OpenVPN几个关键配置

服务端配置文件openvpn.conf

local 你VPS的IP地址
port 1194
proto tcp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
push “dhcp-option DNS 8.8.8.8″
push “dhcp-option DNS 8.8.4.4″
client-to-client
keepalive 10 120
comp-lzo
persist-key
persist-tun
status /etc/openvpn/keys/openvpn-status.log
verb 4

客户端配置文件*.opvn

client
dev tun
proto tcp
remote 你vps的ip 1194
persist-key
persist-tun
ca ca.crt
cert client01.crt
key client01.key
#这里的两个文件名必须和前面生成的证书文件名一样
ns-cert-type server
comp-lzo
verb 3
redirect-gateway def1

几个重要的转发规则(假设10.8.0.0/24)

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -A FORWARD -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -A FORWARD -j REJECT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE