본문 바로가기
해봐야 안다.OTL/Linux

Linux_OpenVPN

조정현 2009. 11. 13. 10:32

[OPENVPN]

- 일반적으로 VPN 구성은 3가지 방식으로 구현 가능하다.

1. Gateway to Gateway방식(Site to Site)

à 주로 본사와 지사 간에 네트워크를 구성하는 것으로 네트워크의 앞단에 별도의 VPN 장비

(G/W)를 두는 경우 : 일반 트래픽은 인터넷으로 보내고, 상대방 VPN으로 가는 경우 패킷을 압축,암호화하여 보냄.

.

2. Host to Gateway방식

à 외근이 잦은 영업사원 이나 출장을 갔을 때 사용할 수 있는 방식으로 IDC등 전산센터의 앞단에 VPN장비를 두고 클라이언트는 PC에 별도의 VPN 클라이언트 프로그램을 설치하여 이용하는 방식

.

3. Host to Host

à 별도의 장비 없이 특정 서버에 VPN 데몬을 설치하여 클라이언트 PC와 서버 간에 VPN 터널을 구성하는 경우

.

- VPN은 인터넷에 가상 사설망을 만든다고 생각하면 되겠다.

IPSEC VPN, SSL VPN

- IPSEC VPN은 장비적인 특성도 많이 타고 구현의 어려움이 있어. SSLVPN이 대세다.

--

Openvpn을 하기 전에 확인해야 할 사항이 있다.

[root@jo:/usr/local/src/openvpn/openvpn-2.0.9]#lsmod |grep tun

[root@jo:/usr/local/src/openvpn/openvpn-2.0.9]#modprobe tun

[root@jo:/usr/local/src/openvpn/openvpn-2.0.9]#lsmod |grep tun

tun 16064 0

tun : 가상의 네트워크 인터페이스 이지만 openvpn이 사용하기 위한 네트워크 인터페이스다.

Tun 방식은 bridge를 지원하지 않는다.

#rpm –qa |grep à 설치 되어 있는지 확인하고 있음 지우자.

--

 

<openvpn 다운로드>

http://www.openvpn.net/

[root@jo:~]#cd /usr/local/src/

[root@jo:/usr/local/src]#mkdir openvpn

[root@jo:/usr/local/src]#cd openvpn

[root@jo:/usr/local/src/openvpn]#wget http://www.openvpn.net/release/openvpn-2.0.9.tar.gz

--

<lzo 다운로드 및 설치>

[root@jo:/usr/local/src/openvpn/openvpn-2.0.9]#rpm -qa |grep lzo à 있는지 보고 없음 설치

"실시간 압축 라이브러리" vpn통신할 때 암호화/복호화를 하게 되는데 속도가 떨어지게 된다.

그래서 이게 필요하다.

아래 사이트에서 받는다.

http://www.oberhumer.com/opensource/lzo/download

[root@jo:/usr/local/src/openvpn]#wget http://www.oberhumer.com/opensource/lzo/download/lzo-2.03.tar.gz

.

.

[root@jo:/usr/local/src/openvpn]#tar xvfz lzo-2.03.tar.gz

[root@jo:/usr/local/src/openvpn]#cd lzo-2.03

[root@jo:/usr/local/src/openvpn/lzo-2.03]#./configure

[root@jo:/usr/local/src/openvpn/lzo-2.03]#make && make install

--

<openvpn 설치>

[root@jo:/usr/local/src/openvpn/openvpn-2.0.9]#./configure --prefix=/usr/local/openvpn --sysconfdir=/etc/openvpn --enable-ssl --enable-lzo && make && make install

.

--enable-password-save 옵션은 VPN 인증 시 파일로 id/pw를 저장하여 인증할 때 사용된다.

./configure 옵션은 버전 별로 변경될 수 있기 때문에 설치 전에는 ./configure –help를 먼저 봐야한다.

--

 

[root@jo:/usr/local/src/openvpn/openvpn-2.0.9]#ls -l /usr/local/openvpn

total 16

drwxr-xr-x 3 root root 4096 Nov 11 01:42 man

drwxr-xr-x 2 root root 4096 Nov 11 01:42 sbin

 

[root@jo:/usr/local/src/openvpn]#tar xvfz openvpn-2.0.9.tar.gz

[root@jo:/usr/local/src/openvpn/openvpn-2.0.9]#mkdir /etc/openvpn

[root@jo:/usr/local/src/openvpn/openvpn-2.0.9]#cp -ax easy-rsa/ /etc/openvpn/

[root@jo:/usr/local/src/openvpn/openvpn-2.0.9]#ls -l /etc/openvpn/

total 8

drwxrwxrwx 4 root root 4096 Oct 1 2006 easy-rsa

[root@jo:/usr/local/src/openvpn/openvpn-2.0.9]#cp -ax sample-config-files/* /etc/openvpn/

à config 파일들을 옮겼다.

--

<옮긴 파일 확인>

[root@jo:/usr/local/src/openvpn/openvpn-2.0.9]#ls -l /etc/openvpn/

total 144

-rw-r--r-- 1 root root 3427 Nov 1 2005 client.conf

drwxrwxrwx 4 root root 4096 Oct 1 2006 easy-rsa

-rwxr-xr-x 1 root root 3564 Nov 1 2005 firewall.sh

-rwxr-xr-x 1 root root 62 Nov 1 2005 home.up

-rw-r--r-- 1 root root 634 Nov 1 2005 loopback-client

-rw-r--r-- 1 root root 660 Nov 1 2005 loopback-server

-rwxr-xr-x 1 root root 62 Nov 1 2005 office.up

-rwxr-xr-x 1 root root 63 Nov 1 2005 openvpn-shutdown.sh

-rwxr-xr-x 1 root root 776 Nov 1 2005 openvpn-startup.sh

-rw-r--r-- 1 root root 131 Nov 1 2005 README

-rw-r--r-- 1 root root 9970 Jan 7 2006 server.conf

-rw-r--r-- 1 root root 1742 Nov 1 2005 static-home.conf

-rw-r--r-- 1 root root 1688 Nov 1 2005 static-office.conf

-rw-r--r-- 1 root root 1937 Nov 1 2005 tls-home.conf

-rw-r--r-- 1 root root 1948 Nov 1 2005 tls-office.conf

-rw-r--r-- 1 root root 199 Nov 1 2005 xinetd-client-config

-rw-r--r-- 1 root root 989 Nov 1 2005 xinetd-server-config

--

[root@jo:/usr/local/src/openvpn/openvpn-2.0.9]#cd /etc/openvpn/

[root@jo:/etc/openvpn]#cd easy-rsa/

[root@jo:/etc/openvpn/easy-rsa]#ls

2.0 build-key build-req make-crl revoke-full

build-ca build-key-pass build-req-pass openssl.cnf sign-req

build-dh build-key-pkcs12 clean-all README vars

build-inter build-key-server list-crl revoke-crt Windows

--

[root@jo:/etc/openvpn/easy-rsa]#vi vars

 

40 export KEY_SIZE=2048

41

42 # These are the default values for fields

43 # which will be placed in the certificate.

44 # Don't leave any of these fields blank.

45 export KEY_COUNTRY=KR

46 export KEY_PROVINCE=SEOUL

47 export KEY_CITY=SEOUL

48 export KEY_ORG="cho.iss"

49 export KEY_EMAIL="kkk@cho.iss"

:wq

--

[root@jo:/etc/openvpn/easy-rsa]#ls -l /usr/local/openvpn/sbin/

total 1392

-rwxr-xr-x 1 root root 1415413 Nov 11 01:42 openvpn

[root@jo:/etc/openvpn/easy-rsa]#./clean-all

you must define KEY_DIR

[root@jo:/etc/openvpn/easy-rsa]#mkdir keys

--

[root@jo:/etc/openvpn/easy-rsa]#source ./vars

NOTE: when you run ./clean-all, I will be doing a rm -rf on /usr/local/src/openvpn/openvpn-2.0.9/easy-rsa/keys

[root@jo:/etc/openvpn/easy-rsa]#

[root@jo:/etc/openvpn/easy-rsa]#./clean-all

[root@jo:/etc/openvpn/easy-rsa]#./build-ca à 인증서 만드는 거다.

Generating a 2048 bit RSA private key

................................+++

...............+++

writing new private key to 'ca.key'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [KR]:

State or Province Name (full name) [SEOUL]:

Locality Name (eg, city) [SEOUL]:

Organization Name (eg, company) [cho.iss]:

Organizational Unit Name (eg, section) []:

Common Name (eg, your name or your server's hostname) []:Root CA

Email Address [kkk@cho.iss]:

.

[root@jo:/etc/openvpn/easy-rsa]#ls keys/

ca.crt ca.key index.txt serial

à 파일 4개 확인

.

CA.crt à Root 공개 인증서

CA.key à Root 개인키

Server.crt (pem)

Server.key

--

 

[root@jo:/etc/openvpn/easy-rsa]#./build-key-server vpn.cho.iss

내 도메인 이름으로 생성하겠다.

.

Generating a 2048 bit RSA private key

....................+++

................................................+++

writing new private key to 'vpn.cho.iss.key'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [KR]:

State or Province Name (full name) [SEOUL]:

Locality Name (eg, city) [SEOUL]:

Organization Name (eg, company) [cho.iss]:

Organizational Unit Name (eg, section) []:VPN

Common Name (eg, your name or your server's hostname) []:vpn.cho.iss

Email Address [kkk@cho.iss]:

.

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

Using configuration from /usr/local/src/openvpn/openvpn-2.0.9/easy-rsa/openssl.cnf

Check that the request matches the signature

Signature ok

The Subject's Distinguished Name is as follows

countryName :PRINTABLE:'KR'

stateOrProvinceName :PRINTABLE:'SEOUL'

localityName :PRINTABLE:'SEOUL'

organizationName :PRINTABLE:'cho.iss'

organizationalUnitName:PRINTABLE:'VPN'

commonName :PRINTABLE:'vpn.cho.iss'

emailAddress :IA5STRING:'kkk@cho.iss'

--

Certificate is to be certified until Nov 8 17:13:28 2019 GMT (3650 days)

Sign the certificate? [y/n]:y

.

.

1 out of 1 certificate requests certified, commit? [y/n]y

Write out database with 1 new entries

Data Base Updated

--

[root@jo:/etc/openvpn/easy-rsa]#ls -l keys/

total 92

-rw-r--r-- 1 root root 4944 Nov 11 02:13 01.pem

-rw-r--r-- 1 root root 1513 Nov 11 01:57 ca.crt

-rw------- 1 root root 1679 Nov 11 01:57 ca.key

-rw-r--r-- 1 root root 100 Nov 11 02:13 index.txt

-rw-r--r-- 1 root root 21 Nov 11 02:13 index.txt.attr

-rw-r--r-- 1 root root 0 Nov 11 01:55 index.txt.old

-rw-r--r-- 1 root root 3 Nov 11 02:13 serial

-rw-r--r-- 1 root root 3 Nov 11 01:55 serial.old

-rw-r--r-- 1 root root 4944 Nov 11 02:13 vpn.cho.iss.crt

-rw-r--r-- 1 root root 1037 Nov 11 02:13 vpn.cho.iss.csr

-rw------- 1 root root 1675 Nov 11 02:13 vpn.cho.iss.key

à 이제 "서버 키"가 만들어 졌다.

--

클라이언트도 인증키로 로그인 하게 클라이언트 키를 만들자.

[root@jo:/etc/openvpn/easy-rsa]#./build-key vpnclient-1

Generating a 2048 bit RSA private key

...................+++

.....................................+++

writing new private key to 'vpnclient-1.key'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [KR]:

--

State or Province Name (full name) [SEOUL]:

Locality Name (eg, city) [SEOUL]:

Organization Name (eg, company) [cho.iss]:

Organizational Unit Name (eg, section) []:VPNCLIENT

Common Name (eg, your name or your server's hostname) []:vpnclient-1.key

Email Address [kkk@cho.iss]:

.

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

Using configuration from /usr/local/src/openvpn/openvpn-2.0.9/easy-rsa/openssl.cnf

Check that the request matches the signature

Signature ok

The Subject's Distinguished Name is as follows

countryName :PRINTABLE:'KR'

stateOrProvinceName :PRINTABLE:'SEOUL'

localityName :PRINTABLE:'SEOUL'

organizationName :PRINTABLE:'cho.iss'

organizationalUnitName:PRINTABLE:'VPNCLIENT'

commonName :PRINTABLE:'vpnclient-1.key'

emailAddress :IA5STRING:'kkk@cho.iss'

Certificate is to be certified until Nov 8 17:17:20 2019 GMT (3650 days)

Sign the certificate? [y/n]:y

.

.

1 out of 1 certificate requests certified, commit? [y/n]y

Write out database with 1 new entries

Data Base Updated

--

 

[root@jo:/etc/openvpn/easy-rsa]#ls -l keys/    

total 144

-rw-r--r-- 1 root root 4944 Nov 11 02:13 01.pem

-rw-r--r-- 1 root root 4863 Nov 11 02:17 02.pem

-rw-r--r-- 1 root root 1513 Nov 11 01:57 ca.crt

-rw------- 1 root root 1679 Nov 11 01:57 ca.key

-rw-r--r-- 1 root root 210 Nov 11 02:17 index.txt

-rw-r--r-- 1 root root 20 Nov 11 02:17 index.txt.attr

-rw-r--r-- 1 root root 21 Nov 11 02:13 index.txt.attr.old

-rw-r--r-- 1 root root 100 Nov 11 02:13 index.txt.old

-rw-r--r-- 1 root root 3 Nov 11 02:17 serial

-rw-r--r-- 1 root root 3 Nov 11 02:13 serial.old

-rw-r--r-- 1 root root 4944 Nov 11 02:13 vpn.cho.iss.crt

-rw-r--r-- 1 root root 1037 Nov 11 02:13 vpn.cho.iss.csr

-rw------- 1 root root 1675 Nov 11 02:13 vpn.cho.iss.key

-rw-r--r-- 1 root root 4863 Nov 11 02:17 vpnclient-1.crt

-rw-r--r-- 1 root root 1050 Nov 11 02:17 vpnclient-1.csr

-rw------- 1 root root 1675 Nov 11 02:17 vpnclient-1.key

.

à 이제 "클라이언트 키"가 생겼다.

위 키들은 외부로 유출되면 안된다.

--

 

[root@jo:/etc/openvpn/easy-rsa]#./build-dh à 디피-헬먼

[root@jo:/etc/openvpn/easy-rsa]#ls -l keys/

total 152

-rw-r--r-- 1 root root 4944 Nov 11 02:13 01.pem

-rw-r--r-- 1 root root 4863 Nov 11 02:17 02.pem

-rw-r--r-- 1 root root 1513 Nov 11 01:57 ca.crt

-rw------- 1 root root 1679 Nov 11 01:57 ca.key

-rw-r--r-- 1 root root 424 Nov 11 02:23 dh2048.pem à 이게 생겼을 거다.

-rw-r--r-- 1 root root 210 Nov 11 02:17 index.txt

-rw-r--r-- 1 root root 20 Nov 11 02:17 index.txt.attr

-rw-r--r-- 1 root root 21 Nov 11 02:13 index.txt.attr.old

-rw-r--r-- 1 root root 100 Nov 11 02:13 index.txt.old

-rw-r--r-- 1 root root 3 Nov 11 02:17 serial

-rw-r--r-- 1 root root 3 Nov 11 02:13 serial.old

-rw-r--r-- 1 root root 4944 Nov 11 02:13 vpn.cho.iss.crt

-rw-r--r-- 1 root root 1037 Nov 11 02:13 vpn.cho.iss.csr

-rw------- 1 root root 1675 Nov 11 02:13 vpn.cho.iss.key

-rw-r--r-- 1 root root 4863 Nov 11 02:17 vpnclient-1.crt

-rw-r--r-- 1 root root 1050 Nov 11 02:17 vpnclient-1.csr

-rw------- 1 root root 1675 Nov 11 02:17 vpnclient-1.key

--

 

<vpn 클라이언트 다운로드 및 설치>

<http://openvpn.se/>

기본으로 설치했다.

 

--

 

[root@jo:/etc/openvpn/easy-rsa/keys]#mkdir /home/kkk/keys

[root@jo:/etc/openvpn/easy-rsa/keys]#cp vpnclient-1.* /home/kkk/

[root@jo:/etc/openvpn/easy-rsa/keys]#cp vpnclient-1.* /home/kkk/keys/

 

[root@jo:/etc/openvpn/easy-rsa/keys]#cd /home/kkk/keys/

[root@jo:/home/kkk/keys]#cp /etc/openvpn/easy-rsa/keys/ca.crt /home/kkk/keys/

[root@jo:/home/kkk/keys]#cp /etc/openvpn/easy-rsa/keys/dh2048.pem /home/kkk/keys/

--

[root@jo:/home/kkk/keys]#ls -l

total 44

-rw-r--r-- 1 root root 1513 Nov 11 03:12 ca.crt

-rw-r--r-- 1 root root 424 Nov 11 03:12 dh2048.pem

-rw-r--r-- 1 root root 4863 Nov 11 03:14 vpnclient-1.crt

-rw-r--r-- 1 root root 1050 Nov 11 03:14 vpnclient-1.csr

-rw------- 1 root root 1675 Nov 11 03:14 vpnclient-1.key

.

[root@jo:/home/kkk/keys]#ls

ca.crt dh2048.pem vpnclient-1.crt vpnclient-1.csr vpnclient-1.key vpn.zip

[root@jo:/home/kkk/keys]#cd /etc/openvpn/

[root@jo:/etc/openvpn]#ls

client.conf loopback-server server.conf xinetd-client-config

easy-rsa office.up static-home.conf xinetd-server-config

firewall.sh openvpn-shutdown.sh static-office.conf

home.up openvpn-startup.sh tls-home.conf

loopback-client README tls-office.conf

[root@jo:/etc/openvpn]#ln -s /etc/openvpn/easy-rsa/keys/ /etc/openvpn/

[root@jo:/etc/openvpn]#ls

client.conf loopback-client README tls-office.conf

easy-rsa loopback-server server.conf xinetd-client-config

firewall.sh office.up static-home.conf xinetd-server-config

home.up openvpn-shutdown.sh static-office.conf

keys openvpn-startup.sh tls-home.conf

--

 

[root@jo:/etc/openvpn]#mv server.conf server.conf.old

[root@jo:/etc/openvpn]#cp server.conf.old cho.conf

--

[root@jo:/etc/openvpn]#vi cho.conf

 

32 port 1194 à vpn이 쓰는 기본 포트번호

36 proto udp à 프로토콜은 udp쓴다.

53 dev tun à dev tun0 으로 바꿈.

78 ca keys/ca.crt

79 cert keys/vpn.cho.iss.crt

80 key keys/vpn.cho.iss.key # This file should be kept secret

87 dh keys/dh2048.pem

96 server 10.8.0.0 255.255.255.0 à vpn client에 할당할 ip 그냥 나둠.

124 push "route 192.168.10.0 255.255.255.0"

209 duplicate-cn

247 max-clients 100

254 user nobody

291 mute 20

:wq

--

[root@jo:/etc/openvpn]#/usr/local/openvpn/sbin/openvpn /etc/openvpn/cho.conf

Wed Nov 11 03:35:49 2009 OpenVPN 2.0.9 i686-pc-linux [SSL] [LZO] [EPOLL] built on Nov 11 2009

Wed Nov 11 03:35:49 2009 WARNING: --ifconfig-pool-persist will not work with --duplicate-cn

Wed Nov 11 03:35:49 2009 Diffie-Hellman initialized with 2048 bit key

Wed Nov 11 03:35:49 2009 TLS-Auth MTU parms [ L:1542 D:138 EF:38 EB:0 ET:0 EL:0 ]

Wed Nov 11 03:35:49 2009 TUN/TAP device tun0 opened

Wed Nov 11 03:35:49 2009 /sbin/ifconfig tun0 10.8.0.1 pointopoint 10.8.0.2 mtu 1500

Wed Nov 11 03:35:49 2009 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.2

Wed Nov 11 03:35:49 2009 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:0 EL:0 AF:3/1 ]

Wed Nov 11 03:35:49 2009 UID set to nobody

Wed Nov 11 03:35:49 2009 UDPv4 link local (bound): [undef]:1194

Wed Nov 11 03:35:49 2009 UDPv4 link remote: [undef]

Wed Nov 11 03:35:49 2009 MULTI: multi_init called, r=256 v=256

Wed Nov 11 03:35:49 2009 IFCONFIG POOL: base=10.8.0.4 size=62

Wed Nov 11 03:35:49 2009 IFCONFIG POOL LIST

Wed Nov 11 03:35:49 2009 Initialization Sequence Completed

--

 

 

여기서 쉘 세션 복제해서 다른 터미널에서 아래 명령어를 입력

[root@jo:~]#ifconfig tun0

tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00

inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255

UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1

RX packets:0 errors:0 dropped:0 overruns:0 frame:0

TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:100

RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

--

<VPN Client 작업>

/home/kkk/keys 디렉토리의 "vpn.zip"파일을 다운로드 하여 압축을 푼다.

"vpn client program" 이 설치된 디렉토리 안에 config 폴더에 압축푼 파일들을 넣는다.

--

위 파일을 만들어 "C:\Program Files\OpenVPN\config" 로 넣는다.  remote [vpn server IP]

--

"vpnclient-1.conf" 파일을 복사하여 확장자를 "ovpn"으로 바꾸어 주었다.

.

<방화벽 뚫어주기>(openvpn 설치한 서버 IP)

[root@jo:/home/kkk/keys]#iptables -A INPUT -p udp --sport 1024: -d 192.168.10.181 --dport 1194 -m state --state NEW -j ACCEPT

[root@jo:/home/kkk/keys]#iptables -A INPUT -s 10.8.0.0/24 - j ACCEPT

.

[root@jo:~]#cp /usr/local/src/openvpn/openvpn-2.0.9/sample-scripts/openvpn.init /etc/init.d/openvpn

[root@jo:~]#cd /etc/init.d

[root@jo:/etc/init.d]#ls -l openvpn

-rwxr-xr-x 1 root root 5475 Nov 11 04:22 openvpn

.

[root@jo:/etc/init.d]#chkconfig --add openvpn

[root@jo:/etc/init.d]#chkconfig --level 35 openvpn on

[root@jo:/etc/init.d]#ln -s /usr/local/openvpn/sbin/openvpn /usr/sbin/

[root@jo:/etc/init.d]#service openvpn start

Starting openvpn: [FAILED]

--

 

 

[root@jo:/etc/init.d]#cd /etc/openvpn/

이 디렉토리에 *.conf 라는 파일이 있으면 설정 파일인 줄 알고 다 읽어 들이는 바람에

데몬 start가 FAILED 난다.

따라서 내 설정파일인 "cho.conf"파일을 뺴고 전부 다 지운다.

[root@jo:/etc/openvpn]#rm *.conf

rm: remove regular file `cho.conf'? n

rm: remove regular file `client.conf'? y

rm: remove regular file `static-home.conf'? y

rm: remove regular file `static-office.conf'? y

rm: remove regular file `tls-home.conf'? y

rm: remove regular file `tls-office.conf'? y

 

[root@jo:/etc/openvpn]#pkill -9 openvpn

[root@jo:/etc/openvpn]#

[root@jo:/etc/openvpn]#service openvpn start

Starting openvpn: [ OK ]

à 이제 된다.

--

 

<Xp 에서 VPN클라이언트 연결>

.

.

.

연결된다.

--

 

브릿지 네트워크 에서 라우터 방식의 네트워크로 바꿨다.

[root@jo:~]#./delbridge.sh

#iptables –P INPUT ACCEPT

.

[root@jo:~]#vi /etc/openvpn/cho.conf

124 push "route 192.168.100.0 255.255.255.0"

:wq

.

#service openvpn restart

.

이제 충돌이 안 나서 안 끊긴다.

--

'해봐야 안다.OTL/Linux' Related Articles

티스토리툴바