openvpn 客户端配置说明
openvpn客户端配置文件详解
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 |
# 定义是一个客户端 client # 定义使用设备类型,与服务端一致 ;dev tap dev tun # 定义Windows下使用的网卡名称,linux不需要 ;dev-node 我的连接 # 定义使用的协议,与服务端一致 ;proto tcp proto udp # 指定服务端地址和端口,可以用多行指定多台服务器 # 实现负载均衡(从上往下尝试) remote 192.168.228.153 1194 ;remote my-server-2 1194 # 若上面配置了多台服务器,让客户端随机连接 ;remote-random # 解析服务器域名 # Keep trying indefinitely to resolve the # host name of the OpenVPN server. Very useful # on machines which are not permanently connected # to the internet such as laptops. resolv-retry infinite # 客户端不需要绑定端口 # Most clients do not need to bind to # a specific local port number. nobind # 也是为了让Openvpn也nobody运行(安全) # 注意:Windows不能设置 ;user nobody ;group nobody # Try to preserve some state across restarts. persist-key persist-tun # 若客户端通过HTTP Proxy,在这里设置 # 要使用Proxy,不能使用UDP为VPN的通讯协议 ;http-proxy-retry # retry on connection failures ;http-proxy [proxy server] [proxy port #] # 无线网络有很多多余的头文件,设置忽略它 ;mute-replay-warnings # 重点,就是指定ca和客户端的证书 # 注意,下面的两个号是连在一起的,之间没有空格 ca “C:\Program Files\OpenVPN\easy-rsa\keys ca.crt” cert “C:\Program Files\OpenVPN\easy-rsa\keys backup.crt” key “C:\Program Files\OpenVPN\easy-rsa\keys backup.key” # 如果服务端打开了PAM认证模块,如mysql,LDAP数据库验证,客户端需要另其有效 ;auth-user-pass # 一些安全措施 # Verify server certificate by checking # that the certicate has the nsCertType # field set to “server”. This is an # important precaution to protect against # a potential attack discussed here: # http://openvpn.net/howto.html#mitm # # To use this feature, you will need to generate # your server certificates with the nsCertType # field set to “server”. The build-key-server # script in the easy-rsa folder will do this. ;ns-cert-type server # 增强验证加密,如果你在服务器端生成了ta.key,那么这里就需要加上 # then every client must also have the key. tls-auth ta.key 1 # Select a cryptographic cipher. # If the cipher option is used on the server # then you must also specify it here. ;cipher x # 使用lzo压缩,与服务端一致 comp-lzo # Set log file verbosity. verb 3 # Silence repeating messages ;mute 20 #采用用户名密码方式验证,若不用证书的话,可以考虑这种方式,可以结合LDAP或者mysql ;auth-user-pass #windows7上会报错,建议加上此行 route-method exe #强行指定添加路由前的延时 route-delay 2 #不存储验证缓存 auth-nocache #设置IP地址过期时间 ip-win32 dynamic 0 7200 |
版权声明:
作者:心飞翔
链接:https://www.faystar.com/techshare/openvpn/208.html
来源:心飞翔
文章版权归作者所有,未经允许请勿转载。
THE END
0
二维码
海报
openvpn 客户端配置说明
openvpn客户端配置文件详解
1234567891011121314151617181920212223242526272829303132333435363738394041424……
共有 0 条评论