OpenVPN
跳转到导航
跳转到搜索
启动
sudo openvpn config.ovpn
配置
选项
添加路由项
route IP段 [网关] [metric]
网关 默认为 vpn_gateway ,原有网关为 net_gateway 。远程服务器地址为 remote_host 。
metric 相当于权重,值越小越优先。
远程服务器地址,其中协议部分也可以单独写 proto udp
remote 74.117.60.151 1194 udp
输出信息详细程度
verb 3
不接受远程服务器 push 的路由表和网关设置
route-nopull
设置默认网关
redirect-gateway def1
示例
client max-routes 2048 dev tun remote 1.2.3.4 1194 udp resolv-retry infinite nobind persist-key persist-tun ns-cert-type server comp-lzo verb 3 route-nopull <ca> # ca.crt 文件内容 </ca> <cert> # crt 文件内容 </cert> <key> # key 文件内容 </key> dhcp-option DNS 8.8.8.8 route 8.8.8.8 255.255.255.255 route 72.14.203.0 255.255.255.0 route 119.147.15.0 255.255.255.0 net_gateway
服务器搭建
生成证书。切换到 root 用户,然后:
cp -R /usr/share/openvpn/easy-rsa /etc/openvpn
cd /etc/openvpn/easy-rsa
. ./vars
./clean-all
./build-ca
./build-key-server server
./build-key client1
./build-dh
网络配置:
sudo iptables -t nat -A POSTROUTING -s 10.7.0.0/24 -j MASQUERADE
编辑 /etc/openvpn/openvpn.conf 文件:
dev tun proto udp port 1194 ca /etc/openvpn/easy-rsa/keys/ca.crt cert /etc/openvpn/easy-rsa/keys/server.crt key /etc/openvpn/easy-rsa/keys/server.key dh /etc/openvpn/easy-rsa/keys/dh1024.pem user nobody group nobody server 10.7.0.0 255.255.255.0 persist-key persist-tun #status openvpn-status.log #verb 3 client-to-client #push "redirect-gateway def1" #push "dhcp-option DNS 8.8.8.8" #push "dhcp-option DNS 4.2.2.4" comp-lzo