• 在Openwrt上搭建ipv6的OpenVPN服务器

    服务器端的配置

    安装OpenVPN软件

    opkg update
    opkg install openvpn openvpn-easy-rsa  #easy-rsa不一定要安装,我把easy-rsa的操作在PC上进行
    

     

    [important]下面的操作在Windows上进行,请先下载并安装Windows版的OpenVPN。如果你打算在路由上使用easy-rsa,对应的操作见文末参考来源的[/important]

    生成CA和各种证书

    修改 OpenVPN\easy-rsa\vars.bat.sample 为你的信息:

    set KEY_COUNTRY=CN
    set KEY_PROVINCE=Guangdong
    set KEY_CITY=Guangzhou
    set KEY_ORG=7forz
    set KEY_EMAIL=7f@7forz.com
    set KEY_CN=7forz
    set KEY_NAME=7forz
    set KEY_OU=7forz
    set PKCS11_MODULE_PATH=7forz.com
    set PKCS11_PIN=1234

     

    打开cmd,进入 OpenVPN\easy-rsa,运行以下命令:

    init-config

    vars

    clean-all

    build-ca (创建根证书)
    Country Name (2 letter code) [CN]:
    State or Province Name (full name) [Guangdong]:
    Locality Name (eg, city) [Guangzhou]:
    Organization Name (eg, company) [7forz]:
    Organizational Unit Name (eg, section) [7forz]:
    Common Name (eg, your name or your server’s hostname) [7forz]:
    Name [7forz]:
    Email Address [7f@7forz.com]:

    build-dh

    build-key-server server (服务器证书,server为机器名)
    Country Name (2 letter code) [CN]:
    State or Province Name (full name) [Guangdong]:
    Locality Name (eg, city) [Guangzhou]:
    Organization Name (eg, company) [7forz]:
    Organizational Unit Name (eg, section) [7forz]:
    Common Name (eg, your name or your server’s hostname) [7forz]:
    Name [7forz]:
    Email Address [7f@7forz.com]:
    Please enter the following ‘extra’ attributes
    to be sent with your certificate request
    A challenge password []:password
    An optional company name []:

    build-key client1 (创建客户端证书,client1为用户名,之后还可以创建client2,client3)
    Country Name (2 letter code) [CN]:
    State or Province Name (full name) [Guangdong]:
    Locality Name (eg, city) [Guangzhou]:
    Organization Name (eg, company) [7forz]:
    Organizational Unit Name (eg, section) [7forz]:
    Common Name (eg, your name or your server’s hostname) [7forz]:
    Name [7forz]:
    Email Address [7f@7forz.com]:
    Please enter the following ‘extra’ attributes
    to be sent with your certificate request
    A challenge password []:password
    An optional company name []:

    如果出现
    failed to update database
    TXT_DB error number 2
    错误,貌似是因为Common Name相同而导致的,请在生成时修改之或者打开keys\index.txt并清除其中内容,再执行一次build-key client1命令

    之后把 ca.crt  server.*  dh*.pem  传到路由的 /etc/openvpn 目录下

    再把 ca.crt client*.* 放到你电脑的 OpenVPN\config 目录下

    阅读更多…