图11
到此server端使用的证书生成完毕。
(8) 生成客户端证书 vars
图12
build-key client01
图13
图14
(9) 生成ta.key文件
vars
图15
openvpn --genkey --secret keys/ta.Key
图16
到此为止根ca、客户端、服务器端所需要的证书和密钥文件就已经全部准备就绪,接下来
要做的是配置服务器端文件和客户端文件。
C. 服务器端文件配置
(1) 服务器端的配置文件在C:\\Program Files\\OpenVPN\\sample-config文件夹下: server.ovpn内容如下(备注:以下的批注部分为当处的说明,严格按照这种格式,一处的格式不对,在启动openvpn服务器时都有可能连接不上) ################################################# # Sample OpenVPN 2.0 config file for # # multi-client server. # # # # This file is for the server side # # of a many-clients <-> one-server # # OpenVPN configuration. # # # # OpenVPN also supports # # single-machine <-> single-machine # # configurations (See the Examples page # # on the web site for more info). # # # # This config should work on Windows # # or Linux/BSD systems. Remember on # # Windows to quote pathnames and use # # double backslashes, e.g.: # # \# # # Comments are preceded with '#' or ';' # ################################################# # Which local IP address should OpenVPN # listen on? (optional) local 168.168.168.170
# Which TCP/UDP port should OpenVPN listen on? # If you want to run multiple OpenVPN instances # on the same machine, use a different port # number for each one. You will need to # open up this port on your firewall. port 8081
# TCP or UDP server? proto tcp ;proto udp
# \# \# Use \
# and have precreated a tap0 virtual interface # and bridged it with your ethernet interface. # If you want to control access policies # over the VPN, you must create firewall # rules for the the TUN/TAP interface. # On non-Windows systems, you can give # an explicit unit number, such as tun0. # On Windows, use \
# On most systems, the VPN will not function # unless you partially or fully disable # the firewall for the TUN/TAP interface. dev tap ;dev tun
# Windows needs the TAP-Win32 adapter name # from the Network Connections panel if you # have more than one. On XP SP2 or higher, # you may need to selectively disable the # Windows firewall for the TAP adapter.
# Non-Windows systems usually don't need this. ;dev-node MyTap
# SSL/TLS root certificate (ca), certificate # (cert), and private key (key). Each client # and the server must have their own cert and # key file. The server and all clients will # use the same ca file. #
# See the \# of scripts for generating RSA certificates # and private keys. Remember to use # a unique Common Name for the server # and each of the client certificates. #
# Any X509 key management system can be used.
# OpenVPN can also use a PKCS #12 formatted key file # (see \ca ca.crt
cert server01.crt
key server01.key # This file should be kept secret
# Diffie hellman parameters. # Generate your own with:
# openssl dhparam -out dh1024.pem 1024 # Substitute 2048 for 1024 if you are using
相关推荐:
loading