1. 程式人生 > >CentOS7使用橋接模式搭建openvpn的問題彙總

CentOS7使用橋接模式搭建openvpn的問題彙總

1.server.conf的中文說明

2.bridge-start配置

#!/bin/sh
#################################
# Set up Ethernet bridge on Linux
# Requires: bridge-utils
#################################
# Define Bridge Interface
br="br0"
# Define list of TAP interfaces to be bridged,
# for example tap="tap0 tap1 tap2".

#這邊的tap0要和server.conf中的dev tap0對應


tap="tap0"        

# Define physical ethernet interface to be bridged
# with TAP interface(s) above.
eth="eno16777728"
eth_ip="192.168.31.233"
eth_netmask="255.255.255.0"
eth_broadcast="192.168.31.255"


for t in $tap; do
    openvpn --mktun --dev $t
done
brctl addbr $br
brctl addif $br $eth
for t in $tap; do
    brctl addif $br $t
done
for t in $tap; do
    ifconfig $t 0.0.0.0 promisc up
done
ifconfig $eth 0.0.0.0 promisc up
ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast

#這裡是因為我在啟動bridge-start後,不能訪問外網才加的!!!(根據自己本地閘道器做修改)
route add default gw 192.168.31.1

3.bridge-stop配置

#!/bin/sh
####################################
# Tear Down Ethernet bridge on Linux
####################################

# Define Bridge Interface
br="br0"
# Define list of TAP interfaces to be bridged together
tap="tap0"

ifconfig $br down
brctl delbr $br


for t in $tap; do
    openvpn --rmtun --dev $t
done

#在執行此檔案後,伺服器無法獲取由DHCP指派的網路,加以下命令


service network restart   


4.server.conf配置檔案

port 1194 
proto tcp
dev tap0
ca ca.crt
cert server.crt
key server.key  
dh dh2048.pem
ifconfig-pool-persist ipp.txt
server-bridge 192.168.31.233 255.255.255.0 192.168.31.110 192.168.31.130
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 192.168.31.1"              #以上兩句可以使客戶端通過通過橋接後DNS訪問所有網路

;duplicate-cn
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3

OpenVPN官網

https://openvpn.net/index.php/open-source/documentation/howto.html