windows下配置OpenVPN的简单方法

下载安装OpenVPN:

用Flashget或者其它任何方式下载OpenVPN的安装包,然后安装,记得选上easy-rsa这部分脚本,
用于管理CA的bat脚本。
http://openvpn.se/files/install_packages/openvpn-2.0.5-gui-1.0.3-install.exe

安装完毕后,easy-rsa在C:\Program Files\OpenVPN\目录下。

下面开始配置:
把easy-rsa目录下的vars.bat.sample改名为vars.bat,并且修改其内容:
==================================
set KEY_COUNTRY=CN
set KEY_PROVINCE=Liaoning
set KEY_CITY=Shenyang
set KEY_ORG=OpenVPN
set [email protected]
==================================
其它部分就不用修改了,上面部分修改成你自己的配置。

把easy-rsa下的openssl.cnf.sample改成openssl.cnf。

然后进入cmd.exe
=============================================
Microsoft Windows XP [版本 5.1.2600]
(C) 版权所有 1985-2001 Microsoft Corp.

C:\Documents and Settings\Administrator>cd "\Program Files\OpenVPN\easy-rsa"

C:\Program Files\OpenVPN\easy-rsa>vars

C:\Program Files\OpenVPN\easy-rsa>clean-all.bat
系统找不到指定的文件。
已复制         1 个文件。
已复制         1 个文件。

C:\Program Files\OpenVPN\easy-rsa>

生成Root CA
格式: build-ca.bat
输出: keys/ca.crt keys/ca.key
======================================================================
C:\Program Files\OpenVPN\easy-rsa>build-ca.bat
Using configuration from openssl.cnf
Generating a 1024 bit RSA private key
......++++++
.........++++++
writing new private key to ‘keys\ca.key‘
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.‘, the field will be left blank.
-----
Country Name (2 letter code) [CN]:
State or Province Name (full name) [Liaoning]:
Locality Name (eg, city) [Shenyang]:
Organization Name (eg, company) [OpenVPN]:
Organizational Unit Name (eg, section) []:OpenVPN ORG
Common Name (eg, your name or your server‘s hostname) []:OpenVPN RootCA
Email Address [[email protected]]:

C:\Program Files\OpenVPN\easy-rsa>

生成dh1024.pem文件,Server使用TLS必须使用的一个文件。
格式: build-dh.bat
输出: keys/dh1024.pem
============================================================================
C:\Program Files\OpenVPN\easy-rsa>build-dh.bat
warning, not much extra random data, consider using the -rand option
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
.....................+...............+........+.................................
....................................+...........................+...............
........................................+.......................................
.........................................+...............+......................
................................................................................
.......................+..................................+.....................
..........................+.........................+...........+...............
.......+.........................+..............................................
........+....+..................................................................
................................................................................
...+....+.+...........................................+.........................
....................................................................+...........
.................+.....................................................+........
..............................................................+...+.............
.....+.........................+...........+....................................
................+......................+.....................................+..
....................................................................+.........+.
......+........................................................+................
...............................+..+.............................+...............
..............................................+.......................+.........
................................................................................
............................................................................+...
...................................+.............+..............................
.............................................................+.+........+.......
..............................................+.................................
...+............................................................................
............+..................................................+................
...........................+..........................................+........+
.........+.........+..........................................+................+
..+..........................................................................+..
.....+..+....................+.....................+............................
................................................................................
...........+.........+....+.........................+...........+.......+.+.....
.....................................................+................+.........
..........+.....................................................................
................+...............................................+..........+....
................................................................................
.................+.........................................+....................
..............................................................................+.
.......+.......................................................+..+.............
+................................+...+..........................+...............
..........................................................+..................+..
................................................................................
......................................................+.........................
....+.......................+.......................+...........................
..............+.................................................................
.......................................................+........................
..........................................................................+.....
......+..................................+......................................
...................................................+..................+.........
..............+.......................+.........................................
................................................................................
.....+....................+...........................+.........................
................................................................................
........................................................................++*++*++
*

C:\Program Files\OpenVPN\easy-rsa>

下面开始生成Server使用的证书了:
格式: build-key-server.bat
输出: keys/.crt .csr .key
================================================================================
C:\Program Files\OpenVPN\easy-rsa>build-key-server.bat server01
Using configuration from openssl.cnf
Generating a 1024 bit RSA private key
................++++++
.....++++++
writing new private key to ‘keys\server01.key‘
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.‘, the field will be left blank.
-----
Country Name (2 letter code) [CN]:
State or Province Name (full name) [Liaoning]:
Locality Name (eg, city) [Shenyang]:
Organization Name (eg, company) [OpenVPN]:
Organizational Unit Name (eg, section) []:OpenVPN ORG
Common Name (eg, your name or your server‘s hostname) []:Server01
Email Address [[email protected]]:

Please enter the following ‘extra‘ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from openssl.cnf
Check that the request matches the signature
Signature ok
The Subjects Distinguished Name is as follows
countryName           :PRINTABLE:‘CN‘
stateOrProvinceName   :PRINTABLE:‘Liaoning‘
localityName          :PRINTABLE:‘Shenyang‘
organizationName      :PRINTABLE:‘OpenVPN‘
organizationalUnitName:PRINTABLE:‘OpenVPN ORG‘
commonName            :PRINTABLE:‘Server01‘
emailAddress          :IA5STRING:‘[email protected]‘
Certificate is to be certified until Feb  9 10:01:34 2016 GMT (3650 days)
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

C:\Program Files\OpenVPN\easy-rsa>

下面开始为client***书:
格式: build-key.bat
输出: keys/.crt keys/.csr keys/.key
===========================================================================
C:\Program Files\OpenVPN\easy-rsa>build-key.bat elm
Using configuration from openssl.cnf
Generating a 1024 bit RSA private key
.....................................................++++++
...................................................++++++
writing new private key to ‘keys\elm.key‘
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.‘, the field will be left blank.
-----
Country Name (2 letter code) [CN]:
State or Province Name (full name) [Liaoning]:
Locality Name (eg, city) [Shenyang]:
Organization Name (eg, company) [OpenVPN]:
Organizational Unit Name (eg, section) []:OpenVPN ORG
Common Name (eg, your name or your server‘s hostname) []:ELM
Email Address [[email protected]]:

Please enter the following ‘extra‘ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from openssl.cnf
Check that the request matches the signature
Signature ok
The Subjects Distinguished Name is as follows
countryName           :PRINTABLE:‘CN‘
stateOrProvinceName   :PRINTABLE:‘Liaoning‘
localityName          :PRINTABLE:‘Shenyang‘
organizationName      :PRINTABLE:‘OpenVPN‘
organizationalUnitName:PRINTABLE:‘OpenVPN ORG‘
commonName            :PRINTABLE:‘ELM‘
emailAddress          :IA5STRING:‘[email protected]‘
Certificate is to be certified until Feb  9 10:05:53 2016 GMT (3650 days)
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

C:\Program Files\OpenVPN\easy-rsa>

下面生成ta.key文件
格式: openvpn --genkey --secret keys/ta.key
输出: keys/ta.key
=========================================================================
C:\Program Files\OpenVPN\easy-rsa>openvpn --genkey --secret keys/ta.key

C:\Program Files\OpenVPN\easy-rsa>

OK,那些keys就搞定了,下面开始写配置文件。
server01.ovpn内容:
----------------CUT Here-------------
port 1194
proto udp
dev tap
ca ca.crt
cert server01.crt
key server01.key # This file should be kept secret
;crl-verify vpncrl.pem
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-to-client
;duplicate-cn
keepalive 10 120
tls-auth ta.key 0 # This file is secret
comp-lzo
;max-clients 100
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3
--------------Cut Here-----------------
把配置文件放到C:\Program Files\OpenVPN\config\目录下。
把easy-rsa\keys\下的 ca.crt server01.crt server01.key ta.key dh1024.pem
复制到server01.ovpn所在目录。

Server的配置已经结束,可以启动Server了,在右下角OpenVPN-gui上点右键,然后选择connected。
需要服务器启动后自动运行,修改 "控制面板" 下面的 "管理工具" 下的 "服务" 把OpenVPN设置成自动启动。

Client的配置文件:
-------------Cut Here---------------------
client
dev tap
proto udp

remote 61.1.1.2 1194
;remote my-server-2 1194

;remote-random

resolv-retry infinite
nobind
user nobody
group nobody
route 192.168.0.0 255.255.252.0
persist-key
persist-tun

;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]

ca ca.crt
cert elm.crt
key elm.key

ns-cert-type server
tls-auth ta.key 1
comp-lzo
# Set log file verbosity.
verb 4
--------------Cut Here---------------------
并且把easy-rsa/keys下的ca.crt elm.crt elm.key ta.key一起放到Client的
<openvpn_home>\config目录下。

Client的配置已经结束,可以连接Server了,在右下角OpenVPN-gui上点右键,然后选择connected。

OK,整个配置就完成了。

需要为其它用户颁发证书,只需如下步骤:
进入cmd.exe

cd <openvpn_home>\easy-rsa
vars.bat
build-kye.bat

Client所需要的文件:

client.ovpn (需要修改部分配置)
ca.crt
.crt
.key (为 文件名,如: elm 等)
ta.key

原地址:

http://blog.chinaunix.net/uid-26631328-id-3062741.html

时间: 2024-10-23 22:27:20

windows下配置OpenVPN的简单方法的相关文章

php 在windows下配置虚拟目录的方法

1.先找到apache的配置文件 httpd.conf 找如如下代码: # Virtual hosts#Include conf/extra/httpd-vhosts.conf 把# Include conf/extra/httpd-vhosts.conf 去掉#号,如下: Include conf/extra/httpd-vhosts.conf 保存. 2.打开 Apache 的 conf 目录下的  extra 文件夹下的  httpd-vhosts.conf 文件,用记事本打开,在末尾加入

Windows 下配置 Vagrant 环境

Vagrant是一个基于 Ruby 的工具,用于创建和部署虚拟化开发环境.它使用 Oracle 的开源VirtualBox虚拟化系统. Vagrant 在快速搭建开发环境方面是很赞的,试想一个团队中,大家开发同一个东西,以前每个人都要自己搭建一套开发环境 ,有了 Vagrant,你只需要搭建一份,然后分发给所有团队成员,这样大家都立刻就有完全相同的开发环境了,即便有成员在Windows 下,也可以方便的使用 Linux 环境开发.如果团队中来了新人,也不需要手把手教他怎么搭建开发环境,给他丢一个

windows 下配置 Nginx 常见问题

因为最近的项目需要用到负载均衡,不用考虑,当然用大名鼎鼎的Nginx啦.至于Nginx的介绍,这里就不多说了,直接进入主题如何在Windows下配置. 我的系统是win7旗舰版的,到官网下载最新版本 nginx/Windows-1.7.9解压到英文目录下(我刚开始是放到中文目录下的,启动时会有问题,下面常见错误里会讲到). 一.  Nginx配置 找到 conf 目录里的 nginx.conf 文件,配置Nginx #user nobody; #指定nginx进程数 worker_process

windows 下配置 Nginx 常见问题(转)

windows 下配置 Nginx 常见问题 因为最近的项目需要用到负载均衡,不用考虑,当然用大名鼎鼎的Nginx啦.至于Nginx的介绍,这里就不多说了,直接进入主题如何在Windows下配置. 我的系统是win7旗舰版的,到官网下载最新版本 nginx/Windows-1.7.9解压到英文目录下(我刚开始是放到中文目录下的,启动时会有问题,下面常见错误里会讲到). 一.  Nginx配置 找到 conf 目录里的 nginx.conf 文件,配置Nginx #user nobody; #指定

memcache的windows下的安装和简单使用

原文:memcache的windows下的安装和简单使用 memcache是为了解决网站访问量大,数据库压力倍增的解决方案之一,由于其简单实用,很多站点现在都在使用memcache,但是memcache缺点之一却是缺少安全性验证,所以一般而言我们都会把一些访问量大,但是不需要验证的数据放在这里,需要用的时候来这里取,就给数据库减少了很多的负担.一般而言设定个更新时间就好了,1个小时左右更新一次. windows下安装和测试memcache最为方便,Linux只是需要相应的编译包就行了,需要包括m

windows下配置nginx+php环境

windows下配置nginx+php环境 刚看到nginx这个词,我很好奇它的读法(engine x),我的直译是“引擎x”,一般引“擎代”表了性能,而“x”大多出现是表示“xtras(额外的效果)”,那么整个词的意思就是类似“极致效果”,“额外性能”.当然这里不是要来唠嗑,以上是题外话. nginx相较于我们熟悉的apache.IIS的优势,就我浅入浅出的了解,在于“反向代理”和“负载均衡”.因此考虑到能够为Web服务器节省资源,它可以代替apache来提供Web服务.那么上正题了,ngin

Windows下配置Sendmail通过php mail函数发邮件

两种php发信方式 在许多php程序中通常都需要发邮件比如discuz需要选择sendmail发信,wordpress评论回复需要发信,然而发送邮件则有两种不同的方式.一是直接通过php中的mail()函数进行发信,而则是通过写一些程序来通过stmp服务来进行发信. 前者需要程序所在服务器的支持,通常linux服务器大多有这项服务.比如之前我用的Godaddy主机就可以进行发信,但是国内主机服务商则基本不带这个函数的支持.因为在这个垃圾邮件横行霸道的年代,服务器提供商则索性关闭这个函数的使用,所

在CentOS/Windows下配置Nginx(以及踩坑)

在CentOS/Windows下配置Nginx(以及踩坑) 1. 序言 因为这类文章网上比较多,实际操作起来也大同小异,所以我并不会着重于详细配置方面,而是将我配置时踩的坑写出来. 2. CentOS 2.1 第一步下载nginx包 我选择将包放在/usr/local下 cd /usr/local wget (nginx下载目录网址) 这里的下载目录可以根据需要选择版本从而决定 请点击nginx下载查看目录 2.2 安装nginx所需环境 yum?install?gcc-c++ yum?inst

Windows下配置QT OpenCV

OpenCV-Study:Windows下配置OpenCV 本文博客链接:http://blog.csdn.net/jdh99,作者:jdh,转载请注明. 环境: 主机:XP OpenCV版本:2.4.0 说明: 配置参考链接: http://blog.csdn.net/youhaipeng/article/details/7452972 http://blog.csdn.NET/youhaipeng/article/details/7453034 测试代码: .pro文件 [plain] vi