OpenVPN ?? Debian Jessie

????????? ???????????
vim /etc/apt/sources.list:

deb http://ftp.ua.debian.org/debian/ jessie main

aptitude update
aptitude install openvpn bridge-utils iptables-persistent

????? 2 ??????? ??????????:
eth0 ????????? ???? 192.168.20.1
eth1 ???????? 100.60.1.100
??????????? ??
vim /etc/network/interfaces:

auto eth1
allow-hotplug eth1
iface eth1 inet static
        address 100.60.1.100
        netmask 255.255.255.0
        gateway 100.60.1.1

auto br0
allow-hotplug br0
iface br0 inet static
        address 192.168.20.1
        gateway 192.168.20.1
        bridge_ports eth0 tap0
        bridge_stp off
        bridge_maxwait 0
        pre-up openvpn --mktun --dev tap0
        post-down openvpn --rmtun --dev tap0

invoke-rc.d networking stop && invoke-rc.d networking start

?????????? ?????
mkdir /etc/openvpn/easy-rsa
cp /usr/share/easy-rsa/* /etc/openvpn/easy-rsa
cd /etc/openvpn/easy-rsa
vim vars:

export KEY_COUNTRY="UA"
export KEY_PROVINCE="UA"
export KEY_CITY="Kiev"
export KEY_ORG="mycompany"
export KEY_EMAIL="admin@example.com"

source ./vars
./clean-all
./build-ca

???? ??? ???????
./build-key-server example.com

????? ??? ????????. ??? ??????? ??????? ????? ?????? ???????? "Common Name"
./build-key myuser1

????????? ??????
./build-key myuser2

???? ?????-???????
./build-dh
???? ??? TLS
openvpn --genkey --secret keys/ta.key

???????? ?????? ?????
myuser1.crt
myuser1.key
ca.crt
ta.key

??????????? ??????
zcat /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz > /etc/openvpn/server.conf
vim /etc/openvpn/server.conf:

port 1194
proto udp
dev tap0
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/example.com.crt
key /etc/openvpn/easy-rsa/keys/example.com.key
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
cipher DES-EDE3-CBC
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
ifconfig-pool-persist ipp.txt
server-bridge 192.168.20.1 255.255.255.0 192.168.20.2 192.168.20.100
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 192.168.20.1"
client-to-client
keepalive 10 120
comp-lzo
max-clients 99
persist-key
persist-tun
status openvpn-status.log
log /var/log/openvpn.log
verb 3

invoke-rc.d openvpn start

???????? ????????? ??????? ? ????:
vim /etc/sysctl.conf:

net.ipv4.ip_forward=1

sysctl -p
vim /etc/rc.local:

sysctl -p

????????? ???? ??? openvpn ? ???????? NAT ??? openvpn
iptables -I INPUT 1 -s 192.168.20.0/24 -d 192.168.20.1 -i eth0 -p udp --dport 1194 -j ACCEPT
iptables -I INPUT 2 -d 100.60.1.100 -i eth1 -p udp --dport 1194 -j ACCEPT
iptables -t nat -I POSTROUTING 1 -s 192.168.20.0/24 -o eth1 -j SNAT --to-source 100.60.1.100
invoke-rc.d netfilter-persistent save

??????????? ??????? ?? Debian
aptitude update
aptitude install openvpn iptables-persistent

???????? ????? myuser1.crt, myuser1.key, ca.crt ? ta.key ? /etc/openvpn/
cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn
vim /etc/openvpn/client.conf:

client
dev tap0
proto udp
remote example.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert myuser1.crt
key myuser1.key
tls-auth ta.key 1
cipher DES-EDE3-CBC
ns-cert-type server
comp-lzo
verb 3
log /var/log/openvpn.log

????????? ???? ??? openvpn ???????
iptables -I OUTPUT 1 -s ???ip -d 100.60.1.100 -o eth0 -p udp --dport 1194 -j ACCEPT
invoke-rc.d netfilter-persistent save

invoke-rc.d openvpn start

??????????? ??????? ?? Windows 7
????????????? ??????
???????? ????? myuser2.crt, myuser2.key, ca.crt ? ta.key ? C:\Program Files\OpenVPN\config\
??????? ???????????????? ???? C:\Program Files\OpenVPN\config\client.ovpn

remote example.com 1194
client
dev tap0
proto udp
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert myuser2.crt
key myuser2.key
tls-auth ta.key 1
cipher DES-EDE3-CBC
comp-lzo
ns-cert-type server
verb 3

????????? ???? ??? openvpn ???????
netsh advfirewall firewall add rule name=openvpn dir=out action=allow protocol=udp localport=1194 interface=lan localip=???ip remoteip=100.60.1.100

????????? OpenVPN GUI ? ???????? ????? ?? ????? ??????????????
? ???? ???????? ????? ?????? ??????? ? ??????
?????? ??????? ?? ???? "????????????"
?????? ????????? ????????? "myuser2 ?????? ??????????."
?????? ? ???? ?????? ????? ???????.

Добавить комментарий

Ваш e-mail не будет опубликован. Обязательные поля помечены *