Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
zh:docs:guide-user:services:vpn:openvpn:basic [2020/09/02 21:12] – [Troubleshooting] comments optimized vgaeterazh:docs:guide-user:services:vpn:openvpn:basic [2022/10/27 18:36] – [Troubleshooting] OpenWrt 22.03 update vgaetera
Line 7: Line 7:
   * 如何在OpenWrt上配置运行[[wp>OpenVPN|OpenVPN]]服务器.   * 如何在OpenWrt上配置运行[[wp>OpenVPN|OpenVPN]]服务器.
   * 生成易于在不同的客户端设备间导入导出的OpenVPN客户端配置文件(profiles).   * 生成易于在不同的客户端设备间导入导出的OpenVPN客户端配置文件(profiles).
-  * 客户端的设置参考[[docs:guide-user:services:vpn:openvpn:client|OpenVPN client]],更多OpenVPN的高级特性的调整参考[[docs:guide-user:services:vpn:openvpn:extra|OpenVPN extras]].+  * 客户端的设置参考[[docs:guide-user:services:vpn:openvpn:client|OpenVPN client]],更多OpenVPN的高级特性的调整参考[[docs:guide-user:services:vpn:openvpn:extras|OpenVPN extras]].
  
 ===== 目标 ===== ===== 目标 =====
Line 36: Line 36:
  
 ==== 2. PKI(公钥基础设施) ==== ==== 2. PKI(公钥基础设施) ====
-使用[[https://github.com/OpenVPN/easy-rsa#overview|EasyRSA]]来处理[[docs:guide-user:services:vpn:openvpn:extra#pki|PKI]]相关的事务。如果需要,可以给私钥加上密码保护.+使用[[https://github.com/OpenVPN/easy-rsa#overview|EasyRSA]]来处理[[docs:guide-user:services:vpn:openvpn:extras#pki|PKI]]相关的事务。如果需要,可以给私钥加上密码保护.
  
 <code bash> <code bash>
Line 57: Line 57:
 easyrsa --batch build-ca nopass easyrsa --batch build-ca nopass
  
-# Generate a keypair and sign locally for vpnserver+# Generate a key pair and sign locally for vpnserver
 easyrsa --batch build-server-full vpnserver nopass easyrsa --batch build-server-full vpnserver nopass
  
-# Generate a keypair and sign locally for vpnclient+# Generate a key pair and sign locally for vpnclient
 easyrsa --batch build-client-full vpnclient nopass easyrsa --batch build-client-full vpnclient nopass
 </code> </code>
Line 123: Line 123:
 </code> </code>
  
-See also: [[docs:guide-user:services:vpn:openvpn:extra#instance_management|Instance management]], [[docs:guide-user:services:vpn:openvpn:extra#dual-stack_gateway|Dual-stack gateway]]+See also: [[docs:guide-user:services:vpn:openvpn:extras#instance_management|Instance management]], [[docs:guide-user:services:vpn:openvpn:extras#dual-stack_gateway|Dual-stack gateway]]
  
 ==== 4. 客户端的配置文件(profiles) ==== ==== 4. 客户端的配置文件(profiles) ====
Line 129: Line 129:
  
 <code bash> <code bash>
-# Fetch IP address+# Fetch WAN IP address
 source /lib/functions/network.sh source /lib/functions/network.sh
 network_find_wan NET_IF network_find_wan NET_IF
Line 182: Line 182:
 Extract client profiles from the archive and import them to your clients. Extract client profiles from the archive and import them to your clients.
  
-See also: [[docs:guide-user:services:vpn:openvpn:extra#client_fixes|Client fixes]], [[docs:guide-user:services:vpn:openvpn:extra#recommended_clients|Recommended clients]]+See also: [[docs:guide-user:services:vpn:openvpn:extras#client_fixes|Client fixes]], [[docs:guide-user:services:vpn:openvpn:extras#recommended_clients|Recommended clients]]
 ===== 测试 ===== ===== 测试 =====
 建立VPN连接。检查客户端的流量全部经过VPN服务器的网关。 建立VPN连接。检查客户端的流量全部经过VPN服务器的网关。
Line 195: Line 195:
 确保在客户端一侧没有DNS leak。  * [[https://dnsleaktest.com/]] 确保在客户端一侧没有DNS leak。  * [[https://dnsleaktest.com/]]
  
-Delegate a public IPv6 prefix to VPN6 network to use IPv6 by default.  * [[https://ipv6-test.com/]]+Delegate a public IPv6 prefix to the IPv6 VPN network to use IPv6 by default.  * [[https://ipv6-test.com/]]
  
 ===== Troubleshooting ===== ===== Troubleshooting =====
Line 209: Line 209:
 # Runtime configuration # Runtime configuration
 pgrep -f -a openvpn pgrep -f -a openvpn
-ip addr show; ip route showip rule show; iptables-save +ip address show; ip route show table all 
-ip -6 addr show; ip -6 route show; ip -6 rule show; ip6tables-save+ip rule show; ip -6 rule show; nft list ruleset
  
 # Persistent configuration # Persistent configuration
  • Last modified: 2023/09/09 10:57
  • by vgaetera