This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
пакет_openvpn [2022/08/15 17:24] val [Настройка с использованием клиентских сертификатов] |
пакет_openvpn [2024/05/08 17:09] val [Настройка с использованием клиентских сертификатов] |
||
---|---|---|---|
Line 38: | Line 38: | ||
push "route 192.168.100+X.0 255.255.255.0" | push "route 192.168.100+X.0 255.255.255.0" | ||
- | #push "dhcp-option DNS 172.16.1.254" | + | #push "dhcp-option DNS 192.168.X.10" |
#push "block-outside-dns" | #push "block-outside-dns" | ||
+ | #push "dhcp-option DOMAIN corpX.un" | ||
dh /etc/openvpn/dh2048.pem | dh /etc/openvpn/dh2048.pem | ||
Line 56: | Line 57: | ||
# openvpn --config /etc/openvpn/openvpn1.conf | # openvpn --config /etc/openvpn/openvpn1.conf | ||
- | # timeout 5 openvpn --config /etc/openvpn/openvpn1.conf; test $? -eq 124 && echo OK | + | # timeout 5 openvpn --port 65500 --config /etc/openvpn/openvpn1.conf; test $? -eq 124 && echo OK |
</code> | </code> | ||
Line 67: | Line 68: | ||
</code> | </code> | ||
- | === Настройка клиента === | + | ==== Настройка клиента ==== |
+ | |||
+ | === Windows === | ||
* [[https://mail.bmstu.ru/~postmaster/openvpn-install-2.4.0-I601.exe]] | * [[https://mail.bmstu.ru/~postmaster/openvpn-install-2.4.0-I601.exe]] | ||
Line 85: | Line 88: | ||
cert user1.crt | cert user1.crt | ||
key user1.key | key user1.key | ||
+ | </code> | ||
+ | |||
+ | === Linux === | ||
+ | |||
+ | <code> | ||
+ | debian:~# apt install openvpn resolvconf wget | ||
+ | |||
+ | debian:~# openvpn --script-security 2 --up /etc/openvpn/update-resolv-conf --down /etc/openvpn/update-resolv-conf --config user1.ovpn | ||
</code> | </code> | ||
Line 111: | Line 122: | ||
* [[Пакет OpenSSL#Создание самоподписанного сертификата]] | * [[Пакет OpenSSL#Создание самоподписанного сертификата]] | ||
<code> | <code> | ||
- | gate# cat /etc/pam.d/login | + | gate# less /etc/pam.d/login |
gate# cat /etc/openvpn/openvpn1.conf | gate# cat /etc/openvpn/openvpn1.conf | ||
Line 126: | Line 137: | ||
#duplicate-cn #несколько подключений под одной учетной записью | #duplicate-cn #несколько подключений под одной учетной записью | ||
</code><code> | </code><code> | ||
- | C:\>notepad C:\Program Files\OpenVPN\config\client.ovpn | + | cmd run as admin C:\>notepad C:\Program Files\OpenVPN\config\client.ovpn |
</code><code> | </code><code> | ||
... | ... | ||
Line 144: | Line 155: | ||
==== Debian/Ubuntu/FreeBSD ==== | ==== Debian/Ubuntu/FreeBSD ==== | ||
<code> | <code> | ||
+ | gate.corpX.un# cd /etc/openvpn/ | ||
+ | |||
gate.corpX.un# openvpn --genkey --secret static.key | gate.corpX.un# openvpn --genkey --secret static.key | ||
- | gate.corpX.un# scp static.key gate.corpY.un: | + | gate.corpX.un# scp static.key gate.corpY.un:/etc/openvpn/ |
gate.corpX.un# cat connect_to_Y.conf | gate.corpX.un# cat connect_to_Y.conf | ||
Line 157: | Line 170: | ||
ifconfig 192.168.X+Y.X 192.168.X+Y.Y | ifconfig 192.168.X+Y.X 192.168.X+Y.Y | ||
route 192.168.100+Y.0 255.255.255.0 | route 192.168.100+Y.0 255.255.255.0 | ||
- | secret /root/static.key | + | secret /etc/openvpn/static.key |
</code> | </code> | ||
Line 171: | Line 184: | ||
</code> | </code> | ||
- | ===== Запуск сервиса ===== | ||
- | |||
- | ==== Debian/Ubuntu ==== | ||
- | <code> | ||
- | # service openvpn@openvpn1 start | ||
- | </code> | ||
===== Мониторинг сервиса ===== | ===== Мониторинг сервиса ===== |