远程默认连接局域网,常规方法网上到处可见
这里记录最终的server配置文件及client 配置文件
server.conf
——-
local 192.168.10.2
port 1194
proto tcp
dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push “route 192.168.10.0 255.255.255.0”
client-config-dir ccd
route 192.168.10.1 255.255.255.0
client-to-client
duplicate-cn
keepalive 10 120
tls-auth ta.key 0 # This file is secret
comp-lzo
max-clients 100
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
log /var/log/openvpn.log
log-append /var/log/openvpn.log
verb 3
mute 20
——
client.ovpn
———-
client
dev tun
proto tcp
remote vpnservicename 1194
resolv-retry infinite
nobind
user nobody
group nobody
persist-key
persist-tun
ca ca.crt
cert zb02.crt
key zb02.key
ns-cert-type server
tls-auth ta.key 1
comp-lzo
verb 3
route 192.168.10.0 255.255.255.0 10.8.0.1
———–
iptables 需要增加内容
-A RH-Firewall-1-INPUT -p udp -m udp –dport 1194 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp –dport 1194 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT –reject-with icmp-host-prohibited
shell#>iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE