OpenVPN虚拟专用网安装与部署.docx
- 文档编号:2854607
- 上传时间:2022-11-16
- 格式:DOCX
- 页数:28
- 大小:825.36KB
OpenVPN虚拟专用网安装与部署.docx
《OpenVPN虚拟专用网安装与部署.docx》由会员分享,可在线阅读,更多相关《OpenVPN虚拟专用网安装与部署.docx(28页珍藏版)》请在冰豆网上搜索。
OpenVPN虚拟专用网安装与部署
OpenVPN虚拟专用网安装与部署
1、介绍
虚拟专用网VPN(virt ual private network)是在公共网络中建立的安全网络连接,这个网络连接和普通意义上的网络连接不同之处在于,它采用了专有的隧道协议,实现了数据的加密和完整性的检验、用户的身份认证,从而保证了信息在传输中不被偷看、篡改、复制,从网络连接的安全性角度来看,就类似于再公共网络中建立了一个专线网络一样,只补过这个专线网络是逻辑上的而不是物理的所以称为虚拟专用网。
VPN系统的结构图1所示,包括VPN服务器,VPN客户机和隧道。
由于使用Internet进行传输相对于租用专线来说,费用极为低廉,所以VPN的出现使企业通过Internet既安全又经济的传输私有的机密信息成为可能。
2、Windows操作系统中利用OpenVPN配置VPN
OpenVPN是一个开源的第三方虚拟专用网配置工具,可以利用固有设备搭建情形的VPN应用网关。
安装配置步骤如下:
1.下载安装OpenVPN:
请到 (目前官网的最新版本就是2.1.1)
双击 openvpn-2.1.1-install.exe 后具体操作步骤如下:
安装完毕后,easy-rsa文件夹在C:
\Program Files\OpenVPN\目录下,同时OpenVPN服务器桌面右下角会出现一个新的本地连接,将名字改成OpenVPN。
(如何软件安装完后OpenVPN服务器桌面右下角没有新的连接出现,请双击C:
\Program Files\OpenVPN\bin目录下的addtap.bat 文件手动添加一个)
1.初始化配置:
(一)修改easy-rsa目录下的vars.bat.Sample的内容(最好用写字板打开,以免记事本打开会破坏文档格式),并将其改名为vars.bat ,如下:
set KEY_COUNTRY=CN
set KEY_PROVINCE=BJ
set KEY_CITY=BeiJing
set KEY_ORG=cdtsm
set KEY_EMAIL=sunzhouyi@
(二)把easy-rsa下的f.sample改成f。
然后打开命令行(开始-运行-输入cmd)
C:
\Documents and Settings\ThinkPad>cd "\Program Files\OpenVPN\easy-rsa"
C:
\Program Files\OpenVPN\easy-rsa>vars --此步骤必须的
C:
\Program Files\OpenVPN\easy-rsa>clean-all
系统找不到指定的文件。
已复制 1 个文件。
已复制 1 个文件。
3.生成根CA:
(一)C:
\Program Files\OpenVPN\easy-rsa>vars
C:
\Program Files\OpenVPN\easy-rsa>build-ca
Loading 'screen' into random state - done
Generating a 1024 bit RSA private key
...............................++++++
.......++++++
writing new private key to 'keys\ca.Key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:
CN
State or Province Name (full name) [CA]:
BJ
Locality Name (eg, city) [SanFrancisco]:
BeiJing
Organization Name (eg, company) [OpenVPN]:
cdtsm
Organizational Unit Name (eg, section) []:
cdtsm
Common Name (eg, your name or your server's hostname) []:
cdtsm
Email Address [mail@host.domain]:
sunzhouyi@
4.生成dh1024.pem文件,server使用TLS必须使用的一个文件。
(一)C:
\Program Files\OpenVPN\easy-rsa>vars
C:
\Program Files\OpenVPN\easy-rsa>build-dh
Loading 'screen' into random state - done
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
.....................................................................+..........
............................................+...............................+...
................+.....+.................+.......................+...............
...........+.............................................+......................
....................+...........................................+...............
...........................+....................................................
.+...................................++*++*++*
5.下面生成服务器端证书、客户端证书和TA证书:
首先生成server使用的证书:
(一)C:
\Program Files\OpenVPN\easy-rsa>vars
C:
\Program Files\OpenVPN\easy-rsa>build-key-server CdtsmServer
Loading 'screen' into random state - done
Generating a 1024 bit RSA private key
.......++++++
............++++++
writing new private key to 'keys\CdtsmServer.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:
CN
State or Province Name (full name) [CA]:
BJ
Locality Name (eg, city) [SanFrancisco]:
BeiJing
Organization Name (eg, company) [OpenVPN]:
cdtsm
Organizational Unit Name (eg, section) []:
cdtsm
Common Name (eg, your name or your server's hostname) []:
cdtsm
Email Address [mail@host.domain]:
sunzhouyi@
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
123456 --此处可以为空等安装部署完后可以在修改
An optional company name []:
cdtsm
Using configuration from f
Loading 'screen' into random state - done
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :
PRINTABLE:
'CN'
stateOrProvinceName :
PRINTABLE:
'BJ'
localityName :
PRINTABLE:
'BeiJing'
organizationName :
PRINTABLE:
'cdtsm'
organizationalUnitName:
PRINTABLE:
'cdtsm'
commonName :
PRINTABLE:
'cdtsm'
emailAddress :
IA5STRING:
'sunzhouyi@'
Certificate is to be certified until Jul 25 04:
11:
08 2020 GMT (3650 days)
Sign the certificate?
[y/n]:
y
1 out of 1 certificate requests certified, commit?
[y/n]y
Write out
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- OpenVPN 虚拟 专用网 安装 部署
![提示](https://static.bdocx.com/images/bang_tan.gif)