资源描述:
《如何使用openvpn连接两个网络》由会员上传分享,免费在线阅读,更多相关内容在工程资料-天天文库。
1、如何使用OpenVPN连接两个网络~教育资源库 OpenVPN是一个非常宜用的,基于SSL加密的,跨平台的VPN开源软件。我们所常见的有关OpenVPN的文章,都是讲如何将自己的笔记本电脑通过不安全的公共网络连接到公司网络等。但是我们今天要讲的不是这个。我今天要实现的一个方案是,如何通过OpenVPN将公司总部和公司分部永久的连接起来,其中要通过不安全的公共网络。 OpenVPNisaneasy-to-useopensourceVPNsoftinteroperability.Themajorit
2、yofOpenVPNtutorialsI'vefounddescribehotheirlaptopsoverinsecureabouttodescribeisbettersuitedforpermanentlyconnectingentireple,branchofficestotheheadquartersofapany. ForthissetupI'llassumethatyouhavetactingasarouter/fireusingtbeddedrouters--buty
3、ou'refreetousethehardentationonOpenVPN'shomepageforalistofsupportedoperatingsystems.IfyouruseOpenBSD,havealookatthearticleCreatingsecureustusethesamesub--forinstace,192.168.0.0/24--andinordertoavoidconflicts,eachputeratanylocationshouldhaveitso
4、ple,IPaddresses192.168.0.1through192.168.0.100forputersonple,therouteronode,soyouneedtobridgethelocalktun--devtap0tocreatethetap0interface,thenrunbrctladdbrbr0tocreatethebridgeandbrctladdifbr0eth0;brctladdifbr0tap0;ifconfigtap00.0.0.0promiscuptoaddthel
5、ocalworkinterfaceeth0(replacewithyourinterface)andtap0tothebridgeandbringtap0up.Eachdistributionhasitsownwayofconfiguringworkbridges;seethearticleCreateasecureLinux-basedwirelessaccesspointforbridgingonDebian. NowyouneedtocreateSSLcertificates.It'
6、sgoodsecuritypracticetouseaseparateputerforthispurpose,andpreferablyonenotconnectedtotheIn123下一页友情提醒:,特别!ter.OpenVPNprovidesscripts(calledeasy-rsa)tofacilitatetheprocedure,soit'sjustamatterofansplequestions.Thecreationofcertificatesisdescribedinthe
7、PKIpartofOpenVPN'sHoightbedifferentonyourdistribution)../vars./clean-all./build-ca./build-key-serverrouterA./build-keyrouterB./build-dhopenvpn--genkey--secretkeys/ta.key OnrouterA,createthedirectory/etc/openvpn/keysbyissuingmkdir-p/etc/openvpn/key
8、sandcopythefilesca.crt,dh1024.pem,routerA.crt,routerA.key,andta.keythatyoucreatedearliertothatdirectory.DothesamethingonrouterB,copyinginsteadthefilesca.crt,routerB.crt,routerB.key,andta.key.Alsocreatethedirectories/etc/openvpn/chroot/c
