HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters 将IPEnableRouter改为1
(4) 关闭防火墙或将8081端口加入到防火墙允许通过的端口中去
C. OpenVpn服务器端启动成功
到此server端的配置完成,可以启动server了,以下为启动连接成功的标志
图17
3.客户端OpenVpn详细配置
A. 安装openvpn-2.1.1-install.exe
安装openvpn-2.1.1-install.exe同服务器端安装图解一样,此处不再做解释。
B. 客户端文件配置
(1) 客户端的配置文件也在C:\\Program Files\\OpenVPN\\sample-config目录
client.ovpn内容示例如下(备注:以下的批注部分为当处的说明,严格按照这种格式,一处的格式不对,在启动openvpn服务器时都有可能连接不上) ############################################## # Sample client-side OpenVPN 2.0 config file # # for connecting to multi-client server. # # # # This configuration can be used by multiple # # clients, however each client should have # # its own cert and key files. #
# # # On Windows, you might want to rename this # # file so it has a .ovpn extension # ##############################################
# Specify that we are a client and that we
# will be pulling certain config file directives # from the server. client
# Use the same setting as you are using on # the server.
# On most systems, the VPN will not function # unless you partially or fully disable # the firewall for the TUN/TAP interface. dev tap ;dev tun
# Windows needs the TAP-Win32 adapter name # from the Network Connections panel # if you have more than one. On XP SP2, # you may need to disable the firewall # for the TAP adapter. ;dev-node MyTap
# Are we connecting to a TCP or
# UDP server? Use the same setting as # on the server. proto tcp ;proto udp
# The hostname/IP and port of the server. # You can have multiple remote entries # to load balance between the servers. remote 59.108.107.42 8081 ;remote my-server-2 1194
# Choose a random host from the remote # list for load-balancing. Otherwise # try hosts in the order specified. ;remote-random
# Keep trying indefinitely to resolve the
# host name of the OpenVPN server. Very useful
# on machines which are not permanently connected # to the internet such as laptops. resolv-retry infinite
# Most clients don't need to bind to # a specific local port number. nobind
# Downgrade privileges after initialization (non-Windows only) ;user nobody ;group nobody
# Try to preserve some state across restarts. persist-key persist-tun
# If you are connecting through an
# HTTP proxy to reach the actual OpenVPN # server, put the proxy server/IP and # port number here. See the man page # if your proxy server requires # authentication.
;http-proxy-retry # retry on connection failures ;http-proxy [proxy server] [proxy port #]
# Wireless networks often produce a lot # of duplicate packets. Set this flag # to silence duplicate packet warnings. ;mute-replay-warnings
# SSL/TLS parms.
# See the server config file for more # description. It's best to use # a separate .crt/.key file pair # for each client. A single ca # file can be used for all clients. ca ca.crt
cert client01.crt key client01.key
# Verify server certificate by checking # that the certicate has the nsCertType # field set to \
# important precaution to protect against
# a potential attack discussed here: # http://openvpn.net/howto.html#mitm #
# To use this feature, you will need to generate # your server certificates with the nsCertType # field set to \# script in the easy-rsa folder will do this. ns-cert-type server
# If a tls-auth key is used on the server # then every client must also have the key. tls-auth ta.key 1
# Select a cryptographic cipher.
# If the cipher option is used on the server # then you must also specify it here. ;cipher x
# Enable compression on the VPN link. # Don't enable this unless it is also # enabled in the server config file. comp-lzo
# Set log file verbosity. verb 3
# Silence repeating messages ;mute 20
(2) 把配置文件client.ovpn复制到客户端机器的C:\\Program Files\\OpenVPN\\config目录下,并且把服务器C:\\Program Files\\OpenVPN\\easy-rsa\\keys目录下的client01.crt、client01.csr、client01.key、ca.key、ca.crt、ta.key 文件一起复制到客户端机器的C:\\Program Files\\OpenVPN\\config 目录下(以上文件由服务器端生成,客户端需要向服务器端索取这七个文件)
(3) 关闭防火墙或将8081端口加入到防火墙允许通过的端口中去
C. OpenVpn客户端启动成功
到此client端的配置完成,可以启动client了,以下为启动连接成功的标志
D. 远程OpenVpn服务器互ping检查网络
(1) 远程到服务器端虚拟IP:10.8.0.1
Windows平台下实现搭建OpenVpn虚拟专用网络
