To:thomas329
用的是windows版 or linux???

[ 本帖最後由 type4 於 2009-2-11 23:23 編輯 ]

TOP

是windows

TOP

因為我是用linux server 的所以答唔到你,
但你可以用接橋器把openvpn lan 和 你的區域連線連接.然後在server.opvn的
;push "redirect gateway"  的分號刪除再試.

TOP

一條線同時裝2個vpn servers? 求助

小弟要請教各位大大:
小弟的香港公司有條BB100(加1顆固定ip); 用的router 是 Linksys WRT54G.
小弟想問: 以往我是用一臺電腦,行windows server 2000, 裝左openvpn, 這樣我在公司外, 就可經此openvpn, 連進公司的內網。但最近我國內的朋友連香港頻頻連不上(不論是看網頁還是玩香港的online game); 所以我想在條BB100上, 多加個vpn, 讓國內的朋友可經此vpn突破封鎖。請問如何能在一條線上裝2個vpn servers呢?我是最近打算將Linksys WRT54G flash DD-WRT個v24.sp1.vpn firmware.

TOP

如果是openvpn的話.set 唔同port就得了.

TOP

提示: 作者被禁止或刪除 內容自動屏蔽

TOP

我想問下windows是否能多人登入vpn 嗎?
因為我要在街作測試linux vpn server setting 先要兩個server.(linux and router with different port)
因為如果不setting 不正確會被關在外面,而且我還想知到windows vpnserver能setport位嗎?

TOP

提示: 作者被禁止或刪除 內容自動屏蔽

TOP

openvpn for linux server and windows client setting
Source 忘記了
****************************************************************************************
aptitude install openvpn bridge-utils

cd /etc/init.d
nano bridge


程式碼:
#!/bin/bash  
# Create global variables   
# Define Bridge Interface
br="br0"
# Define list of TAP interfaces to be bridged,
# for example tap="tap0 tap1 tap2".
tap="tap0"
# Define physical ethernet interface to be bridged
# with TAP interface(s) above.
eth="eth0"
eth_ip="172.16.0.5"
eth_netmask="255.255.255.0"
eth_broadcast="172.16.0.255"
gw="172.16.0.1"   
start_bridge () {   
#################################   
# Set up Ethernet bridge on Linux   
# Requires: bridge-utils   
#################################   
for t in $tap; do
openvpn --mktun --dev $t   
done   
for t in $tap; do
ifconfig $t 0.0.0.0 promisc up   
done
ifconfig $eth 0.0.0.0 promisc up
brctl addbr $br
brctl addif $br $eth
for t in $tap; do
brctl addif $br $t   
done   
ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast up   
route add default gw $gw $br
}
stop_bridge () {   
####################################   
# Tear Down Ethernet bridge on Linux   
####################################   
ifconfig $br down
brctl delbr $br   
for t in $tap; do
openvpn --rmtun --dev $t   
done   
ifconfig $eth $eth_ip netmask $eth_netmask broadcast $eth_broadcast up   
route add default gw $gw $eth
}  
case "$1" in
start)   
echo -n "Starting Bridge"   
start_bridge   
;;
stop)   
echo -n "Stopping Bridge"   
stop_bridge   
;;
restart)   
stop_bridge   
sleep 2   
start_bridge   
;;
*)   
echo "Usage: $0 {start|stop|restart}" >&2   
exit 1   
;;
esac

*******************************************************************************************


cd /etc/openvpn
cp -R /usr/share/doc/openvpn/examples/easy-rsa/2.0/ /etc/openvpn
cd 2.0
nano vars
#this is to ensure secure data 只節錄要填寫的地方,不可以空白
         export KEY_SIZE=1024  //也可以2048
         # These are the default values for fields
         # which will be placed in the certificate.
         # Don't leave any of these fields blank.
         export KEY_COUNTRY="TW"
         export KEY_PROVINCE="Taiwan"
         export KEY_CITY="Taipei"
         export KEY_ORG="Doctorvoice"
         export KEY_EMAIL="doctorvoice@gmail.com"
. ./vars
./clean-all
./build-ca

./build-key-server server
#generate client key with or without password,選擇一種就好了
./build-key-pass amigo
./build-key amigo

./build-dh
cd keys
openssl dhparam -out dh1024.pem 1024
cd ..
openvpn --genkey --secret ta.key
****************************************************************************************************
nano server.conf

程式碼:
# Which local IP address should OpenVPN
# listen on? (optional)
local 172.16.0.5
port 1194
# TCP or UDP server?
proto udp
#This is key to configuring our bridge
dev tap0
#direct these to your generated files
ca /etc/openvpn/2.0/keys/ca.crt
cert /etc/openvpn/2.0/keys/server.crt
key /etc/openvpn/2.0/keys/server.key   
dh /etc/openvpn/2.0/keys/dh1024.pem
ifconfig-pool-persist ipp.txt
#ensure the range of ip addresses you use in the last  two arguments
# of this statement are not in use by  either the DHCP server or any other
# device on your  internal network.
server-bridge 172.16.0.5 255.255.255.0 172.16.0.60 172.16.0.70
#needed to allow communication to internal network
client-to-client
keepalive 10 120
#encryption - very important ;)
#AES encryption is backed by many security firms
#however if you are concerned about speed use blowfish: "BF-CB"
cipher AES-128-CBC  
#if you have another subnet you need to provide the route
#push "route 173.23.2.0 255.255.255.0"
#server id protection
#tls-auth ta.key 0
#compression for network speed
comp-lzo
# if packets are too large fragment them (only really useful if you have an old router)
#fragment 1400
#limit the number of connections
max-clients 5
#some secuurity settings
# do not use if running server on Windows
user nobody
group nogroup
persist-key
persist-tun
#log file settings
status openvpn-status.log
verb 3
# authentication plugin
#forces client to have a linux acount in order to connect
plugin /usr/lib/openvpn/openvpn-auth-pam.so login

nano client.conf

程式碼:
client
dev tap
proto udp
# change this to your server's address
remote 172.16.0.5 1194
resolv-retry infinite
nobind
persist-key
persist-tun
# Point the key and crt files to  
# the ones for this user
tls-client
ca ca.crt
cert amigo.crt
key amigo.key
#ensure that we are talking to a server
ns-cert-type server
#confirm we are talking to the correct server
#tls-auth ta.key 1
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
cipher AES-128-CBC
# Enable compression on the VPN link.
comp-lzo
#fragment large packets
# I found I needed this for some games but it is
# not required
#fragment 1400  
# enable user/pass authentication
# auth-user-pass

/etc/init.d/bridge start
openvpn /etc/openvpn/2.0/server.conf

Windows XP Client端
下載並安裝openvpn-gui
http://openvpn.se/files/install_ ... i-1.0.3-install.exe
取得伺服器產生的client.conf, ca.crt, amigo.crt, amigo.key給client amigo使用
將client.conf適度修改指向ca.crt, amigo.crt, amigo.key的正確位置,然後更改檔名為client.ovpn放置在c:\program files\openvpn\config\

程式碼:
#client.ovpn
client
dev tap
proto udp
# change this to your server's address
remote 172.16.0.5 1194
resolv-retry infinite
nobind
persist-key
persist-tun
# Point the key and crt files to  
# the ones for this user
tls-client
ca c:\\program files\\openvpn\\config\\ca.crt
cert c:\\openvpn\\keys\\amigo.crt
key c:\\openvpn\\keys\\amigo.key
#ensure that we are talking to a server
ns-cert-type server
#confirm we are talking to the correct server
#tls-auth ta.key 1
# Select a cryptographic cipher.
# If the cipher option is used on the server
# then you must also specify it here.
cipher AES-128-CBC
# Enable compression on the VPN link.
comp-lzo
#fragment large packets
# I found I needed this for some games but it is
# not required
#fragment 1400  
# enable user/pass authentication
# auth-user-pass

openvpn-gui開機之後就自動啟動了,只要在右下角的工作列上openvpn-gui按連結就可以完成連線。

TOP

回覆 86# 的帖子

提示: 作者被禁止或刪除 內容自動屏蔽

TOP