SERVER SIDE
Before you start you need to generate ca.crt, server.crt, server.key, dh1024.pem and clients keys and certificates
#Begin server.conf
local x.x.x.x (server ip address)
port 1194
proto tcp
dev tun
ca /usr/local/etc/keys/ca.crt
cert /usr/local/etc/keys/server.crt
key /usr/local/etc/keys/server.key # This file should be kept secret
dh /usr/local/etc/keys/dh1024.pem
# Don't put this in the keys directory unless user nobody can read it
#crl-verify /usr/local/etc/keys/crl.pem
#Make sure this is your tunnel address pool
server 10.10.101.0 255.255.255.0
ifconfig-pool-persist ipp.txt
#This is the route to push to the client, add more if necessary
push "route 192.168.101.0 255.255.255.0"
push "route 192.168.102.0 255.255.255.0"
push "route 192.168.103.0 255.255.255.0"
push "route 192.168.104.0 255.255.255.0"
push "route 192.168.105.0 255.255.255.0"
push "route 192.168.106.0 255.255.255.0"
push "route 192.168.107.0 255.255.255.0"
push "route 192.168.108.0 255.255.255.0"
push "route 192.168.109.0 255.255.255.0"
push "route 192.168.110.0 255.255.255.0"
push "route 192.168.111.0 255.255.255.0"
push "route 192.168.112.0 255.255.255.0"
#push "dhcp-option DNS 10.0.0.2"
keepalive 10 120
cipher BF-CBC #Blowfish encryption
comp-lzo
user nobody
group nobody
persist-key
persist-tun
client-to-client
status openvpn-status.log
verb 6
mute 20
client-config-dir /usr/local/etc/openvpn/ccd
route 192.168.102.0 255.255.255.0
route 192.168.103.0 255.255.255.0
route 192.168.104.0 255.255.255.0
route 192.168.105.0 255.255.255.0
route 192.168.106.0 255.255.255.0
route 192.168.107.0 255.255.255.0
route 192.168.108.0 255.255.255.0
route 192.168.109.0 255.255.255.0
route 192.168.110.0 255.255.255.0
route 192.168.111.0 255.255.255.0
route 192.168.112.0 255.255.255.0
============================================================
cat ipp.txt
1.example.com,10.10.101.8
2.example.com,10.10.101.12
3.example.com,10.10.101.16
4.example.com,10.10.101.20
5.example.com,10.10.101.24
6.example.com,10.10.101.28
7.example.com,10.10.101.32
8.example.com,10.10.101.36
9.example.com,10.10.101.40
10.example.com,10.10.101.44
11.example.com,10.10.101.48
========================================================
# cd /usr/local/etc/openvpn/ccd
# ls
1.example.com
2.example.com
3.example.com
4.example.com
5.example.com
6.example.com
7.example.com
8.example.com
9.example.com
10.example.com
11.example.com
# cat 1.example.com
iroute 192.168.102.0 255.255.255.0
#
# cat 2.example.com
iroute 192.168.103.0 255.255.255.0
#
.......
===============================================================
===============================================================
CLIENT SIDE
client
dev tun
proto tcp
remote x.x.x.x 1194 (Server address)
resolv-retry infinite
nobind
persist-key
persist-tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca /tmp/openvpncl/ca.crt
cert /tmp/openvpncl/client.crt
key /tmp/openvpncl/client.key
comp-lzo
Aici veti gasi detalii tehnice despre cum se pot realiza configurari software+ hardware.
Here you can find tehnical details about software/hardware configuration.
Abonați-vă la:
Postare comentarii (Atom)
Niciun comentariu:
Trimiteți un comentariu