OpenVPN-HOWTO
FrontPage|FindPage|TitleIndex|RecentChanges|UserPreferences E D R S I M H RSS

?OpenVPN À̶õ? #

  • ¶ö¶ó¶ó~
  • 2.0 ÀÌ»óÀ» »ç¿ëÇÏÀÚ~(´ÙÁßÁ¢¼ÓÀ» Áö¿øÇÑ´Ù)

server ¼³Á¤Çϱâ #

Windows #

  • Windows 2000 À̻󿡼­¸¸ µ¿ÀÛÇÑ´Ù.
  • Service ·Î µî·ÏÇصδ °Ô ÆíÇÏ´Ù.
    • Start Menu(½ÃÀÛ¸Þ´º) -> Control Panel(Á¦¾îÆÇ) -> Administrative Tools(°ü¸® µµ±¸) -> Services(¼­ºñ½º) -> ?OpenVPN
    • ÇÊ¿äÇÑ ÆÄÀϵé(example ¿¡¼­ º¹»çÇؼ­ config µð·ºÅ丮¿¡ ³Ö¾îÁØ´Ù)
      • ca.crt
      • server.crt
      • server.key
      • dh1024.pem

configuration file #

  • Ư¡
    • ´ÙÁß »ç¿ëÀÚ
    • port ÁöÁ¤
    • server.ovpn
  • # port ÁöÁ¤, ¿©·¯°³ÀÇ OpenVPN ¼­¹ö¸¦ ¶ç¿ì°í ½ÍÀ¸¸é ´Ù¸¥ port ¿©·¯°³¸¦ »ç¿ëÇÑ´Ù.
    # firewall ·Î ¸·Çô ÀÖÁö´Â ¾ÊÀºÁö È®ÀÎÇÑ´Ù.
    port 53
    
    # TCP or UDP server
    ;proto tcp
    proto udp
    
    # "dev tap" Àº ÀÌ´õ³Ý Åͳθµ, ÀÌ´õ³Ý ºê¸®Áö¿¡ »ç¿ëÇÑ´Ù.
    # "dev tun" Àº routed IP Åͳθµ
    # tun À» ¾²´Â°Ô ÁÁ´Ù.
    ;dev tap
    dev tun
    
    # À©µµ¿ì´Â TAP-Win32 adapter °¡ ÇÊ¿äÇÏ´Ù.(´Ù¸¥ Ç÷§Æû¿¡¼± ÀÌ ¼³Á¤ÀÌ ÇÊ¿äÇÏÁö ¾Ê´Ù)
    # XP SP2 ÀÌ»óÀº firewall ¿¡¼­ TAP adapter ¿¡ ´ëÇØ firewall À» Ç®¾îÁÖ¾î¾ß ÇÑ´Ù.
    # Á¦¾îÆÇ -> ³×Æ®¿öÅ© ¿¬°á ¿¡ º¸¸é TAP-Win32 Adapter V8 ¶ó´Â °Ô º¸ÀÌ´Â µ¥
    # ÀÌ ³à¼®ÀÇ À̸§À» ¾Æ·¡ ¼³Á¤°ú µ¿ÀÏÇÏ°Ô ¸ÂÃçÁØ´Ù.
    # º¸ÅëÀº '·ÎÄà ¿µ¿ª ¿¬°á2' Á¤µµ·Î µÇ¾î ÀÖ´Ù
    dev-node MyTap
    
    # SSL/TLS ¼³Á¤¿¡ ÇÊ¿äÇÑ ÆÄÀϵé ÁöÁ¤.
    # ¾È°íÄ¡´Â°Ô ¼ÓÆíÇÏ´Ù.
    # easy-rsa µð·ºÅ丮¿¡ º¸¸é ÆÄÀÏµé »ý¼º¿¡ ÇÊ¿äÇÑ ½ºÅ©¸³Æ® µéÀÌ ÀÖ´Ù. ±Ùµ¥ ÀÏ¹Ý »ç¿ëÀÚµéÀº ¾µÀÏ ¾ø´Ù.
    ca ca.crt
    cert server.crt
    key server.key  # ÀÌ ÆÄÀÏÀº ³ëÃâµÇ¸é ¾ÈµÈ´Ù.
    # Diffie hellman parameters.
    dh dh1024.pem
    
    # ¼­¹ö ¸ðµå, °¡»ó subnet ¼³Á¤
    # ºê¸®Áö »ç¿ëÀÚ¶ó¸é comment out ó¸®
    server 10.8.0.0 255.255.255.0
    
    # Maintain a record of client <-> virtual IP address
    # associations in this file.  If OpenVPN goes down or
    # is restarted, reconnecting clients can be assigned
    # the same virtual IP address from the pool that was
    # previously assigned.
    # Ŭ¶óÀ̾ðÆ®¿¡¼­ »ç¿ëÇÒ IP ÁÖ¼Òµé ÁöÁ¤ ÆÄÀÏ
    # ƯÁ¤ Ŭ¶óÀ̾ðÆ®¿¡ ƯÁ¤ IP ¸¦ ÁöÁ¤ÇÏ°í ½ÍÀ¸¸é ccd ¼­ºê µð·ºÅ丮¸¦ È°¿ëÇÏ°í
    # man page ¸¦ ÂüÁ¶ÇÑ´Ù.
    ifconfig-pool-persist ipp.txt
    
    # If enabled, this directive will configure
    # all clients to redirect their default
    # network gateway through the VPN, causing
    # all IP traffic such as web browsing and
    # and DNS lookups to go through the VPN
    # (The OpenVPN server machine may need to NAT
    # the TUN/TAP interface to the internet in
    # order for this to work properly).
    # CAVEAT: May break client's network config if
    # client's local DHCP server packets get routed
    # through the tunnel.  Solution: make sure
    # client's local DHCP server is reachable via
    # a more specific route than the default route
    # of 0.0.0.0/0.0.0.0.
    ;push "redirect-gateway"
    
    # Certain Windows-specific network settings
    # can be pushed to clients, such as DNS
    # or WINS server addresses.  CAVEAT:
    # http://openvpn.net/faq.html#dhcpcaveats
    ;push "dhcp-option DNS 10.8.0.1"
    ;push "dhcp-option WINS 10.8.0.1"
    
    # 10 ÃÊ¿¡ Çѹø ping, 300 ÃÊ µ¿¾È Á¢¼ÓÀÌ µÇÁö ¾ÊÀ¸¸é down À¸·Î °£ÁÖ
    keepalive 10 120
    
    # ¾ÐÃà Áö¿ø
    # ¼­¹ö°¡ Áö¿øÇϸé Ŭ¶óÀ̾ðÆ®µµ Áö¿øÇØ¾ß ÇÑ´Ù.
    comp-lzo
    
    # max client µ¿Á¢¼ö
    max-clients 10
    
    # vpn ¼­¹öÀÇ ±ÇÇÑ Ãà¼Ò
    ;user nobody
    ;group nobody
    
    # The persist options will try to avoid
    # accessing certain resources on restart
    # that may no longer be accessible because
    # of the privilege downgrade.
    persist-key
    persist-tun
    
    # ¼­¹öÀÇ status ¸¦ ¸ÅºÐ¸¶´Ù ±â·ÏÇØÁØ´Ù
    status openvpn-status.log
    
    # log verbosity ·¹º§
    # 0 is silent, except for fatal errors
    # 4 is reasonable for general usage
    # 5 and 6 can help to debug connection problems
    # 9 is extremely verbose
    verb 3
    

client ¼³Á¤Çϱâ #

# Ŭ¶óÀ̾ðÆ®·Î ¼³Á¤
client

dev tun
dev-node MyTap

proto udp

# vpn ¼­¹öÀÇ hostname(ȤÀº ip) ¿Í port
remote www.test.com 53

# Keep trying indefinitely to resolve the
# host name of the OpenVPN server.  Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite

# port ¸¦ binding ÇÏÁö ¾Ê´Â´Ù.
nobind

# Downgrade privileges after initialization (non-Windows only)
;user nobody
;group nobody

# Try to preserve some state across restarts.
persist-key
persist-tun

# ¹«¼±·£¿¡¼­´Â duplicate packet ÀÌ ÀÚÁÖ ¹ß»ýÇÑ´Ù.
# duplicate packet warning À» ²ö´Ù
mute-replay-warnings

# SSL/TLS parms.
ca ca.crt
cert client.crt
key client.key

# ¾ÐÃà/ ¼­¹ö¿¡µµ ÀÌ ¿É¼ÇÀÌ ÄÑÁ® ÀÖ¾î¾ß ÇÑ´Ù.
comp-lzo

# Set log file verbosity.
verb 3

route delete 0.0.0.0
route add openvpnsvr_ip mask 255.255.255.255 %1
openvpn ... ¸í·É
route add dest 0.0.0.0 mask 0.0.0.0 192.168.0.1

EditText|FindPage|DeletePage|LikePages| Valid XHTML 1.0! Valid CSS! powered by MoniWiki