{"id":290,"date":"2011-04-11T08:00:16","date_gmt":"2011-04-11T08:00:16","guid":{"rendered":"http:\/\/www.extralan.ru\/wordpress\/?p=290"},"modified":"2012-01-06T17:27:27","modified_gmt":"2012-01-06T13:27:27","slug":"290","status":"publish","type":"post","link":"https:\/\/extralan.ru\/?p=290","title":{"rendered":"\u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 OpenVPN \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0438 \u043a\u043b\u0438\u0435\u043d\u0442\u0430 \u043d\u0430 Gentoo Linux"},"content":{"rendered":"

\u041d\u0430\u0442\u043a\u043d\u0443\u043b\u0441\u044f \u043d\u0430 \u043f\u0440\u0435\u0432\u043e\u0441\u0445\u043e\u0434\u043d\u0443\u044e \u0441\u0442\u0430\u0442\u044c\u044e \u043f\u043e \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 OpenVPN \u0432 Gentoo Linux, \u0441\u043b\u0435\u0434\u0443\u044f \u043f\u043e \u0448\u0430\u0433\u0430\u043c \u043d\u0430\u0441\u0442\u0440\u043e\u0438\u043b \u0432\u0441\u0451 \u0431\u0435\u0437 «\u0433\u0440\u0430\u0431\u043b\u0435\u0439»:
\nhttp:\/\/sysadm.ucoz.ua\/forum\/11-77-1<\/a>
\n
\n\u0421\u043e\u0434\u0435\u0440\u0436\u0438\u043c\u043e\u0435 \u0441\u0442\u0430\u0442\u044c\u0438:
\n\u0412\u043e\u0437\u043d\u0438\u043a\u043b\u0430 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0430\u0437\u043e\u0431\u0440\u0430\u0442\u044c\u0441\u044f \u0438 \u043d\u0430\u0441\u0442\u0440\u043e\u0438\u0442\u044c VPN \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 OpenVPN. \u042f\u0441\u043d\u043e\u0435 \u0434\u0435\u043b\u043e Google + man \u0438 \u043a\u0443\u0440\u0438\u0442\u044c \u0434\u043e \u043e\u0431\u0435\u0434\u0430 \u0432 \u0447\u0435\u0442\u0432\u0435\u0440\u0433, \u043e\u0441\u0432\u0430\u0438\u0432\u0430\u0442\u044c \u0431\u0443\u0434\u0443 \u043d\u0430 \u0441\u0432\u043e\u0435\u0439 \u043b\u044e\u0431\u0438\u043e\u043c\u0439 GNU\/Linux Gentoo.
\n\u0414\u043b\u044f \u043d\u0430\u0447\u0430\u043b\u0430 \u043f\u043e\u0438\u0449\u0435\u043c:<\/p>\n

server \/ # emerge -s openvpn
\nSearching...
\n[ Results for search key : openvpn ]
\n[ Applications found : 4 ]
\n* app-crypt\/openvpn-blacklist [ Masked ]
\nLatest version available: 0.4
\nLatest version installed: [ Not Installed ]
\nSize of files: 1,765 kB
\nHomepage: http:\/\/packages.debian.org\/sid\/openvpn-blacklist
\nDescription: Detection of weak openvpn keys produced by certain debian versions between 2006 and 2008
\nLicense: GPL-2
\n* net-misc\/networkmanager-openvpn [ Masked ]
\nLatest version available: 0.7.1
\nLatest version installed: [ Not Installed ]
\nSize of files: 372 kB
\nHomepage: http:\/\/www.gnome.org\/projects\/NetworkManager\/
\nDescription: NetworkManager OpenVPN plugin.
\nLicense: GPL-2
\n* net-misc\/openvpn
\nLatest version available: 2.0.9
\nLatest version installed: [ Not Installed ]
\nSize of files: 653 kB
\nHomepage: http:\/\/openvpn.net\/
\nDescription: OpenVPN is a robust and highly flexible tunneling application compatible with many OSes.
\nLicense: GPL-2
\n* sec-policy\/selinux-openvpn [ Masked ]
\nLatest version available: 20080525
\nLatest version installed: [ Not Installed ]
\nSize of files: 328 kB
\nHomepage: http:\/\/www.gentoo.org\/proj\/en\/hardened\/selinux\/
\nDescription: SELinux policy for OpenVPN
\nLicense: GPL-2
\nserver \/ #<\/code>
\n\u041d\u0430\u0448\u043b\u043e\u0441\u044c 4 \u043f\u0430\u043a\u0435\u0442\u0430 \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 3 \u0437\u0430\u043c\u0430\u0441\u043a\u0438\u0440\u043e\u0432\u0430\u043d\u044b, \u043c\u0435\u043d\u044f \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u0443\u0435\u0442 \u044d\u0442\u043e\u0442:
\n* net-misc\/openvpn
\nLatest version available: 2.0.9
\nLatest version installed: [ Not Installed ]
\nSize of files: 653 kB
\nHomepage: http:\/\/openvpn.net\/
\nDescription: OpenVPN is a robust and highly flexible tunneling application compatible with many OSes.
\nLicense: GPL-2
\n<\/code>
\n\u041f\u0435\u0440\u0432\u043e\u0435 — \u044d\u0442\u043e \u043f\u043e\u0441\u043c\u043e\u0442\u0440\u0438\u043c \u0441 \u043a\u0430\u043a\u0438\u043c\u0438 \u0444\u043b\u0430\u0433\u0430\u043c\u0438 \u043f\u0440\u0435\u0434\u043b\u0430\u0433\u0430\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0439 \u0441\u0430\u0431\u0436:
\nserver \/ # emerge -pv openvpn
\nThese are the packages that would be merged, in order:
\nCalculating dependencies... done!
\n[ebuild N ] net-misc\/openvpn-2.0.9 USE=\"examples iproute2 pam ssl -minimal -passwordsave (-selinux) -static -threads\" 0 kB
\nTotal: 1 package (1 new), Size of downloads: 0 kB
\nserver \/ #
\n<\/code>
\n\u0414\u043b\u044f \u0441\u0435\u0431\u044f \u044f \u043e\u0442\u043c\u0435\u0442\u0438\u043b \u0442\u043e\u043b\u044c\u043a\u043e 4 \u0444\u043b\u0430\u0433\u0430 \u0438 \u043f\u043e \u043f\u0440\u0438\u0432\u044b\u0447\u043a\u0435 \u0441\u043a\u0438\u043d\u0443\u043b \u0438\u0445 \u0432 \/etc\/portage\/package.use
\nserver \/ # echo \"net-misc\/openvpn examples iproute2 pam ssl\" >> \/etc\/portage\/package.use
\nserver \/ #
\n<\/code>
\n\u041f\u0440\u0438\u0441\u0442\u0443\u043f\u0438\u043c \u043a \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0435 \u0441\u0430\u043c\u043e\u0433\u043e \u0441\u0430\u0431\u0436\u0430 \u043a\u043e\u043c\u0430\u043d\u0434\u043e\u0439:
\n
\nserver \/ # emerge openvpn
\n<\/code>
\n\u0432 \u0441\u0430\u043c\u043e\u043c \u043a\u043e\u043d\u0446\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438, \u0431\u0443\u0434\u0435\u0442 \u043a\u0440\u0430\u0442\u043a\u043e\u0435 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0447\u0442\u043e \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0441\u0434\u0435\u043b\u0430\u0442\u044c, \u043f\u0440\u0438\u0432\u043e\u0436\u0443 \u0446\u0438\u0442\u0430\u0442\u043e\u0439:
\n
\n* WARNING: The openvpn init script has changed
\n* The openvpn init script expects to find the configuration file
\n* openvpn.conf in \/etc\/openvpn along with any extra files it may need.
\n* To create more VPNs, simply create a new .conf file for it and
\n* then create a symlink to the openvpn init script from a link called
\n* openvpn.newconfname - like so
\n* cd \/etc\/openvpn
\n* nano foo.conf
\n* cd \/etc\/init.d
\n* ln -s openvpn openvpn.foo
\n* You can then treat openvpn.foo as any other service, so you can
\n* stop one vpn and start another if you need to.
\n* plugins have been installed into \/usr\/lib\/openvpn
\n* It is recommended that you create your tun\/tap interfaces using
\n* the net.tun0\/net.tap0 scripts provided by baselayout instead of
\n* using the 'server' directive in openvpn configuration files.
\n* This will insure that the interface really is up after openvpn
\n* starts.
\n* Note that you cannot use net.tun0\/net.tap0 and the server option,
\n* otherwise openvpn will not start.
\n<\/code>
\n\u041d\u043e \u043c\u043d\u0435, \u044d\u0442\u043e \u043f\u043e\u043a\u0430 \u043d\u0435 \u043d\u0443\u0436\u043d\u043e — \u043d\u0435 \u0431\u0443\u0434\u0443 \u043d\u0430 \u044d\u0442\u043e\u043c \u0437\u0430\u043e\u0441\u0442\u0440\u044f\u0442\u044c \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435. \u0421\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c \u0448\u0430\u0433\u043e\u043c — \u0438\u0434\u0435\u043c \u0432 \u043f\u0430\u043f\u043a\u0443 \/etc\/openvpn
\n
\nserver \/ # cd \/etc\/openvpn\/
\nserver openvpn #
\n<\/code>
\n\u0432 \u043f\u0430\u043f\u043a\u0435 \u043f\u043e\u043a\u0430 \u043f\u0443\u0441\u0442\u043e, \u043d\u0443 \u0442\u043e\u0433\u0434\u0430 \u043f\u043e\u0448\u0430\u0433\u043e\u0432\u043e \u0432\u0441\u0451 \u0441 \u0441\u0430\u043c\u043e\u0433\u043e \u043d\u0430\u0447\u0430\u043b\u0430.
\n\u041f\u0435\u0440\u0435\u0439\u0434\u0435\u043c \u0432 \u043f\u0430\u043f\u043a\u0443 \/usr\/share\/openvpn\/ \u0438 \u043f\u043e\u0441\u043c\u043e\u0442\u0440\u0438\u043c \u0447\u0442\u043e \u0442\u0430\u043c \u0435\u0441\u0442\u044c:
\n
\nserver openvpn # cd \/usr\/share\/openvpn\/
\nserver openvpn # ls
\neasy-rsa
\n<\/code>
\n\u0415\u0441\u0442\u044c \u043f\u0430\u043f\u043a\u0430 — \u0441\u043c\u043e\u0442\u0440\u0438\u043c \u0447\u0442\u043e \u0442\u0430\u043c \u0432\u043d\u0443\u0442\u0440\u0438:
\n
\nserver openvpn # cd easy-rsa\/
\nserver easy-rsa # ls
\nbuild-ca build-inter build-key-pass
\nbuild-key-server build-req-pass inherit-inter
\nopenssl-0.9.6.cnf pkitool revoke-full
\nvars build-dh build-key
\nbuild-key-pkcs12 build-req clean-all
\nlist-crl o penssl.cnf README
\nsign-req whichopensslcnf
\nserver easy-rsa #
\n<\/code>
\n\u041f\u043e\u0441\u043c\u043e\u0442\u0440\u0438\u043c — \u0447\u0442\u043e \u0435\u0441\u0442\u044c \u0432 \u0444\u0430\u0439\u043b\u0435 vars (\u0437\u0430\u043a\u043e\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0441\u0442\u0440\u043e\u043a\u0438 \u044f \u0443\u0431\u0440\u0430\u043b):
\n
\nserver easy-rsa # cat vars
\nexport EASY_RSA=\"`pwd`\"
\nexport OPENSSL=\"openssl\"
\nexport PKCS11TOOL=\"pkcs11-tool\"
\nexport GREP=\"grep\"
\nexport KEY_CONFIG=`$EASY_RSA\/whichopensslcnf $EASY_RSA`
\nexport KEY_DIR=\"$EASY_RSA\/keys\"
\necho NOTE: If you run .\/clean-all, I will be doing a rm -rf on $KEY_DIR
\nexport KEY_SIZE=1024
\nexport CA_EXPIRE=3650
\nexport KEY_EXPIRE=3650
\nexport KEY_COUNTRY=\"US\"
\nexport KEY_PROVINCE=\"CA\"
\nexport KEY_CITY=\"SanFrancisco\"
\nexport KEY_ORG=\"Fort-Funston\"
\nexport KEY_EMAIL=\"me@myhost.mydomain\"
\nserver easy-rsa #
\n<\/code>
\n\u0420\u0435\u0434\u0430\u043a\u0442\u0438\u0440\u0443\u0435\u043c \u043f\u043e\u0434 \u0441\u0435\u0431\u044f \u0438 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u0441\u044f \u0447\u0442\u043e-\u0442\u043e \u043f\u043e\u0434\u043e\u0431\u043d\u043e\u0435:
\n
\nexport EASY_RSA=\"`pwd`\"
\nexport OPENSSL=\"openssl\"
\nexport PKCS11TOOL=\"pkcs11-tool\"
\nexport GREP=\"grep\"
\nexport KEY_CONFIG=`$EASY_RSA\/whichopensslcnf $EASY_RSA`
\nexport KEY_DIR=\"\/etc\/openvpn\/vserver\/keys\"
\necho NOTE: If you run .\/clean-all, I will be doing a rm -rf on $KEY_DIR
\nexport KEY_SIZE=1024
\nexport CA_EXPIRE=3650
\nexport KEY_EXPIRE=3650
\nexport KEY_COUNTRY=\"UA\"
\nexport KEY_PROVINCE=\"DN\"
\nexport KEY_CITY=\"Donetsk\"
\nexport KEY_ORG=\"VincentVanGog.Net-LTD\"
\nexport KEY_EMAIL=\"kernel@vincentvangog.net\"
\n<\/code>
\n\u0422\u0435\u043f\u0435\u0440\u044c \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0437\u0430\u0433\u0440\u0443\u0437\u0438\u0442\u044c \u043f\u0435\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0435 \u0438\u0437 \u0444\u0430\u0439\u043b\u0430 vars \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u043c \u043a\u043e\u043c\u0430\u043d\u0434\u0443:
\n
\nserver easy-rsa # source .\/vars
\nNOTE: If you run .\/clean-all, I will be doing a rm -rf on \/etc\/openvpn\/vserver\/keys
\nserver easy-rsa #
\n<\/code>
\n\u0418\u0437 \u0432\u0441\u0435\u0445 \u0444\u0430\u0439\u043b\u043e\u0432, \u043d\u0430\u043c \u043d\u0443\u0436\u043d\u0430 \u0443\u0442\u0438\u043b\u0438\u0442\u0430 pkitool — \u0447\u0442\u043e\u0431\u044b \u0441\u0433\u0435\u043d\u0435\u0440\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043a\u043b\u044e\u0447\u0438 \u0434\u043b\u044f \u0437\u0430\u0449\u0438\u0442\u044b \u043f\u0435\u0440\u0435\u0434\u0430\u0432\u0430\u0435\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u041f\u0440\u0438\u0441\u0442\u0443\u043f\u0430\u0435\u043c \u043a \u0433\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u0438 \u043a\u043b\u044e\u0447\u0435\u0439:<\/p>\n

1. \u0413\u0435\u043d\u0435\u0440\u0438\u0440\u0443\u0435\u043c \u043a\u043b\u044e\u0447 \u0434\u043b\u044f TLS \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0442\u0430\u043a \u043d\u0430\u0437\u044b\u0432\u0430\u0435\u043c\u044b\u0439 ta.key<\/strong>
\n
\nserver easy-rsa # openvpn --genkey --secret \/etc\/openvpn\/vserver\/keys\/ta.key
\nserver easy-rsa #
\n<\/code>
\n2. \u0413\u0435\u043d\u0435\u0440\u0438\u0440\u0443\u0435\u043c \u043a\u043b\u044e\u0447 \u0414\u0438\u0444\u0444\u0438-\u0425\u0435\u043b\u043b\u043c\u0430\u043d\u0430 \u043d\u0430\u0445\u043e\u0434\u044f\u0441\u044c \u0432 \u043f\u0430\u043f\u043a\u0435 \/usr\/share\/openvpn\/easy-rsa\/ \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u043c \u043a\u043e\u043c\u0430\u043d\u0434\u0443:<\/strong>
\nserver easy-rsa # .\/build-dh
\nGenerating DH parameters, 1024 bit long safe prime, generator 2
\nThis is going to take a long time
\n(\u0413\u0435\u043d\u0435\u0440\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u043a\u043b\u044e\u0447)
\nserver easy-rsa #<\/code>
\n3. \u0413\u0435\u043d\u0435\u0440\u0438\u0440\u0443\u0435\u043c \u0434\u043b\u044f \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0410\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0439 \u043a\u043b\u044e\u0447 \u043a\u043e\u043c\u0430\u043d\u0434\u043e\u0439:<\/strong>
\n
\nserver easy-rsa # .\/pkitool --initca
\nUsing CA Common Name: VincentVanGog.Net-LTD CA
\nGenerating a 1024 bit RSA private key
\n..........++++++
\n....................++++++
\nwriting new private key to 'ca.key'
\n-----
\nserver easy-rsa #
\n<\/code>
\n4. \u0414\u043b\u044f \u0441\u0435\u0440\u0432\u0435\u0440\u0430 hydra \u0433\u0435\u043d\u0435\u0440\u0438\u0440\u0443\u0435\u043c \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442 X.509 (\u043d\u0443\u0436\u043d\u043e \u0431\u0443\u0434\u0435\u0442 \u043f\u043e\u043a\u0443\u0440\u0438\u0442\u044c \u043c\u0430\u043d\u044b \u043f\u043e \u044d\u0442\u043e\u043c\u0443 \u0432\u043e\u043f\u0440\u043e\u0441\u0443):<\/strong>
\n
\nserver easy-rsa # .\/pkitool --server hydra
\nGenerating a 1024 bit RSA private key
\n..................++++++
\n........++++++
\nwriting new private key to 'hydra.key'
\n-----
\nUsing configuration from \/usr\/share\/openvpn\/easy-rsa\/openssl.cnf
\n\/etc\/openvpn\/vserver\/keys\/\/index.txt: No such file or directory
\nunable to open '\/etc\/openvpn\/vserver\/keys\/\/index.txt'
\n1165:error:02001002:system library:fopen:No such file or directory:bss_file.c:356:fopen('\/etc\/openvpn\/vserver\/keys\/\/index.txt','r')
\n1165:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:358:
\n<\/code>
\n\u0412\u043e\u0442 \u0438 \u043f\u0435\u0440\u0432\u044b\u0435 \u0433\u0440\u0430\u0431\u043b\u0438, \u0441\u043c\u043e\u0442\u0440\u0438\u043c \u0447\u0442\u043e \u043d\u0435 \u0442\u0430\u043a \u0430 \u043d\u0435 \u0442\u0430\u043a \u0432\u043e\u0442 \u044d\u0442\u043e: \/etc\/openvpn\/vserver\/keys\/\/index.txt: No such file or directory \u043d\u0435\u0442 \u0438\u043d\u0434\u0435\u043a\u0441\u043d\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430 \u043a\u043b\u044e\u0447\u0435\u0439 \u0432 \u043f\u0430\u043f\u043a\u0435 \/etc\/openvpn\/vserver\/keys\/ \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u043c:
\n
\nserver easy-rsa # touch \/etc\/openvpn\/vserver\/keys\/index.txt
\nserver easy-rsa #
\n<\/code>
\n\u041f\u0440\u043e\u0431\u0443\u0435\u043c \u0435\u0449\u0435 \u0440\u0430\u0437 \u0441\u0433\u0435\u043d\u0435\u0440\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043a\u043b\u044e\u0447:
\n
\nserver easy-rsa # .\/pkitool --server hydra
\nGenerating a 1024 bit RSA private key
\n.++++++
\n....++++++
\nwriting new private key to 'hydra.key'
\n-----
\nUsing configuration from \/usr\/share\/openvpn\/easy-rsa\/openssl.cnf
\n\/etc\/openvpn\/vserver\/keys\/\/serial: No such file or directory
\nerror while loading serial number
\n1223:error:02001002:system library:fopen:No such file or directory:bss_file.c:356:fopen('\/etc\/openvpn\/vserver\/keys\/\/serial','r')
\n1223:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:358:
\n<\/code>
\n\u0412\u0442\u043e\u0440\u043e\u0439 \u0433\u0440\u0430\u0431\u043b\u044c — \u0438 \u0447\u0442\u043e \u043d\u0430 \u044d\u0442\u043e\u0442 \u0440\u0430\u0437 \/etc\/openvpn\/vserver\/keys\/\/serial: No such file or directory error while loading serial number<\/p>\n

\u0421\u043d\u043e\u0432\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u043c:
\n
\nserver easy-rsa # touch \/etc\/openvpn\/vserver\/keys\/serial
\nserver easy-rsa #
\n<\/code><\/p>\n

\u041d\u043e \u0435\u0449\u0435 \u0431\u044b\u043b\u043e \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0435 error while loading serial number, \u0437\u043d\u0430\u0447\u0438\u0442 \u0432 \u0444\u0430\u0439\u043b\u0435 serial \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 \u0441\u0435\u0440\u0438\u0439\u043d\u043e\u0433\u043e \u043d\u043e\u043c\u0435\u0440\u0430 \u0434\u043b\u044f \u043a\u043b\u044e\u0447\u0430 \u043d\u0443 \u043f\u043e\u043f\u0440\u043e\u0431\u0443\u0435\u043c YYYYMMDD:
\n
\nserver easy-rsa # echo '20090727' > \/etc\/openvpn\/vserver\/keys\/serial
\nserver easy-rsa #
\n<\/code>
\n\u041f\u0440\u043e\u0431\u0443\u0435\u043c \u0441\u043d\u043e\u0432\u0430 \u0441\u0433\u0435\u043d\u0435\u0440\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043a\u043b\u044e\u0447:
\n
\nserver easy-rsa # .\/pkitool --server hydra
\nGenerating a 1024 bit RSA private key
\n.....................++++++
\n......++++++
\nwriting new private key to 'hydra.key'
\n-----
\nUsing configuration from \/usr\/share\/openvpn\/easy-rsa\/openssl.cnf
\nCheck that the request matches the signature
\nSignature ok
\nThe Subject's Distinguished Name is as follows
\ncountryName :PRINTABLE:'UA'
\nstateOrProvinceName :PRINTABLE:'DN'
\nlocalityName :PRINTABLE:'Donetsk'
\norganizationName :PRINTABLE:'VincentVanGog.Net-LTD'
\ncommonName :PRINTABLE:'hydra'
\nemailAddress :IA5STRING:'kernel@vincentvangog.net'
\nCertificate is to be certified until Jul 25 18:34:29 2019 GMT (3650 days)
\nWrite out database with 1 new entries
\nData Base Updated
\nserver easy-rsa #
\n<\/code>
\n\u0412\u0441\u0435 \u0432\u044b\u0448\u043b\u043e \u043e\u0442\u043b\u0438\u0447\u043d\u043e, \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u043c \u0434\u0430\u043b\u044c\u0448\u0435.
\n5. \u0421\u0433\u0435\u043d\u0435\u0440\u0438\u0440\u0443\u0435\u043c \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442 X.509 \u0434\u043b\u044f \u043a\u043b\u0438\u0435\u043d\u0442\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0431\u0443\u0434\u0435\u0442 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u0442\u044c\u0441\u044f \u043a \u043d\u0430\u0448\u0435\u043c\u0443 \u0441\u0435\u0440\u0432\u0435\u0440\u0443, \u043a\u043e\u043c\u0430\u043d\u0434\u043e\u0439:<\/strong>
\n
\nserver easy-rsa # .\/pkitool vincentvangog
\nGenerating a 1024 bit RSA private key
\n.......++++++
\n........................++++++
\nwriting new private key to 'vincentvangog.key'
\n-----
\nUsing configuration from \/usr\/share\/openvpn\/easy-rsa\/openssl.cnf
\nCheck that the request matches the signature
\nSignature ok
\nThe Subject's Distinguished Name is as follows
\ncountryName :PRINTABLE:'UA'
\nstateOrProvinceName :PRINTABLE:'DN'
\nlocalityName :PRINTABLE:'Donetsk'
\norganizationName :PRINTABLE:'VincentVanGog.Net-LTD'
\ncommonName :PRINTABLE:'vincentvangog'
\nemailAddress :IA5STRING:'kernel@vincentvangog.net'
\nCertificate is to be certified until Jul 25 18:36:55 2019 GMT (3650 days)
\nWrite out database with 1 new entries
\nData Base Updated
\nserver easy-rsa #
\n<\/code>
\n\u0421\u043d\u043e\u0432\u0430 \u0432\u0441\u0451 \u0432\u044b\u0448\u043b\u043e \u043e\u0442\u043b\u0438\u0447\u043d\u043e, \u0434\u0430\u043b\u0435\u0435 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0439, \u0430 \u0438\u043c\u0435\u043d\u043d\u043e:
\n\u041f\u0440\u043e\u0432\u0435\u0440\u0438\u043c \u0447\u0442\u043e \u0443 \u043d\u0430\u0441 \u043d\u0430\u0445\u043e\u0434\u0438\u0442\u0441\u044f \u0432 \u043f\u0430\u043f\u043a\u0435 \/etc\/openvpn\/vserver\/keys
\n
\nserver easy-rsa # ls \/etc\/openvpn\/vserver\/keys\/
\n20090727.pem ca.crt dh1024.pem hydra.csr
\nindex.txt index.txt.attr.old serial
\nta.key vincentvangog.csr 20090728.pem
\nca.k ey hydra.c rt hydra.key
\nindex.txt.attr index.txt.old serial.old
\nvincentvangog.crt vincentvangog.key
\nserver easy-rsa #
\n<\/code>
\n\u0412\u0441\u0435 \u043a\u043b\u044e\u0447\u0438 \u0438 \u0444\u0430\u0439\u043b\u044b \u0443 \u043d\u0430\u0441 \u0438\u043c\u0435\u044e\u0442\u0441\u044f. \u041f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0438 \u0441\u0435\u0440\u0432\u0435\u0440 \u0438 \u043a\u043b\u0438\u0435\u043d\u0442 \u0431\u0443\u0434\u0443\u0442 \u0441\u0442\u043e\u044f\u0442\u044c \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u043d\u0430
\n\u043e\u0434\u043d\u043e\u0439 \u043c\u0430\u0448\u0438\u043d\u0435 \u0441\u043e\u0437\u0434\u0430\u0435\u043c \u043f\u0430\u043f\u043a\u0443 client:
\n
\nserver vserver # mkdir \/etc\/openvpn\/vserver\/client
\nserver vserver #
\n<\/code>
\n\u0432 \u043f\u0430\u043f\u043a\u0443 client \u043a\u043e\u043f\u0438\u0440\u0443\u0435\u043c \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u0444\u0430\u0439\u043b\u044b \u0438\u0437 \u043f\u0430\u043f\u043a\u0438 \/etc\/openvpn\/vserver\/keys\/
\n
\nserver vserver # cp \/etc\/openvpn\/vserver\/keys\/ca.crt \/etc\/openvpn\/vserver\/client\/
\nserver vserver # cp \/etc\/openvpn\/vserver\/keys\/dh1024.pem \/etc\/openvpn\/vserver\/client\/
\nserver vserver # cp \/etc\/openvpn\/vserver\/keys\/ta.key \/etc\/openvpn\/vserver\/client\/
\n<\/code>
\n\u0430 \u0442\u0430\u043a\u0436\u0435 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u044b \u0441\u0430\u043c\u043e\u0433\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430:
\n
\nserver vserver # cp \/etc\/openvpn\/vserver\/keys\/vincentvangog.crt \/etc\/openvpn\/vserver\/client\/
\nserver vserver # cp \/etc\/openvpn\/vserver\/keys\/vincentvangog.csr \/etc\/openvpn\/vserver\/client\/
\nserver vserver # cp \/etc\/openvpn\/vserver\/keys\/vincentvangog.key \/etc\/openvpn\/vserver\/client\/
\n<\/code><\/p>\n

\u0412 \u043f\u0430\u043f\u043a\u0435 client \u0434\u043e\u043b\u0436\u043d\u044b \u0431\u044b\u0442\u044c \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u0444\u0430\u0439\u043b\u044b:<\/p>\n

ca.crt
\ndh1024.pem
\nta.key
\nvincentvangog.crt
\nvincentvangog.csr
\nvincentvangog.key<\/p>\n

\u0412\u043c\u0435\u0441\u0442\u043e \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0432 vincentvangog \u0438\u043c\u0435\u043d\u0430 \u0442\u0435\u0445 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0432 \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0441\u0433\u0435\u043d\u0435\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u044b.
\n\u041f\u0435\u0440\u0435\u0445\u043e\u0434\u0438\u043c \u0432 \u043f\u0430\u043f\u043a\u0443 \/etc\/openvpn \u0438 \u0441\u043e\u0437\u0434\u0430\u0435\u043c \u0442\u0430\u043c \u0444\u0430\u0439\u043b \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 — server.conf (\u0438\u043b\u0438 \u0441\u0432\u043e\u0435 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435):
\n
\nserver vserver # cd ..
\nserver openvpn #
\n<\/code>
\n\u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u043c \u043a\u043e\u043c\u0430\u043d\u0434\u044b:
\n
\nserver openvpn # touch server.conf
\nserver openvpn # ls
\nserver.conf vserver
\nserver openvpn #
\n<\/code>
\n\u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u043c \u0435\u0433\u043e \u043b\u044e\u0431\u044b\u043c \u0440\u0435\u0434\u0430\u043a\u0442\u043e\u0440\u043e\u043c \u0438 \u043d\u0430\u043f\u043e\u043b\u043d\u044f\u0435\u043c \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u043c\u044b\u043c:
\n
\n# \u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u0440\u0435\u0436\u0438\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u0430
\nmode server
\n# \u041e\u043f\u0446\u0438\u044f \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u044e\u0449\u0430\u044f \u043d\u0430 TLS-\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u043a\u0430\u0446\u0438\u044e
\ntls-server
\n# \u0421\u0435\u0440\u0432\u0435\u0440 \u043f\u0440\u043e\u0441\u043b\u0443\u0448\u0438\u0432\u0430\u0435\u0442 \u0437\u0430\u043f\u0440\u043e\u0441\u044b \u043d\u0430 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0435 \u043f\u043e tcp-\u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0443
\nproto tcp-server
\n# \u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u0443 \u0447\u0442\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e tap (\u043f\u043e \u0440\u0443\u0441\u0441\u043a\u0438 \u0442\u0430\u043f\u043e\u043a)
\ndev tap
\n# \u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u043f\u043e\u0440\u0442 \u043f\u0440\u043e\u0441\u043b\u0443\u0448\u0438\u0432\u0430\u0435\u043c\u044b\u0439 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c 7050
\nport 7050
\n# \u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u0447\u0442\u043e \u0441\u0435\u0440\u0432\u0435\u0440 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0432 \u0440\u0435\u0436\u0438\u043c\u0435 \u0441\u0435\u0440\u0432\u0438\u0441\u0430 (\u0434\u0435\u043c\u043e\u043d\u0430)
\ndaemon
\n# \u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0441\u0435\u043a\u0446\u0438\u0438 \u043a\u043b\u044e\u0447\u0435\u0439 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0432
\n# \u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u0444\u0430\u0439\u043b TLS \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438
\ntls-auth \/etc\/openvpn\/vserver\/keys\/ta.key 0
\n# \u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u0444\u0430\u0439\u043b \u043a\u043b\u044e\u0447 CA
\nca \/etc\/openvpn\/vserver\/keys\/ca.crt
\n# \u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u0444\u0430\u0439\u043b \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 hydra
\ncert \/etc\/openvpn\/vserver\/keys\/hydra.crt
\n# \u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u0444\u0430\u0439\u043b \u043a\u043b\u044e\u0447\u0430 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 hydra
\nkey \/etc\/openvpn\/vserver\/keys\/hydra.key
\n# \u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u0444\u0430\u0439\u043b \u043a\u043b\u044e\u0447\u0430 \u0414\u0438\u0444\u0444\u0438-\u0425\u0435\u043b\u043b\u043c\u0430\u043d\u0430
\ndh \/etc\/openvpn\/vserver\/keys\/dh1024.pem
\n# \u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c IP-\u0430\u0434\u0440\u0435\u0441 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0438 \u043c\u0430\u0441\u043a\u0443 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u0435\u0442\u0438
\nifconfig 10.10.10.1 255.255.255.0
\n# \u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u0434\u0438\u0430\u043f\u0430\u0437\u043e\u043d \u0430\u0434\u0440\u0435\u0441\u043e\u0432 vpn \u043f\u0443\u043b\u0430
\nifconfig-pool 10.10.10.2 10.10.10.20
\n# \u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u043a\u043b\u0438\u0435\u043d\u0442\u0443 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u044b\u0445 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u043e\u0432 \u0432 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u0435 \u043f\u043e\u0434\u0441\u0435\u0442\u0438, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440:
\npush \"route 192.168.0.0 255.255.255.0\"
\n# \u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u0448\u043b\u044e\u0437 \u0434\u043b\u044f \u0432\u044b\u0448\u0435\u043e\u043f\u0438\u0441\u0430\u043d\u043d\u043e\u0439 \u0441\u0435\u0442\u0438
\npush \"route-gateway 10.10.10.1\"
\n# \u0414\u043b\u044f \u0442\u043e\u0433\u043e \u0447\u0442\u043e \u0431\u044b \u043a\u043b\u0438\u0435\u043d\u0442\u044b \u0432\u0438\u0434\u0435\u043b\u0438 \u0434\u0440\u0443\u0433 \u0434\u0440\u0443\u0433\u0430
\nclient-to-client
\n# \u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u0435 \u0434\u0443\u0431\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0441\u0435\u0440\u0442\u0438\u0444\u043a\u0430\u0442\u043e\u0432 \u0431\u0435\u0437 \u044d\u0442\u043e\u0439 \u043e\u043f\u0446\u0438\u0438 \u043a\u0430\u0436\u0434\u043e\u043c\u0443 \u043a\u043b\u0438\u0435\u043d\u0442\u0443 \u043d\u0443\u0436\u043d\u043e
\n# \u0433\u0435\u043d\u0435\u0440\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u044b\u0439 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442.
\nduplicate-cn
\n# \u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435 \u0440\u0435\u0436\u0438\u043c\u0430 \u043e\u0442\u043b\u0430\u0434\u043a\u0438
\nverb 3
\n# \u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u0430\u043b\u0433\u043e\u0440\u0438\u0442\u043c \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f.
\ncipher DES-EDE3-CBC
\n# \u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u0443 \u043d\u0435 \u043f\u0435\u0440\u0435\u0447\u0438\u0442\u044b\u0432\u0430\u0442\u044c \u043a\u043b\u044e\u0447 \u043f\u0440\u0438 \u0441\u0431\u0440\u043e\u0441\u0435 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u044f
\npersist-key
\n# \u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u043c\u0435\u0441\u0442\u043e\u043f\u043e\u043b\u043e\u0436\u0435\u043d\u0438\u0435 \u043b\u043e\u0433 \u0444\u0430\u0439\u043b\u0430
\nlog-append \/var\/log\/openvpn.log
\n# Erfpfybt \u043d\u0435 \u0434\u0430\u0435\u0442 \u043f\u0435\u0440\u0435\u0447\u0438\u0442\u044b\u0432\u0430\u0442\u044c \u043a\u043b\u044e\u0447 \u0441 \u0444\u0430\u0439\u043b\u043e\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u043f\u0440\u0438 \u0440\u0435\u0441\u0442\u0430\u0440\u0442\u0435 \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u044f
\npersist-tun
\n# Erfpsdftv r\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u0437\u0430 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435\u043c \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0439. \u0412 \u0441\u043b\u0443\u0447\u0430\u0435 \u0435\u0441\u043b\u0438 \u043f\u043e \u0442\u0443\u043d\u043d\u0435\u043b\u044e \u043d\u0435 \u043f\u0435\u0440\u0435\u0434\u0430\u044e\u0442\u0441\u044f \u0434\u0430\u043d\u043d\u044b\u0435,
\n# \u0447\u0435\u0440\u0435\u0437 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u0432\u0440\u0435\u043c\u044f \u043f\u043e\u0441\u044b\u043b\u0430\u0435\u0442\u0441\u044f ping, \u0434\u043b\u044f \u0442\u043e\u0433\u043e \u0447\u0442\u043e\u0431\u044b \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0435 \u043d\u0435 \u0440\u0430\u0437\u0440\u044b\u0432\u0430\u043b\u043e\u0441\u044c.
\nkeepalive 10 60
\n# \u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u043d\u0430 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435 \u0441\u0436\u0430\u0442\u0438\u044f
\ncomp-lzo
\n<\/code>
\n\u0421\u043e\u0437\u0434\u0430\u0435\u043c \u0444\u0430\u0439\u043b \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438 \u043a\u043b\u0438\u0435\u043d\u0442\u0430:
\n
\nserver openvpn # touch client.conf
\nserver openvpn #
\n<\/code>
\n\u0438 \u043d\u0430\u043f\u043e\u043b\u043d\u044f\u0435\u043c \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u043c\u044b\u043c:
\n
\n# \u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u0440\u0430\u0431\u043e\u0442\u0443 \u0432 \u0440\u0435\u0436\u0438\u043c\u0435 \u043a\u043b\u0438\u0435\u043d\u0442\u0430 \u0441 TLS-\u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u043a\u0430\u0446\u0438\u0435\u0439
\ntls-client
\n# \u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b tcp
\nproto tcp-client
\n# \u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u044b\u0439 \u0441\u0435\u0440\u0432\u0435\u0440
\nremote 10.10.10.1
\n# \u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e
\ndev tap
\n# \u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u043f\u043e\u0440\u0442 \u0441\u0435\u0440\u0432\u0435\u0440\u0430
\nport 7050
\n# \u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u043f\u0440\u0438\u043d\u0438\u043c\u0430\u0442\u044c \u043a\u043e\u043c\u0430\u043d\u0434\u044b push \u043e\u0442 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0442\u043e \u0435\u0441\u0442\u044c \u0440\u0430\u0437\u0440\u0435\u0448\u0430\u0435\u043c \u043f\u0435\u0440\u0435\u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043a\u043b\u0438\u0435\u043d\u0442\u0430
\npull
\n# \u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u043f\u0435\u0440\u0435\u0445\u043e\u0434 \u0432 \u043f\u0430\u043f\u043a\u0443 client
\ncd \/etc\/openvpn\/vserver\/client
\n#\u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u0444\u0430\u0439\u043b \u0434\u043b\u044f \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438 \u043a\u043b\u0438\u0435\u043d\u0442\u0430
\ntls-auth \/etc\/openvpn\/vserver\/client\/ta.key 1
\n# \u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u0444\u0430\u0439\u043b \u0414\u0438\u0444\u0444\u0438-\u0425\u0435\u043b\u043b\u043c\u0430\u043d\u0430
\ndh \/etc\/openvpn\/vserver\/client\/dh1024.pem
\n# \u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u0444\u0430\u0439\u043b CA
\nca \/etc\/openvpn\/vserver\/client\/ca.crt
\n# \u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u0444\u0430\u0439\u043b \u0441 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u043c \u043a\u043b\u0438\u0435\u043d\u0442\u0430
\ncert \/etc\/openvpn\/vserver\/client\/vincentvangog.crt
\n# \u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u0444\u0430\u0439\u043b \u0441 \u043a\u043b\u044e\u0447\u0435\u043c \u043a\u043b\u0438\u0435\u043d\u0442\u0430
\nkey \/etc\/openvpn\/vserver\/client\/vincentvangog.key
\n# \u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u0430\u043b\u0433\u043e\u0440\u0438\u0442\u043c \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f
\ncipher DES-EDE3-CBC
\n# \u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0436\u0430\u0442\u0438\u044f
\ncomp-lzo
\n# \u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u0438\u043d\u0442\u0435\u0440\u0432\u0430\u043b \u043f\u0438\u043d\u0433\u0430 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u0430
\nping 10
\n# \u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u043b\u043e\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0412\u041f\u041d \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u044f
\nstatus \/var\/log\/openvpn-status.log
\n# \u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u043b\u043e\u0433 \u0444\u0430\u0439\u043b \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u043a\u043b\u0438\u0435\u043d\u0442\u0430
\nlog \/var\/log\/openvpn-client.log
\n# \u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043b\u043e\u0433\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f
\nverb 9
\n# \u0423\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u0438\u043d\u0442\u0435\u0440\u0432\u0430\u043b \u0437\u0430\u043f\u0438\u0441\u0438 \u0432 \u043b\u043e\u0433 \u0444\u0430\u0439\u043b (\u0441\u0435\u043a)
\nmute 10
\n<\/code>
\n\u041d\u0430 \u0434\u0430\u043d\u043d\u043e\u043c \u044d\u0442\u0430\u043f\u0435 \u0441 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430\u043c\u0438 \u0437\u0430\u043a\u043e\u043d\u0447\u0438\u043b\u0438 — \u0442\u0435\u043f\u0435\u0440\u044c \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u043c \u0440\u0430\u0431\u043e\u0442\u0443. \u041f\u0435\u0440\u0435\u0445\u043e\u0434\u0438\u043c \u0432 \u043f\u0430\u043f\u043a\u0443:
\n
\nserver openvpn # cd \/etc\/init.d
\nserver init.d #
\n<\/code>
\n\u0421\u043e\u0437\u0434\u0430\u0435\u043c \u0441\u0441\u044b\u043b\u043a\u0443 \u0434\u043b\u044f \u043d\u0430\u0448\u0435\u0433\u043e \u0412\u041f\u041d \u0441\u0435\u0440\u0432\u0435\u0440\u0430:
\n
\nserver init.d # ln -s openvpn openvpn.server
\nserver init.d #
\n<\/code>
\n\u043f\u0440\u043e\u0431\u0443\u0435\u043c \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u0441\u0435\u0440\u0432\u0435\u0440:
\n
\nserver openvpn # \/etc\/init.d\/openvpn.server start
\n* Starting openvpn.server ... [ ok ]
\nserver openvpn #
\n<\/code>
\n\u0421\u0435\u0440\u0432\u0435\u0440 \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u043b\u0441\u044f — \u0442\u0435\u043f\u0435\u0440\u044c \u043f\u0440\u043e\u0432\u0435\u0440\u0438\u043c \u043f\u0440\u043e\u0441\u043b\u0443\u0448\u0438\u0432\u0430\u0435\u043c\u044b\u0439 \u043f\u043e\u0440\u0442:
\n
\nserver openvpn # netstat -nlp | grep :7050
\ntcp 0 0 0.0.0.0:7050 0.0.0.0:* LISTEN 21620\/openvpn
\nserver openvpn #
\n<\/code>
\n\u0421\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u043e \u0441\u0435\u0440\u0432\u0435\u0440 \u0441\u043b\u0443\u0448\u0430\u0435\u0442 \u0437\u0430\u043f\u0440\u043e\u0441\u044b \u043d\u0430 7050 \u043f\u043e\u0440\u0442\u0443 \u043a\u0430\u043a \u043c\u044b \u0438 \u0443\u043a\u0430\u0437\u0430\u043b\u0438 \u0432 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u043c \u0444\u0430\u0439\u043b\u0435. \u041f\u043e\u0441\u043c\u043e\u0442\u0440\u0438\u043c \u0447\u0442\u043e \u0432 \u043b\u043e\u0433\u0430\u0445:
\n
\nserver openvpn # server log # cat openvpn.log
\nTue Jul 28 20:54:09 2009 OpenVPN 2.0.9 i686-pc-linux-gnu [SSL] [LZO] [EPOLL] built on Jul 27 2009
\nTue Jul 28 20:54:09 2009 Diffie-Hellman initialized with 1024 bit key
\nTue Jul 28 20:54:09 2009 Control Channel Authentication: using '\/etc\/openvpn\/vserver\/keys\/ta.key' as a OpenVPN static key file
\nTue Jul 28 20:54:09 2009 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
\nTue Jul 28 20:54:09 2009 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
\nTue Jul 28 20:54:09 2009 TLS-Auth MTU parms [ L:1576 D:168 EF:68 EB:0 ET:0 EL:0 ]
\nTue Jul 28 20:54:09 2009 TUN\/TAP device tap0 opened
\nTue Jul 28 20:54:09 2009 \/sbin\/ip link set dev tap0 up mtu 1500
\nTue Jul 28 20:54:09 2009 \/sbin\/ip addr add dev tap0 10.10.10.1\/24 broadcast 10.10.10.255
\nTue Jul 28 20:54:09 2009 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3\/1 ]
\nTue Jul 28 20:54:09 2009 Listening for incoming TCP connection on [undef]:7050
\nTue Jul 28 20:54:09 2009 TCPv4_SERVER link local (bound): [undef]:7050
\nTue Jul 28 20:54:09 2009 TCPv4_SERVER link remote: [undef]
\nTue Jul 28 20:54:09 2009 MULTI: multi_init called, r=256 v=256
\nTue Jul 28 20:54:09 2009 IFCONFIG POOL: base=10.10.10.2 size=19
\nTue Jul 28 20:54:09 2009 MULTI: TCP INIT maxclients=1024 maxevents=1028
\nTue Jul 28 20:54:09 2009 Initialization Sequence Completed
\nserver log #
\n<\/code>
\n\u041f\u043e\u0441\u043c\u043e\u0442\u0440\u0438\u043c \u0432\u044b\u0432\u043e\u0434 \u043a\u043e\u043c\u0430\u043d\u0434\u044b ifconfig \u043f\u043e \u043f\u043e\u0432\u043e\u0434\u0443 tap
\n
\nserver init.d # ifconfig tap0
\ntap0 Link encap:Ethernet HWaddr 4a:b2:5b:01:e2:6e
\ninet addr:10.10.10.1 Bcast:10.10.10.255 Mask:255.255.255.0
\ninet6 addr: fe80::48b2:5bff:fe01:e26e\/64 Scope:Link
\nUP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
\nRX packets:6 errors:0 dropped:0 overruns:0 frame:0
\nTX packets:6 errors:0 dropped:0 overruns:0 carrier:0
\ncollisions:0 txqueuelen:100
\nRX bytes:468 (468.0 \"cool\" TX bytes:468 (468.0 \"cool\"
\nserver init.d #
\n<\/code>
\n\u0414\u0435\u043b\u0430\u0435\u043c \u0448\u0430\u0433\u0438 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438 \u0434\u043b\u044f \u043a\u043b\u0438\u0435\u043d\u0442\u0430:
\n
\nserver log # cd \/etc\/init.d
\nserver init.d #
\n<\/code>
\n\u0421\u043e\u0437\u0434\u0430\u0435\u043c \u0441\u0441\u044b\u043b\u043a\u0443:
\n
\nserver init.d # ln -s openvpn openvpn.client
\nserver init.d #
\n<\/code>
\n\u041f\u0440\u043e\u0431\u0443\u0435\u043c \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u043d\u0430\u0448\u0435\u0433\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430:
\n
\nserver init.d # \/etc\/init.d\/openvpn.client start
\n* Caching service dependencies ... [ ok ]
\n* Starting openvpn.client ... [ ok ]
\nserver init.d #
\n<\/code>
\n\u041a\u043b\u0438\u0435\u043d\u0442 \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u043b\u0441\u044f, \u043f\u0440\u043e\u0432\u0435\u0440\u0438\u043c \u0432\u044b\u0432\u043e\u0434 ifconfig \u043f\u043e \u043f\u043e\u0432\u043e\u0434\u0443 tap \u0441\u043d\u043e\u0432\u0430:
\n
\nserver init.d # ifconfig tap1
\ntap1 Link encap:Ethernet HWaddr 52:08:20:ea:76:4c
\ninet addr:10.10.10.2 Bcast:10.10.10.255 Mask:255.255.255.0
\ninet6 addr: fe80::5008:20ff:feea:764c\/64 Scope:Link
\nUP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
\nRX packets:0 errors:0 dropped:0 overruns:0 frame:0
\nTX packets:6 errors:0 dropped:0 overruns:0 carrier:0
\ncollisions:0 txqueuelen:100
\nRX bytes:0 (0.0 \"cool\" TX bytes:468 (468.0 \"cool\"
\nserver init.d #
\n<\/code>
\n\u041d\u0430\u0441\u0442\u0430\u043b\u043e \u0432\u0440\u0435\u043c\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u0438\u0442\u044c \u043a\u043e\u043c\u0430\u043d\u0434\u0443 ping:
\n
\nserver init.d # ping -c 4 10.10.10.2
\nPING 10.10.10.2 (10.10.10.2) 56(84) bytes of data.
\n64 bytes from 10.10.10.2: icmp_seq=1 ttl=64 time=0.013 ms
\n64 bytes from 10.10.10.2: icmp_seq=2 ttl=64 time=0.007 ms
\n64 bytes from 10.10.10.2: icmp_seq=3 ttl=64 time=0.008 ms
\n64 bytes from 10.10.10.2: icmp_seq=4 ttl=64 time=0.008 ms
\n--- 10.10.10.2 ping statistics ---
\n4 packets transmitted, 4 received, 0% packet loss, time 2997ms
\nrtt min\/avg\/max\/mdev = 0.007\/0<\/code><\/p>\n

server init.d # ping -c 4 10.10.10.1
\nPING 10.10.10.1 (10.10.10.1) 56(84) bytes of data.
\n64 bytes from 10.10.10.1: icmp_seq=1 ttl=64 time=0.013 ms
\n64 bytes from 10.10.10.1: icmp_seq=2 ttl=64 time=0.010 ms
\n64 bytes from 10.10.10.1: icmp_seq=3 ttl=64 time=0.008 ms
\n64 bytes from 10.10.10.1: icmp_seq=4 ttl=64 time=0.014 ms
\n— 10.10.10.1 ping statistics —
\n4 packets transmitted, 4 received, 0% packet loss, time 2997ms
\nrtt min\/avg\/max\/mdev = 0.008\/0.011\/0.014\/0.003 ms
\nserver init.d #<\/p>\n

\u0417\u0430\u0433\u043b\u044f\u043d\u0435\u043c \u0434\u043b\u044f \u0443\u0431\u0435\u0434\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u0438 \u0432 \u043b\u043e\u0433 \u0444\u0430\u0439\u043b\u044b:
\n
\n\/var\/log\/openvpn.log
\nTue Jul 28 20:54:09 2009 OpenVPN 2.0.9 i686-pc-linux-gnu [SSL] [LZO] [EPOLL] built on Jul 27 2009
\nTue Jul 28 20:54:09 2009 Diffie-Hellman initialized with 1024 bit key
\nTue Jul 28 20:54:09 2009 Control Channel Authentication: using '\/etc\/openvpn\/vserver\/keys\/ta.key' as a OpenVPN static key file
\nTue Jul 28 20:54:09 2009 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
\nTue Jul 28 20:54:09 2009 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
\nTue Jul 28 20:54:09 2009 TLS-Auth MTU parms [ L:1576 D:168 EF:68 EB:0 ET:0 EL:0 ]
\nTue Jul 28 20:54:09 2009 TUN\/TAP device tap0 opened
\nTue Jul 28 20:54:09 2009 \/sbin\/ip link set dev tap0 up mtu 1500
\nTue Jul 28 20:54:09 2009 \/sbin\/ip addr add dev tap0 10.10.10.1\/24 broadcast 10.10.10.255
\nTue Jul 28 20:54:09 2009 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3\/1 ]
\nTue Jul 28 20:54:09 2009 Listening for incoming TCP connection on [undef]:7050
\nTue Jul 28 20:54:09 2009 TCPv4_SERVER link local (bound): [undef]:7050
\nTue Jul 28 20:54:09 2009 TCPv4_SERVER link remote: [undef]
\nTue Jul 28 20:54:09 2009 MULTI: multi_init called, r=256 v=256
\nTue Jul 28 20:54:09 2009 IFCONFIG POOL: base=10.10.10.2 size=19
\nTue Jul 28 20:54:09 2009 MULTI: TCP INIT maxclients=1024 maxevents=1028
\nTue Jul 28 20:54:09 2009 Initialization Sequence Completed
\nTue Jul 28 21:01:27 2009 MULTI: multi_create_instance called
\nTue Jul 28 21:01:27 2009 Re-using SSL\/TLS context
\nTue Jul 28 21:01:27 2009 LZO compression initialized
\nTue Jul 28 21:01:27 2009 Control Channel MTU parms [ L:1576 D:168 EF:68 EB:0 ET:0 EL:0 ]
\nTue Jul 28 21:01:27 2009 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:135 ET:32 EL:0 AF:3\/1 ]
\nTue Jul 28 21:01:27 2009 Local Options hash (VER=V4): '9de5f9b6'
\nTue Jul 28 21:01:27 2009 Expected Remote Options hash (VER=V4): '89f33c77'
\nTue Jul 28 21:01:27 2009 TCP connection established with 10.10.10.1:32887
\nTue Jul 28 21:01:27 2009 TCPv4_SERVER link local: [undef]
\nTue Jul 28 21:01:27 2009 TCPv4_SERVER link remote: 10.10.10.1:32887
\nTue Jul 28 21:01:27 2009 10.10.10.1:32887 TLS: Initial packet from 10.10.10.1:32887, sid=5053a1c5 9e4b29eb
\nTue Jul 28 21:01:27 2009 10.10.10.1:32887 VERIFY OK: depth=1, \/C=UA\/ST=DN\/L=Donetsk\/O=VincentVanGog.Net-LTD\/CN=VincentVanGog.Net-LTD_CA\/emailAddress=kernel@vincentvangog.net
\nTue Jul 28 21:01:27 2009 10.10.10.1:32887 VERIFY OK: depth=0, \/C=UA\/ST=DN\/L=Donetsk\/O=VincentVanGog.Net-LTD\/CN=vincentvangog\/emailAddress=kernel@vincentvangog.net
\nTue Jul 28 21:01:27 2009 10.10.10.1:32887 Data Channel Encrypt: Cipher 'DES-EDE3-CBC' initialized with 192 bit key
\nTue Jul 28 21:01:27 2009 10.10.10.1:32887 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
\nTue Jul 28 21:01:27 2009 10.10.10.1:32887 Data Channel Decrypt: Cipher 'DES-EDE3-CBC' initialized with 192 bit key
\nTue Jul 28 21:01:27 2009 10.10.10.1:32887 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
\nTue Jul 28 21:01:27 2009 10.10.10.1:32887 Control Channel: TLSv1, cipher TLSv1\/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
\nTue Jul 28 21:01:27 2009 10.10.10.1:32887 [vincentvangog] Peer Connection Initiated with 10.10.10.1:32887
\nTue Jul 28 21:01:28 2009 vincentvangog\/10.10.10.1:32887 PUSH: Received control message: 'PUSH_REQUEST'
\nTue Jul 28 21:01:28 2009 vincentvangog\/10.10.10.1:32887 SENT CONTROL [vincentvangog]: 'PUSH_REPLY,route 192.168.0.0 255.255.255.0,route-gateway 10.10.10.1,ping 10,ping-restart 60,ifconfig 10.10.10.2 255.255.255.0' (status=1)
\nTue Jul 28 21:01:29 2009 vincentvangog\/10.10.10.1:32887 MULTI: Learn: 52:08:20:ea:76:4c -> vincentvangog\/10.10.10.1:32887
\n<\/code>
\n
\n\/var\/log\/openvpn-client.log (\u043a\u0443\u0441\u043e\u0447\u0435\u043a)
\nTue Jul 28 21:07:52 2009 us=40300 STREAM: WRITE 53 offset=183
\nTue Jul 28 21:07:52 2009 us=40314 TCPv4_CLIENT write returned 55
\nTue Jul 28 21:07:52 2009 us=40324 STREAM: SET NEXT, buf=[212,0] next=[212,1576] len=-1 maxlen=1576
\nTue Jul 28 21:07:52 2009 us=40332 PO_CTL rwflags=0x0001 ev=4 arg=0x0808f98c
\nTue Jul 28 21:07:52 2009 us=40341 PO_CTL rwflags=0x0001 ev=6 arg=0x0808f988
\nTue Jul 28 21:07:52 2009 us=40351 I\/O WAIT TR|Tw|SR|Sw [6\/60921]
\nTue Jul 28 21:07:58 2009 us=107428 event_wait returned 0
\nTue Jul 28 21:07:58 2009 us=107466 I\/O WAIT status=0x0020
\nTue Jul 28 21:07:58 2009 us=107498 TLS: tls_multi_process: i=0 state=S_NORMAL, mysid=5053a1c5 9e4b29eb, stored-sid=29801eb6 db92431f, stored-ip=10.10.10.1:7050
\nTue Jul 28 21:07:58 2009 us=107515 TLS: tls_process: chg=0 ks=S_NORMAL lame=S_UNDEF to_link->len=0 wakeup=604800
\nTue Jul 28 21:07:58 2009 us=107550 NOTE: --mute triggered...
\n<\/code>
\n
\n\/var\/log\/openvpn-status.log
\nOpenVPN STATISTICS
\nUpdated,Tue Jul 28 21:08:27 2009
\nTUN\/TAP read bytes,468
\nTUN\/TAP write bytes,0
\nTCP\/UDP read bytes,9955
\nTCP\/UDP write bytes,9063
\nAuth read bytes,656
\npre-compress bytes,0
\npost-compress bytes,0
\npre-decompress bytes,0
\npost-decompress bytes,0
\nEND
\n<\/code>
\n\u041f\u0440\u043e\u0432\u0435\u0440\u0438\u043c \u0440\u043e\u0443\u0442\u0438\u043d\u0433:
\n
\nserver log # ip route list
\n172.16.0.0\/24 dev eth1 proto kernel scope link src 172.16.0.1
\n192.168.0.0\/24 dev eth0 proto kernel scope link src 192.168.0.10
\n10.10.10.0\/24 dev tap0 proto kernel scope link src 10.10.10.1
\n10.10.10.0\/24 dev tap1 proto kernel scope link src 10.10.10.2
\n127.0.0.0\/8 dev lo scope link
\ndefault via 192.168.0.1 dev eth0
\nserver log #
\n<\/code>
\n
\nserver log # route -n
\nKernel IP routing table
\nDestination Gateway Genmask Flags Metric Ref Use Iface
\n172.16.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
\n192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
\n10.10.10.0 0.0.0.0 255.255.255.0 U 0 0 0 tap0
\n10.10.10.0 0.0.0.0 255.255.255.0 U 0 0 0 tap1
\n127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
\n0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
\nserver log #
\n<\/code>
\n\u0414\u0435\u0444\u043e\u043b\u0442\u043d\u044b\u0439 \u0448\u043b\u044e\u0437 \u0441\u0442\u043e\u0438\u0442 \u043d\u0430 2003 \u0432\u0435\u043d\u0438\u043a \u043d\u0438\u0447\u0435\u0433\u043e \u0441\u0442\u0440\u0430\u0448\u043d\u043e\u0433\u043e \u0432 \u044d\u0442\u043e\u043c \u043d\u0435\u0442 \u0442\u0430\u043a \u043f\u043e\u043a\u0430 \u0437\u0430\u0434\u0443\u043c\u0430\u043d\u043e :)<\/p>\n

\u041e\u0441\u0442\u0430\u043b\u043e\u0441\u044c \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0435 — \u0434\u043e\u0431\u0430\u0432\u0438\u0442\u044c (\u0435\u0441\u043b\u0438 \u043d\u0443\u0436\u043d\u043e) \u0432 \u0430\u0432\u0442\u043e\u0437\u0430\u043f\u0443\u0441\u043a \u0444\u0430\u0439\u043b\u044b openvpn.server \u0438 openvpn.client:<\/p>\n


\nserver log # rc-update -a openvpn.server default
\n* openvpn.server added to runlevel default
\nserver log # rc-update -a openvpn.client default
\n* openvpn.client added to runlevel default
\nserver log #
\n<\/code><\/p>\n

\u041d\u0443 \u0432\u043e\u0442 \u043d\u0430 \u044d\u0442\u043e\u043c \u043f\u043e\u043a\u0430 \u043f\u043e\u0436\u0430\u043b\u0443\u0439 \u0438 \u0432\u0441\u0451 — \u0434\u0430\u043b\u0435\u0435 \u0431\u0443\u0434\u0435\u043c \u0440\u0430\u0437\u0431\u0438\u0440\u0430\u0442\u044c\u0441\u044f \u0441 \u043c\u0435\u043b\u043e\u0447\u0430\u043c\u0438.<\/p>\n","protected":false},"excerpt":{"rendered":"

\u041d\u0430\u0442\u043a\u043d\u0443\u043b\u0441\u044f \u043d\u0430 \u043f\u0440\u0435\u0432\u043e\u0441\u0445\u043e\u0434\u043d\u0443\u044e \u0441\u0442\u0430\u0442\u044c\u044e \u043f\u043e \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 OpenVPN \u0432 Gentoo Linux, \u0441\u043b\u0435\u0434\u0443\u044f \u043f\u043e \u0448\u0430\u0433\u0430\u043c \u043d\u0430\u0441\u0442\u0440\u043e\u0438\u043b \u0432\u0441\u0451 \u0431\u0435\u0437 «\u0433\u0440\u0430\u0431\u043b\u0435\u0439»: http:\/\/sysadm.ucoz.ua\/forum\/11-77-1<\/p>\n Read More<\/span> \u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 OpenVPN \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0438 \u043a\u043b\u0438\u0435\u043d\u0442\u0430 \u043d\u0430 Gentoo Linux<\/span><\/a>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"Layout":"","footnotes":""},"categories":[3,14],"tags":[67,68],"class_list":["entry","author-jonnyquest","has-more-link","post-290","post","type-post","status-publish","format-standard","category-gentoo","category-linux","tag-openvpn---gentoo-linux","tag-vpn-----"],"yoast_head":"\n\u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 OpenVPN \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0438 \u043a\u043b\u0438\u0435\u043d\u0442\u0430 \u043d\u0430 Gentoo Linux - ExtraLAN.ru<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/extralan.ru\/?p=290\" \/>\n<meta property=\"og:locale\" content=\"ru_RU\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 OpenVPN \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0438 \u043a\u043b\u0438\u0435\u043d\u0442\u0430 \u043d\u0430 Gentoo Linux - ExtraLAN.ru\" \/>\n<meta property=\"og:description\" content=\"\u041d\u0430\u0442\u043a\u043d\u0443\u043b\u0441\u044f \u043d\u0430 \u043f\u0440\u0435\u0432\u043e\u0441\u0445\u043e\u0434\u043d\u0443\u044e \u0441\u0442\u0430\u0442\u044c\u044e \u043f\u043e \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 OpenVPN \u0432 Gentoo Linux, \u0441\u043b\u0435\u0434\u0443\u044f \u043f\u043e \u0448\u0430\u0433\u0430\u043c \u043d\u0430\u0441\u0442\u0440\u043e\u0438\u043b \u0432\u0441\u0451 \u0431\u0435\u0437 «\u0433\u0440\u0430\u0431\u043b\u0435\u0439»: http:\/\/sysadm.ucoz.ua\/forum\/11-77-1\" \/>\n<meta property=\"og:url\" content=\"https:\/\/extralan.ru\/?p=290\" \/>\n<meta property=\"og:site_name\" content=\"ExtraLAN.ru\" \/>\n<meta property=\"article:published_time\" content=\"2011-04-11T08:00:16+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2012-01-06T13:27:27+00:00\" \/>\n<meta property=\"og:image\" content=\"http:\/\/s24.ucoz.net\/sm\/24\/cool.gif\" \/>\n<meta name=\"author\" content=\"Jonny Quest\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u041d\u0430\u043f\u0438\u0441\u0430\u043d\u043e \u0430\u0432\u0442\u043e\u0440\u043e\u043c\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jonny Quest\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u041f\u0440\u0438\u043c\u0435\u0440\u043d\u043e\u0435 \u0432\u0440\u0435\u043c\u044f \u0434\u043b\u044f \u0447\u0442\u0435\u043d\u0438\u044f\" \/>\n\t<meta name=\"twitter:data2\" content=\"13 \u043c\u0438\u043d\u0443\u0442\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/extralan.ru\/?p=290\",\"url\":\"https:\/\/extralan.ru\/?p=290\",\"name\":\"\u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 OpenVPN \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0438 \u043a\u043b\u0438\u0435\u043d\u0442\u0430 \u043d\u0430 Gentoo Linux - ExtraLAN.ru\",\"isPartOf\":{\"@id\":\"https:\/\/extralan.ru\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/extralan.ru\/?p=290#primaryimage\"},\"image\":{\"@id\":\"https:\/\/extralan.ru\/?p=290#primaryimage\"},\"thumbnailUrl\":\"http:\/\/s24.ucoz.net\/sm\/24\/cool.gif\",\"datePublished\":\"2011-04-11T08:00:16+00:00\",\"dateModified\":\"2012-01-06T13:27:27+00:00\",\"author\":{\"@id\":\"https:\/\/extralan.ru\/#\/schema\/person\/32aebde038afaea65ab6c7300a21a53f\"},\"breadcrumb\":{\"@id\":\"https:\/\/extralan.ru\/?p=290#breadcrumb\"},\"inLanguage\":\"ru-RU\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/extralan.ru\/?p=290\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"ru-RU\",\"@id\":\"https:\/\/extralan.ru\/?p=290#primaryimage\",\"url\":\"http:\/\/s24.ucoz.net\/sm\/24\/cool.gif\",\"contentUrl\":\"http:\/\/s24.ucoz.net\/sm\/24\/cool.gif\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/extralan.ru\/?p=290#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u0413\u043b\u0430\u0432\u043d\u0430\u044f \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0430\",\"item\":\"https:\/\/extralan.ru\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 OpenVPN \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0438 \u043a\u043b\u0438\u0435\u043d\u0442\u0430 \u043d\u0430 Gentoo Linux\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/extralan.ru\/#website\",\"url\":\"https:\/\/extralan.ru\/\",\"name\":\"ExtraLAN.ru\",\"description\":\"\u0420\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u0437\u0430\u043c\u0435\u0442\u043a\u0438 \u043f\u043e \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044e\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/extralan.ru\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"ru-RU\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/extralan.ru\/#\/schema\/person\/32aebde038afaea65ab6c7300a21a53f\",\"name\":\"Jonny Quest\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"ru-RU\",\"@id\":\"https:\/\/extralan.ru\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/46b63f8ca4df27c7c4733a8790610b5b?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/46b63f8ca4df27c7c4733a8790610b5b?s=96&d=mm&r=g\",\"caption\":\"Jonny Quest\"},\"url\":\"https:\/\/extralan.ru\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 OpenVPN \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0438 \u043a\u043b\u0438\u0435\u043d\u0442\u0430 \u043d\u0430 Gentoo Linux - ExtraLAN.ru","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/extralan.ru\/?p=290","og_locale":"ru_RU","og_type":"article","og_title":"\u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 OpenVPN \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0438 \u043a\u043b\u0438\u0435\u043d\u0442\u0430 \u043d\u0430 Gentoo Linux - ExtraLAN.ru","og_description":"\u041d\u0430\u0442\u043a\u043d\u0443\u043b\u0441\u044f \u043d\u0430 \u043f\u0440\u0435\u0432\u043e\u0441\u0445\u043e\u0434\u043d\u0443\u044e \u0441\u0442\u0430\u0442\u044c\u044e \u043f\u043e \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0435 OpenVPN \u0432 Gentoo Linux, \u0441\u043b\u0435\u0434\u0443\u044f \u043f\u043e \u0448\u0430\u0433\u0430\u043c \u043d\u0430\u0441\u0442\u0440\u043e\u0438\u043b \u0432\u0441\u0451 \u0431\u0435\u0437 «\u0433\u0440\u0430\u0431\u043b\u0435\u0439»: http:\/\/sysadm.ucoz.ua\/forum\/11-77-1","og_url":"https:\/\/extralan.ru\/?p=290","og_site_name":"ExtraLAN.ru","article_published_time":"2011-04-11T08:00:16+00:00","article_modified_time":"2012-01-06T13:27:27+00:00","og_image":[{"url":"http:\/\/s24.ucoz.net\/sm\/24\/cool.gif"}],"author":"Jonny Quest","twitter_card":"summary_large_image","twitter_misc":{"\u041d\u0430\u043f\u0438\u0441\u0430\u043d\u043e \u0430\u0432\u0442\u043e\u0440\u043e\u043c":"Jonny Quest","\u041f\u0440\u0438\u043c\u0435\u0440\u043d\u043e\u0435 \u0432\u0440\u0435\u043c\u044f \u0434\u043b\u044f \u0447\u0442\u0435\u043d\u0438\u044f":"13 \u043c\u0438\u043d\u0443\u0442"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/extralan.ru\/?p=290","url":"https:\/\/extralan.ru\/?p=290","name":"\u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 OpenVPN \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0438 \u043a\u043b\u0438\u0435\u043d\u0442\u0430 \u043d\u0430 Gentoo Linux - ExtraLAN.ru","isPartOf":{"@id":"https:\/\/extralan.ru\/#website"},"primaryImageOfPage":{"@id":"https:\/\/extralan.ru\/?p=290#primaryimage"},"image":{"@id":"https:\/\/extralan.ru\/?p=290#primaryimage"},"thumbnailUrl":"http:\/\/s24.ucoz.net\/sm\/24\/cool.gif","datePublished":"2011-04-11T08:00:16+00:00","dateModified":"2012-01-06T13:27:27+00:00","author":{"@id":"https:\/\/extralan.ru\/#\/schema\/person\/32aebde038afaea65ab6c7300a21a53f"},"breadcrumb":{"@id":"https:\/\/extralan.ru\/?p=290#breadcrumb"},"inLanguage":"ru-RU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/extralan.ru\/?p=290"]}]},{"@type":"ImageObject","inLanguage":"ru-RU","@id":"https:\/\/extralan.ru\/?p=290#primaryimage","url":"http:\/\/s24.ucoz.net\/sm\/24\/cool.gif","contentUrl":"http:\/\/s24.ucoz.net\/sm\/24\/cool.gif"},{"@type":"BreadcrumbList","@id":"https:\/\/extralan.ru\/?p=290#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u0413\u043b\u0430\u0432\u043d\u0430\u044f \u0441\u0442\u0440\u0430\u043d\u0438\u0446\u0430","item":"https:\/\/extralan.ru\/"},{"@type":"ListItem","position":2,"name":"\u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 OpenVPN \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0438 \u043a\u043b\u0438\u0435\u043d\u0442\u0430 \u043d\u0430 Gentoo Linux"}]},{"@type":"WebSite","@id":"https:\/\/extralan.ru\/#website","url":"https:\/\/extralan.ru\/","name":"ExtraLAN.ru","description":"\u0420\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u0437\u0430\u043c\u0435\u0442\u043a\u0438 \u043f\u043e \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044e","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/extralan.ru\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"ru-RU"},{"@type":"Person","@id":"https:\/\/extralan.ru\/#\/schema\/person\/32aebde038afaea65ab6c7300a21a53f","name":"Jonny Quest","image":{"@type":"ImageObject","inLanguage":"ru-RU","@id":"https:\/\/extralan.ru\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/46b63f8ca4df27c7c4733a8790610b5b?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/46b63f8ca4df27c7c4733a8790610b5b?s=96&d=mm&r=g","caption":"Jonny Quest"},"url":"https:\/\/extralan.ru\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/extralan.ru\/index.php?rest_route=\/wp\/v2\/posts\/290"}],"collection":[{"href":"https:\/\/extralan.ru\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/extralan.ru\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/extralan.ru\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/extralan.ru\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=290"}],"version-history":[{"count":10,"href":"https:\/\/extralan.ru\/index.php?rest_route=\/wp\/v2\/posts\/290\/revisions"}],"predecessor-version":[{"id":876,"href":"https:\/\/extralan.ru\/index.php?rest_route=\/wp\/v2\/posts\/290\/revisions\/876"}],"wp:attachment":[{"href":"https:\/\/extralan.ru\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=290"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/extralan.ru\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=290"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/extralan.ru\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=290"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}