如何設定 OpenVPN 服務

    內容表格
    沒有標頭

    版本為 01:48, 26 Dec 2024

    到這個版本。

    返回到 版本存檔.

    查閱目前版本

     

    由於 OpenVPN 是使用憑證的認証方式,所以必須先利用一部電腦(Windows 或 Linux)來產生主機與用戶端所需的不同憑證檔,以下將說明如何在 Linux 上產生這些憑證檔。

    找一台 Linux,從官網下載 OpenVPN 安裝檔
    http://openvpn.net/index.php/downloads.html

    $wget http://openvpn.net/release/openvpn-2.0.9.tar.gz
    $tar xzf openvpn-2.0.9.tar.gz
    $cd openvpn-2.0.9/
    $cd easy-rsa/
    $vi vars

    reference to undefined name 'syntax' Exception of type 'MindTouch.Deki.Script.Runtime.DekiScriptUndefinedNameException' was thrown. (click for details)

    註:以上那些參數隨意輸入

    $source ./vars
    $./clean-all
    $./build-ca 

     .....
    ......
    Country Name (2 letter code) [TW]:(按 Enter)
    State or Province Name (full name) [ALANG]:(按 Enter)
    Locality Name (eg, city) [HsinChu]:(按 Enter)
    Organization Name (eg, company) [pfSense-VPN]:(按 Enter)
    Organizational Unit Name (eg, section) []:(按 Enter)
    Common Name (eg, your name or your server's hostname) []:alang-pfsense
    Email Address [alang@myhost.mydomain]:(按 Enter)
    註:Common Name 隨便輸入

    $./build-key-server server

     

    ....
    ....
    Country Name (2 letter code) [TW]:(按 Enter)
    State or Province Name (full name) [ALANG]:(按 Enter)
    Locality Name (eg, city) [HsinChu]:(按 Enter)
    Organization Name (eg, company) [pfSense-VPN]:(按 Enter)
    Organizational Unit Name (eg, section) []:(按 Enter)
    Common Name (eg, your name or your server's hostname) []:server
    Email Address [alang@myhost.mydomain]:(按 Enter)
    ...
    ...
    A challenge password []:(按 Enter)
    An optional company name []:(按 Enter)
    ...
    ...
    Sign the certificate? [y/n]:y
    ...
    1 out of 1 certificate requests certified, commit? [y/n]y

    $./build-dh
    $./build-key pfsense-client

     

     ..
    ...
    Country Name (2 letter code) [TW]:(按 Enter)
    State or Province Name (full name) [ALANG]:(按 Enter)
    Locality Name (eg, city) [HsinChu]:(按 Enter)
    Organization Name (eg, company) [pfSense-VPN]:(按 Enter)
    Organizational Unit Name (eg, section) []:(按 Enter)
    Common Name (eg, your name or your server's hostname) []:client
    Email Address [alang@myhost.mydomain]:(按 Enter)
    ...
    ...
    A challenge password []:(按 Enter)
    An optional company name []:(按 Enter)
    ...
    ...
    Sign the certificate? [y/n]:y
    ...
    1 out of 1 certificate requests certified, commit? [y/n]y


    到這裡已經完成憑證檔的產生程序。所有後面步驟會用到的憑證檔都存在 keys 目錄內,包含有:
    ca.crt
    ca.key
    dh{xxx}.pem
    server.crt
    server.key
    pfsense-client.crt
    pfsense-client.key

    最後再檢查一下這些檔案大小,如果有出現 0 的,表示該檔案產生失敗,請重新再產生一次。 回到 pfSense 的管理網頁,選擇《Firewall》《OpenVPN》《Server》,按一下+新增項目


    頁面瀏覽數: 2918
    Powered by MindTouch Core