{"id":871,"date":"2010-03-29T22:42:23","date_gmt":"2010-03-29T14:42:23","guid":{"rendered":"http:\/\/blog.nuface.tw\/?p=871"},"modified":"2010-04-20T21:00:41","modified_gmt":"2010-04-20T13:00:41","slug":"openvpn-%e5%bb%ba%e7%bd%ae%e7%ad%86%e8%a8%98%e7%ac%ac3%e9%9b%86","status":"publish","type":"post","link":"https:\/\/blog.nuface.tw\/?p=871","title":{"rendered":"OpenVPN \u5efa\u7f6e\u7b46\u8a18(\u7b2c3\u96c6)"},"content":{"rendered":"

\u5728\u505a\u8a2d\u5b9a\u524d\uff0c\u8981\u5148\u60f3\u4e00\u4e0b\uff0c\u8981\u4f7f\u7528 Routed \u6216 Bridged \u7684VPN\u3002<\/p>\n

\u6709\u4ec0\u9ebc\u5dee\u5225\u5462?\u4f7f\u7528 Bridging \u7684\u597d\u8655\u6709\uff1a<\/p>\n

1.IP \u7684broadcast \u53ef\u4ee5\u901a\u904eVPN \uff0cWindows \u7684NetBIOS \u6a94\u6848\u7cfb\u7d71\uff0c\u53ca\u7db2\u8def\u82b3\u9130\u7684\u700f\u89bd\u529f\u80fd\uff0c\u53ef\u4ee5\u6b63\u5e38\u904b\u4f5c\u3002
\n
\n2.\u4e0d\u9700\u53bb\u8a2d\u5b9a\u975c\u614b\u7684\u8def\u7531\u8868\uff0c\u56e0\u70ba\u5728\u540c\u4e00\u500bsubnet \u4e0b\u904b\u4f5c\u3002<\/p>\n

3.\u5728ethernet\u4e0a\u7684\u6240\u6709\u901a\u8a0a\u5354\u5b9a\uff0c\u90fd\u53ef\u4ee5\u904b\u4f5c\uff0c\u5305\u542bIPv4, IPv6, Netware IPX, AppleTalk…\u7b49\u3002<\/p>\n

4.\u5c0d\u884c\u52d5\u4e0a\u7db2\u7684\u4f7f\u7528\u8005\uff0c\u76f8\u5c0d\u4f86\u8aaa\uff0c\u662f\u6bd4\u8f03\u7c21\u55ae\u7684\u65b9\u6848….<\/p>\n

\"OpenVPN
\nLogo Ref Open VPN Project <\/a>
\n\u524d\u60c5\u63d0\u8981\uff1aOpenVPN \u5efa\u7f6e\u7b46\u8a18(\u7b2c2\u96c6)<\/a><\/p>\n

\u90a3\u4f7f\u7528Bridging\u6709\u4ec0\u9ebc\u7f3a\u9ede\u5462\uff1f
\n1. \u6548\u80fd\u6703\u6bd4 Routing \u5dee\uff0c\u800c\u4e14\u4f7f\u7528\u5ef6\u5c55\u6027\u4e5f\u8f03\u5dee\u3002<\/p>\n

\u4f7f\u7528 Routing \u7684\u597d\u8655\u5982\u4e0b\uff1a
\n1. \u6548\u80fd\u53ca\u5ef6\u5c55\u6027\u6bd4\u8f03\u597d\u3002<\/p>\n

2. \u53ef\u4ee5\u4f7f\u7528\u8b8a\u66f4MTU \u7684\u65b9\u5f0f\uff0c\u9032\u884c\u7db2\u8def\u6548\u80fd\u7684\u8abf\u6574\u3002<\/p>\n

\u4f7f\u7528Routing \u7684\u7f3a\u9ede\u5462\uff1f
\n1. \u5982\u679c\u8981\u4f7f\u7528Windows \u7684\u7db2\u8def\u82b3\u9130\uff0c\u5fc5\u9808\u642d\u914dWINS Server \u624d\u53ef\u4ee5\u4f7f\u7528\u3002<\/p>\n

2. \u5fc5\u9808\u91dd\u5c0d\u6bcf\u4e00\u500b\u5b50\u7db2\u8a2d\u5b9a\u975c\u614b\u8def\u7531\u3002<\/p>\n

3. \u8edf\u9ad4\u5c07\u7121\u6cd5\u770b\u898b\u5728OpenVPN Server \u4e0a\uff0c\u5176\u5b83\u7684Subnet\u88cf\u4e0d\u540c\u7684\u6a5f\u5668\u3002<\/p>\n

4. \u4e00\u822c\u800c\u8a00\uff0c\u5728IPv4\u53ef\u6b63\u5e38\u904b\u4f5c\uff0c\u4f46IPv6\uff0c\u5c31\u8981\u8996\u4e0d\u540c\u7684\u60c5\u6cc1\u4e0b(\u9023\u63a5\u76842\u7aef\u90fd\uff0c\u660e\u78ba\u7684\u5b9a\u7fa9tun drivers)\uff0c\u624d\u904b\u4f5c\u6b63\u5e38\u3002<\/p>\n

\u8b1b\u5b8c\u4e86\u5169\u8005\u7684\u7684\u512a\u7f3a\u9ede\u5916\uff0c\u90a3\u5169\u8005\u4e3b\u8981\u7684\u5dee\u5225\u5728\u90a3\u88cf\u5462\uff1f<\/p>\n

\n\u5169\u8005\u57fa\u672c\u529f\u80fd\u4e0a\u5dee\u4e0d\u591a\uff0c\u4f46\u4e3b\u8981\u7684\u5dee\u7570\u5728Bridging \u53ef\u4ee5pass IP \u7684broadcasts\uff0c\u4f46Routing \u7121\u6cd5pass IP\u7684broadcasts\u3002\u7576\u4f7f\u7528Bridging \uff0c\u4f60\u4e00\u5b9a\u8981\u4f7f\u7528 –dev tap \u5728\u5169\u500b\u9023\u63a5\u7684\u7aef\u9ede\uff0c\u5982\u679c\u4f7f\u7528Routing \u7684\u8a71\uff0c\u5247\u53ef\u4ee5\u4f7f\u7528–dev tap \u53ca–dev tun \u7684\u65b9\u5f0f\uff0c\u4f46\u5169\u500b\u7aef\u9ede\u90fd\u5fc5\u9808\u4f7f\u7528\u4e00\u6a23\u7684\u65b9\u5f0f\u3002\u5728Routing \u7684\u65b9\u5f0f\u4e0b\uff0c\u4f7f\u7528–dev tun \u6703\u6709\u6bd4\u8f03\u597d\u7684\u6548\u80fd\u3002\n<\/p><\/blockquote>\n

\u90a3\u6c7a\u5b9a\u8981\u7528\u4ec0\u9ebc\u65b9\u5f0f\u5462\uff1f\u4e00\u822c\u4f86\u8aaarouting \u65b9\u5f0f\u662f\u6bd4\u8f03\u597d\u7684\u9078\u64c7\uff0c\u6548\u80fd\u6bd4\u8f03\u597d\u5916\uff0c\u4e5f\u6bd4\u8f03\u597d\u8a2d\u5b9a\u3002\u800c\u4e14\u5728routing \u4e0b\uff0c\u53ef\u4ee5\u5c0d\u7279\u5b9a\u4f7f\u7528\u8005\u6709\u6bd4\u8f03\u597d\u7684\u5b58\u53d6\u6b0a\u9650\u63a7\u5236\u3002<\/p>\n

\u9664\u975e\u4f60\u6709\u4ee5\u4e0b\u9700\u6c42\uff1a
\n1. \u9023\u4e0aVPN \u5f8c\uff0c\u8981\u4f7f\u7528\u975eIP protocols \uff0c\u4f8b\u5982IPX<\/p>\n

2. \u4f60\u57f7\u884c\u7684\u7a0b\u5f0f\u8edf\u9ad4\uff0c\u5fc5\u9808\u4f7f\u7528\u5230broadcasts\uff0c\u4f8b\u5982\u7db2\u8def\u904a\u6232 AOE…<\/p>\n

3. \u4f60\u8981\u7528Windows \u6a94\u6848\u5206\u4eab\uff0c\u53c8\u4e0d\u60f3\u8a2d\u5b9aWINS <\/p>\n

\u8b1b\u4e86\u4e00\u5806\uff0c\u5c0f\u745e\u5728\u9019\u500b\u6e2c\u8a66\u4e0b\uff0c\u60f3\u8981\u4f7f\u7528 Routing \u7684\u65b9\u5f0f\uff0c\u4f86\u5efa\u7f6e\u6211\u7684VPN \u74b0\u5883\u3002<\/p>\n

\u9084\u6709\u4ec0\u9ebc\u8981\u6ce8\u610f\u7684\u5462\uff1fVPN \u5b50\u7db2\u6bb5\u7684\u9078\u7528\u3002<\/em><\/strong><\/p>\n

\u4f7f\u7528VPN \u610f\u8b02\u8457\uff0c\u4f60\u8981\u628a\u5169\u500b\u4e0d\u540c\u5730\u9ede\u7684\u79c1\u4eba\u7db2\u6bb5\uff0c\u9023\u63a5\u5728\u4e00\u8d77\u3002<\/p>\n

IANA \u7d44\u7e54\u9810\u7559\u4e863\u500b\u7db2\u6bb5\u7d66\u79c1\u6709\u7db2\u8def\u4f7f\u7528\uff0c\u5206\u5225\u5982\u4e0b\uff1a<\/p>\n\n\n\n\n
10.0.0.0<\/td>\n10.255.255.255<\/td>\n(10\/8 prefix)<\/td>\n<\/tr>\n
172.16.0.0<\/td>\n172.31.255.255<\/td>\n(172.16\/12 prefix)<\/td>\n<\/tr>\n
192.168.0.0<\/td>\n192.168.255.255<\/td>\n(192.168\/16 prefix)<\/td>\n<\/tr>\n<\/table>\n

\u5728\u9078\u7528VPN \u7528\u7684\u5b50\u7db2\u6bb5\u6642\uff0c\u8981\u907f\u514d\u4e0b\u5217\u885d\u7a81\uff1a
\n1.\u9023\u63a5\u76842\u500b\u7db2\u6bb5\uff0c\u64c1\u6709\u76f8\u540c\u7684\u5b50\u7db2\u6bb5\u8a2d\u5b9a (route , site to site \u72c0\u6cc1\u4e0b)
\n2.VPN Server \u4e0a\u4f7f\u7528\u79c1\u6709\u5b50\u7db2\u6bb5\uff0c\u8207Client \u7aef\u6240\u4f7f\u7528\u7684\u79c1\u6709\u5b50\u7db2\u6bb5\u76f8\u540c (p to p \u72c0\u6cc1\u4e0b)<\/p>\n

\u8209\u500b\u4f8b\u5b50\uff0c\u7576\u8981\u628a\u53f0\u5317(192.168.0.0\/24)\u53ca\u53f0\u4e2d(192.168.0.0\/24)\u5206\u516c\u53f8\u7684\u5169\u500b\u5b50\u7db2\u6bb5(site by site)\uff0c\u9023\u7528VPN \u9023\u63a5\u8d77\u4f86\uff0c\u9019\u6642\u5019VPN Server \u5c31\u6703\u641e\u4e0d\u6e05\u695a\uff0c192.168.0.1 \u5230\u5e95\u662f\u5728\u53f0\u5317\uff0c\u9084\u662f\u53f0\u4e2d\uff0c\u7121\u6cd5\u505aRoute \u7684\u52d5\u4f5c\u3002<\/p>\n

\u53e6\u4e00\u500b\u4f8b\u5b50\uff0c\u4f60\u4eba\u5728\u6a5f\u5834\uff0c\u60f3\u8981\u4f7f\u7528VPN \u9023\u7dda\u56de\u516c\u53f8\u53bb\u8b80\u53d6\u4e00\u4efd\u8cc7\u6599(p to p)\u3002\u800c\u6a5f\u5834\u7684\u79c1\u6709\u7db2\u6bb5\u70ba192.168.0.0\/24\uff0c\u800c\u4f60\u5728\u516c\u53f8\u7684VPN Server \u4f7f\u7528\u7684\u7db2\u6bb5\u4e5f\u662f 192.168.0.0\/24 \uff0c\u90a3VPN Server \u4e00\u6a23\u7121\u6cd5\u5206\u8fa6 192.168.0.1 \u6307\u7684\u662f\u6a5f\u5834\u7684gateway \uff0c\u9084\u662fVPN Server \u4e0a\u7684gateway\u3002<\/p>\n

\u6700\u597d\u7684\u4f5c\u6cd5\uff0c\u5c31\u662f\u907f\u958b10.0.0.0\/24 \u6216 192.168.0.0\/24 \u9019\u5169\u500b\u7db2\u6bb5\u3002\u627e\u4e00\u500b\u6a5f\u5834\uff0c\u5496\u5561\u5ef3\uff0c\u65c5\u9928\u7b49..\u4f60\u53ef\u80fd\u5e38\u6703\u53bb\u7684\u5834\u6240\u3002\u4ed6\u5011\u6703\u8f03\u5c11\u4f7f\u7528\u7684\u7db2\u6bb5\uff0c\u4f8b\u5982\u9019\u4e9b\u7db2\u6bb5\u7684\u4e2d\u9593\u7db2\u6bb5(10.66.77.0\/24)\u3002<\/p>\n

\u800c\u5728\u505asite to Site \u7684VPN \u6642\uff0c\u5c31\u5fc5\u9808\u70ba\u4f60\u7684\u4e0d\u540cSite \u597d\u597d\u7684\u505a\u5b50\u7db2\u6bb5\u7684\u898f\u5283\uff0c\u4ee5\u907f\u514d\u9023\u63a5\u5f8c\u7684\u885d\u7a81\u3002<\/p>\n

\"OpenVPN
\n\u6309\u5c0f\u745e\u7684\u8a2d\u8a08\u69cb\u60f3\uff0c\u4f7f\u7528\u7684OpenVPN \u5b50\u7db2\u6bb5\u662f 10.8.0.0\/24 \uff0c\u63a5\u8457\u8981\u4f86\u8a2d\u5b9aCA \u6191\u8b49\u7d66OpenVPN Server \u53ca\u591a\u500bClient \u505a\u8a8d\u8b49\u4f7f\u7528\u3002 \u9019\u500b\u7559\u5230\u4e0b\u4e00\u96c6\u518d\u8aaa\uff0c\u5929\u9ed1\u4e86\uff0c\u518d\u4e0d\u6536\u5de5\uff0cSylvanas \u53c8\u8981\u62d4\u6211\u7684\u63d2\u982d\u3002<\/p>\n

\u6b32\u77e5\u5f8c\u4e8b\uff0c\u8acb\u807d\u4e0b\u56de\u5206\u89e3\uff01<\/p>\n

OpenVPN \u5efa\u7f6e\u7b46\u8a18(\u7b2c4\u96c6)<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

\u5728\u505a\u8a2d\u5b9a\u524d\uff0c\u8981\u5148\u60f3\u4e00\u4e0b\uff0c\u8981\u4f7f\u7528 Routed \u6216 Bridged \u7684VPN\u3002 \u6709\u4ec0\u9ebc\u5dee\u5225\u5462?\u4f7f\u7528 Bridgi […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[23,24],"tags":[106,112,111,109,72,123,104,105,150,107,108,110],"class_list":["post-871","post","type-post","status-publish","format-standard","hentry","category-mistech","category-mistech-net","tag-broadcasts","tag-iana","tag-ipx","tag-mtu","tag-open-vpn","tag-openvpn","tag-route","tag-routing","tag-site-to-site","tag-tap","tag-tun","tag-wins"],"_links":{"self":[{"href":"https:\/\/blog.nuface.tw\/index.php?rest_route=\/wp\/v2\/posts\/871","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.nuface.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.nuface.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.nuface.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.nuface.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=871"}],"version-history":[{"count":38,"href":"https:\/\/blog.nuface.tw\/index.php?rest_route=\/wp\/v2\/posts\/871\/revisions"}],"predecessor-version":[{"id":1306,"href":"https:\/\/blog.nuface.tw\/index.php?rest_route=\/wp\/v2\/posts\/871\/revisions\/1306"}],"wp:attachment":[{"href":"https:\/\/blog.nuface.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=871"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.nuface.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=871"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.nuface.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=871"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}