file_update_freq = 60Tue Mar 26 08:00:14 2013 us=871662   occ = ENABLEDTue Mar 26 08:00:14 2013 us=871693   rcvbuf = 65536Tue Mar 26 08:00:14 2013 us=871711   sndbuf = 65536Tue Mar 26 08:00:14 2013 us=871743   sockflags = 0Tue Mar 26 08:00:14 2013 us=871760   fast_io = DISABLEDTue Mar 26 08:00:14 2013 us=871792   lzo = 7Tue Mar 26 08:00:14 2013 us=871817   route_script = '[UNDEF]'Tue Mar 26 08:00:14 2013 us=871837   route_default_gateway = '[UNDEF]'Tue Mar 26 08:00:14 2013 us=871856   route_default_metric = 0Tue Mar 26 08:00:14 2013 us=871874   route_noexec = DISABLEDTue Mar 26 08:00:14 2013 us=871893   route_delay = 0Tue Mar 26 08:00:14 2013 us=871911   route_delay_window = 30Tue Mar 26 08:00:14 2013 us=871929   route_delay_defined = DISABLEDTue Mar 26 08:00:14 2013 us=871946   route_nopull = DISABLEDTue Mar 26 08:00:14 2013 us=871978   route_gateway_via_dhcp = DISABLEDTue Mar 26 08:00:14 2013 us=871997   max_routes = 100Tue Mar 26 08:00:14 2013 us=872015   allow_pull_fqdn = DISABLEDTue Mar 26 08:00:14 2013 us=872034   route 10.8.0.0/255.255.255.0/nil/nilTue Mar 26 08:00:14 2013 us=872053   management_addr = '[UNDEF]'Tue Mar 26 08:00:14 2013 us=872072   management_port = 0Tue Mar 26 08:00:14 2013 us=872090   management_user_pass = '[UNDEF]'Tue Mar 26 08:00:14 2013 us=872233   management_log_history_cache = 250Tue Mar 26 08:00:14 2013 us=872267   management_echo_buffer_size = 100Tue Mar 26 08:00:14 2013 us=872287   management_write_peer_info_file = '[UNDEF]'Tue Mar 26 08:00:14 2013 us=872340   management_client_user = '[UNDEF]'Tue Mar 26 08:00:14 2013 us=872372   management_client_group = '[UNDEF]'Tue Mar 26 08:00:14 2013 us=872393   management_flags = 0Tue Mar 26 08:00:14 2013 us=872412   shared_secret_file = '[UNDEF]'Tue Mar 26 08:00:14 2013 us=872430   key_direction = 0Tue Mar 26 08:00:14 2013 us=872450   ciphername_defined = ENABLEDTue Mar 26 08:00:14 2013 us=872469   ciphername = 'BF-CBC'Tue Mar 26 08:00:14 2013 us=872488   authname_defined = ENABLEDTue Mar 26 08:00:14 2013 us=872506   authname = 'SHA1'Tue Mar 26 08:00:14 2013 us=872526   prng_hash = 'SHA1'Tue Mar 26 08:00:14 2013 us=872546   prng_nonce_secret_len = 16Tue Mar 26 08:00:14 2013 us=872578   keysize = 0Tue Mar 26 08:00:14 2013 us=872597   engine = DISABLEDTue Mar 26 08:00:14 2013 us=872616   replay = ENABLEDTue Mar 26 08:00:14 2013 us=872634   mute_replay_warnings = DISABLEDTue Mar 26 08:00:14 2013 us=872654   replay_window = 64Tue Mar 26 08:00:14 2013 us=872672   replay_time = 15Tue Mar 26 08:00:14 2013 us=872691   packet_id_file = '[UNDEF]'Tue Mar 26 08:00:14 2013 us=872710   use_iv = ENABLEDTue Mar 26 08:00:14 2013 us=872742   test_crypto = DISABLEDTue Mar 26 08:00:14 2013 us=872762   tls_server = ENABLEDTue Mar 26 08:00:14 2013 us=872780   tls_client = DISABLEDTue Mar 26 08:00:14 2013 us=872800   key_method = 2Tue Mar 26 08:00:14 2013 us=872819   ca_file = '/etc/open***/keys/ca.crt'Tue Mar 26 08:00:14 2013 us=872838   ca_path = '[UNDEF]'Tue Mar 26 08:00:14 2013 us=872858   dh_file = '/etc/open***/keys/dh1024.pem'Tue Mar 26 08:00:14 2013 us=872974   cert_file = '/etc/open***/keys/server.crt'Tue Mar 26 08:00:14 2013 us=872999   priv_key_file = '/etc/open***/keys/server.key'Tue Mar 26 08:00:14 2013 us=873020   pkcs12_file = '[UNDEF]'Tue Mar 26 08:00:14 2013 us=873040   cipher_list = '[UNDEF]'Tue Mar 26 08:00:14 2013 us=873060   tls_verify = '[UNDEF]'Tue Mar 26 08:00:14 2013 us=873080   tls_export_cert = '[UNDEF]'Tue Mar 26 08:00:14 2013 us=873100   tls_remote = '[UNDEF]'Tue Mar 26 08:00:14 2013 us=873163   crl_file = '[UNDEF]'Tue Mar 26 08:00:14 2013 us=873185   ns_cert_type = 0Tue Mar 26 08:00:14 2013 us=873204   remote_cert_ku[i] = 0Tue Mar 26 08:00:14 2013 us=873223   remote_cert_ku[i] = 0Tue Mar 26 08:00:14 2013 us=873243   remote_cert_ku[i] = 0Tue Mar 26 08:00:14 2013 us=873328   remote_cert_ku[i] = 0Tue Mar 26 08:00:14 2013 us=873357   remote_cert_ku[i] = 0Tue Mar 26 08:00:14 2013 us=873376   remote_cert_ku[i] = 0Tue Mar 26 08:00:14 2013 us=873395   remote_cert_ku[i] = 0Tue Mar 26 08:00:14 2013 us=873466   remote_cert_ku[i] = 0Tue Mar 26 08:00:14 2013 us=873496   remote_cert_ku[i] = 0Tue Mar 26 08:00:14 2013 us=873516   remote_cert_ku[i] = 0Tue Mar 26 08:00:14 2013 us=873536   remote_cert_ku[i] = 0Tue Mar 26 08:00:14 2013 us=873555   remote_cert_ku[i] = 0Tue Mar 26 08:00:14 2013 us=873574   remote_cert_ku[i] = 0Tue Mar 26 08:00:14 2013 us=873593   remote_cert_ku[i] = 0Tue Mar 26 08:00:14 2013 us=873613   remote_cert_ku[i] = 0Tue Mar 26 08:00:14 2013 us=873631   remote_cert_ku[i] = 0Tue Mar 26 08:00:14 2013 us=873650   remote_cert_eku = '[UNDEF]'Tue Mar 26 08:00:14 2013 us=873730   tls_timeout = 2Tue Mar 26 08:00:14 2013 us=873760   renegotiate_bytes = 0Tue Mar 26 08:00:14 2013 us=873779   renegotiate_packets = 0Tue Mar 26 08:00:14 2013 us=873812   renegotiate_seconds = 3600Tue Mar 26 08:00:14 2013 us=873873   handshake_window = 60Tue Mar 26 08:00:14 2013 us=873893   transition_window = 3600Tue Mar 26 08:00:14 2013 us=873912   single_session = DISABLEDTue Mar 26 08:00:14 2013 us=873931   push_peer_info = DISABLEDTue Mar 26 08:00:14 2013 us=873963   tls_exit = DISABLEDTue Mar 26 08:00:14 2013 us=874023   tls_auth_file = '[UNDEF]'Tue Mar 26 08:00:14 2013 us=874056   server_network = 10.8.0.0Tue Mar 26 08:00:14 2013 us=874078   server_netmask = 255.255.255.0Tue Mar 26 08:00:14 2013 us=874190   server_bridge_ip = 0.0.0.0Tue Mar 26 08:00:14 2013 us=874222   server_bridge_netmask = 0.0.0.0Tue Mar 26 08:00:14 2013 us=874243   server_bridge_pool_start = 0.0.0.0Tue Mar 26 08:00:14 2013 us=874263   server_bridge_pool_end = 0.0.0.0Tue Mar 26 08:00:14 2013 us=874282   push_entry = '“dhcp-option DNS 202.106.0.20"'Tue Mar 26 08:00:14 2013 us=874315   push_entry = 'route 192.168.0.0 255.255.255.0'Tue Mar 26 08:00:14 2013 us=874334   push_entry = 'route 10.8.0.0 255.255.255.0'Tue Mar 26 08:00:14 2013 us=874353   push_entry = 'topology net30'Tue Mar 26 08:00:14 2013 us=874371   push_entry = 'ping 10'Tue Mar 26 08:00:14 2013 us=874389   push_entry = 'ping-restart 120'Tue Mar 26 08:00:14 2013 us=874407   ifconfig_pool_defined = ENABLEDTue Mar 26 08:00:14 2013 us=874440   ifconfig_pool_start = 10.8.0.4Tue Mar 26 08:00:14 2013 us=874461   ifconfig_pool_end = 10.8.0.251Tue Mar 26 08:00:14 2013 us=874481   ifconfig_pool_netmask = 0.0.0.0Tue Mar 26 08:00:14 2013 us=874499   ifconfig_pool_persist_filename = 'ipp.txt'Tue Mar 26 08:00:14 2013 us=874518   ifconfig_pool_persist_refresh_freq = 600Tue Mar 26 08:00:14 2013 us=874537   n_bcast_buf = 256Tue Mar 26 08:00:14 2013 us=874569   tcp_queue_limit = 64Tue Mar 26 08:00:14 2013 us=874600   real_hash_size = 256Tue Mar 26 08:00:14 2013 us=874618   virtual_hash_size = 256Tue Mar 26 08:00:14 2013 us=874650   client_connect_script = '[UNDEF]'Tue Mar 26 08:00:14 2013 us=874668   learn_address_script = '[UNDEF]'Tue Mar 26 08:00:14 2013 us=874686   client_disconnect_script = '[UNDEF]'Tue Mar 26 08:00:14 2013 us=874705   client_config_dir = '[UNDEF]'Tue Mar 26 08:00:14 2013 us=874723   ccd_exclusive = DISABLEDTue Mar 26 08:00:14 2013 us=874741   tmp_dir = '/tmp'Tue Mar 26 08:00:14 2013 us=874772   push_ifconfig_defined = DISABLEDTue Mar 26 08:00:14 2013 us=874792   push_ifconfig_local = 0.0.0.0Tue Mar 26 08:00:14 2013 us=874825   push_ifconfig_remote_netmask = 0.0.0.0Tue Mar 26 08:00:14 2013 us=874844   enable_c2c = ENABLEDTue Mar 26 08:00:14 2013 us=874861   duplicate_cn = DISABLEDTue Mar 26 08:00:14 2013 us=874879   cf_max = 0Tue Mar 26 08:00:14 2013 us=874897   cf_per = 0Tue Mar 26 08:00:14 2013 us=874915   max_clients = 1024Tue Mar 26 08:00:14 2013 us=874932   max_routes_per_client = 256Tue Mar 26 08:00:14 2013 us=874950   auth_user_pass_verify_script = '[UNDEF]'Tue Mar 26 08:00:14 2013 us=874975   auth_user_pass_verify_script_via_file = DISABLEDTue Mar 26 08:00:14 2013 us=874997   ssl_flags = 0Tue Mar 26 08:00:14 2013 us=875015   port_share_host = '[UNDEF]'Tue Mar 26 08:00:14 2013 us=875034   port_share_port = 0Tue Mar 26 08:00:14 2013 us=875052   client = DISABLEDTue Mar 26 08:00:14 2013 us=875070   pull = DISABLEDTue Mar 26 08:00:14 2013 us=875088   auth_user_pass_file = '[UNDEF]'Tue Mar 26 08:00:14 2013 us=875173 Open××× 2.2.2 x86_64-unknown-linux-gnu [SSL] [LZO2] [EPOLL] [eurephia] built on Mar 26 2013Tue Mar 26 08:00:14 2013 us=876314 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x.  Be aware that this might create routing conflicts if you connect to the ××× server from public locations such as internet cafes that use the same subnet.Tue Mar 26 08:00:14 2013 us=876364 NOTE: Open××× 2.1 requires '--script-security 2' or higher to call user-defined scripts or executablesTue Mar 26 08:00:14 2013 us=881199 Diffie-Hellman initialized with 1024 bit keyTue Mar 26 08:00:14 2013 us=882727 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]Tue Mar 26 08:00:14 2013 us=889852 Socket Buffers: R=[124928->131072] S=[124928->131072]Tue Mar 26 08:00:14 2013 us=891614 ROUTE default_gateway=192.168.0.1Tue Mar 26 08:00:15 2013 us=50987 TUN/TAP device tun0 openedTue Mar 26 08:00:15 2013 us=52234 TUN/TAP TX queue length set to 100Tue Mar 26 08:00:15 2013 us=52345 /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500Tue Mar 26 08:00:15 2013 us=67991 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2Tue Mar 26 08:00:15 2013 us=70417 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]Tue Mar 26 08:00:15 2013 us=70510 UDPv4 link local (bound): 192.168.0.31:1194Tue Mar 26 08:00:15 2013 us=70552 UDPv4 link remote: [undef]Tue Mar 26 08:00:15 2013 us=70583 MULTI: multi_init called, r=256 v=256Tue Mar 26 08:00:15 2013 us=70685 IFCONFIG POOL: base=10.8.0.4 size=62Tue Mar 26 08:00:15 2013 us=70756 IFCONFIG POOL LISTTue Mar 26 08:00:15 2013 us=70822 Initialization Sequence Completed

三,客户端配置

   1,安装客户端软件

   2,把ca.crt、client1.crt和client1.key三个文件拷贝到Open×××安装路径下的/config目录里

   3,编辑open***.o***文件


clientdev tunproto udpremote 180.xx.xx.xx 1194 #公司公网地址,在路由器里打开端口映射resolv-retry infinitenobindpersist-keypersist-tunca ca.crtcert client1.crtkey client1.keyns-cert-type servercomp-lzoverb 4

   4,点击桌面图标右键连接

   5,查看获取的IP

   6,ping内部网关

成功接入内网。

.

赞一下 返回首页
本文链接: https://www.qiuyue.org/internet/system/63323.html
广告 广告

评论区