陈建伟 于 2011-06-08 12:20(13 年以前) 发表:
我这边的问题是,我VPN的网段是10.8.0.?,服务器端和客户端是可以连接通的。但是我现在是想实现,通过VPN的链接,然后实现我的客户端,可以访问服务器内部网络的其它电脑,同时我的客户端可以访问服务器内部网络的其它电脑,你觉得这个该怎么实现?
我的服务器的内部网段是192.168.33.?,VPN服务器的本地IP,192.168.33.131, 客户端的本地IP是172.16.4.191
防火墙已经关闭
不知道下面的配置是否错误,为什么我就是没有办法实现?
服务器的配置文件
vi /etc/openvpn/server.conf
port 1194
proto udp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh1024.pem
server 10.8.0.0 255.255.255.0
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
push "dhcp-option DNS 10.8.0.1"
push "dhcp-option DNS 58.22.96.66"
push "route 192.168.33.0 255.255.255.0"
client-config-dir ccd
route 172.16.4.0 255.255.255.0
client-to-client
verb 3
mute 20
然后在/etc/openvpn/ccd/下面的client1文件内容如下
ifconfig-push 10.8.0.5 10.8.0.6
iroute 172.16.4.0 255.255.255.0
客户端的配置文件/etc/openvpn/client.conf
client
dev tun
proto udp
remote 220.250.12.251 1194
persist-key
persist-tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/client1.crt
key /etc/openvpn/keys/client1.key
ns-cert-type server
comp-lzo
verb 3
redirect-gateway def1
nvpn/client.conf
XiaoHui 回复于 2011-06-08 14:26:
你好。我已经很久没有配置 vpn 了。当时写这个文章时配置它仅仅是为了翻 墙,没了解局端互联的情况。应该可以实现,你直接找它的官方文档看看。 :D
陈建伟 于 2011-06-08 12:24(13 年以前) 发表:
服务器端运行的输出
[root@uid5a1 ~]# /usr/local/sbin/openvpn /etc/openvpn/server.conf
Wed Jun 8 11:21:04 2011 OpenVPN 2.0.7 i686-pc-linux [SSL] [LZO] [EPOLL] built on May 25 2011
Wed Jun 8 11:21:04 2011 Diffie-Hellman initialized with 1024 bit key
Wed Jun 8 11:21:04 2011 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Jun 8 11:21:04 2011 TUN/TAP device tun0 opened
Wed Jun 8 11:21:04 2011 /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500
Wed Jun 8 11:21:04 2011 /sbin/route add -net 172.16.4.0 netmask 255.255.255.0 gw 10.8.0.2
Wed Jun 8 11:21:04 2011 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2
Wed Jun 8 11:21:04 2011 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Jun 8 11:21:04 2011 UDPv4 link local (bound): [undef]:1194
Wed Jun 8 11:21:04 2011 UDPv4 link remote: [undef]
Wed Jun 8 11:21:04 2011 MULTI: multi_init called, r=256 v=256
Wed Jun 8 11:21:04 2011 IFCONFIG POOL: base=10.8.0.4 size=62
Wed Jun 8 11:21:04 2011 Initialization Sequence Completed
Wed Jun 8 11:21:17 2011 MULTI: multi_create_instance called
Wed Jun 8 11:21:17 2011 220.250.12.115:1194 Re-using SSL/TLS context
Wed Jun 8 11:21:17 2011 220.250.12.115:1194 LZO compression initialized
Wed Jun 8 11:21:17 2011 220.250.12.115:1194 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Jun 8 11:21:17 2011 220.250.12.115:1194 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Jun 8 11:21:17 2011 220.250.12.115:1194 Local Options hash (VER=V4): '530fdded'
Wed Jun 8 11:21:17 2011 220.250.12.115:1194 Expected Remote Options hash (VER=V4): '41690919'
Wed Jun 8 11:21:17 2011 220.250.12.115:1194 TLS: Initial packet from 220.250.12.115:1194, sid=dc0ca068 0272b81d
Wed Jun 8 11:21:17 2011 220.250.12.115:1194 VERIFY OK: depth=1, /C=cn/ST=fj/L=Fuzhou/O=ffff/OU=vpn/CN=server/emailAddress=abcd@qq.com
Wed Jun 8 11:21:17 2011 220.250.12.115:1194 VERIFY OK: depth=0, /C=cn/ST=fj/L=Fuzhou/O=ffff/OU=vpn/CN=client1/emailAddress=abcd@qq.com
Wed Jun 8 11:21:17 2011 220.250.12.115:1194 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Jun 8 11:21:17 2011 220.250.12.115:1194 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jun 8 11:21:17 2011 220.250.12.115:1194 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Jun 8 11:21:17 2011 220.250.12.115:1194 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jun 8 11:21:17 2011 220.250.12.115:1194 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Jun 8 11:21:17 2011 220.250.12.115:1194 [client1] Peer Connection Initiated with 220.250.12.115:1194
Wed Jun 8 11:21:17 2011 client1/220.250.12.115:1194 MULTI: Learn: 10.8.0.6 -> client1/220.250.12.115:1194
Wed Jun 8 11:21:17 2011 client1/220.250.12.115:1194 MULTI: primary virtual IP for client1/220.250.12.115:1194: 10.8.0.6
Wed Jun 8 11:21:19 2011 client1/220.250.12.115:1194 PUSH: Received control message: 'PUSH_REQUEST'
Wed Jun 8 11:21:19 2011 client1/220.250.12.115:1194 SENT CONTROL [client1]: 'PUSH_REPLY,dhcp-option DNS 10.8.0.1,dhcp-option DNS 58.22.96.66,route 192.168.33.0 255.255.255.0,route 10.8.0.0 255.255.255.0,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5' (status=1)
客户端的运行的输出
[root@u8 ~]# /usr/local/sbin/openvpn /etc/openvpn/client.conf
Wed Jun 8 10:55:17 2011 OpenVPN 2.0.7 i686-pc-linux [SSL] [LZO] [EPOLL] built on May 25 2011
Wed Jun 8 10:55:17 2011 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Wed Jun 8 10:55:17 2011 LZO compression initialized
Wed Jun 8 10:55:17 2011 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Jun 8 10:55:17 2011 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Jun 8 10:55:17 2011 Local Options hash (VER=V4): '41690919'
Wed Jun 8 10:55:17 2011 Expected Remote Options hash (VER=V4): '530fdded'
Wed Jun 8 10:55:17 2011 UDPv4 link local (bound): [undef]:1194
Wed Jun 8 10:55:17 2011 UDPv4 link remote: 220.250.12.251:1194
Wed Jun 8 10:55:17 2011 TLS: Initial packet from 220.250.12.251:1194, sid=0f1c33d2 fb290674
Wed Jun 8 10:55:17 2011 VERIFY OK: depth=1, /C=cn/ST=fj/L=Fuzhou/O=ffff/OU=vpn/CN=server/emailAddress=abcd@qq.com
Wed Jun 8 10:55:17 2011 VERIFY OK: nsCertType=SERVER
Wed Jun 8 10:55:17 2011 VERIFY OK: depth=0, /C=cn/ST=fj/L=Fuzhou/O=ffff/OU=vpn/CN=server/emailAddress=abcd@qq.com
Wed Jun 8 10:55:17 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Jun 8 10:55:17 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jun 8 10:55:17 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Jun 8 10:55:17 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jun 8 10:55:17 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Jun 8 10:55:17 2011 [server] Peer Connection Initiated with 220.250.12.251:1194
Wed Jun 8 10:55:18 2011 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Wed Jun 8 10:55:18 2011 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 10.8.0.1,dhcp-option DNS 58.22.96.66,route 192.168.33.0 255.255.255.0,route 10.8.0.0 255.255.255.0,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Wed Jun 8 10:55:18 2011 OPTIONS IMPORT: timers and/or timeouts modified
Wed Jun 8 10:55:18 2011 OPTIONS IMPORT: --ifconfig/up options modified
Wed Jun 8 10:55:18 2011 OPTIONS IMPORT: route options modified
Wed Jun 8 10:55:18 2011 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Wed Jun 8 10:55:18 2011 TUN/TAP device tun0 opened
Wed Jun 8 10:55:18 2011 /sbin/ifconfig tun0 10.8.0.6 pointopoint 10.8.0.5 mtu 1500
Wed Jun 8 10:55:18 2011 /sbin/route add -net 220.250.12.251 netmask 255.255.255.255 gw 172.16.4.253
Wed Jun 8 10:55:18 2011 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.8.0.5
Wed Jun 8 10:55:18 2011 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.8.0.5
Wed Jun 8 10:55:18 2011 /sbin/route add -net 192.168.33.0 netmask 255.255.255.0 gw 10.8.0.5
Wed Jun 8 10:55:18 2011 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.5
Wed Jun 8 10:55:18 2011 Initialization Sequence Completed
Wed Jun 8 11:17:41 2011 event_wait : Interrupted system call (code=4)
Wed Jun 8 11:17:41 2011 TCP/UDP: Closing socket
Wed Jun 8 11:17:41 2011 /sbin/route del -net 10.8.0.0 netmask 255.255.255.0
Wed Jun 8 11:17:41 2011 /sbin/route del -net 192.168.33.0 netmask 255.255.255.0
Wed Jun 8 11:17:41 2011 /sbin/route del -net 220.250.12.251 netmask 255.255.255.255
Wed Jun 8 11:17:41 2011 /sbin/route del -net 0.0.0.0 netmask 128.0.0.0
Wed Jun 8 11:17:41 2011 /sbin/route del -net 128.0.0.0 netmask 128.0.0.0
Wed Jun 8 11:17:41 2011 Closing TUN/TAP interface
Wed Jun 8 11:17:41 2011 SIGINT[hard,] received, process exiting
[root@uid5a8 ~]# vi /etc/openvpn/client.conf
[root@uid5a8 ~]# /usr/local/sbin/openvpn /etc/openvpn/client.conf
Wed Jun 8 11:20:49 2011 OpenVPN 2.0.7 i686-pc-linux [SSL] [LZO] [EPOLL] built on May 25 2011
Wed Jun 8 11:20:49 2011 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Wed Jun 8 11:20:49 2011 LZO compression initialized
Wed Jun 8 11:20:49 2011 Control Channel MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]
Wed Jun 8 11:20:49 2011 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]
Wed Jun 8 11:20:49 2011 Local Options hash (VER=V4): '41690919'
Wed Jun 8 11:20:49 2011 Expected Remote Options hash (VER=V4): '530fdded'
Wed Jun 8 11:20:49 2011 UDPv4 link local (bound): [undef]:1194
Wed Jun 8 11:20:49 2011 UDPv4 link remote: 220.250.12.251:1194
Wed Jun 8 11:20:49 2011 TLS: Initial packet from 220.250.12.251:1194, sid=ef31ceba 1210560e
Wed Jun 8 11:20:49 2011 VERIFY OK: depth=1, /C=cn/ST=fj/L=Fuzhou/O=ffff/OU=vpn/CN=server/emailAddress=abcd@qq.com
Wed Jun 8 11:20:49 2011 VERIFY OK: nsCertType=SERVER
Wed Jun 8 11:20:49 2011 VERIFY OK: depth=0, /C=cn/ST=fj/L=Fuzhou/O=ffff/OU=vpn/CN=server/emailAddress=abcd@qq.com
Wed Jun 8 11:20:49 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Jun 8 11:20:49 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jun 8 11:20:49 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Wed Jun 8 11:20:49 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Wed Jun 8 11:20:49 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Wed Jun 8 11:20:49 2011 [server] Peer Connection Initiated with 220.250.12.251:1194
Wed Jun 8 11:20:50 2011 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Wed Jun 8 11:20:50 2011 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 10.8.0.1,dhcp-option DNS 58.22.96.66,route 192.168.33.0 255.255.255.0,route 10.8.0.0 255.255.255.0,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Wed Jun 8 11:20:50 2011 OPTIONS IMPORT: timers and/or timeouts modified
Wed Jun 8 11:20:50 2011 OPTIONS IMPORT: --ifconfig/up options modified
Wed Jun 8 11:20:50 2011 OPTIONS IMPORT: route options modified
Wed Jun 8 11:20:50 2011 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Wed Jun 8 11:20:50 2011 TUN/TAP device tun0 opened
Wed Jun 8 11:20:50 2011 /sbin/ifconfig tun0 10.8.0.6 pointopoint 10.8.0.5 mtu 1500
Wed Jun 8 11:20:50 2011 /sbin/route add -net 220.250.12.251 netmask 255.255.255.255 gw 172.16.4.253
Wed Jun 8 11:20:50 2011 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.8.0.5
Wed Jun 8 11:20:50 2011 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.8.0.5
Wed Jun 8 11:20:50 2011 /sbin/route add -net 192.168.33.0 netmask 255.255.255.0 gw 10.8.0.5
Wed Jun 8 11:20:50 2011 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.5
Wed Jun 8 11:20:51 2011 Initialization Sequence Completed
大家如果谁有答案的可以通知我。
我的QQ66472309