欢迎大家赞助一杯啤酒🍺 我们准备了下酒菜:Formal mathematics/Isabelle/ML, Formal verification/Coq/ACL2, C++/F#/Lisp
OpenVPN
小 (→项目) |
|||
(未显示1个用户的28个中间版本) | |||
第1行: | 第1行: | ||
− | + | {{SeeWikipedia}} | |
− | + | ||
+ | OpenVPN是一个用于创建虚拟专用网络([[VPN]])加密通道的开源软件包,GNU GPL 许可协议。 | ||
+ | |||
+ | ==简介== | ||
+ | OpenVPN 允许参与建立VPN的单点使用公开密钥、电子证书、或者用户名/密码来进行身份验证。它大量使用了[[OpenSSL]]加密库中的SSLv3/TLSv1协议函数库。而 [[OpenSSH]] 是实现二/三层的基于隧道的VPN。OpenVPN不与[[IPsec]]及其他VPN软件包兼容。OpenVPN使用通用网络协议(TCP与UDP)的特点使它成为IPsec等协议的理想替代。 | ||
+ | |||
+ | OpenVPN 运行在用户空间(user space), 而 IPsec 运行在内核空间(kernel space)。 | ||
+ | |||
+ | OpenVPN所有的通信都基于一个单一的IP端口,IANA(Internet Assigned Numbers Authority)指定给OpenVPN的官方端口为1194。 | ||
+ | |||
+ | OpenVPN提供了两种虚拟网络接口:通用Tun/Tap驱动,通过它们,可以建立三层IP隧道,或者虚拟二层以太网,后者可以传送任何类型的二层以太网络数据。传送的数据可通过LZO算法压缩。 | ||
+ | |||
+ | OpenVPN Access Server 包含三个主要组件: | ||
+ | *OpenVPN Server | ||
+ | *Admin Web Interface/Admin UI | ||
+ | *Connect Client | ||
+ | |||
+ | 注意:免费下载测试用支持两个用户,购买最少需要购买10个用户数价格$50,每增加一个用户$5。 | ||
+ | |||
+ | ==安装== | ||
+ | 安装 [http://www.openvpn.net/index.php/access-server/download-openvpn-as-vm.html Virtual Appliances] Username: root Password: openvpnas | ||
+ | ovpn-init --force | ||
+ | passwd openvpn | ||
+ | https://192.168.1.101:943/admin | ||
+ | openvpn,openvpn | ||
+ | 下载OpenVPN Connect,建立 与 Server 的 VPN 连接 | ||
+ | 或 | ||
Install and build the [[LZO]] real-time data compression library and OpenVPN source code. | Install and build the [[LZO]] real-time data compression library and OpenVPN source code. | ||
./configure | ./configure | ||
make & make install | make & make install | ||
− | == | + | |
+ | ==使用== | ||
Creating configuration files for server and clients, sample-config-files directory of the OpenVPN source distribution | Creating configuration files for server and clients, sample-config-files directory of the OpenVPN source distribution | ||
Editing server.conf | Editing server.conf | ||
第11行: | 第38行: | ||
openvpn [server config file] | openvpn [server config file] | ||
Starting the client | Starting the client | ||
− | openvpn [client config file] | + | openvpn [client config file] |
+ | |||
==GUI== | ==GUI== | ||
− | [[Webmin]] OpenVPN Admin Module http://www.openit.it/index.php/openit_en/software_libero/openvpnadmin | + | *[[Webmin]] OpenVPN Admin Module http://www.openit.it/index.php/openit_en/software_libero/openvpnadmin |
+ | |||
+ | create New key to Certification Authority | ||
+ | openssl dhparam -out /etc/openvpn/keys/changeme/dh2048.pem 2048 | ||
+ | Generating DH parameters, 2048 bit long safe prime, generator 2 This is going to take a long time | ||
+ | /usr/bin/openssl req -batch -days 3650 -nodes -new -x509 -keyout "ca.key" -out "ca.crt" -config /etc/openvpn/openvpn-ssl.cnf | ||
+ | Generating a 2048 bit RSA private key, writing new private key to 'ca.key' | ||
+ | /usr/bin/openssl ca -gencrl -keyfile "ca.key" -cert "ca.crt" -out "crl.pem" -config /etc/openvpn/openvpn-ssl.cnf | ||
+ | Using configuration from /etc/openvpn/openvpn-ssl.cnf | ||
+ | *[[tunnelblick]] | ||
+ | *[[OpenVPN Settings]] | ||
+ | |||
+ | ==认证== | ||
+ | *[[LDAP]] [http://code.google.com/p/openvpn-auth-ldap/ openvpn-auth-ldap] | ||
+ | |||
+ | ==项目== | ||
+ | *[https://github.com/OpenVPN/openvpn3 OpenVPN 3] | ||
+ | *[https://github.com/OpenVPN/easy-rsa easy-rsa] [https://github.com/kylemanna/docker-openvpn OpenVPN for Docker] | ||
+ | *[https://github.com/OpenVPN/openvpn-gui OpenVPN GUI] | ||
+ | |||
+ | ==文档== | ||
+ | *[http://docs.huihoo.com/bsdcan/2012/Introduction-to-OpenVPN.pdf Introduction to OpenVPN] | ||
+ | *[http://docs.huihoo.com/bsdcan/2008/An-Open-Source-Enterprise-VPN-Solution-with-OpenVPN-and-OpenBSD.pdf An Open Source Enterprise VPN Solution with OpenVPN and OpenBSD] | ||
+ | |||
+ | ==图集== | ||
+ | <gallery widths=100px heights=100px perrow=6> | ||
+ | Image:openvpn.gif|OpenVPN | ||
+ | Image:openvpn-product-comparison.png|OpenVPN产品比较 | ||
+ | Image:openvpn-webmin.png|Webmin管理 | ||
+ | Image:openvpn-configuration.jpg|OpenVPN配置 | ||
+ | Image:openvpn-connect.png|Connect | ||
+ | Image:openvpn-web-admin.png|Web控制台 | ||
+ | </gallery> | ||
+ | |||
+ | ==链接== | ||
+ | *[http://openvpn.net/ OpenVPN官网] | ||
+ | *[https://github.com/OpenVPN OpenVPN @ GitHub] | ||
+ | *[http://docs.huihoo.com/openvpn/ OpenVPN文档] | ||
− | + | [[category:Security]] | |
− | + | [[category:VPN]] | |
− | + | ||
− | + |
2020年10月21日 (三) 00:58的最后版本
您可以在Wikipedia上了解到此条目的英文信息 OpenVPN Thanks, Wikipedia. |
OpenVPN是一个用于创建虚拟专用网络(VPN)加密通道的开源软件包,GNU GPL 许可协议。
目录 |
[编辑] 简介
OpenVPN 允许参与建立VPN的单点使用公开密钥、电子证书、或者用户名/密码来进行身份验证。它大量使用了OpenSSL加密库中的SSLv3/TLSv1协议函数库。而 OpenSSH 是实现二/三层的基于隧道的VPN。OpenVPN不与IPsec及其他VPN软件包兼容。OpenVPN使用通用网络协议(TCP与UDP)的特点使它成为IPsec等协议的理想替代。
OpenVPN 运行在用户空间(user space), 而 IPsec 运行在内核空间(kernel space)。
OpenVPN所有的通信都基于一个单一的IP端口,IANA(Internet Assigned Numbers Authority)指定给OpenVPN的官方端口为1194。
OpenVPN提供了两种虚拟网络接口:通用Tun/Tap驱动,通过它们,可以建立三层IP隧道,或者虚拟二层以太网,后者可以传送任何类型的二层以太网络数据。传送的数据可通过LZO算法压缩。
OpenVPN Access Server 包含三个主要组件:
- OpenVPN Server
- Admin Web Interface/Admin UI
- Connect Client
注意:免费下载测试用支持两个用户,购买最少需要购买10个用户数价格$50,每增加一个用户$5。
[编辑] 安装
安装 Virtual Appliances Username: root Password: openvpnas
ovpn-init --force passwd openvpn https://192.168.1.101:943/admin openvpn,openvpn
下载OpenVPN Connect,建立 与 Server 的 VPN 连接 或 Install and build the LZO real-time data compression library and OpenVPN source code.
./configure make & make install
[编辑] 使用
Creating configuration files for server and clients, sample-config-files directory of the OpenVPN source distribution
Editing server.conf Editing client.conf
Starting the server
openvpn [server config file]
Starting the client
openvpn [client config file]
[编辑] GUI
- Webmin OpenVPN Admin Module http://www.openit.it/index.php/openit_en/software_libero/openvpnadmin
create New key to Certification Authority
openssl dhparam -out /etc/openvpn/keys/changeme/dh2048.pem 2048
Generating DH parameters, 2048 bit long safe prime, generator 2 This is going to take a long time
/usr/bin/openssl req -batch -days 3650 -nodes -new -x509 -keyout "ca.key" -out "ca.crt" -config /etc/openvpn/openvpn-ssl.cnf
Generating a 2048 bit RSA private key, writing new private key to 'ca.key'
/usr/bin/openssl ca -gencrl -keyfile "ca.key" -cert "ca.crt" -out "crl.pem" -config /etc/openvpn/openvpn-ssl.cnf
Using configuration from /etc/openvpn/openvpn-ssl.cnf