OpenWrt OpenVPN Server安裝
運行環境
- OpenWrt 21.02.3
安裝套件
opkg update
opkg install openvpn-openssl openvpn-easy-rsa
opkg install luci-app-openvpn
#web介面管理# Configuration parameters
OVPN_PKI="/etc/easy-rsa/pki"
export EASYRSA_PKI="${OVPN_PKI}"
export EASYRSA_REQ_CN="ovpnca"
export EASYRSA_BATCH="1"
# Remove and re-initialize the PKI directory
easyrsa init-pki
# Generate DH parameters
easyrsa gen-dh
# Create a new CA
easyrsa build-ca nopass
# Generate a key pair and sign locally for a server
easyrsa build-server-full server nopass
# Generate a key pair and sign locally for a client
easyrsa build-client-full client nopass
# Generate TLS PSK
openvpn --genkey --secret ${OVPN_PKI}/tc.pem設定
新增server設定,這裡使用tap bridge為範例,編輯/etc/config/openvpn
config openvpn 'vpntap'
option enable '1'
option proto 'udp'
option dev 'tap0'
option ca '/etc/easy-rsa/pki/ca.crt'
option cert '/etc/easy-rsa/pki/issued/server.crt'
option key '/etc/easy-rsa/pki/private/server.key'
option dh '/etc/easy-rsa/pki/dh.pem'
option tls_auth '/etc/easy-rsa/pki/tc.pem 0'
option tls_server '1'
option keepalive '10 120'
option comp_lzo 'adaptive'
option persist_key '1'
option persist_tun '1'
option status '/tmp/openvpn-status.log'
option verb '3'
option server_bridge ' '
option port '12975'
option duplicate_cn '1' <<允許多個client/etc/init.d/openvpn restartclient config設定
client
dev tap
proto udp
remote <remote ip> 12975
remote-cert-tls server
nobind
comp-lzo
persist-key
persist-tun
verb 3
key-direction 1
tls-client
<ca>
放置 /etc/easy-rsa/pki/ca.crt
</ca>
<cert>
放置 etc/easy-rsa/pki/issued/client.crt
</cert>
<key>
放置 /etc/easy-rsa/pki/private/client.key
</key>
<tls-auth>
放置 /etc/easy-rsa/pki/tc.pem
</tls-auth>於openwrt web介面選擇橋接裝置,將橋接裝置新增tap0介面即完成
No comments to display
No comments to display