|
使用jfcai编制的tun.o文件,在宝乙2.66,一键安装包1.05下直接安装.
-------------------------
网络结构:
路由:192.168.1.1
MSS1:192.168.1.100
-------------------------
1.将tun.o放在了/opt/lib/modules/下运行
mkdir /dev/net
chown root:root /dev/net
mknod /dev/net/tun c 10 200
chown root:root /dev/net/tun
2.用ipkg 直接装openvirtual**:
ipkg install openvirtual**
3.我是在/opt/etc/下建了virtual**目录,将证书文件ca.crt,server.key,server.crt,dh1024.pem上传
到virtual**目录下,并用运行以下命令修改文件权限.(略证书的生成方法....)
chmod 600 server.key
修改好后目录下的文件如下:
-rwxr--r-- 1 root root 1245 2009-04-17 10:52 ca.crt
-rwxr--r-- 1 root root 245 2009-04-17 10:52 dh1024.pem
-rwxr--r-- 1 root root 3647 2009-04-17 10:52 server.crt
-rw------- 1 root root 887 2009-04-17 10:52 server.key
4.在/opt/etc/virtual**/下建立服务器配置文件server.conf:
# Tunnel options
script-security 2
mode server
proto tcp-server
port xx #服务端口
dev tap0
keepalive 20 120
push "route-gateway 192.168.1.100"
push "redirect-gateway def1"
daemon
verb 3
comp-lzo
log /opt/etc/virtual**/openvirtual**.log
# Openvirtual** server mode options
client-to-client
duplicate-cn
max-clients 5
# TLS Mode Options
tls-server
ca /opt/etc/virtual**/ca.crt
dh /opt/etc/virtual**/dh1024.pem
cert /opt/etc/virtual**/server.crt
key /opt/etc/virtual**/server.key
5.客户端配置文件client.ovirtual**
pull
tls-client
dev tap
ca ca.crt
cert client.crt
key client.key
proto tcp-client
remote XXX.XXX.XXX.XXX xx #路由的WAN IP
keepalive 10 60
resolv-retry infinite
nobind
persist-key
persist-tun
ns-cert-type server
comp-lzo
verb 3
float
6.在/opt/etc/virtual**/下建立bridge-start启动文件:
#!/bin/sh
#################################
# Set up Ethernet bridge on Linux
# Requires: bridge-utils
#################################
# Define Bridge Interface
br="br0"
# Define list of TAP interfaces to be bridged,
# for example tap="tap0 tap1 tap2".
tap="tap0"
# Define physical ethernet interface to be bridged
# with TAP interface(s) above.
eth="eth0"
eth_ip="192.168.1.100"
eth_netmask="255.255.255.0"
eth_broadcast="192.168.1.255"
ifconfig $eth down
for t in $tap; do
/opt/sbin/openvirtual** --mktun --dev $t
done
brctl addbr $br
brctl addif $br $eth
for t in $tap; do
brctl addif $br $t
done
for t in $tap; do
ifconfig $t 0.0.0.0 promisc up
done
ifconfig $eth 0.0.0.0 promisc up
ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast
route add default gw 192.168.1.1
7.在/opt/etc/virtual**/下建立bridge-stop停止文件:
#!/bin/sh
####################################
# Tear Down Ethernet bridge on Linux
####################################
# Define Bridge Interface
killall openvirtual**
br="br0"
# Define list of TAP interfaces to be bridged together
tap="tap0"
ifconfig $br down
brctl delbr $br
for t in $tap; do
/opt/sbin/openvirtual** --rmtun --dev $t
done
eth="eth0"
eth_ip="192.168.1.100"
eth_netmask="255.255.255.0"
eth_broadcast="192.168.1.255"
ifconfig $eth down
ifconfig $eth $eth_ip netmask $eth_netmask broadcast $eth_broadcast
route add default gw 192.168.1.1
8.设置bridge-start,bridge-stop文件权限:
chmod 755 bridge*
注:最终/opt/etc/virtual**/下的文件结构如下
-rwxr-xr-x 1 root root 905 2009-04-20 21:14 bridge-start
-rwxr-xr-x 1 root root 546 2009-04-20 21:15 bridge-stop
-rwxr--r-- 1 root root 1245 2009-04-17 10:52 ca.crt
-rwxr--r-- 1 root root 245 2009-04-17 10:52 dh1024.pem
-rwxr--r-- 1 root root 429 2009-04-20 22:04 server.conf
-rwxr--r-- 1 root root 3647 2009-04-17 10:52 server.crt
-rw------- 1 root root 887 2009-04-17 10:52 server.key
9.编辑开机启动openvirtual**,
vi /opt/etc/init.d/S99local
在最后添加:
echo 1 > /proc/sys/net/ipv4/ip_forward
insmod /opt/lib/modules/tun.o
/opt/etc/virtual**/bridge-start
sleep 5
/opt/sbin/openvirtual** --cd /opt/etc/virtual** --config server.conf --daemon
10.在路由上打开端口8088转发到MSS1上就可以了.
11.MSS1的系统时间必须在证书的有效期内,如证书有效期是2009-4-1至2019-4-1的,MSS的系统时
间必须在2009-4-1至2019-4-1间.MSS的系统时间可用date命令查看,如不正确可用date命令修改格
式如下:
date 040201012009 #(月日时分年)(完整书写)
注:
1.MSS重启后会出现桥接
br0 Link encap:Ethernet HWaddr 00:xx:xx:xx:xx:xx
inet addr:192.168.1.100 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:485341 errors:0 dropped:0 overruns:0 frame:0
TX packets:423362 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:379441829 (361.8 MiB) TX bytes:148264332 (141.3 MiB)
eth0 Link encap:Ethernet HWaddr 00:xx:xx:xx:xx:xx
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:485449 errors:0 dropped:0 overruns:0 frame:0
TX packets:424921 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:388186802 (370.2 MiB) TX bytes:148371210 (141.4 MiB)
Interrupt:4 Base address:0x1000
lo Link encapocal Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MULTICAST MTU:16436 Metric:1
RX packets:72 errors:0 dropped:0 overruns:0 frame:0
TX packets:72 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:6165 (6.0 kiB) TX bytes:6165 (6.0 kiB)
tap0 Link encap:Ethernet HWaddr 00:FF:xx:xx:xx:xx
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:2208 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 iB) TX bytes:290169 (283.3 kiB)
2.客户端链接后,default gw 为192.168.1.100 ,可以访问192.168.1.0/24内网的机器,可以通过
MSS访问INTERNET.
收藏 分享 评分 |
|