OpenVPN

3,258 views
3,115 views

Published on

Soluție de interconectare a sediilor companiei folosind OpenVPN

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,258
On SlideShare
0
From Embeds
0
Number of Embeds
33
Actions
Shares
0
Downloads
72
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

OpenVPN

  1. 1. Interconectarea sediilor companiei Emil CHERICHEȘ Geek Meet #3 Tîrgu Mureș 12 Decembrie 2009
  2. 2. Situația
  3. 3. Linux Distribuția folosită
  4. 4. su -c 'rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release- 5-3.noarch.rpm' http://fedoraproject.org/wiki/EPEL EPEL Extra Packages for Enterprise Linux
  5. 5. OpenVPN # yum install openvpn
  6. 6. /etc/init.d/tunctl #! /bin/bash # # network Bring up/down tun0 # # chkconfig: 2345 9 90 # description: Activates/Deactivates tap0. # case $1 in start) /usr/sbin/tunctl -t tap0 ;; stop) /usr/sbin/tunctl -d tap0 ;; *) echo $"Usage: $0 {start|stop}" exit 1 Esac exit $rc chkconfig tunctl on Interfețele TAP Interfețele de rețea virtuale pe care comunică OpenVPN
  7. 7. yum install bridge-utils tunctl cd /etc/sysconfig/network-scripts/ cp ifcfg-eth0 ifcfg-br0 ifcfg-eth0: ifcfg-br0: ifcfg-tap0: DEVICE=eth0 DEVICE=br0 DEVICE=tap0 BOOTPROTO=static TYPE=Bridge BOOTPROTO=static BRIDGE=br0 BOOTPROTO=static ONBOOT=yes HWADDR=08:00:27: IPADDR=192.168.1.1 BRIDGE=br0 A1:51:87 NETMASK=255.255.2 ONBOOT=yes 55.0 TYPE=Ethernet ONBOOT=yes Rețeaua Configurarea bridge-ului
  8. 8. ca.crt OpenSSL Generarea certificatelor
  9. 9. gw1.crt gw1.key OpenSSL Generarea certificatelor
  10. 10. gw2.crt gw2.key OpenSSL Generarea certificatelor
  11. 11. dh1024.pem OpenSSL Generarea certificatelor
  12. 12. Server Client ca.crt ca.crt gw1.crt gw2.crt gw1.key gw2.key dh1024.pem /etc/openvpn /usr/share/doc/openvpn-2.1/sample-config-files/ certificatele care unde trebuie puse
  13. 13. port 1194 proto udp dev tap0 ca ca.crt cert gw1.crt key gw1.key dh dh1024.pem server-bridge 192.168.1.1 255.255.255.0 192.168.1.230 192.168.1.235 client-to-client keepalive 10 120 comp-lzo persist-key persist-tun status openvpn-status.log verb 3 server.conf Serverul OpenVPN
  14. 14. client dev tap0 proto udp remote GW1_PUBLIC_IP 1194 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert gw2.crt key gw2.key ns-cert-type server comp-lzo verb 3 client.conf Clientul OpenVPN
  15. 15. service openvpn start chkconfig openvpn on startup Pornirea servicului și setarea inițializării sistemului
  16. 16. Situația
  17. 17. Mulțumesc Emil CHERIHCHEȘ http://emil.cheriches.ro

×