Linux上的OpenVPN客户端设置
时间:2020-03-21 11:46:29 来源:igfitidea点击:
这篇文章是OpenVPN的后续工作:Linux上的服务器设置。
我们将在另一台Debian Linux机器上安装并配置OpenVPN客户端,并将连接到之前创建的OpenVPN服务器。
安装OpenVPN客户端
在Debian上,OpenVPN客户端与服务器是相同的可执行文件。
因此,我们必须在客户端计算机上安装OpenVPN软件包:
# apt-get update && apt-get install openvpn
OpenVPN客户端配置
创建一个新目录来存储日志:
# mkdir /var/log/openvpn
将默认的“ client.conf”示例配置文件复制到“/etc/openvpn /”:
# cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn
我们已经复制了Sandy的客户端密钥和在OpenVPN服务器配置期间创建的CA证书,并将它们放置在'/etc/openvpn'下:
# ls -1 /etc/openvpn/ ca.crt client.conf sandy.crt sandy.key
剩下要做的就是修改配置文件,使其指向OpenVPN服务器。
打开并编辑客户端的配置文件,使其看起来类似于以下内容:
# cat /etc/openvpn/client.conf #specify that we are a client client #using the same settings as we have on the server dev tun proto udp #the hostname/IP and port of the server remote openvpn.example.com 11194 #keep trying indefinitely to resolve the host name of the OpenVPN server resolv-retry infinite #most clients don't need to bind to a specific local port number nobind #downgrade privileges after initialisation (non-Windows only) user nobody group nogroup #try to preserve some state across restarts persist-key persist-tun #full paths to keys and certificates ca /etc/openvpn/ca.crt cert /etc/openvpn/sandy.crt key /etc/openvpn/sandy.key ns-cert-type server #cryptographic cipher, must be the same on the server config file as well cipher AES-256-CBC #the same compression setting as we have on the server comp-lzo #log files log /var/log/openvpn/openvpn.log log-append /var/log/openvpn/openvpn.log #log verbosity verb 3
启动OpenVPN客户端
完成修改配置文件后,我们可以启动OpenVPN客户端服务:
# service openvpn start [ ok ] Starting virtual private network daemon: client.
故障排除
检查以确保OpenVPN tun接口已启动:
# ifconfig tun tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.26.0.6 P-t-P:10.26.0.5 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:5948 errors:0 dropped:0 overruns:0 frame:0 TX packets:5948 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:499632 (487.9 KiB) TX bytes:499632 (487.9 KiB)
检查我们是否可以ping通OpenVPN服务器(在服务器上允许ping通):
# ping -c 3 10.26.0.1 PING 10.26.0.1 (10.26.0.1) 56(84) bytes of data. 64 bytes from 10.26.0.1: icmp_req=1 ttl=64 time=0.165 ms 64 bytes from 10.26.0.1: icmp_req=2 ttl=64 time=0.103 ms 64 bytes from 10.26.0.1: icmp_req=3 ttl=64 time=0.116 ms --- 10.26.0.1 ping statistics -- 3 packets transmitted, 3 received, 0% packet loss, time 1999ms rtt min/avg/max/mdev = 0.103/0.128/0.165/0.026 ms
路由表:
# netstat -nr Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 0.0.0.0 10.1.XY.1 0.0.0.0 UG 0 0 0 eth0 10.1.XY.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 10.26.0.1 10.26.0.5 255.255.255.255 UGH 0 0 0 tun0 10.26.0.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
