vpn solution2 – windows openvpn client 免費的vpn 客戶端

Submitted by keithyau on Tue, 08/18/2009 - 16:43

上文提及過 openvpn server的制作方法, 這篇文章會介紹服務器端與客戶端配合的一個例子. 在客戶端方面, 用家大部份都會用 Windows + openvpn. 在 Windows 下安裝 openvpn 十分簡單, 只需要以下步驟

  1. 到這裡下載 openvpn 圖形介面客戶端http://openvpn.se/files/install_packages/openvpn-2.0.9-gui-1.0.3-install.exe
  2. 雙click install.exe 安裝
  3. 到 C:\Program Files\OpenVPN\config 創建 / 編輯 ovpn 檔案 (yourservername.ovpn)
  4. .opvn示範檔案如下
    1. client
    2. dev tap
    3. proto udp
    5. # change this to your server’s address
    6. remote 123.123..123..123 1194
    7. resolv-retry infinite
    8. nobind
    9. persist-key
    10. persist-tun
    12. #tls-client
    13. ca keys/ca.crt
    14. cert keys/keithyau.crt
    15. key keys/keithyau.key
    17. #ensure that we are talking to a server
    18. ns-cert-type server
    20. #confirm we are talking to the correct server
    21. #tls-auth ta.key 1
    22. # Select a cryptographic cipher.
    23. # If the cipher option is used on the server
    24. # then you must also specify it her e.
    25. cipher AES-128-CBC
    27. # Enable compression on the VPN link.
    28. comp-lzo
    30. #fragment 1400
    31. # enable user/pass authentication
    32. # auth-user-pass
  5. 把鑰匙拷貝到 C:\Program Files\OpenVPN\config\keys , 以下是在服務器端上鑰匙的制法 (把keithyau 換成你的使用者名字, 詳情參考 http://keithyau.wordpress.com/2009/02/07/vpn-solution-2-openvpn/)
    1. sudo sucd /etc/openvpn/examples/easy-rsa/2.0/source ./vars./clean-all./build-ca./build-key-server server./build-key keithyau./build-dhcd keysopenssl dhparam -out dh1024.pem 1024cd ..openvpn –genkey –secret ta.key #optional
  6. 在右下角 openvpn icon按連接

  1. 測試連線

令服務器能接受以上設定的請求, 相應需要以下的設定

    # Which local IP address should OpenVPN# listen on? (optional)local 192.168.1.102port 1194proto udpdev tap0#direct these to your generated filesca /etc/openvpn/examples/easy-rsa/2.0/keys/ca.crtcert /etc/openvpn/examples/easy-rsa/2.0/keys/server.crtkey /etc/openvpn/examples/easy-rsa/2.0/keys/server.keydh /etc/openvpn/examples/easy-rsa/2.0/keys/dh1024.pemifconfig-pool-persist ipp.txt#需要 dhcp 服務器 的配合server 10.3.0.0 255.255.255.0# 服務器上沒有 dhcp 服務器的請選這行# server-bridge 192.168.1.102 255.255.255.0 192.168.1.230 192.168.1.231keepalive 10 120#encryptioncipher AES-128-CBC#Push routing configuration#push “route 192.168.2.0 255.255.255.0″#tls-auth ta.key 0comp-lzo#fragment 1400#limit the number of connectionsmax-clients 5#some secuurity settings# do not use if running server on Windowsuser nobodygroup nogrouppersist-keypersist-tun#log file settingsstatus openvpn-status.logverb 3# authentication plugin#forces client to have a linux acount in order to connect (Not for Windows user)# plugin /usr/lib/openvpn/openvpn-auth-pam.so login

這裡有安裝 DHCP server 的方法 sudo apt-get install dhcp3-serversudo vi /etc/default/dhcp3-server更改 為 INTERFACES=”br0″ # br0 = 你的網卡名稱 sudo vi /etc/dhcp3/dhcpd.conf 把其中一個示範修改為 (10.3.0.0 是你打算指派的網絡)subnet 10.3.0.0 netmask 255.255.255.0 {range 10.3.0.100 10.3.0.200;option routers 192.168.1.1;} /etc/init.d/dhcpd restart/etc/init.d/openvpn restart 這樣你的 Openvpn 就能成功在 linux → windows 間建立起來了

1206, No. 1388 New Jinqiao Road, Jinqiao district, Shanghai, China
General Enquiry: info@yubis.net
Website: http://www.yubis.net