站点到站点vpn(site to site vpn)的vpn client配置
配置客户端Openvpn 配置
搭建客户端 OPenvpn客户端机器, 和server一样。要创建证书和keys。 拷贝他们到相应的地方,并且给相应的权限(防止权限过高)。 (如果您不知道server如何配置的,请返回到server配置文章进行参考) 。 当然, 客户端的openvpn 配置相对server端的配置而言,要少的多。 因为server端也可以将针对于客户端的配置推下来,所以根据情况也不需要太多的配置在客户端。
客户端配置文件示例:
#
# SmallNetBuilder OpenVPN Client Configuration
#
# Instructs OpenVPN to run in client mode, requests IP address and
# special instructions (like routes) from the server.
client
# Interface for tunnel
dev tun0
# Remote server to connect to. Can be domain name or IP address.
remote smallnetbuilder.com
# Certificates and keys required for connection
ca /etc/openvpn/certs/ca.crt
cert /etc/openvpn/certs/remote_office.crt #需要在server 端给client生成的crt和key文件, server端命令为build-key
key /etc/openvpn/keys/remote_office.key
# Symmetric cipher - Must be the same as the server's
cipher BF-CBC
# Protocol and Port - Must be the same on both server and client.
proto udp
port 1194
# Log to file instead of syslog
log-append /var/log/openvpn.log
verb 4
# Since the OpenVPN client is acting as a gateway for other machines
# on the client-side network, run as a daemon and downgrade user
# priviledges.
user nobody
group nobody
daemon
# Use a persistent key and tunnel interface.
persist-tun
persist-key
接下来,我们就来配置客户网络的路由器并启动客户端openvpn client。
路由器配置:
和server端的配置一样,我们需要让客户端网络知道如何到达 服务端网络。 所以添加这条路由,让所有去10.1.1.0/24的traffic都指向客户端vpn的地址,即 192.168.1.2
最后我们来将客户端 开启连接openvpn server。
~ # openvpn --config /etc/openvpn/client.conf
original: http://www.smallnetbuilder.com/security/security-howto/30353-how-to-set-up-a-site-to-site-vpn-with-openvpn?showall=&start=3
此篇文章已被阅读4690 次