1. 设置宽带上网
set int eth eth0 pppoe 0 set int eth eth0 pppo 0 user-id youre_username set int eth eth0 pppo 0 password your_password
2. 配置dhcp
set service dhcp-server shared-network-name LAN authoritative enable set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 start 192.168.1.100 stop 192.168.1.150 set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 default-router 192.168.1.1 set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 dns-server 223.5.5.5 set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 dns-server 223.6.6.6 set service dhcp-server shared-network-name LAN subnet 192.168.1.0/24 lease 86400
3. 设置nat
set nat source rule 1 outbound-interface pppoe0 set nat source rule 1 source address 192.168.1.0/24 set nat source rule 1 translation address masquerade
4. 配置openvpn
# 生成证书 cp -rv /usr/share/doc/openvpn/examples/easy-rsa/2.0/ /config/easy-rsa2 # 编辑生成证书用的配置文件 cat /config/easy-rsa2/vars ... export KEY_SIZE=2048 ... export KEY_COUNTRY="CN" export KEY_PROVINCE="test" export KEY_CITY="tet" export KEY_ORG="test" export KEY_EMAIL="[email protected]" # 生成证书 cd /config/easy-rsa2/ source ./vars ./build-ca ./build-dh ./build-key-server openvpntest # 生成client key ./build-key testclient # 复制证书 cp /config/easy-rsa2/keys/ca.crt /config/auth/ cp /config/easy-rsa2/keys/dh2048.pem /config/auth/ cp /config/easy-rsa2/keys/openvpntest.key /config/auth/ cp /config/easy-rsa2/keys/openvpntest.crt /config/auth/ # 配置openvpn set int openvpn vtun0 mode server set int openvpn vtun0 description "TCP version" set int openvpn vtun0 openvpn-option --comp-lzo set int openvpn vtun0 protocol tcp-passive set int openvpn vtun0 server subnet 192.168.3.0/24 set int openvpn vtun0 server name-server 223.5.5.5 set int openvpn vtun0 server name-server 223.6.6.6 set int openvpn vtun0 server push-route 192.168.1.0/24 set int openvpn vtun0 tls ca-cert-file /config/auth/ca.crt set int openvpn vtun0 tls cert-file /config/auth/openvpntest.crt set int openvpn vtun0 tls dh-file /config/auth/dh2048.pem set int openvpn vtun0 tls key-file /config/auth/openvpntest.key # 创建 client 配置文件 cat <<EOF>> testclient.ovpn client dev tun proto tcp remote 192.168.56.102 1194 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert testclient.crt key testclient.key ns-cert-type server comp-lzo verb 3 EOF
5. 配置 L2TP over IPsec
set vpn ipsec ipsec-interfaces interface pppoe0 set vpn ipsec nat-traversal enable set vpn ipsec nat-networks allowed-network 0.0.0.0/0 set vpn l2tp remote-access outside-address <public-address> set vpn l2tp remote-access client-ip-pool start 192.168.255.1 set vpn l2tp remote-access client-ip-pool stop 192.168.255.255 set vpn l2tp remote-access ipsec-settings authentication mode pre-shared-secret set vpn l2tp remote-access ipsec-settings authentication pre-shared-secret <secret> set vpn l2tp remote-access authentication mode local set vpn l2tp remote-access authentication local-users username <username> password <password> # windows 添加路由 route add 192.168.1.0 mask 255.255.255.0 192.168.255.1
参考链接
http://foxhound.blog.51cto.com/1167932/1687579
https://technotes.seastrom.com/2016/04/19/VPN-on-VyOS-OpenVPN.html
https://jasonschaefer.com/openvpn-on-vyos/
http://ithelpblog.com/network/vyatta-openvpn-client-to-site-configuration-split-tunnel/
https://support.rackspace.com/how-to/configure-remote-access-vpn-service-on-a-vyatta-appliance/
https://misc.mat2uken.net/blog/2013/08/23/vyatta_l2tp_ipsec.html
https://supportforums.cisco.com/discussion/11366946/split-tunnel-not-working-l2tp-over-ipsec-vpn-asa
http://ithelpblog.com/network/vyatta-openvpn-client-to-site-configuration-split-tunnel/
时间: 2024-10-09 08:29:45