Board logo

標題: OpenVPN —— 最简单的 point-to-pont 连接(没有加密) [打印本頁]
作者: 角色    時間: 2013-11-24 15:29     標題: OpenVPN —— 最简单的 point-to-pont 连接(没有加密)

本帖最後由 角色 於 2013-11-25 01:13 編輯

要对OpenVPN有认识,当我看完【1】后,觉得我们要先从简单开始,不然很难对OpenVPN学得好,学得透。

目的:用最简单OpenVPN方法把互联网两点连接起来

解说:如果是最简单,然后不要加密。我们用tun device

Server:OpenVPN on OpenWRT (Virtual IP address:10.200.0.1)
Client : OpenWPN on Windows Xp (Virtual IP address:10.200.0.2)

【1】OpenVPN 2.0 Cookbook Link
作者: 角色    時間: 2013-11-24 15:31

本帖最後由 角色 於 2013-11-24 15:54 編輯

Server : OpenVPN on OpenWRT

安装方法,大家可以参考 http://www.telecom-cafe.com/forum/viewthread.php?tid=6008

用Putty SSH进入router系统,输入
  1. openvpn --ifconfig 10.200.0.1 10.200.0.2 --dev tun
複製代碼
作者: 角色    時間: 2013-11-24 15:51

本帖最後由 角色 於 2013-11-30 10:57 編輯

Client:OpenVPN on Windows Xp

大家上 http://openvpn.net/index.php/download/community-downloads.html, 下载 OpenVPN 2.2.2 -- released on 2011.12.22的Windows版本(openvpn-2.2.2-install.exe),不要OpenVPN 2.3.2 -- released on 2013.06.03,因为试过不行。

下载后简单安装。然后执行下面指令:

  2. C:\Program Files\OpenVPN\bin>openvpn.exe --ifconfig 10.200.0.2 10.200.0.1 --dev t
  3. un --remote hostname_or_ip_address_of_OpenVPN_server
複製代碼
作者: 角色    時間: 2013-11-24 16:02

本帖最後由 角色 於 2013-11-24 16:49 編輯

Server side

Additional messages from the Server side:
  1. root@OpenWrt:~#  openvpn --ifconfig 10.200.0.1 10.200.0.2 --dev tun
  2. Sun Nov 24 10:50:09 2013 OpenVPN 2.2.2 mips-openwrt-linux [SSL] [LZO2] [EPOLL] built on Mar 14 2013
  3. Sun Nov 24 10:50:09 2013 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
  4. Sun Nov 24 10:50:09 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
  5. Sun Nov 24 10:50:09 2013 ******* WARNING *******: all encryption and authentication features disabled -- all data will be tunnelled as cleartext
  6. Sun Nov 24 10:50:09 2013 TUN/TAP device tun0 opened
  7. Sun Nov 24 10:50:09 2013 /sbin/ifconfig tun0 10.200.0.1 pointopoint 10.200.0.2 mtu 1500
  8. Sun Nov 24 10:50:09 2013 UDPv4 link local (bound): [undef]:1194
  9. Sun Nov 24 10:50:09 2013 UDPv4 link remote: [undef]
  10. Sun Nov 24 10:52:37 2013 Peer Connection Initiated with 218.250.7.110:59085
  11. Sun Nov 24 10:52:37 2013 Initialization Sequence Completed
複製代碼
Ping the virtual IP address 10.200.0.2 of the client, we have
  1. root@OpenWrt:~# ping -c 4 10.200.0.2
  2. PING 10.200.0.2 (10.200.0.2): 56 data bytes
  3. 64 bytes from 10.200.0.2: seq=0 ttl=64 time=10.193 ms
  4. 64 bytes from 10.200.0.2: seq=1 ttl=64 time=6.595 ms
  5. 64 bytes from 10.200.0.2: seq=2 ttl=64 time=5.533 ms
  6. 64 bytes from 10.200.0.2: seq=3 ttl=64 time=7.758 ms

  8. --- 10.200.0.2 ping statistics ---
  9. 4 packets transmitted, 4 packets received, 0% packet loss
  10. round-trip min/avg/max = 5.533/7.519/10.193 ms
  11. root@OpenWrt:~#
複製代碼
作者: 角色    時間: 2013-11-24 16:47

本帖最後由 角色 於 2013-11-24 16:54 編輯

Client Side

When the connection was okey, it gave
  1. C:\Program Files\OpenVPN\bin>openvpn.exe -ifconfig 10.200.0.2 10.200.0.1 --dev t
  2. un --remote 119.237.21.222
  3. Options error: I'm trying to parse "-ifconfig" as an --option parameter but I do
  4. n't see a leading '--'
  5. Use --help for more information.

  7. C:\Program Files\OpenVPN\bin>openvpn.exe --ifconfig 10.200.0.2 10.200.0.1 --dev
  8. tun --remote 119.237.21.222
  9. Sun Nov 24 10:52:27 2013 OpenVPN 2.2.2 Win32-MSVC++ [SSL] [LZO2] [PKCS11] built
  10. on Dec 15 2011
  11. Sun Nov 24 10:52:27 2013 IMPORTANT: OpenVPN's default port number is now 1194, b
  12. ased on an official port number assignment by IANA.  OpenVPN 2.0-beta16 and earl
  13. ier used 5000 as the default port.
  14. Sun Nov 24 10:52:27 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or hig
  15. her to call user-defined scripts or executables
  16. Sun Nov 24 10:52:27 2013 ******* WARNING *******: all encryption and authenticat
  17. ion features disabled -- all data will be tunnelled as cleartext
  18. Sun Nov 24 10:52:27 2013 TAP-WIN32 device [本地连接 2] opened: \\.\Global\{A2FCF
  19. 4EE-7BB0-4C7D-AFC0-7F041F4D21FA}.tap
  20. Sun Nov 24 10:52:27 2013 Notified TAP-Win32 driver to set a DHCP IP/netmask of 1
  21. 0.200.0.2/255.255.255.252 on interface {A2FCF4EE-7BB0-4C7D-AFC0-7F041F4D21FA} [D
  22. HCP-serv: 10.200.0.1, lease-time: 31536000]
  23. Sun Nov 24 10:52:27 2013 Successful ARP Flush on interface [131077] {A2FCF4EE-7B
  24. B0-4C7D-AFC0-7F041F4D21FA}
  25. Sun Nov 24 10:52:27 2013 UDPv4 link local (bound): [undef]:1194
  26. Sun Nov 24 10:52:27 2013 UDPv4 link remote: 119.237.21.222:1194
  27. Sun Nov 24 10:52:46 2013 Peer Connection Initiated with 119.237.21.222:1194
  28. Sun Nov 24 10:52:52 2013 Initialization Sequence Completed
複製代碼
After the OpenVPN connection was established, the server virtual ip address 10.200.0.1 could be reachable
  1. C:\Program Files\OpenVPN\bin>ping 10.200.0.1

  3. Pinging 10.200.0.1 with 32 bytes of data:

  5. Reply from 10.200.0.1: bytes=32 time=5ms TTL=64
  6. Reply from 10.200.0.1: bytes=32 time=4ms TTL=64
  7. Reply from 10.200.0.1: bytes=32 time=5ms TTL=64
  8. Reply from 10.200.0.1: bytes=32 time=4ms TTL=64

  10. Ping statistics for 10.200.0.1:
  11.     Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
  12. Approximate round trip times in milli-seconds:
  13.     Minimum = 4ms, Maximum = 5ms, Average = 4ms

  15. C:\Program Files\OpenVPN\bin>
複製代碼
作者: tomleehk    時間: 2013-11-24 17:32

本帖最後由 tomleehk 於 2013-11-25 00:20 編輯

Thanks for your guidance. Just planned to learn OpenVPN on OpenWRT.

不要OpenVPN 2.3.2 -- released on 2013.06.03,因为试过不行。
角色 發表於 2013-11-24 15:51


I also found OpenVPN 2.3.2 connection problem. After I selected the option" disable the NETBIOS over TCP.IP" for the VIRTUAL network card that OpenVPN installed, I found the OpenVPN 2.3.2 connection problem was resolved immediately and it is still so far so good.
作者: 角色    時間: 2013-11-24 17:37

Thank you for joining the OpenVPN-on-OpenWRT learning group such that we can prepare collecting learning materials and example for sharing in order to speed up the learning.

It is seen from your action "Disable the NETBIOS over TCP/IP", I guess you used TUN device instead of TAP device.
作者: tomleehk    時間: 2013-11-25 00:48

本帖最後由 tomleehk 於 2013-11-25 01:01 編輯
It is seen from your action "Disable the NETBIOS over TCP/IP", I guess you used TUN device instead of TAP device.
角色 發表於 2013-11-24 17:37


Bingo...

I used
1) TUN and
2) TCPIP    <= so that client side, after simple configuration file change, can via proxy server connect to VPN server.



歡迎光臨 電訊茶室 (http://telecom-cafe.com/forum/) Powered by Discuz! 7.2