{"id":440,"date":"2023-11-05T11:52:01","date_gmt":"2023-11-05T03:52:01","guid":{"rendered":"http:\/\/idc.birk.cn\/?p=440"},"modified":"2023-11-05T13:42:12","modified_gmt":"2023-11-05T05:42:12","slug":"openvpn%e9%85%8d%e7%bd%ae%e5%a4%a7%e5%85%a8","status":"publish","type":"post","link":"https:\/\/idc.birk.cn\/?p=440","title":{"rendered":"openvpn\u914d\u7f6e\u5927\u5168"},"content":{"rendered":"
\u670d\u52a1\u7aef\u914d\u7f6e\u6587\u4ef6server.ovpn<\/div>\n
<\/div>\n
#\u7533\u660e\u672c\u673a\u4f7f\u7528\u7684IP\u5730\u5740\uff0c\u4e5f\u53ef\u4ee5\u4e0d\u8bf4\u660e<\/code><\/div>\n
;<\/code>local<\/code>\u00a0192.168.24.34<\/code><\/div>\n
#\u7533\u660e\u4f7f\u7528\u7684\u7aef\u53e3\uff0c\u9ed8\u8ba4443<\/code><\/div>\n
port\u00a0443<\/code><\/div>\n
#\u7533\u660e\u4f7f\u7528\u7684\u534f\u8bae\uff0c\u9ed8\u8ba4\u4f7f\u7528UDP\uff0c\u5982\u679c\u4f7f\u7528HTTP\u00a0proxy\uff0c\u5fc5\u987b\u4f7f\u7528TCP\u534f\u8bae<\/code><\/div>\n
;proto\u00a0tcp<\/code><\/div>\n
proto\u00a0udp<\/code><\/div>\n
#\u7533\u660e\u4f7f\u7528\u7684\u8bbe\u5907\u53ef\u9009tap\u548ctun\uff0ctap\u662f\u4e8c\u5c42\u8bbe\u5907\uff0c\u652f\u6301\u94fe\u8def\u5c42\u534f\u8bae\u3002<\/code><\/div>\n
#tun\u662fip\u5c42\u7684\u70b9\u5bf9\u70b9\u534f\u8bae\uff0c\u9650\u5236\u7a0d\u5fae\u591a\u4e00\u4e9b\uff0c\u5efa\u8bae\u4f7f\u7528tun<\/code><\/div>\n
dev\u00a0tap<\/code><\/div>\n
;dev\u00a0tun<\/code><\/div>\n
#OpenVPN\u4f7f\u7528\u7684ROOT\u00a0CA\uff0c\u4f7f\u7528build-ca\u751f\u6210\u7684\uff0c\u7528\u4e8e\u9a8c\u8bc1\u5ba2\u6237\u662f\u8bc1\u4e66\u662f\u5426\u5408\u6cd5<\/code><\/div>\n
ca\u00a0ca.crt<\/code><\/div>\n
#Server\u4f7f\u7528\u7684\u8bc1\u4e66\u6587\u4ef6<\/code><\/div>\n
cert\u00a0server.crt<\/code><\/div>\n
#Server\u4f7f\u7528\u7684\u8bc1\u4e66\u5bf9\u5e94\u7684key\uff0c\u6ce8\u610f\u6587\u4ef6\u7684\u6743\u9650\uff0c\u9632\u6b62\u88ab\u76d7<\/code><\/div>\n
key\u00a0server.key<\/code><\/div>\n
#CRL\u6587\u4ef6\u7684\u7533\u660e\uff0c\u88ab\u540a\u9500\u7684\u8bc1\u4e66\u94fe\uff0c\u8fd9\u4e9b\u8bc1\u4e66\u5c06\u65e0\u6cd5\u767b\u5f55<\/code><\/div>\n
crl-verify\u00a0vpncrl.pem<\/code><\/div>\n
#\u4e0a\u9762\u63d0\u5230\u7684\u751f\u6210\u7684Diffie-Hellman\u6587\u4ef6<\/code><\/div>\n
dh\u00a0dh1024.pem<\/code><\/div>\n
#\u8fd9\u662f\u4e00\u6761\u547d\u4ee4\u7684\u5408\u96c6\uff0c\u5982\u679c\u4f60\u662fOpenVPN\u7684\u8001\u7528\u6237\uff0c\u5c31\u77e5\u9053\u8fd9\u6761\u547d\u4ee4\u7684\u6765\u7531<\/code><\/div>\n
#\u8fd9\u6761\u547d\u4ee4\u7b49\u6548\u4e8e\uff1a<\/code><\/div>\n
#\u00a0mode\u00a0server\u00a0#OpenVPN\u5de5\u4f5c\u5728Server\u6a21\u5f0f\uff0c\u53ef\u4ee5\u652f\u6301\u591aclient\u540c\u65f6\u52a8\u6001\u63a5\u5165<\/code><\/div>\n
#\u00a0tls-server\u00a0#\u4f7f\u7528TLS\u52a0\u5bc6\u4f20\u8f93\uff0c\u672c\u7aef\u4e3aServer\uff0cClient\u7aef\u4e3atls-client<\/code><\/div>\n
#<\/code><\/div>\n
#\u00a0if\u00a0dev\u00a0tun:\u00a0#\u5982\u679c\u4f7f\u7528tun\u8bbe\u5907\uff0c\u7b49\u6548\u4e8e\u4ee5\u4e0b\u914d\u7f6e<\/code><\/div>\n
#\u00a0ifconfig\u00a010.8.0.1\u00a010.8.0.2\u00a0#\u8bbe\u7f6e\u672c\u5730tun\u8bbe\u5907\u7684\u5730\u5740<\/code><\/div>\n
#\u00a0ifconfig-pool\u00a010.8.0.4\u00a010.8.0.251\u00a0#\u8bf4\u660eOpenVPN\u4f7f\u7528\u7684\u5730\u5740\u6c60\uff08\u7528\u4e8e\u5206\u914d\u7ed9\u5ba2\u6237\uff09\uff0c\u5206\u522b\u662f\u8d77\u59cb\u5730\u5740\u3001<\/code><\/div>\n
\u7ed3\u675f\u5730\u5740<\/code><\/div>\n
#\u00a0route\u00a010.8.0.0\u00a0255.255.255.0\u00a0#\u589e\u52a0\u4e00\u6761\u9759\u6001\u8def\u7531\uff0c\u7701\u7565\u4e0b\u4e00\u8df3\u5730\u5740\uff0c<\/code><\/div>\n
\u4e0b\u4e00\u8df3\u4e3a\u5bf9\u7aef\u5730\u5740\uff0c\u8fd9\u91cc\u662f:\u00a010.8.0.2<\/code><\/div>\n
#\u00a0if\u00a0client-to-client:\u00a0#\u5982\u679c\u4f7f\u7528client-to-client\u8fd9\u4e2a\u9009\u9879<\/code><\/div>\n
#\u00a0push\u00a0\u201droute\u00a010.8.0.0\u00a0255.255.255.0\u2033\u00a0#\u628a\u8fd9\u6761\u8def\u7531\u53d1\u9001\u7ed9\u5ba2\u6237\u7aef\uff0c\u5ba2\u6237\u8fde\u63a5\u6210\u529f\u540e\u81ea\u52a8\u52a0\u5165\u8def\u7531\u8868\uff0c<\/code><\/div>\n
\u7701\u7565\u4e86\u4e0b\u4e00\u8df3\u5730\u5740:\u00a010.8.0.1<\/code><\/div>\n
#\u00a0else<\/code><\/div>\n
#\u00a0push\u00a0\u201droute\u00a010.8.0.1\u2033\u00a0#\u5426\u5219\u53d1\u9001\u672c\u6761\u8def\u7531\uff0c\u8fd9\u662f\u4e00\u4e2a\u4e3b\u673a\u8def\u7531\uff0c\u7701\u7565\u4e86\u5b50\u7f51\u63a9\u7801\u548c\u4e0b\u4e00\u8df3<\/code><\/div>\n
\u5730\u5740\uff0c\u5206\u522b\u4e3a:\u00a0255.255.255.255\u00a010.8.0.1<\/code><\/div>\n
#<\/code><\/div>\n
#\u00a0if\u00a0dev\u00a0tap:\u00a0#\u5982\u679c\u4f7f\u7528tap\u8bbe\u5907\uff0c\u5219\u7b49\u6548\u4e8e\u4ee5\u4e0b\u547d\u4ee4<\/code><\/div>\n
#\u00a0ifconfig\u00a010.8.0.1\u00a0255.255.255.0\u00a0#\u914d\u7f6etap\u8bbe\u5907\u7684\u5730\u5740<\/code><\/div>\n
#\u00a0ifconfig-pool\u00a010.8.0.2\u00a010.8.0.254\u00a0255.255.255.0\u00a0#\u5ba2\u6237\u7aef\u4f7f\u7528\u7684\u5730\u5740\u6c60\uff0c\u5206\u522b\u662f\u8d77\u59cb\u5730\u5740\u3001\u7ed3\u675f\u5730\u5740\u3001<\/code><\/div>\n
\u5b50\u7f51\u63a9\u7801<\/code><\/div>\n
#\u00a0push\u00a0\u201droute-gateway\u00a010.8.0.1\u2033\u00a0#\u628a\u73af\u5883\u53d8\u91cfroute-gateway\u4f20\u9012\u7ed9\u5ba2\u6237\u673a<\/code><\/div>\n
#\u00a0server\u00a010.8.0.0\u00a0255.255.255.0\u00a0#\u7b49\u6548\u4e8e\u4ee5\u4e0a\u547d\u4ee4<\/code><\/div>\n
#\u7528\u4e8e\u8bb0\u5f55\u67d0\u4e2aClient\u83b7\u5f97\u7684IP\u5730\u5740\uff0c\u7c7b\u4f3c\u4e8edhcpd.lease\u6587\u4ef6\uff0c<\/code><\/div>\n
#\u9632\u6b62openvpn\u91cd\u65b0\u542f\u52a8\u540e\u201c\u5fd8\u8bb0\u201dClient\u66fe\u7ecf\u4f7f\u7528\u8fc7\u7684IP\u5730\u5740<\/code><\/div>\n
ifconfig<\/code>-pool-persist\u00a0ipp.txt<\/code><\/div>\n
#Bridge\u72b6\u6001\u4e0b\u7c7b\u4f3cDHCPD\u7684\u914d\u7f6e\uff0c\u4e3a\u5ba2\u6237\u5206\u914d\u5730\u5740\uff0c\u7531\u4e8e\u8fd9\u91cc\u5de5\u4f5c\u5728\u8def\u7531\u6a21\u5f0f\uff0c\u6240\u4ee5\u4e0d\u4f7f\u7528<\/code><\/div>\n
;server-bridge\u00a010.8.0.4\u00a0255.255.255.0\u00a010.8.0.50\u00a010.8.0.100<\/code><\/div>\n
#\u901a\u8fc7VPN\u00a0Server\u5f80Client\u00a0push\u8def\u7531\uff0cclient\u901a\u8fc7pull\u6307\u4ee4\u83b7\u5f97Server\u00a0push\u7684\u6240\u6709\u9009\u9879\u5e76\u5e94\u7528<\/code><\/div>\n
;push\u00a0\u201droute\u00a0192.168.10.0\u00a0255.255.255.0\u2033<\/code><\/div>\n
;push\u00a0\u201droute\u00a0192.168.20.0\u00a0255.255.255.0\u2033<\/code><\/div>\n
#VPN\u542f\u52a8\u540e\uff0c\u5728VPN\u00a0Server\u4e0a\u589e\u52a0\u7684\u8def\u7531\uff0cVPN\u505c\u6b62\u540e\u81ea\u52a8\u5220\u9664<\/code><\/div>\n
;route\u00a010.9.0.0\u00a0255.255.255.252<\/code><\/div>\n
#Run\u00a0script\u00a0or\u00a0shell\u00a0command\u00a0cmd\u00a0to\u00a0validate\u00a0client<\/code><\/div>\n
#virtual\u00a0addresses\u00a0or\u00a0routes.\u00a0\u5177\u4f53\u67e5\u770bmanual\u00a0;learn-address\u00a0.\/script<\/code><\/div>\n
#\u5176\u5b83\u7684\u4e00\u4e9b\u9700\u8981PUSH\u7ed9Client\u7684\u9009\u9879<\/code><\/div>\n
#<\/code><\/div>\n
#\u4f7fClient\u7684\u9ed8\u8ba4\u7f51\u5173\u6307\u5411VPN\uff0c\u8ba9Client\u7684\u6240\u6709Traffic\u90fd\u901a\u8fc7VPN\u8d70<\/code><\/div>\n
;push\u00a0\u201dredirect-gateway\u201d<\/code><\/div>\n
#DHCP\u7684\u4e00\u4e9b\u9009\u9879\uff0c\u5177\u4f53\u67e5\u770bManual<\/code><\/div>\n
;push\u00a0\u201ddhcp-option\u00a0DNS\u00a010.8.0.1\u2033<\/code><\/div>\n
;push\u00a0\u201ddhcp-option\u00a0WINS\u00a010.8.0.1\u2033<\/code><\/div>\n
#\u5982\u679c\u53ef\u4ee5\u8ba9VPN\u00a0Client\u4e4b\u95f4\u76f8\u4e92\u8bbf\u95ee\u76f4\u63a5\u901a\u8fc7openvpn\u7a0b\u5e8f\u8f6c\u53d1\uff0c<\/code><\/div>\n
#\u4e0d\u7528\u53d1\u9001\u5230tun\u6216\u8005tap\u8bbe\u5907\u540e\u91cd\u65b0\u8f6c\u53d1\uff0c\u4f18\u5316Client\u00a0to\u00a0Client\u7684\u8bbf\u95ee\u6548\u7387<\/code><\/div>\n
client-to-client<\/code><\/div>\n
#\u5982\u679cClient\u4f7f\u7528\u7684CA\u7684Common\u00a0Name\u6709\u91cd\u590d\u4e86\uff0c\u6216\u8005\u8bf4\u5ba2\u6237\u90fd\u4f7f\u7528\u76f8\u540c\u7684CA<\/code><\/div>\n
#\u548ckeys\u8fde\u63a5VPN\uff0c\u4e00\u5b9a\u8981\u6253\u5f00\u8fd9\u4e2a\u9009\u9879\uff0c\u5426\u5219\u53ea\u5141\u8bb8\u4e00\u4e2a\u4eba\u8fde\u63a5VPN<\/code><\/div>\n
;duplicate-cn<\/code><\/div>\n
#NAT\u540e\u9762\u4f7f\u7528VPN\uff0c\u5982\u679cVPN\u957f\u65f6\u95f4\u4e0d\u901a\u4fe1\uff0cNAT\u00a0Session\u53ef\u80fd\u4f1a\u5931\u6548\uff0c<\/code><\/div>\n
#\u5bfc\u81f4VPN\u8fde\u63a5\u4e22\u5931\uff0c\u4e3a\u9632\u6b62\u4e4b\u7c7b\u4e8b\u60c5\u7684\u53d1\u751f\uff0ckeepalive\u63d0\u4f9b\u4e00\u4e2a\u7c7b\u4f3c\u4e8eping\u7684\u673a\u5236\uff0c<\/code><\/div>\n
#\u4e0b\u9762\u8868\u793a\u6bcf10\u79d2\u901a\u8fc7VPN\u7684Control\u901a\u9053ping\u5bf9\u65b9\uff0c\u5982\u679c\u8fde\u7eed120\u79d2\u65e0\u6cd5ping\u901a\uff0c<\/code><\/div>\n
#\u8ba4\u4e3a\u8fde\u63a5\u4e22\u5931\uff0c\u5e76\u91cd\u65b0\u542f\u52a8VPN\uff0c\u91cd\u65b0\u8fde\u63a5<\/code><\/div>\n
#\uff08\u5bf9\u4e8emode\u00a0server\u6a21\u5f0f\u4e0b\u7684openvpn\u4e0d\u4f1a\u91cd\u65b0\u8fde\u63a5\uff09\u3002<\/code><\/div>\n
keepalive\u00a010\u00a0120<\/code><\/div>\n
#\u4e0a\u9762\u63d0\u5230\u7684HMAC\u9632\u706b\u5899\uff0c\u9632\u6b62DOS\u653b\u51fb\uff0c\u5bf9\u4e8e\u6240\u6709\u7684\u63a7\u5236\u4fe1\u606f\uff0c\u90fd\u4f7f\u7528HMAC\u00a0signature\uff0c<\/code><\/div>\n
#\u6ca1\u6709HMAC\u00a0signature\u7684\u63a7\u5236\u4fe1\u606f\u4e0d\u4e88\u5904\u7406\uff0c\u6ce8\u610fserver\u7aef\u540e\u9762\u7684\u6570\u5b57\u80af\u5b9a\u4f7f\u75280\uff0cclient\u4f7f\u75281<\/code><\/div>\n
tls-auth\u00a0ta.key\u00a00\u00a0<\/code>#\u00a0This\u00a0file\u00a0is\u00a0secret<\/code><\/div>\n
#\u5bf9\u6570\u636e\u8fdb\u884c\u538b\u7f29\uff0c\u6ce8\u610fServer\u548cClient\u4e00\u81f4<\/code><\/div>\n
comp-lzo<\/code><\/div>\n
#\u5b9a\u4e49\u6700\u5927\u8fde\u63a5\u6570<\/code><\/div>\n
;max-clients\u00a0100<\/code><\/div>\n
#\u5b9a\u4e49\u8fd0\u884copenvpn\u7684\u7528\u6237<\/code><\/div>\n
user\u00a0nobody<\/code><\/div>\n
group\u00a0nobody<\/code><\/div>\n
#\u901a\u8fc7keepalive\u68c0\u6d4b\u8d85\u65f6\u540e\uff0c\u91cd\u65b0\u542f\u52a8VPN\uff0c\u4e0d\u91cd\u65b0\u8bfb\u53d6keys\uff0c\u4fdd\u7559\u7b2c\u4e00\u6b21\u4f7f\u7528\u7684keys<\/code><\/div>\n
persist-key<\/code><\/div>\n
#\u901a\u8fc7keepalive\u68c0\u6d4b\u8d85\u65f6\u540e\uff0c\u91cd\u65b0\u542f\u52a8VPN\uff0c\u4e00\u76f4\u4fdd\u6301tun\u6216\u8005tap\u8bbe\u5907\u662flinkup\u7684\uff0c<\/code><\/div>\n
#\u5426\u5219\u7f51\u7edc\u8fde\u63a5\u4f1a\u5148linkdown\u7136\u540elinkup<\/code><\/div>\n
persist-tun<\/code><\/div>\n
#\u5b9a\u671f\u628aopenvpn\u7684\u4e00\u4e9b\u72b6\u6001\u4fe1\u606f\u5199\u5230\u6587\u4ef6\u4e2d\uff0c\u4ee5\u4fbf\u81ea\u5df1\u5199\u7a0b\u5e8f\u8ba1\u8d39\u6216\u8005\u8fdb\u884c\u5176\u5b83\u64cd\u4f5c<\/code><\/div>\n
status\u00a0openvpn-status.log<\/code><\/div>\n
#\u8bb0\u5f55\u65e5\u5fd7\uff0c\u6bcf\u6b21\u91cd\u65b0\u542f\u52a8openvpn\u540e\u5220\u9664\u539f\u6709\u7684log\u4fe1\u606f<\/code><\/div>\n
log\u00a0<\/code>\/var\/log\/openvpn<\/code>.log<\/code><\/div>\n
#\u548clog\u4e00\u81f4\uff0c\u6bcf\u6b21\u91cd\u65b0\u542f\u52a8openvpn\u540e\u4fdd\u7559\u539f\u6709\u7684log\u4fe1\u606f\uff0c\u65b0\u4fe1\u606f\u8ffd\u52a0\u5230\u6587\u4ef6\u6700\u540e<\/code><\/div>\n
;log-append\u00a0openvpn.log<\/code><\/div>\n
#\u76f8\u5f53\u4e8edebug\u00a0level\uff0c\u5177\u4f53\u67e5\u770bmanual<\/code><\/div>\n
verb\u00a03<\/code><\/div>\n
<\/div>\n
\u5ba2\u6237\u7aef\u7aef\u914d\u7f6e\u6587\u4ef6client.ovpn<\/div>\n
<\/div>\n
\n
#\u6307\u5b9a\u63a5\u53e3\u7684\u7c7b\u578b\uff0c\u4e25\u683c\u548cServer\u7aef\u4e00\u81f4\u00a0dev\u00a0tap\u00a0<\/code><\/div>\n
;dev\u00a0tun\u00a0<\/code><\/div>\n
#\u00a0Windows\u00a0needs\u00a0the\u00a0TAP-Win32\u00a0adapter\u00a0name<\/code><\/div>\n
#\u00a0from\u00a0the\u00a0Network\u00a0Connections\u00a0panel\u00a0<\/code><\/div>\n
#if\u00a0you\u00a0have\u00a0more\u00a0than\u00a0one.\u00a0On\u00a0XP\u00a0SP2,\u00a0<\/code><\/div>\n
#\u00a0you\u00a0may\u00a0need\u00a0to\u00a0disable\u00a0the\u00a0firewall\u00a0<\/code><\/div>\n
#\u00a0for\u00a0the\u00a0TAP\u00a0adapter.\u00a0;dev-node\u00a0MyTap\u00a0<\/code><\/div>\n
#\u00a0\u4f7f\u7528\u7684\u534f\u8bae\uff0c\u4e0eServer\u4e25\u683c\u4e00\u81f4\u00a0<\/code><\/div>\n
;proto\u00a0tcp\u00a0proto\u00a0udp\u00a0<\/code><\/div>\n
#\u8bbe\u7f6eServer\u7684IP\u5730\u5740\u548c\u7aef\u53e3\uff0c\u5982\u679c\u6709\u591a\u53f0\u673a\u5668\u505a\u8d1f\u8f7d\u5747\u8861\uff0c\u53ef\u4ee5\u591a\u6b21\u51fa\u73b0remote\u5173\u952e\u5b57\u00a0<\/code><\/div>\n
remote\u00a061.1.1.2\u00a01194<\/code><\/div>\n
\u00a0<\/code>;remote\u00a0my-server-2\u00a01194\u00a0<\/code><\/div>\n
#\u00a0\u968f\u673a\u9009\u62e9\u4e00\u4e2aServer\u8fde\u63a5\uff0c\u5426\u5219\u6309\u7167\u987a\u5e8f\u4ece\u4e0a\u5230\u4e0b\u4f9d\u6b21\u8fde\u63a5\u00a0<\/code><\/div>\n
;remote-random\u00a0<\/code><\/div>\n
#\u00a0\u59cb\u7ec8\u91cd\u65b0\u89e3\u6790Server\u7684IP\u5730\u5740\uff08\u5982\u679cremote\u540e\u9762\u8ddf\u7684\u662f\u57df\u540d\uff09\uff0c<\/code><\/div>\n
#\u00a0\u4fdd\u8bc1Server\u00a0IP\u5730\u5740\u662f\u52a8\u6001\u7684\u4f7f\u7528DDNS\u52a8\u6001\u66f4\u65b0DNS\u540e\uff0cClient\u5728\u81ea\u52a8\u91cd\u65b0\u8fde\u63a5\u65f6\u91cd\u65b0\u89e3\u6790Server\u7684IP\u5730\u5740\u00a0<\/code><\/div>\n
#\u00a0\u8fd9\u6837\u65e0\u9700\u4eba\u4e3a\u91cd\u65b0\u542f\u52a8\uff0c\u5373\u53ef\u91cd\u65b0\u63a5\u5165VPN\u00a0<\/code><\/div>\n
resolv-retry\u00a0infinite<\/code><\/div>\n
#\u00a0\u5728\u672c\u673a\u4e0d\u90a6\u5b9a\u4efb\u4f55\u7aef\u53e3\u76d1\u542cincoming\u6570\u636e\uff0cClient\u65e0\u9700\u6b64\u64cd\u4f5c\uff0c\u9664\u975e\u4e00\u5bf9\u4e00\u7684VPN\u6709\u5fc5\u8981\u00a0<\/code><\/div>\n
nobind\u00a0<\/code><\/div>\n
#\u00a0\u8fd0\u884copenvpn\u7528\u6237\u7684\u8eab\u4efd\uff0c\u65e7\u7248\u672c\u5728win\u4e0b\u9700\u8981\u628a\u8fd9\u4e24\u884c\u6ce8\u91ca\u6389\uff0c\u65b0\u7248\u672c\u65e0\u9700\u6b64\u64cd\u4f5c\u00a0<\/code><\/div>\n
user\u00a0nobody\u00a0<\/code><\/div>\n
group\u00a0nobody\u00a0<\/code><\/div>\n
#\u5728Client\u7aef\u589e\u52a0\u8def\u7531\uff0c\u4f7f\u5f97\u6240\u6709\u8bbf\u95ee\u5185\u7f51\u7684\u6d41\u91cf\u90fd\u7ecf\u8fc7VPN\u51fa\u53bb\u00a0<\/code><\/div>\n
#\u5f53\u7136\u4e5f\u53ef\u4ee5\u5728Server\u7684\u914d\u7f6e\u6587\u4ef6\u91cc\u5934\u8bbe\u7f6e\uff0cServer\u914d\u7f6e\u91cc\u5934\u4f7f\u7528\u7684\u547d\u4ee4\u662f\u00a0<\/code><\/div>\n
#\u00a0push\u00a0\u201droute\u00a0192.168.0.0\u00a0255.255.255.0\u2033\u00a0<\/code><\/div>\n
route\u00a0192.168.0.0\u00a0255.255.0.0\u00a0<\/code><\/div>\n
#\u00a0\u548cServer\u914d\u7f6e\u4e0a\u7684\u529f\u80fd\u4e00\u6837\u00a0\u5982\u679c\u4f7f\u7528\u4e86chroot\u6216\u8005su\u529f\u80fd\uff0c\u6700\u597d\u6253\u5f00\u4e0b\u97622\u4e2a\u9009\u9879\uff0c\u9632\u6b62<\/code><\/div>\n
\u91cd\u65b0\u542f\u52a8\u540e\u627e\u4e0d\u5230keys\u6587\u4ef6\uff0c\u6216\u8005nobody\u7528\u6237\u6ca1\u6709\u6743\u9650\u542f\u52a8tun\u8bbe\u5907\u00a0<\/code><\/div>\n
persist-key\u00a0<\/code><\/div>\n
persist-tun\u00a0<\/code><\/div>\n
#\u00a0\u5982\u679c\u4f60\u4f7f\u7528HTTP\u4ee3\u7406\u8fde\u63a5VPN\u00a0Server\uff0c\u628aProxy\u7684IP\u5730\u5740\u548c\u7aef\u53e3\u5199\u5230\u4e0b\u9762\u00a0<\/code><\/div>\n
#\u00a0\u5982\u679c\u4ee3\u7406\u9700\u8981\u9a8c\u8bc1\uff0c\u4f7f\u7528http-proxy\u00a0server\u00a0port\u00a0[authfile]\u00a0[auth-method]\u00a0<\/code><\/div>\n
#\u00a0\u5176\u4e2dauthfile\u662f\u4e00\u4e2a2\u884c\u7684\u6587\u672c\u6587\u4ef6\uff0c\u7528\u6237\u540d\u548c\u5bc6\u7801\u5404\u5360\u4e00\u884c\uff0cauth-method\u53ef\u4ee5\u7701\u7565\uff0c\u8be6\u7ec6<\/code><\/div>\n
\u4fe1\u606f\u67e5\u770bManual<\/code><\/div>\n
\u00a0<\/code>;http-proxy-retry\u00a0<\/code>#\u00a0retry\u00a0on\u00a0connection\u00a0failures<\/code><\/div>\n
\u00a0<\/code>;http-proxy\u00a0[proxy\u00a0server]\u00a0[proxy\u00a0port\u00a0<\/code>#]\u00a0<\/code><\/div>\n
#\u00a0\u5bf9\u4e8e\u65e0\u7ebf\u8bbe\u5907\u4f7f\u7528VPN\u7684\u914d\u7f6e\uff0c\u770b\u770b\u5c31\u660e\u767d\u4e86\u00a0<\/code><\/div>\n
#\u00a0Wireless\u00a0networks\u00a0often\u00a0produce\u00a0a\u00a0lot\u00a0<\/code><\/div>\n
#\u00a0of\u00a0duplicate\u00a0packets.\u00a0Set\u00a0this\u00a0flag\u00a0<\/code><\/div>\n
#\u00a0to\u00a0silence\u00a0duplicate\u00a0packet\u00a0warnings.\u00a0<\/code><\/div>\n
;mute-replay-warnings\u00a0<\/code>#\u00a0Root\u00a0CA\u00a0\u6587\u4ef6\u7684\u6587\u4ef6\u540d\uff0c\u7528\u4e8e\u9a8c\u8bc1Server\u00a0CA\u8bc1\u4e66\u5408\u6cd5\u6027\uff0c<\/code><\/div>\n
\u901a\u8fc7easy-rsa<\/code>\/build-ca<\/code>\u751f\u6210\u7684ca.crt\uff0c\u548cServer\u914d\u7f6e\u91cc\u7684ca.crt\u662f\u540c\u4e00\u4e2a\u6587\u4ef6\u00a0<\/code><\/div>\n
ca\u00a0ca.crt\u00a0<\/code><\/div>\n
#\u00a0easy-rsa\/build-key\u751f\u6210\u7684key\u00a0pair\u6587\u4ef6\uff0c\u4e0a\u9762\u751f\u6210key\u90e8\u5206\u4e2d\u6709\u63d0\u5230\uff0c\u4e0d\u540c\u5ba2\u6237\u4f7f\u7528<\/code><\/div>\n
\u4e0d\u540c\u7684keys\u4fee\u6539\u4ee5\u4e0b\u4e24\u884c\u914d\u7f6e\u5e76\u4f7f\u7528\u4ed6\u4eec\u7684keys\u5373\u53ef\u3002\u00a0<\/code><\/div>\n
cert\u00a0elm.crt\u00a0<\/code><\/div>\n
key\u00a0elm.key\u00a0<\/code><\/div>\n
#\u00a0Server\u4f7f\u7528build-key-server\u811a\u672c\u4ec0\u6210\u7684\uff0c\u5728x509\u00a0v3\u6269\u5c55\u4e2d\u52a0\u5165\u4e86ns-cert-type\u9009\u9879\u00a0<\/code><\/div>\n
#\u00a0\u9632\u6b62VPN\u00a0client\u4f7f\u7528\u4ed6\u4eec\u7684keys\u00a0\uff0b\u00a0DNS\u00a0hack\u6b3a\u9a97vpn\u00a0client\u8fde\u63a5\u4ed6\u4eec\u5047\u5192\u7684VPN\u00a0Server\u00a0<\/code><\/div>\n
#\u00a0\u56e0\u4e3a\u4ed6\u4eec\u7684CA\u91cc\u6ca1\u6709\u8fd9\u4e2a\u6269\u5c55\u00a0<\/code><\/div>\n
ns-cert-<\/code>type<\/code>\u00a0server\u00a0<\/code><\/div>\n
#\u00a0\u548cServer\u914d\u7f6e\u91cc\u4e00\u81f4\uff0cta.key\u4e5f\u4e00\u81f4\uff0c\u6ce8\u610f\u6700\u540e\u53c2\u6570\u4f7f\u7528\u7684\u662f1\u00a0<\/code><\/div>\n
tls-auth\u00a0ta.key\u00a01\u00a0<\/code><\/div>\n
#\u00a0\u538b\u7f29\u9009\u9879\uff0c\u548cServer\u4e25\u683c\u4e00\u81f4\u00a0<\/code><\/div>\n
comp-lzo\u00a0<\/code><\/div>\n
#\u00a0Set\u00a0log\u00a0file\u00a0verbosity.\u00a0<\/code><\/div>\n
verb\u00a03<\/code><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

\u670d\u52a1\u7aef\u914d\u7f6e\u6587\u4ef6server.ovpn #\u7533\u660e\u672c\u673a\u4f7f\u7528\u7684IP\u5730\u5740\uff0c\u4e5f\u53ef\u4ee5\u4e0d\u8bf4\u660e ;local\u00a0192.168.24.34 #\u7533\u660e\u4f7f\u7528\u7684\u7aef\u53e3\uff0c\u9ed8\u8ba4443 port\u00a0443 #\u7533\u660e\u4f7f\u7528\u7684\u534f\u8bae\uff0c\u9ed8\u8ba4\u4f7f\u7528UDP\uff0c\u5982\u679c\u4f7f\u7528HTTP\u00a0proxy\uff0c\u5fc5\u987b\u4f7f\u7528 […]<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3,33,8],"tags":[6],"topic":[37,40],"class_list":["post-440","post","type-post","status-publish","format-standard","hentry","category-linux","category-app","category-8","tag-linux","topic-linux","topic-40"],"_links":{"self":[{"href":"https:\/\/idc.birk.cn\/index.php?rest_route=\/wp\/v2\/posts\/440","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/idc.birk.cn\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/idc.birk.cn\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/idc.birk.cn\/index.php?rest_route=\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/idc.birk.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=440"}],"version-history":[{"count":3,"href":"https:\/\/idc.birk.cn\/index.php?rest_route=\/wp\/v2\/posts\/440\/revisions"}],"predecessor-version":[{"id":443,"href":"https:\/\/idc.birk.cn\/index.php?rest_route=\/wp\/v2\/posts\/440\/revisions\/443"}],"wp:attachment":[{"href":"https:\/\/idc.birk.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=440"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/idc.birk.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=440"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/idc.birk.cn\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=440"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/idc.birk.cn\/index.php?rest_route=%2Fwp%2Fv2%2Ftopic&post=440"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}