基于Linux的 OpenVPN网络之网络架构应用实例（二）

[root@gw2 ~]# vim /etc/openvpn/gw2.conf

client //使用客户端模式

dev tun

proto udp

remote 173.74.75.76 1194 //点对点主服务器的地址、端口

resolv-retry infinite

nobind

user nobody

group nobody

persist-key

persist-tun

ca keys/ca.crt

cert keys/gw2.crt

key keys/gw2.key

ns-cert-type server

tls-auth keys/ta.key 1

cipher BF-CBC //需和 GW1 服务器端保持一致

comp-lzo

verb 3

mute 20

[root@gw2 ~]# service openvpn start

正在启动 openvpn： [确定]

[root@gw2 ~]# netstat -anp | grep openvpn

udp 0 0 0.0.0.0:39449 0.0.0.0:* 27004/openvpn

unix 2 [ ] DGRAM 65137 27004/openvpn

[root@gw1 keys]# ifconfig tun0

tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00

inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255

UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1

RX packets:0 errors:0 dropped:0 overruns:0 frame:0

TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:100

RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

[root@gw1 ~]# route -n

Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref Use Iface

10.8.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0

192.168.2.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0

10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0

192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1

173.74.75.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1

[root@gw2 ~]# ifconfig tun0

tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00

inet addr:10.8.0.2 P-t-P:10.8.0.1 Mask:255.255.255.255

UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1

RX packets:0 errors:0 dropped:0 overruns:0 frame:0

TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:100

RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)