Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
zh:docs:guide-user:services:vpn:openvpn:basic [2020/10/03 19:32] – [2. PKI(公钥基础设施)] syntax vgaeterazh:docs:guide-user:services:vpn:openvpn:basic [2022/10/27 18:36] – [Troubleshooting] OpenWrt 22.03 update vgaetera
Line 7: Line 7:
   * 如何在OpenWrt上配置运行[[wp>OpenVPN|OpenVPN]]服务器.   * 如何在OpenWrt上配置运行[[wp>OpenVPN|OpenVPN]]服务器.
   * 生成易于在不同的客户端设备间导入导出的OpenVPN客户端配置文件(profiles).   * 生成易于在不同的客户端设备间导入导出的OpenVPN客户端配置文件(profiles).
-  * 客户端的设置参考[[docs:guide-user:services:vpn:openvpn:client|OpenVPN client]],更多OpenVPN的高级特性的调整参考[[docs:guide-user:services:vpn:openvpn:extra|OpenVPN extras]].+  * 客户端的设置参考[[docs:guide-user:services:vpn:openvpn:client|OpenVPN client]],更多OpenVPN的高级特性的调整参考[[docs:guide-user:services:vpn:openvpn:extras|OpenVPN extras]].
  
 ===== 目标 ===== ===== 目标 =====
Line 36: Line 36:
  
 ==== 2. PKI(公钥基础设施) ==== ==== 2. PKI(公钥基础设施) ====
-使用[[https://github.com/OpenVPN/easy-rsa#overview|EasyRSA]]来处理[[docs:guide-user:services:vpn:openvpn:extra#pki|PKI]]相关的事务。如果需要,可以给私钥加上密码保护.+使用[[https://github.com/OpenVPN/easy-rsa#overview|EasyRSA]]来处理[[docs:guide-user:services:vpn:openvpn:extras#pki|PKI]]相关的事务。如果需要,可以给私钥加上密码保护.
  
 <code bash> <code bash>
Line 123: Line 123:
 </code> </code>
  
-See also: [[docs:guide-user:services:vpn:openvpn:extra#instance_management|Instance management]], [[docs:guide-user:services:vpn:openvpn:extra#dual-stack_gateway|Dual-stack gateway]]+See also: [[docs:guide-user:services:vpn:openvpn:extras#instance_management|Instance management]], [[docs:guide-user:services:vpn:openvpn:extras#dual-stack_gateway|Dual-stack gateway]]
  
 ==== 4. 客户端的配置文件(profiles) ==== ==== 4. 客户端的配置文件(profiles) ====
Line 129: Line 129:
  
 <code bash> <code bash>
-# Fetch IP address+# Fetch WAN IP address
 source /lib/functions/network.sh source /lib/functions/network.sh
 network_find_wan NET_IF network_find_wan NET_IF
Line 182: Line 182:
 Extract client profiles from the archive and import them to your clients. Extract client profiles from the archive and import them to your clients.
  
-See also: [[docs:guide-user:services:vpn:openvpn:extra#client_fixes|Client fixes]], [[docs:guide-user:services:vpn:openvpn:extra#recommended_clients|Recommended clients]]+See also: [[docs:guide-user:services:vpn:openvpn:extras#client_fixes|Client fixes]], [[docs:guide-user:services:vpn:openvpn:extras#recommended_clients|Recommended clients]]
 ===== 测试 ===== ===== 测试 =====
 建立VPN连接。检查客户端的流量全部经过VPN服务器的网关。 建立VPN连接。检查客户端的流量全部经过VPN服务器的网关。
Line 195: Line 195:
 确保在客户端一侧没有DNS leak。  * [[https://dnsleaktest.com/]] 确保在客户端一侧没有DNS leak。  * [[https://dnsleaktest.com/]]
  
-Delegate a public IPv6 prefix to VPN6 network to use IPv6 by default.  * [[https://ipv6-test.com/]]+Delegate a public IPv6 prefix to the IPv6 VPN network to use IPv6 by default.  * [[https://ipv6-test.com/]]
  
 ===== Troubleshooting ===== ===== Troubleshooting =====
Line 209: Line 209:
 # Runtime configuration # Runtime configuration
 pgrep -f -a openvpn pgrep -f -a openvpn
-ip address show; ip route show table all type unicast +ip address show; ip route show table all 
-ip rule show; ip -6 rule show; iptables-save; ip6tables-save+ip rule show; ip -6 rule show; nft list ruleset
  
 # Persistent configuration # Persistent configuration
  • Last modified: 2023/09/09 10:57
  • by vgaetera