Tomato路由器的OpenVpn设置

31 12 月, 2014 | 添加评论

一、制作证书:

制作证书步骤比较复杂,这里不再制作,可以下载已经制作好的客户端证书和密钥

https://wget.5752.me/Computer/code/client.7z?hash=LxzB3r5D&download=1

同时可以下载openvpn电脑客户端软件

https://wget.5752.me/Computer/code/openvpn-install-2.4.3-I601.exe?hash=LxzB3r5D&download=1

下载安卓手机客户端软件

https://wget.5752.me/Computer/code/icsopenvpn0536a.apk?hash=LxzB3r5D&download=1

二、Tomato路由器设置OpenVpn:

1.VPN服务器基本设置:

在WAN口启用OpenVPN后面的框里打钩

接口类型:选择TAP
协议:选择TCP
端口:根据自己填写
防火墙:自动
授权方式:TLS
额外的HMAC授权协议:禁用
客户端IP地址池:勾选DHCP

route_vpn01

2.VPN服务器高级设置:

轮询间隔: 0
Direct client to redirect interner traffic :不选
Respond to DNS :不选
加密方式:默认
压缩:自适应
TLS重新协商时间:-1
管理客户端的特殊选项:勾选
允许客户端之间互相访问:勾选
自定义配置里填写如下配置:
script-security 2
push "redirect-gateway"
duplicate-cn
keepalive 10 120

route_vpn02

3.VPN服务器密匙设置:

 

ca.crt里面的文件复制到“证书颁发机构(CA)”

-----BEGIN CERTIFICATE-----
MIIDPTCCAqagAwIBAgIJAISNOgj+n+pbMA0GCSqGSIb3DQEBBQUAMHMxCzAJBgNV
BAYTAkNOMQswCQYDVQQIEwJZTjELMAkGA1UEBxMCS00xEzARBgNVBAoTCnZwc3lv
dS5jb20xFjAUBgNVBAMTDXZwc3lvdS5jb20gQ0ExHTAbBgkqhkiG9w0BCQEWDnZw
bkB2cHN5b3UuY29tMB4XDTEzMTEyNTExNTAyNloXDTIzMTEyMzExNTAyNlowczEL
MAkGA1UEBhMCQ04xCzAJBgNVBAgTAllOMQswCQYDVQQHEwJLTTETMBEGA1UEChMK
dnBzeW91LmNvbTEWMBQGA1UEAxMNdnBzeW91LmNvbSBDQTEdMBsGCSqGSIb3DQEJ
ARYOdnBuQHZwc3lvdS5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALv9
vfuZRI1NJh6jwjKXRnGex/aP6I174mRL6qIAByYltfhlHbfmJ8NHT8SJ5r8wP4hT
bFSXBBoWpZDOeGF+sH0uf6suV2+abEn5DuHnt1mtQiVs+RBxuuPYPW2AmPBIfxIw
YmqnxppSlXlsSId6Dn+nBh1jelUEqkXoJ+Uh6MTJAgMBAAGjgdgwgdUwHQYDVR0O
BBYEFM3bjm/LmmvARjv6aDhw+wst4QpxMIGlBgNVHSMEgZ0wgZqAFM3bjm/LmmvA
Rjv6aDhw+wst4QpxoXekdTBzMQswCQYDVQQGEwJDTjELMAkGA1UECBMCWU4xCzAJ
BgNVBAcTAktNMRMwEQYDVQQKEwp2cHN5b3UuY29tMRYwFAYDVQQDEw12cHN5b3Uu
Y29tIENBMR0wGwYJKoZIhvcNAQkBFg52cG5AdnBzeW91LmNvbYIJAISNOgj+n+pb
MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAevtQ/PhGd8muTBQLIjhx
eZtPxMocoCZliz5tKVrZL0I0gG+jyJcffELIW2qAWncTyhb40DF9OsW/UQuhA276
tqLI/L5MqCmzgzAQXYplOY0f6TomBHy+vMt3oRbyOhs9PeUwXuEUX7GjoH+aAIIU
k0l5HtBh4wq8UIYE6lbSQmk=
-----END CERTIFICATE-----

server.crt里面的文件复制到“服务器证书”

-----BEGIN CERTIFICATE-----
MIIDmDCCAwGgAwIBAgIBATANBgkqhkiG9w0BAQUFADBzMQswCQYDVQQGEwJDTjEL
MAkGA1UECBMCWU4xCzAJBgNVBAcTAktNMRMwEQYDVQQKEwp2cHN5b3UuY29tMRYw
FAYDVQQDEw12cHN5b3UuY29tIENBMR0wGwYJKoZIhvcNAQkBFg52cG5AdnBzeW91
LmNvbTAeFw0xMzExMjUxMTUwNTVaFw0yMzExMjMxMTUwNTVaMGwxCzAJBgNVBAYT
AkNOMQswCQYDVQQIEwJZTjELMAkGA1UEBxMCS00xEzARBgNVBAoTCnZwc3lvdS5j
b20xDzANBgNVBAMTBnNlcnZlcjEdMBsGCSqGSIb3DQEJARYOdnBuQHZwc3lvdS5j
b20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMLqo7RKXGMuMnHev93tsjZE
meNVHIckV4H0pK7OUvvZHXXuy/wM3H++XaLv79R6U1BFa/ZC8A+ByvLRAgzxvR0P
lv28pnpTbXle8OH7bBwsrCQL6P7/lUz8M1FCL+AcOzp7jVcwuQI99njfhblPhqCD
M6eGj6vt3OufxsaUNMC5AgMBAAGjggFBMIIBPTAJBgNVHRMEAjAAMBEGCWCGSAGG
+EIBAQQEAwIGQDA0BglghkgBhvhCAQ0EJxYlRWFzeS1SU0EgR2VuZXJhdGVkIFNl
cnZlciBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUJ3B8u+l4RfpTHn6pbTkPyZI4wqkw
gaUGA1UdIwSBnTCBmoAUzduOb8uaa8BGO/poOHD7Cy3hCnGhd6R1MHMxCzAJBgNV
BAYTAkNOMQswCQYDVQQIEwJZTjELMAkGA1UEBxMCS00xEzARBgNVBAoTCnZwc3lv
dS5jb20xFjAUBgNVBAMTDXZwc3lvdS5jb20gQ0ExHTAbBgkqhkiG9w0BCQEWDnZw
bkB2cHN5b3UuY29tggkAhI06CP6f6lswEwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYD
VR0PBAQDAgWgMA0GCSqGSIb3DQEBBQUAA4GBAFQ2JwRukJLaLo5oGphOP0EonM21
ys2iCIbcsk0XjC9oNf9dSLqxUbwRND5IJrdQ8txy3dJhgTnPJ9kS8c+w/jMCmnYH
HLLgb++vffG80wIrW2gaPz65PH2yeXfQFaKnAnV/dgFVvw8sEO7GhOax2cPhKMp9
9qW6q/bOw1tI5CCx
-----END CERTIFICATE-----

server.key里面的文件复制到“服务器密钥”

-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDC6qO0SlxjLjJx3r/d7bI2RJnjVRyHJFeB9KSuzlL72R117sv8
DNx/vl2i7+/UelNQRWv2QvAPgcry0QIM8b0dD5b9vKZ6U215XvDh+2wcLKwkC+j+
/5VM/DNRQi/gHDs6e41XMLkCPfZ434W5T4aggzOnho+r7dzrn8bGlDTAuQIDAQAB
AoGAXSi+Q15DF9gtngUDmPOReKSDFIdKUkEJXgBqcW4FdX+IuCQA9J/FB30ZzdV1
wA0TIst7VUEa8Z5sPG+u1jb31kQ0OX5zKxUgOT0iyp+StYnYovftt0ZB5eDjS1w2
O9xTLC4mGNEiVQ/dHAe+nD6lDrFrPeMX7hgrCHZ+Jgj8CzECQQD4O9VtqFC8Y7hR
/eALC2671oFVTd1+jZFadASmlE3wU4Vvi9c612f66l8kIv+NIKiPIyAqXdEUBpqL
5shz+yrFAkEAyQPGcuYv3UggczND03N1Oyt1+F4msayHxK9eQ+6bbUWRpbxqHt3/
Kbv/q3Wnd2Bw4DaOBsf7Q419rlqyR7ttZQJBAJdMmNy6j2MUAL9w1wLEWB0DNFdT
G2LMVMDmIAOMNyj5L0Z63JePvV/RRGYZMtvJARQlW7CW+B2VnNMSujD+8OUCQDtM
Ts10VChd75ysQdTt2WZkEr/63kVJlR+TcCZwDA+3FxkiNNf4Ox6PpANriMRxgbrS
vSEI+3lZEvtNLAx3IPUCQQDjfvasrgDZzG4a3o7a8qHk1/Uw5YKsL7jwc7QYuuUz
AVJiEP12vjDAnZLOczBghZ3GIXMFumjlxgsGb7R+tfrh
-----END RSA PRIVATE KEY-----

dh1024.pem里面的文件复制到“Diffie Hellman参数”

-----BEGIN DH PARAMETERS-----
MIGHAoGBAIHjSHxIW8NpInERWDLzxCJeSh5KfCwnRfCCs8AickocpnhlCgKiCh80
nWZUIJqD/4/yop2rDVQ6c6GToPZDdxmASizi93TNMmRcZxaAmnMTk4OQeHxpdNhg
iCQKjAzk27Iq9KtUh0KysL3m7h19RyRkDx1yPBr+42v8R7ZGbndjAgEC
-----END DH PARAMETERS-----

route_vpn03

至此完成了在路由器上openvpn的设置



【上一篇】 【下一篇】

Posted in 教程 ,硬件 | Tags: ,

0 条评论

添加评论

[ Ctrl + Enter ]