linux opepvpn客户端配置静态ip地址

openvpn客户端静态ip地址配置

安装openvpn客户端

1
# yum install or apt-get install openvpn

服务端生成key密钥zgc.ovpn上传到/etc/openvpn/etc

启动命令

1
# openvpn --daemon --cd /etc/openvpn/etc --config zgc.ovpn --log-append /var/log/openvpn.log

服务端查看/var/log/openvpn/server.log

1
2
# taif -f /var/log/openvpn/server.log
### 添加本地静态路由

配置文件-1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
port 1194
proto udp
dev tun

comp-lzo
keepalive 10 120

persist-key
persist-tun
user nobody
group nogroup

chroot /etc/openvpn/easy-rsa/keys/crl.jail
crl-verify crl.pem

ca /etc/openvpn/easy-rsa/keys/ca.crt
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
key /etc/openvpn/easy-rsa/keys/server.key
cert /etc/openvpn/easy-rsa/keys/server.crt

server 10.10.10.0 255.255.255.0
ifconfig-pool-persist ipp.txt

push "route 10.10.10.0 255.255.255.0" //声明192.168.10段的IP
push "route 10.0.0.0 255.255.255.0" //声明10.0.0.0段的ip
client-config-dir ccd //客户端的控制文件
route 192.168.10.0 255.255.255.0 //增加的路由
route 10.0.0.0 255.255.255.0 //增加的路由
client-to-client
keepalive 10 120
comp-lzo
persist-key
persist-tun
status /var/log/openvpn/server.log
verb 4 //日志的记录等级

配置文件-2

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
port 1194
proto udp
dev tun

comp-lzo
keepalive 10 120

persist-key
persist-tun
user nobody
group nogroup

chroot /etc/openvpn/easy-rsa/keys/crl.jail
crl-verify crl.pem

ca /etc/openvpn/easy-rsa/keys/ca.crt
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
key /etc/openvpn/easy-rsa/keys/server.key
cert /etc/openvpn/easy-rsa/keys/server.crt

ifconfig-pool-persist /var/lib/openvpn/server.ipp
client-config-dir ccd
status /var/log/openvpn/server.log
verb 4

// virtual subnet unique for openvpn to draw client addresses from
// the server will be configured with x.x.x.1
// important: must not be used on your network
server 10.10.10.0 255.255.255.0

// configure clients to route all their traffic through the vpn
push "redirect-gateway def1 bypass-dhcp"