站点到站点vpn(site to site vpn)的vpn client配置

Life is short , play more!
本文来自lihao's Blog,转载请注明。

配置客户端Openvpn 配置
搭建客户端 OPenvpn客户端机器, 和server一样。要创建证书和keys。 拷贝他们到相应的地方,并且给相应的权限(防止权限过高)。 (如果您不知道server如何配置的,请返回到server配置文章进行参考) 。 当然, 客户端的openvpn 配置相对server端的配置而言,要少的多。 因为server端也可以将针对于客户端的配置推下来,所以根据情况也不需要太多的配置在客户端。

客户端配置文件示例:

#
# SmallNetBuilder OpenVPN Client Configuration
#

# Instructs OpenVPN to run in client mode, requests IP address and
# special instructions (like routes) from the server.
client

# Interface for tunnel
dev tun0

# Remote server to connect to. Can be domain name or IP address.
remote smallnetbuilder.com

# Certificates and keys required for connection
ca /etc/openvpn/certs/ca.crt
cert /etc/openvpn/certs/remote_office.crt #需要在server 端给client生成的crt和key文件, server端命令为build-key
key /etc/openvpn/keys/remote_office.key

# Symmetric cipher - Must be the same as the server's
cipher BF-CBC

# Protocol and Port - Must be the same on both server and client.
proto udp
port 1194

# Log to file instead of syslog
log-append /var/log/openvpn.log
verb 4

# Since the OpenVPN client is acting as a gateway for other machines
# on the client-side network, run as a daemon and downgrade user
# priviledges.
user nobody
group nobody
daemon

# Use a persistent key and tunnel interface.
persist-tun
persist-key

接下来,我们就来配置客户网络的路由器并启动客户端openvpn client。
路由器配置:

和server端的配置一样,我们需要让客户端网络知道如何到达 服务端网络。 所以添加这条路由,让所有去10.1.1.0/24的traffic都指向客户端vpn的地址,即 192.168.1.2

openvpn

最后我们来将客户端 开启连接openvpn server。
~ # openvpn --config /etc/openvpn/client.conf

original: http://www.smallnetbuilder.com/security/security-howto/30353-how-to-set-up-a-site-to-site-vpn-with-openvpn?showall=&start=3


发表评论

电子邮件地址不会被公开。 必填项已用*标注