Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| zh:docs:guide-user:services:vpn:openvpn:basic [2020/09/02 21:12] – [Troubleshooting] comments optimized vgaetera | zh:docs:guide-user:services:vpn:openvpn:basic [2022/10/27 18:36] – [Troubleshooting] OpenWrt 22.03 update vgaetera | ||
|---|---|---|---|
| Line 7: | Line 7: | ||
| * 如何在OpenWrt上配置运行[[wp> | * 如何在OpenWrt上配置运行[[wp> | ||
| * 生成易于在不同的客户端设备间导入导出的OpenVPN客户端配置文件(profiles). | * 生成易于在不同的客户端设备间导入导出的OpenVPN客户端配置文件(profiles). | ||
| - | * 客户端的设置参考[[docs: | + | * 客户端的设置参考[[docs: |
| ===== 目标 ===== | ===== 目标 ===== | ||
| Line 36: | Line 36: | ||
| ==== 2. PKI(公钥基础设施) ==== | ==== 2. PKI(公钥基础设施) ==== | ||
| - | 使用[[https:// | + | 使用[[https:// |
| <code bash> | <code bash> | ||
| Line 57: | Line 57: | ||
| easyrsa --batch build-ca nopass | easyrsa --batch build-ca nopass | ||
| - | # Generate a keypair | + | # Generate a key pair and sign locally for vpnserver |
| easyrsa --batch build-server-full vpnserver nopass | easyrsa --batch build-server-full vpnserver nopass | ||
| - | # Generate a keypair | + | # Generate a key pair and sign locally for vpnclient |
| easyrsa --batch build-client-full vpnclient nopass | easyrsa --batch build-client-full vpnclient nopass | ||
| </ | </ | ||
| Line 123: | Line 123: | ||
| </ | </ | ||
| - | See also: [[docs: | + | See also: [[docs: |
| ==== 4. 客户端的配置文件(profiles) ==== | ==== 4. 客户端的配置文件(profiles) ==== | ||
| Line 129: | Line 129: | ||
| <code bash> | <code bash> | ||
| - | # Fetch IP address | + | # Fetch WAN IP address |
| source / | source / | ||
| network_find_wan NET_IF | network_find_wan NET_IF | ||
| Line 182: | Line 182: | ||
| Extract client profiles from the archive and import them to your clients. | Extract client profiles from the archive and import them to your clients. | ||
| - | See also: [[docs: | + | See also: [[docs: |
| ===== 测试 ===== | ===== 测试 ===== | ||
| 建立VPN连接。检查客户端的流量全部经过VPN服务器的网关。 | 建立VPN连接。检查客户端的流量全部经过VPN服务器的网关。 | ||
| Line 195: | Line 195: | ||
| 确保在客户端一侧没有DNS leak。 | 确保在客户端一侧没有DNS leak。 | ||
| - | Delegate a public IPv6 prefix to VPN6 network to use IPv6 by default. | + | Delegate a public IPv6 prefix to the IPv6 VPN network to use IPv6 by default. |
| ===== Troubleshooting ===== | ===== Troubleshooting ===== | ||
| Line 209: | Line 209: | ||
| # Runtime configuration | # Runtime configuration | ||
| pgrep -f -a openvpn | pgrep -f -a openvpn | ||
| - | ip addr show; ip route show; ip rule show; iptables-save | + | ip address |
| - | ip -6 addr show; ip -6 route show; ip -6 rule show; ip6tables-save | + | ip rule show; ip -6 rule show; nft list ruleset |
| # Persistent configuration | # Persistent configuration | ||