有冇人對整 VPN 教學有興趣?

琴晚整左個 Hall to Home 既簡單 VPN!
原帖由 閒魂 於 2007-2-22 22:24 發表
琴晚整左個 Hall to Home 既簡單 VPN!
咁係咪可以用你個vpn access到campus 先access 到的 database?





原帖由 nissin 於 2007-2-22 23:09 發表


咁係咪可以用你個vpn access到campus 先access 到的 database?
咁就搵錯地方了… polyU 本身都有 VPN!
原帖由 閒魂 於 2007-2-22 23:28 發表


咁就搵錯地方了… polyU 本身都有 VPN!
就係用vpn都唔入得個d





咁我諗我都入唔到…





係pcin 個wiki post #yup#
原帖由 情長仔 於 2007-2-23 00:47 發表
係pcin 個wiki post #yup#
有d咁既野咩???
原帖由 ANTI@# 於 2007-2-23 01:56 發表

有d咁既野咩???
點解佢會知 @_@ ???
我有興趣
原帖由 情長仔 於 2007-2-23 00:47 發表
係pcin 個wiki post #yup#
我上次打完晒preview完想save...
和記死左





非常簡單版…

Download
http://openvpn.net/download.html

Environment:

Server : idler.no-ip.org, server, linux
Hall computer name: sagittarius, WinXP

At server
run the following command:

cd /usr/share/openvpn/easy-rsa/
. ./vars
./clean-all
./build-ca # Enter the information as required

Country Name (2 letter code) [KG]:
State or Province Name (full name) [NA]:
Locality Name (eg, city) [BISHKEK]:
Organization Name (eg, company) [OpenVPN-TEST]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:OpenVPN-CA
Email Address [me@myhost.mydomain]:

./build-key-server server
./build-key sagittarius
./build-dh

transfer ca.crt sagittarius.crt sagittarius.key to sagittarius (3 files), use a secure way.

mv ca.crt dh1024.pem server.crt server.key /etc/openvpn/

vi /etc/openvpn/server.conf
------------------------------------------------
port 1194
proto udp        # You may use TCP
dev tun                # tun for routing, tap for bridging

ca ca.crt
cert server.crt
key server.key
dh dh1024.pem

server 172.16.0.0 255.255.255.0                # Assign subnet
ifconfig-pool-persist ipp.txt                # Record of client, used when OpenVPN goes down or is restarted, then reconnect them
push "route 192.168.0.0 255.255.255.0"        # Let client route according these
push "route 10.0.0.0 255.255.255.0"
push "dhcp-option WINS 172.16.0.1"        # Let client use this WINS server
client-to-client                        # Allow client see client
keepalive 10 120
;comp-lzo                # Don't enable, it is terrible slow
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3
------------------------------------------------

cd /etc/openvpn
ln -s server.conf openvpn.conf
/etc/init.d/openvpn restart

At client running windows XP, goto C:\Program Files\OpenVPN\config
create client.ovpn, use notepad edit it.

------------------------------------------------
client
dev tun
proto udp
remote idler.no-ip.org 1194
remote www.pcinhk.com 1194        # They are same but as back up for ddns resolving failure
remote-random                        # random choose
resolv-retry infinite
nobind
persist-tun
ca ca.crt
cert sagittarius.crt
key sagittarius.key
;comp-lzo
verb 3
------------------------------------------------

Start it as services called "OpenVPN". If it get connected, then test it with ping, then test with samba.

For details, let's see http://openvpn.net/howto.html
OpenVPN 是非常安全的 VPN,使用 OpenSSL,連線內容已被加密…沒人會知你用網絡做什麼,由於也不用 IPsec,不用特別的 kernel 選項,也容易穿過 firewall,可算是只要有 internet 就能 connect!

key 要由 server 針對每部機發出,不是 key signing machine 發的 key 一定不能 connect!因為發 key 要先有 ca.key。

至於 SSL 為何安全,因為加密和解密是用不同的 key 做的…
連線建立前,雙方都有一對自己的 key,就是 private key 和 public key(私匙/公匙),公匙可以人人都知道,但私匙就只有自己才知道…
傳送時以對方的公匙加密,接收到以自己的私匙解密,沒有私匙可說是一定解不到的!因此 SSL 就係咁安全…