windtear 追求完美: OpenVPN

proxy代理	soft软件	IT 业界特快	norton 诺顿病毒库	代理列表	search FTP搜索	whois IP地理位置	blog 追求完美
money理财	life生活	RSS聚合门户	firefox WEB浏览器	免费域名	typeset 假古文	AntiVirus 反病毒	ipcn 站点导航

« 跨平台 | Main | newftpuser.sh for proftpd »

February 3, 2004

OpenVPN

版权声明：可以任意转载，转载时请务必以超链接形式标明文章原始出处和作者信息及本声明。
https://windtear.net/archives/2004/02/03/000283.html http://windtear.net/archives/2004/02/03/000283.html

扔掉了 lzo ssl crypto

./configure --disable-lzo --disable-crypto --disable-ssl \
--without-lzo-headers --without-lzo-lib --without-ssl-headers --without-ssl-lib


******* WARNING *******: OpenVPN built without OpenSSL -- encryption and authentication \
features disabled -- all data will be tunnelled as cleartext

然后
.conf 的
secret $KEYFILE
comp-lzo
都不能要了

客户端只要 .ovpn 就行了
去掉 secret
ping 也没必要
remote 用域名最好

key 文件没用 新编译的openvpn 也不能 --genkey 了

openvpn --genkey --secret $KEYFILE  不行

客户端安装：
openvpn-1.5.0-install.exe
提示 TAP-Win32 device 是 重起
OpenVPN/config 目录放配置

remote %DNS%
dev tap
ifconfig 10.28.168.2 255.255.255.0
route 10.28.168.0 255.255.255.0 10.28.168.1
#secret windtear.okey
port %PORT% 

key 没用了

sc start openvpnservice
或者
net start openvpnservice

sc qc openvpnservice
sc config openvpnservice start=auto
sc config openvpnservice start=boot
sc config openvpnservice start=disbaled

start->run->services.msc

＝＝＝＝＝＝＝
http://openvpn.sourceforge.net/changelog.html

OpenVPN
Copyright (C) 2002-2004 James Yonan 

$Id: ChangeLog,v 1.92 2004/02/02 00:02:30 jimyonan Exp $

2004.02.01 -- Version 1.6-beta5

* Added Socks5 proxy support ((Christof Meerwald).
* IPv6 tun support for FreeBSD (Thomas Glanzmann).
* Special TAP-Win32 debug mode for Windows self-install that was
  enabled in beta4 is now turned off.
* Added some new Solaris notes to INSTALL (Koen Maris).
* More work on --ip-win32 dynamic.

2004.01.27 -- Version 1.6-beta4

* For this beta, the Windows self-install is a debug version
  and will run slower -- use only for testing.
* Reverted the --ip-win32 default back to 'ipapi'
  from 'dynamic'.
* Added the offset parameter to '--ip-win32 dynamic' which
  can be used to control the address of the masqueraded
  DHCP server which replies to Windows DHCP requests.
* Added a wait/nowait option to --inetd (nowait can only
  be used with TCP sockets, TLS authentication, and over
  a bridged configuration -- see FAQ for more info)
  (Stefan `Sec` Zehl).
* Added a build-time capability where TAP-Win32 driver
  debug messages can be output by OpenVPN at --verb 6
  or higher.

2004.01.20 -- Version 1.6-beta2

* Added ./configure --enable-iproute2 flag which
  uses iproute2 instead of route + ifconfig --
  this is necessary for the LEAF Linux distro
  (Martin Hejl).
* Added renewal-time and rebind-time to set of
  DHCP options returned by the TAP-Win32 driver when
  "--ip-win32 dynamic" is used.

2004.01.14 -- Version 1.6-beta1

* Fixed --proxy bug that sometimes caused plaintext
  control info generated by the proxy prior to http
  CONNECT method establishment to be incorrectly
  parsed as OpenVPN data.
* For Windows version, implemented the
  "--ip-win32 dynamic" method and made it the default.
  This method sets the TAP-Win32 adapter IP address
  and netmask by replying to the kernel's DHCP queries.
  See the man page for more detailed info.
* Added --connect-retry parameter which controls
  the time interval (in seconds) between connect()
  retries when --proto tcp-client is used.  Previously,
  this value was hardcoded to 5 seconds, and still
  defaults as such.
* --resolv-retry can now be used with a parameter
  of "infinite" to retry indefinitely.
* Added SSL_CTX_use_certificate_chain_file() to ssl.c
  for support of multi-level certificate chains
  (Sten Kalenda).
* Fixed --tls-auth incompatibility with 1.4.x and earlier
  versions of OpenVPN when the passphrase file is an
  OpenVPN static key file (as generated by --genkey).
* Added shell-escape support in config files using
  the backslash character ("\") so that (for example)
  double quotes can be passed to the shell.
* Added "contrib" subdirectory on tarball, source zip,
  and CVS containing user-submitted contributions.
* Added an optional patch to the Redhat init script to
  allow the configuration file directory to be a
  multi-level directory hierarchy (Farkas Levente).
  See contrib/multilevel-init.patch
* Added some scripts and documentation on using
  Linux "fwmark" iptables rules to enable
  fine-grained routing control over the VPN
  (Sean Reifschneider, ).
  See contrib/openvpn-fwmarkroute-1.00

2003.11.20 -- Version 1.5.0

* Minor documentation changes. 

原水木评论：

vw 于 2004-02-04 15:03:42 提到:
心情符号 好像需要加一条固定route
够笨的

不够傻瓜

我的ip： 10.28.168.2

Posted by windtear at February 3, 2004 11:49 PM

本站使用中的任何问题,请与 windtear @ windtear.net 联系
Copyright© 1999-2014 Windtear. All rights reserved.