返回列表 發帖

OpenVPN —— 最简单的 point-to-pont 连接(用static key加密)

之前的帖子:OpenVPN —— 最简单的 point-to-pont 连接(没有加密)Link,说明没有加密。这幅帖子,我们用static secret key做加密。

怎样generate static key,我们可以用openvpn本身软件去generate。

下面是用Openwrt下的openvpn package。
  1. root@OpenWrt:~# openvpn --genkey --secret secret.key
  2. root@OpenWrt:~# ls
  3. secret.key
  4. root@OpenWrt:~# vi secret.key
  5. #
  6. # 2048 bit OpenVPN static key
  7. #
  8. -----BEGIN OpenVPN Static key V1-----
  9. bcc36fceb0e7ab9bd5bdf4ad0cd63a88
  10. 37d670d34ce20ada87fe348a61259c40
  11. eed9f0065718bc16bde97ff312cab885
  12. b9e01eb8c65303f64f67df2c26f2452c
  13. f25c0d17448dcde9b16dd1b5c527415f
  14. 90c3e9faf168c45ce7571fec1d253ebc
  15. 9ae7c62111496680419c32d79c3852c1
  16. a3fca8d4ed074adc22505f4aadf18ab0
  17. 16f5a781e2a2184414f58560f9c212c8
  18. cbfe3d6c9d54d017b8515c571fc91ecd
  19. eb8e035cce43b0a09112f61a6ea07a0b
  20. 795d96fdd8a72645485e6797a5f62211
  21. 2a85476ac32968948e221f3772b9d3a8
  22. bea43f4b0aeb30113967f13ae3439e38
  23. ef450534c4e1d71d397a55bab0b6cf33
  24. 2c772440de9f28177a80c5d6d30de7f8
  25. -----END OpenVPN Static key V1-----
複製代碼

TOP

Server side

把secret.key放在同一个directory
  1. root@OpenWrt:~# openvpn --ifconfig 10.200.0.1 10.200.0.2 --dev tun --secret secr
  2. et.key
複製代碼

TOP

本帖最後由 角色 於 2013-11-24 19:06 編輯

Client side

把Server side generated出来的secret.key,拷到”C:\Program Files\OpenVPN\bin“
  1. C:\Program Files\OpenVPN\bin>openvpn.exe --ifconfig 10.200.0.2 10.200.0.1 --dev tun --secret secret.key --remote IP_address_or_hostname_of_openvpn_server
複製代碼

TOP

本帖最後由 角色 於 2013-11-24 19:11 編輯

Server Side: More message when the openvpn command was executed.
  1. root@OpenWrt:~# openvpn --ifconfig 10.200.0.1 10.200.0.2 --dev tun --secret secr
  2. et.key
  3. Sun Nov 24 18:27:01 2013 OpenVPN 2.2.2 mips-openwrt-linux [SSL] [LZO2] [EPOLL] built on Mar 14 2013
  4. Sun Nov 24 18:27:01 2013 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
  5. Sun Nov 24 18:27:01 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
  6. Sun Nov 24 18:27:01 2013 TUN/TAP device tun0 opened
  7. Sun Nov 24 18:27:01 2013 /sbin/ifconfig tun0 10.200.0.1 pointopoint 10.200.0.2 mtu 1500
  8. Sun Nov 24 18:27:01 2013 UDPv4 link local (bound): [undef]:1194
  9. Sun Nov 24 18:27:01 2013 UDPv4 link remote: [undef]
  10. Sun Nov 24 18:38:45 2013 Peer Connection Initiated with 218.250.7.110:59085
  11. Sun Nov 24 18:38:45 2013 Initialization Sequence Completed
複製代碼
From the server side, we ping the remote client virtual ip address 10.200.0.2
  1. root@OpenWrt:~# ping -c 4 10.200.0.2
  2. PING 10.200.0.2 (10.200.0.2): 56 data bytes
  3. 64 bytes from 10.200.0.2: seq=0 ttl=64 time=7.178 ms
  4. 64 bytes from 10.200.0.2: seq=1 ttl=64 time=7.936 ms
  5. 64 bytes from 10.200.0.2: seq=2 ttl=64 time=6.849 ms
  6. 64 bytes from 10.200.0.2: seq=3 ttl=64 time=6.353 ms

  7. --- 10.200.0.2 ping statistics ---
  8. 4 packets transmitted, 4 packets received, 0% packet loss
  9. round-trip min/avg/max = 6.353/7.079/7.936 ms
  10. root@OpenWrt:~#
複製代碼

TOP

本帖最後由 角色 於 2013-11-24 19:17 編輯

Client side: More message when the openvpn command was invoked.
  1. C:\Program Files\OpenVPN\bin>openvpn --ifconfig 10.200.0.2 10.200.0.1 --dev tun
  2. --secret secret.key --remote 119.237.22.222
  3. Sun Nov 24 18:38:40 2013 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built
  4. on Dec 15 2011
  5. Sun Nov 24 18:38:40 2013 IMPORTANT: OpenVPN's default port number is now 1194, b
  6. ased on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earl
  7. ier used 5000 as the default port.
  8. Sun Nov 24 18:38:40 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or hig
  9. her to call user-defined scripts or executables
  10. Sun Nov 24 18:38:40 2013 TAP-WIN32 device [本地连接 2] opened: \\.\Global\{A2FCF
  11. 4EE-7BB0-4C7D-AFC0-7F041F4D21FA}.tap
  12. Sun Nov 24 18:38:40 2013 Notified TAP-Win32 driver to set a DHCP IP/netmask of 1
  13. 0.200.0.2/255.255.255.252 on interface {A2FCF4EE-7BB0-4C7D-AFC0-7F041F4D21FA} [D
  14. HCP-serv: 10.200.0.1, lease-time: 31536000]
  15. Sun Nov 24 18:38:40 2013 Successful ARP Flush on interface [131077] {A2FCF4EE-7B
  16. B0-4C7D-AFC0-7F041F4D21FA}
  17. Sun Nov 24 18:38:40 2013 UDPv4 link local (bound): [undef]:1194
  18. Sun Nov 24 18:38:40 2013 UDPv4 link remote: 119.237.22.222:1194
  19. Sun Nov 24 18:39:11 2013 Peer Connection Initiated with 119.237.22.222:1194
  20. Sun Nov 24 18:39:17 2013 Initialization Sequence Completed
複製代碼
From the client side, we could access the remote server virtual IP 10.200.0.1
  1. C:\Documents and Settings\Administrator>ping 10.200.0.1

  2. Pinging 10.200.0.1 with 32 bytes of data:

  3. Reply from 10.200.0.1: bytes=32 time=6ms TTL=64
  4. Reply from 10.200.0.1: bytes=32 time=5ms TTL=64
  5. Reply from 10.200.0.1: bytes=32 time=6ms TTL=64
  6. Reply from 10.200.0.1: bytes=32 time=5ms TTL=64

  7. Ping statistics for 10.200.0.1:
  8.     Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
  9. Approximate round trip times in milli-seconds:
  10.     Minimum = 5ms, Maximum = 6ms, Average = 5ms

  11. C:\Documents and Settings\Administrator>
複製代碼

TOP

返回列表