Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| zh:docs:guide-user:services:vpn:openvpn:basic [2019/08/18 05:02] – links updated vgaetera | zh:docs:guide-user:services:vpn:openvpn:basic [2022/10/27 18:36] – [Troubleshooting] OpenWrt 22.03 update vgaetera | ||
|---|---|---|---|
| Line 7: | Line 7: | ||
| * 如何在OpenWrt上配置运行[[wp> | * 如何在OpenWrt上配置运行[[wp> | ||
| * 生成易于在不同的客户端设备间导入导出的OpenVPN客户端配置文件(profiles). | * 生成易于在不同的客户端设备间导入导出的OpenVPN客户端配置文件(profiles). | ||
| - | * 客户端的设置参考[[docs: | + | * 客户端的设置参考[[docs: |
| ===== 目标 ===== | ===== 目标 ===== | ||
| - | * Encrypt your internet connection to enforce security and privacy. | + | * 使用加密的网络连接模式来增强安全性和私密性 |
| - | * Prevent data leak and traffic | + | * 避免在客户端发生的数据泄露(Data |
| - | * Bypass regional restrictions using commercial providers. | + | * 绕过地区性限制 |
| - | * Escape client side content filters and internet censorship. | + | * 摆脱针对客户端侧的内容审查和过滤 |
| - | * Access your LAN services remotely without port forwarding. | + | * 在访问局域网内服务的同时,避免通过端口映射将指定端口提供的服务直接暴露向公共网络 |
| ===== 指导 ===== | ===== 指导 ===== | ||
| Line 36: | Line 36: | ||
| ==== 2. PKI(公钥基础设施) ==== | ==== 2. PKI(公钥基础设施) ==== | ||
| - | 使用[[https:// | + | 使用[[https:// |
| <code bash> | <code bash> | ||
| Line 57: | Line 57: | ||
| easyrsa --batch build-ca nopass | easyrsa --batch build-ca nopass | ||
| - | # Generate a keypair | + | # Generate a key pair and sign locally for vpnserver |
| easyrsa --batch build-server-full vpnserver nopass | easyrsa --batch build-server-full vpnserver nopass | ||
| - | # Generate a keypair | + | # Generate a key pair and sign locally for vpnclient |
| easyrsa --batch build-client-full vpnclient nopass | easyrsa --batch build-client-full vpnclient nopass | ||
| </ | </ | ||
| Line 123: | Line 123: | ||
| </ | </ | ||
| - | See also: [[extra# | + | See also: [[docs: |
| ==== 4. 客户端的配置文件(profiles) ==== | ==== 4. 客户端的配置文件(profiles) ==== | ||
| Line 129: | Line 129: | ||
| <code bash> | <code bash> | ||
| - | # Fetch IP address | + | # Fetch WAN IP address |
| source / | source / | ||
| network_find_wan NET_IF | network_find_wan NET_IF | ||
| Line 182: | Line 182: | ||
| Extract client profiles from the archive and import them to your clients. | Extract client profiles from the archive and import them to your clients. | ||
| - | See also: [[extra# | + | See also: [[docs: |
| ===== 测试 ===== | ===== 测试 ===== | ||
| 建立VPN连接。检查客户端的流量全部经过VPN服务器的网关。 | 建立VPN连接。检查客户端的流量全部经过VPN服务器的网关。 | ||
| Line 195: | Line 195: | ||
| 确保在客户端一侧没有DNS leak。 | 确保在客户端一侧没有DNS leak。 | ||
| - | Delegate a public IPv6 prefix to VPN6 network to use IPv6 by default. | + | Delegate a public IPv6 prefix to the IPv6 VPN network to use IPv6 by default. |
| ===== Troubleshooting ===== | ===== Troubleshooting ===== | ||
| Line 201: | Line 201: | ||
| <code bash> | <code bash> | ||
| - | # Restart | + | # Restart services |
| service log restart; service openvpn restart; sleep 10 | service log restart; service openvpn restart; sleep 10 | ||
| Line 209: | Line 209: | ||
| # Runtime configuration | # Runtime configuration | ||
| pgrep -f -a openvpn | pgrep -f -a openvpn | ||
| - | ip addr show; ip route show; ip rule show; iptables-save | + | ip address |
| - | ip -6 addr show; ip -6 route show; ip -6 rule show; ip6tables-save | + | ip rule show; ip -6 rule show; nft list ruleset |
| # Persistent configuration | # Persistent configuration | ||