4: open up the program in http://baoz.net and http://xsec.org has, for fear of backdoor on their own search from the official website of Nice:) 1: install RH9 clientandserver program root @ root] # http://dag.wieers.com/packages/openvpn/openvpn-2.0.7-1.rh9.rf.i386.rpmroot @ RH9 root] # rpm-ivhlzo-1.08-2_2.RHL9.at.i386.rpmwarning: lzo-1.08-2_2.RHL9.at.i386.rpm: V3DSAsignaturE: NOKEY, keyID66534c2bPreparing ... ##### ##### ##### ##### ##### ##### ##### ##### ##### [100%] 1: lzo ##### ##### ##### ##### ##### ##### ##### ##### ##### [100%] root @ RH9 root] # rpm-ivhopenvpn-2.0.7-1.rh9.rf.i386.rpmwarning: openvpn-2.0.7-1.rh9.rf.i386.rpm: V3DSAsignaturE: NOKEY, keyID6b8d79e6Preparing ... ##### ##### ##### ##### ##### ##### ##### ##### ##### [100%] 1: openvpn ##### ##### ##### ##### ##### ##### ##### ##### ##### [100%] 2: service side configuration root @ RH9 root] # cat >/etc/openvpn/server.con devtunifconfig10.8.0.110.8.0.2secretstatic.key0; Lords cover ground Tiger, pagoda town River demon, the last parameter 0 is used to prevent replay attacks, and build four key in static.key file, that is 4 key placed together, and the client to mate, a 0 to a 1.
Usernobody; reduced permissions, security, change the port groupnobodyport3389; suddenly Ah u--> but don't change the following port 1024, it requires root privileges, you have to put the above two lines nobody deletion. Comp-lzo; up compression, acceleration; no-log; not record Ah not log verb0status/dev/nulllog/dev/nulllog-append/dev/nullserver configured. 3: client configuration installation start the http://www.openvpn.se/files/install_packages/openvpn-2.0.9-gui-1.0.3-install.exe then open--procedure--openvpn--GenerateastaticOpenVPNkey, this will generate a call C:\ProgramFiles\OpenVPN\config key.txt file, rename to static.key, generate four, to get a file, use a different key for encryption and decryption to prevent replay. Then put the files into the linux broiler/etc/openvpn/static.key to last in C:\ProgramFiles\OpenVPN\config directory create a file called client.ovpn follows remote broiler IPdevtunifconfig10.8.0.210.8.0.1secretstatic.key1 last parameter 1 is used to prevent replay attacks, and build four key in static.key file, that is 4 key placed together, and the client to mate, a 0 to a 1. Port3389verb3comp-lzoclient configured. Note that both the service-side or client-IP, don't and the system has IP segment conflicts, in addition to the port needs to change. clientandserver 4: start and connect to start the service-side A: root @ RH9 root] #/etc/init.d/openvpnstartStartingopenvpn: [OK] at this time in theory will find an interface, and so will we have to clean up this collection. root@RH9 root]#ifconfigtun0tun0Linkencap:Point-to-PointProtocolinetaddr:10.8.0.1P-t-P:10.8.0.2Mask:255.255.255.255UPPOINTOPOINTRUNNINGNOARPMULTICASTMTU:1500Metric:1RXpackets:0errors:0dropped:0overruns:0frame:0TXpackets:0errors:0dropped:0overruns:0carrier:0collisions:0txqueuelen:100RXbyteS:0 (0.0b) TXbytes: 0 (0.0b) root @ RH9 root] # netstat-an | grep3389udp000.0.0.0: 33890.0.0.0: * this time theoretically be a UDP port 3389, if these two things have, that's OK, there are General in addition to the RP, basic WT is not possible here. :) If there are errors, you put the above verb0status/dev/nulllog/dev/nulllog-append/dev/null to verb9status/usr/lib/0log/usr/lib/1log-append/usr/lib/1 and then restart the openvpn service and view the log, note that this time there will be the log messages, remember to remove/usr/lib/0/usr/lib/1 debugged. B: start the client begins--procedure--openvpn--OpenVPNGUI connection service endpoint red icon in the lower-right corner--connect icon turns green, is successfully connected and assigned to address, note your firewall. If you didn't become green, from the icon the viewlog, if you find that is not a problem, the client configuration file of the verb set to 9, reconnect, and then view the log, and then google. C: check connection: see such client information Ethernetadapter local connection 4: Connection-specificDNSSuffix.: I PAddress ... ... ... ...: 10.8.0.2SubnetMask ... ... ..: 255.255.255.252DefaultGateway ... ... ...: C:\ > ping10.8.0.1Pinging10.8.0.1with32bytesofdata: Replyfrom10.8.0.1: bytes = 32time = 7msTTL = 64 connected wood, this time on your personal preferences to the default gateway, if your chicken is not very fast, or not recommended to change the default gateway, here with some modifications to the default gateway-related commands, you can reference the change, and then save the file as a cmd file, so you need a time out is OK. Routeadd broiler IPmask255.255.255.255 current default gateway-p--> is this connection keep to broilers, broken, the VPN connection is broken:) routedelete0.0.0.0--> delete default gateway routeadd0.0.0.0mask0.0.0.010.8.0.1--> the VPN tun0 address instead of the default gateway routeaddDNS Server IPmask255.255.255.255 current default gateway--> let our DNS query or go to the original gateway, which is much faster
No comments:
Post a Comment