《DDwrt OpenVPN》由会员分享,可在线阅读,更多相关《DDwrt OpenVPN(8页珍藏版)》请在金锄头文库上搜索。
1、DDwrt OpenVPN DDwrt OpenVPN (路由模式) 1.证书的制作,请查看http:/ 2.ddwrt OpenVPN Server 配置 打开DD-WRT的OpenVPN服务器daemon,选择wan up模式,按下表填入信息: Public Server Cert (CA Cert) ca.crt Certificate Revoke List (空) Public Server Cert server.crt Private Server Key server.key DH PEM dh1024.pem OpenVPN Config (看下面的服务器config) Op
2、enVPN TLS Auth (空) 注意:只要填Begin/End之间的内容就可以了,含Begin/End -BEGIN CERTIFICATE- -ENDCERTIFICATE- 服务器的OpenVPN Config如下: port 1194 proto tcp dev tun0 dh /tmp/openvpn/dh.pem ca /tmp/openvpn/ca.crt cert /tmp/openvpn/cert.pem key /tmp/openvpn/key.pem server 10.8.0.0 255.255.255.0 push route 192.168.7.0 255.25
3、5.255.0 push redirect-gateway def1 bypass-dhcp push dhcp-option DNS 180.168.255.118 push dhcp-option DNS 116.228.111.18 client-to-client keepalive 10 120 comp-lzo persist-key persist-tun verb 3 mute 20 设置DD的启动脚本 openvpn -mktun -dev tun0 设置DD的防火墙脚本 iptables -I FORWARD 3 -i tun0 -o br0 -m state -state
4、 RELATED,ESTABLISHED -j logaccept iptables -I POSTROUTING 3 -t nat -o tun0 -s 10.8.0.0/24 -d 10.8.0.0/24 -j MASQUERADE iptables -I INPUT 1 -p tcp -dport 1194 -j ACCEPT 客户端配置 client ;dev tap dev tun ;dev-node MyTap ;proto tcp proto tcp remote shmq.3322.org 1194 ;remote my-server-2 1194 ;remote-random
5、 resolv-retry infinite nobind ;user nobody ;group nobody persist-key persist-tun ;http-proxy-retry # retry on connection failures ;http-proxy proxy server proxy port # ;mute-replay-warnings ca ca.crt cert client1.crt key client1.key ns-cert-type server ;tls-auth ta.key 1 comp-lzo # Set log file verb
6、osity. verb 3 mute 20 下面是我制作好的证书: 1.公共服务器端证书: -BEGIN CERTIFICATE- MIIDYDCCAsmgAwIBAgIJAIXi1tadUThnMA0GCSqGSIb3DQEBBAUAMH4xCzAJBgNV BAYTAkNOMQswCQYDVQQIEwJHRDELMAkGA1UEBxMCWFkxFzAVBgNVBAoTDnd3dy41 MjUzNDUubmV0MQswCQYDVQQLEwJYWTEOMAwGA1UEAxMFaHVhbmcxHzAdBgkqhkiG 9w0BCQEWEDUwNDcxNDYzOUBxcS5jb20wHhcNMTI
7、xMjEyMDYyMzUxWhcNMjIxMjEw MDYyMzUxWjB+MQswCQYDVQQGEwJDTjELMAkGA1UECBMCR0QxCzAJBgNVBAcTAlhZ MRcwFQYDVQQKEw53d3cuNTI1MzQ1Lm5ldDELMAkGA1UECxMCWFkxDjAMBgNVBAMT BWh1YW5nMR8wHQYJKoZIhvcNAQkBFhA1MDQ3MTQ2MzlAcXEuY29tMIGfMA0GCSqG SIb3DQEBAQUAA4GNADCBiQKBgQDXvYa/3y2412pxsevXZcpWClrCWTJ7Q0+bCeTa brq0s4i8BOR7oy
8、bE6iQCHXsroACOdaDQMyNutXF5JzfuYVYGYpug7NGP85Bna+ez WbCcbqhGt1P6jyZtN8pMyQrlFGG9RJOauI/hiKNpJTpBfO0T3Euxlow0hvuSnw5j QBzS9wIDAQABo4HlMIHiMB0GA1UdDgQWBBRGnPIW7vHce7Kr7qgdTsyxCaDLjjCB sgYDVR0jBIGqMIGngBRGnPIW7vHce7Kr7qgdTsyxCaDLjqGBg6SBgDB+MQswCQYD VQQGEwJDTjELMAkGA1UECBMCR0QxCzAJBgNVBAcTAlhZMRcwFQYDVQ
9、QKEw53d3cu NTI1MzQ1Lm5ldDELMAkGA1UECxMCWFkxDjAMBgNVBAMTBWh1YW5nMR8wHQYJKoZI hvcNAQkBFhA1MDQ3MTQ2MzlAcXEuY29tggkAheLW1p1ROGcwDAYDVR0TBAUwAwEB /zANBgkqhkiG9w0BAQQFAAOBgQB2/Q+EsPXNhR36fNs7sga+W3iKPW417MrbA/+i wnLlvrgXPdp3ppTgCLqMeuvE9p8+Zxrz+thxXTvd1/bANqgjfkKFLTq77U5K4v1p N6FYYnnGgM0CDkDiRz4nnkUuYyuRs
10、S9+etL8TQDnJ4pkAEBE+WJZCebTZ/4qxkDj SYLMbw= -END CERTIFICATE- 2.Certificate Revoke List 3.公共客户端证书: -BEGIN CERTIFICATE- MIIDlTCCAv6gAwIBAgIBATANBgkqhkiG9w0BAQQFADB+MQswCQYDVQQGEwJDTjEL MAkGA1UECBMCR0QxCzAJBgNVBAcTAlhZMRcwFQYDVQQKEw53d3cuNTI1MzQ1Lm5l dDELMAkGA1UECxMCWFkxDjAMBgNVBAMTBWh1YW5nMR8wHQYJKoZ
11、IhvcNAQkBFhA1 MDQ3MTQ2MzlAcXEuY29tMB4XDTEyMTIxMjA2MjU0N1oXDTIyMTIxMDA2MjU0N1ow dDELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAkdEMRcwFQYDVQQKEw53d3cuNTI1MzQ1 Lm5ldDENMAsGA1UECxMEWE5YWTEPMA0GA1UEAxMGc2VydmVyMR8wHQYJKoZIhvcN AQkBFhA1MDQ3MTQ2MzlAcXEuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB gQC5xJJ2UvBTKXDBSdS+BFIH0J
12、gcElKcI9qKcO5DVsJqE831DYl/aKlaTDla1VbB CpN3zMI96BuDF9ht3tUaAxY/k9z8EerjVSBYnXsVz8JLbVjzUN/PrNCrGslpD70F H42ScFmTJlRxVtudM9K34Izb2zKYoT3/IMx9Pl0vo/zDnQIDAQABo4IBKzCCAScw CQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBkAwMwYJYIZIAYb4QgENBCYWJE9w ZW5TU0wgR2VuZXJhdGVkIFNlcnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUR9uT s
13、2CAmeqdekARf622oDi9PwwwgbIGA1UdIwSBqjCBp4AURpzyFu7x3Huyq+6oHU7M sQmgy46hgYOkgYAwfjELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAkdEMQswCQYDVQQH EwJYWTEXMBUGA1UEChMOd3d3LjUyNTM0NS5uZXQxCzAJBgNVBAsTAlhZMQ4wDAYD VQQDEwVodWFuZzEfMB0GCSqGSIb3DQEJARYQNTA0NzE0NjM5QHFxLmNvbYIJAIXi 1tadUThnMA0GCSqGSIb3DQEBBAUAA4GBAJnvmHiMO
14、9cYG8bBDs+LbU9DcwyVSBmA 7IX76GIKK7f0LCUjMUGpdpHPMkFSV1k3eYZKY5huDKnXRkJiBF4ELXJ4OVXw9h5o frx7jYcijrOJ9xUWgghZNsTqzUem1sFdz+LCaxEVoAC1x8ZFuM1awTTrz1/JPXZo hCdc4SKvcNaq -END CERTIFICATE- 4.客户端私钥: -BEGIN RSA PRIVATE KEY- MIICXQIBAAKBgQC5xJJ2UvBTKXDBSdS+BFIH0JgcElKcI9qKcO5DVsJqE831DYl/ aKlaTDla1VbBCpN3zMI96BuDF9ht3tUaAxY/k9z8EerjVSBYnXsVz8JLbVjzUN/P rNCrGslpD70FH42ScFmTJlRxVtudM9K34Izb2zKYoT3/IMx9Pl0vo/zDnQIDAQAB AoGAcXSm5vE8qe3TWZmX/v1whClX3T0riwUywf665hGk51h1H0dHRLNNS0LmfJ1z QK8O5cn+kASkWOpFWsUPbbWY7ez743Q/zl9NBcgt2DU2iHOcozJjqxHZ86fZLvtc by5Eew9O4X1LHo1tG