教你在Centos 6.3下利用openvpn部署远程VPN服务
|
# 常用于测试 ;duplicate-cn # 设置服务端检测的间隔和超时时间 keepalive 10 120 # 下面是一些对安全性增强的措施 # For extra security beyond that provided # by SSL/TLS, create an "HMAC firewall" # to help block DoS attacks and UDP port flooding. # # Generate with: # openvpn --genkey --secret ta.key # # The server and each client must have # a copy of this key. # The second parameter should be 0 # on the server and 1 on the clients. ;tls-auth ta.key 0 # This file is secret # Select a cryptographic cipher. # This config item must be copied to # the client config file as well. ;cipher BF-CBC # Blowfish (default) ;cipher AES-128-CBC # AES ;cipher DES-EDE3-CBC # Triple-DES # 使用lzo压缩的通讯,服务端和客户端都必须配置 comp-lzo # 设置最大用户数 ;max-clients 100 # 让OpenVPN以nobody用户和组来运行(安全) ;user nobody ;group nobody # The persist options will try to avoid # accessing certain resources on restart # that may no longer be accessible because # of the privilege downgrade. persist-key persist-tun # 输出短日志,每分钟刷新一次,以显示当前的客户端 status /var/log/openvpn/openvpn-status.log # 缺省日志会记录在系统日志中,但也可以导向到其他地方 # 建议调试的使用先不要设置,调试完成后再定义 log /var/log/openvpn/openvpn.log log-append /var/log/openvpn/openvpn.log # 设置日志的级别 # # 0 is silent, except for fatal errors # 4 is reasonable for general usage # 5 and 6 can help to debug connection problems # 9 is extremely verbose verb 3 # Silence repeating messages. At most 20 # sequential messages of the same message # category will be output to the log. ;mute 20 查看本栏目更多精彩内容:http://www.bianceng.cn/OS/Linux/ -------------------------- 创建日志目录: # mkdir -p /var/log/openvpn/ 启动openvpn server # /usr/local/openvpn/sbin/openvpn --config /etc/openvpn/server.conf & 设置开机启动: # echo "/usr/local/openvpn/sbin/openvpn --config /etc/openvpn/server.conf > /dev/null 2>&1 &" >> /etc/rc.local client端: (编辑:济南站长网) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |
