\u6700\u8fd1\u3001\u8907\u6570\u30b5\u30fc\u30d0\u30fc\u3092\u7ba1\u7406\u3057\u3066\u3044\u308b\u3068\u3001WinSCP\u3068\u304b\u3067\u3044\u3061\u3044\u3061\u63a5\u7d9a\u3059\u308b\u306e\u304c\u5104\u52ab\u3002 \u30d5\u30a1\u30a4\u30eb\u306e\u53d6\u5f97\u30fb\u66f4\u65b0\u3092Samba\u7d4c\u7531\u3067\u884c\u3044\u305f\u304f\u306a\u3063\u3066\u304d\u305f\u306e\u3067VPN\u63a5\u7d9a\u53ef\u80fd\u306b\u3002
\n
CentOS6.4 \u306b OpenVPN2.3.2 \u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3059\u308b\u969b\u306b\u3001easy-rsa \u3068\u3044\u3046\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u304c\u306a\u304f\u306f\u307e\u3063\u305f\u70ba\u3001\u624b\u9806\u3092\u30e1\u30e2\u3002
\n
Yum\u3067\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3067\u3001\u30ea\u30dd\u30b8\u30c8\u30ea\u306f epel\u3000\u3092\u4f7f\u7528\u3002\u30ec\u30dd\u30b8\u30c8\u30ea\u8ffd\u52a0\u306f\u4e0b\u8a18\u3092\u53c2\u7167\u3002 http:\/\/www.tooyama.org\/yum-addrepo-epel.html<\/p>\n
\uff1c\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\uff1e
\n
yum -y install openvpn yum -y install easy-rsa\u3000\u3000\u2190\u3000\u3053\u308c\u304c\u308f\u304b\u3089\u305a\u306f\u307e\u3063\u305f\u30fb\u30fb\u30fb<\/p>\n
\uff1c\u30de\u30b9\u30bfCA\u8a3c\u660e\u66f8\u3001\u9375\u306e\u751f\u6210\uff1e
\n
cp \/usr\/share\/doc\/openvpn-*\/sample\/sample-config-files\/server.conf \/etc\/openvpn\/
\n
cp -ai \/usr\/share\/easy-rsa\/2.0 \/etc\/openvpn\/easy-rsa
\n
cd \/etc\/openvpn\/easy-rsa<\/p>\n
\uff1c\u8a3c\u660e\u66f8\u306e\u60c5\u5831\u3092\u7de8\u96c6\uff1e
\n
vi vars
\n
export KEY_COUNTRY=”JP”
\n
export KEY_PROVINCE=”Saitama”
\n
export KEY_CITY=”Tokorozawa”
\n
export KEY_ORG=”tkn.jp”
\n
export KEY_EMAIL=”xxxx@tkn.jp”
\n
#export KEY_EMAIL=mail@host.domain
\n
#export KEY_CN=changeme
\n
#export KEY_NAME=changeme
\n
#export KEY_OU=changeme
\n
#export PKCS11_MODULE_PATH=changeme
\n
#export PKCS11_PIN=1234<\/p>\n
\uff1c\u8a3c\u660e\u66f8\u4f5c\u6210\u3000http:\/\/lab.planetleaf.com\/openvpn\/\u3000\u3088\u308a\u8ee2\u8a18\uff1e
\n
# \u74b0\u5883\u5909\u6570\u8a2d\u5b9a
\n
. .\/vars
\n
# keys\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u521d\u671f\u5316
\n
.\/clean-all
\n
# CA(\u8a8d\u8a3c\u5c40)\u4f5c\u6210 (ca.crt ca.key) \u554f\u3044\u5408\u308f\u305b\u306f\u8a2d\u5b9a\u6e08\u307f\u306a\u306e\u3067\u5168\u3066enter
\n
.\/build-ca
\n
# dh(Diffie Hellman)\u30ad\u30fc\u751f\u6210 (dh1024.pem)
\n
.\/build-dh
\n
# \u30b5\u30fc\u30d0\u30fc\u30ad\u30fc\u751f\u6210 (server.crt server.csr server.key)
\n
# \u30d1\u30b9\u30ef\u30fc\u30c9\u306f\u7a7a\u3067\u554f\u3044\u5408\u308f\u305b\u306fyes
\n
.\/build-key-server server
\n
# tls-auth\u3067\u4f7f\u7528\u3059\u308b\u5171\u6709\u9759\u7684\u9375\u306e\u751f\u6210 (ta.key)
\n
openvpn –genkey –secret ta.key
\n
# crl-verify\u3092\u8a2d\u5b9a\u3059\u308b\u305f\u3081\u306e\u521d\u671fCRL(\u5ec3\u6b62\u8a3c\u660e\u66f8\u30ea\u30b9\u30c8)\u30d5\u30a1\u30a4\u30eb\u306e\u751f\u6210
\n
# CRL\u30d5\u30a1\u30a4\u30eb\u306f\u904b\u7528\u4e2d\u306b\u4fee\u6b63\u53ef\u80fd\u3060\u304c\u3001\u30cc\u30eb\u30d5\u30a1\u30a4\u30eb\u3092\u4f7f\u7528\u3059\u308b\u4e8b\u304c\u51fa\u6765\u306a\u3044\u305f\u3081
\n
# \u30c0\u30df\u30fc\u8a3c\u660e\u3092\u4f5c\u6210\u3001\u5ec3\u6b62\u3057\u3066\u521d\u671f\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3059\u308b\u3002
\n
# \u7a7a\u30d1\u30b9\u3001\u5fdc\u7b54\u306fyes .\/build-key dmy .\/revoke-full dmy
\n
# revoke-full\u5b9f\u884c\u5f8c\u306b\u51fa\u3066\u304f\u308b”error 23 at\uff5e”\u306f\u5ec3\u6b62\u3055\u308c\u305f\u4e8b\u306e\u8a3c\u660e
\n
# \uff08\u4f7f\u3048\u306a\u3044\u306e\u3067\u30a8\u30e9\u30fc\u306b\u306a\u3063\u3066\u3044\u308b\uff09<\/p>\n
\uff1c\u8a3c\u660e\u66f8\u30d5\u30a1\u30a4\u30eb\u3092\u30b3\u30d4\u30fc\uff1e
\n
cp \/etc\/openvpn\/easy-rsa\/keys\/ca.crt \/etc\/openvpn\/
\n
cp \/etc\/openvpn\/easy-rsa\/keys\/server.crt \/etc\/openvpn\/
\n
cp \/etc\/openvpn\/easy-rsa\/keys\/server.key \/etc\/openvpn\/
\n
cp \/etc\/openvpn\/easy-rsa\/keys\/dh1024.pem \/etc\/openvpn\/
\n
cp \/etc\/openvpn\/easy-rsa\/keys\/crl.pem \/etc\/openvpn\/
\n
cp \/etc\/openvpn\/easy-rsa\/ta.key \/etc\/openvpn\/ chown nobody:nobody \/etc\/openvpn\/crl.pem
\n
.\/build-key tkn mkdir -p ~\/crt-temp cp ca.crt ~\/crt-temp\/
\n
cp tkn.crt ~\/crt-temp\/
\n
cp tkn.key ~\/crt-temp\/
\n
cp ta.key ~\/crt-temp\/<\/p>\n
\uff1c\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u8a2d\u5b9a\uff1e
\n
#openVpn
\n
vi \/etc\/sysconfig\/iptables
\n
# \u4e0b\u8a18\u3092\u300c-A RH-Firewall-1-INPUT -j REJECT –reject-with icmp-host-prohibited \u300d\u306e\u76f4\u524d\u306b\u8ffd\u52a0
\n
-A RH-Firewall-1-INPUT -m state –state NEW -m udp -p udp –dport 1194 -j ACCEPT<\/p>\n
\uff1c\u8d77\u52d5\u30b9\u30af\u30ea\u30d7\u30c8\u8a2d\u5b9a\uff1e
\n
vi \/etc\/openvpn\/server.conf\u3000\u2190\u3000OpenVPN\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u7de8\u96c6
\n
—-
\n
dev tun\u3000\u2190\u3000VPN\u30a4\u30f3\u30bf\u30d5\u30a7\u30fc\u30b9\u3068\u3057\u3066TUN\u3092\u6307\u5b9a(\u30c7\u30d5\u30a9\u30eb\u30c8)
\n
server 10.8.0.0 255.255.255.0\u3000\u2190\u3000VPN\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u5272\u5f53\u3066\u30a2\u30c9\u30ec\u30b9\u7bc4\u56f2\u3068\u3057\u306610.8.0.0\/24\u3092\u6307\u5b9a(\u30c7\u30d5\u30a9\u30eb\u30c8)
\n
;push “route 192.168.10.0 255.255.255.0”
\n
;push “route 192.168.20.0 255.255.255.0”
\n
push “route 192.168.1.0 255.255.255.0″\u3000\u2190\u3000\u8ffd\u52a0(LAN(\u4f8b:192.168.1.0\/24)\u3078\u306e\u30eb\u30fc\u30c8\u3092VPN\u30b5\u30fc\u30d0\u30fc\u7d4c\u7531\u306b\u3059\u308b)
\n
tls-auth ta.key 0 # This file is secret\u3000\u2190\u3000\u884c\u982d\u306e;\u3092\u524a\u9664\u3057\u3066\u30b3\u30e1\u30f3\u30c8\u89e3\u9664(TLS\u8a8d\u8a3c\u6709\u52b9\u5316)
\n
user nobody\u3000\u2190\u3000\u884c\u982d\u306e;\u3092\u524a\u9664\u3057\u3066\u30b3\u30e1\u30f3\u30c8\u89e3\u9664(OpenVPN\u5b9f\u884c\u6a29\u9650\u3092\u4e0b\u3052\u308b)
\n
group nobody\u3000\u2190\u3000\u884c\u982d\u306e;\u3092\u524a\u9664\u3057\u3066\u30b3\u30e1\u30f3\u30c8\u89e3\u9664(OpenVPN\u5b9f\u884c\u6a29\u9650\u3092\u4e0b\u3052\u308b)
\n
log-append \/var\/log\/openvpn.log\u3000\u2190\u3000\u884c\u982d\u306e;\u3092\u524a\u9664\u3057\u3066\u30b3\u30e1\u30f3\u30c8\u89e3\u9664(\u30ed\u30b0\u3092\/var\/log\/openvpn.log\u306b\u8a18\u9332\u3059\u308b)
\n
management localhost 7505\u3000\u2190\u3000\u6700\u7d42\u884c\u3078\u8ffd\u52a0(\u7ba1\u7406\u30a4\u30f3\u30bf\u30d5\u30a7\u30fc\u30b9\u306e\u6709\u52b9\u5316\u203b\u5f8c\u8ff0)
\n
crl-verify crl.pem\u3000\u2190\u3000\u6700\u7d42\u884c\u3078\u8ffd\u52a0(\u8a3c\u660e\u66f8\u5ec3\u6b62\u30ea\u30b9\u30c8\u306e\u6709\u52b9\u5316)<\/p>\n
\uff1cVPN\u30a4\u30f3\u30bf\u30d5\u30a7\u30fc\u30b9\u7528\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u81ea\u52d5\u8a2d\u5b9a\uff1e
\n
vi \/etc\/openvpn\/openvpn-startup\u3000\u2190\u3000OpenVPN\u8d77\u52d5\u6642\u5b9f\u884c\u30b9\u30af\u30ea\u30d7\u30c8\u65b0\u898f\u4f5c\u6210
\n
——————————–
\n
#!\/bin\/bash
\n
# VPN\u30a4\u30f3\u30bf\u30d5\u30a7\u30fc\u30b9iptables\u30eb\u30fc\u30eb\u524a\u9664\u30b9\u30af\u30ea\u30d7\u30c8\u5b9f\u884c\u203b\u5fc5\u9808
\n
\/etc\/openvpn\/openvpn-shutdown
\n
# VPN\u30b5\u30fc\u30d0\u30fc\u304b\u3089\u306e\u9001\u4fe1\u3092\u8a31\u53ef\u203b\u5fc5\u9808
\n
iptables -I OUTPUT -o tun+ -j ACCEPT iptables -I FORWARD -o tun+ -j ACCEPT
\n
# VPN\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u304b\u3089VPN\u30b5\u30fc\u30d0\u30fc\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092\u8a31\u53ef\u3059\u308b\u5834\u5408
\n
iptables -I INPUT -i tun+ -j ACCEPT
\n
# VPN\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u304b\u3089LAN\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092\u8a31\u53ef\u3059\u308b\u5834\u5408(\u4efb\u610f)
\n
# (\u4f8b\u3068\u3057\u3066VPN\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u304b\u3089192.168.1.0\/24\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092\u8a31\u53ef\u3059\u308b\u5834\u5408)
\n
# \u203b192.168.1.0\/24\u5074\u306e\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u7b49\u3067VPN\u30af\u30e9\u30a4\u30a2\u30f3\u30c8(10.8.0.0\/24)\u304b\u3089\u306e\u30a2\u30af\u30bb\u30b9\u3092\u8a31\u53ef\u3059\u308b\u3053\u3068
\n
#iptables -I FORWARD -i tun+ -d 192.168.1.0\/24 -j ACCEPT
\n
# VPN\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u304b\u3089LAN\u5185\u7279\u5b9a\u30de\u30b7\u30f3\u306e\u307f\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092\u8a31\u53ef\u3059\u308b\u5834\u5408(\u4efb\u610f)
\n
# (\u4f8b\u3068\u3057\u3066VPN\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u304b\u3089192.168.1.3\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092\u8a31\u53ef\u3059\u308b\u5834\u5408)
\n
# \u203b192.168.1.3\u5074\u306e\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u7b49\u3067VPN\u30af\u30e9\u30a4\u30a2\u30f3\u30c8(10.8.0.0\/24)\u304b\u3089\u306e\u30a2\u30af\u30bb\u30b9\u3092\u8a31\u53ef\u3059\u308b\u3053\u3068
\n
#iptables -I FORWARD -i tun+ -d 192.168.1.3 -j ACCEPT
\n
——————————–
\n
chmod +x \/etc\/openvpn\/openvpn-startup\u3000\u2190\u3000OpenVPN\u8d77\u52d5\u6642\u5b9f\u884c\u30b9\u30af\u30ea\u30d7\u30c8\u3078\u5b9f\u884c\u6a29\u9650\u4ed8\u52a0<\/p>\n
\uff1cVPN\u30a4\u30f3\u30bf\u30d5\u30a7\u30fc\u30b9\u7528\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u81ea\u52d5\u8a2d\u5b9a\u89e3\u9664\uff1e
\n
vi \/etc\/openvpn\/openvpn-shutdown\u3000\u2190\u3000OpenVPN\u505c\u6b62\u6642\u5b9f\u884c\u30b9\u30af\u30ea\u30d7\u30c8\u65b0\u898f\u4f5c\u6210
\n
——————————–
\n
#!\/bin\/bash
\n
# VPN\u30a4\u30f3\u30bf\u30d5\u30a7\u30fc\u30b9(tun+)\u7528iptables\u30eb\u30fc\u30eb\u524a\u9664\u95a2\u6570
delete() { rule_number=`iptables -L $target –line-numbers -n -v|grep tun.|awk ‘{print $1}’|sort -r` for num in $rule_number do iptables -D $target $num done }
\n
# VPN\u30a4\u30f3\u30bf\u30d5\u30a7\u30fc\u30b9(tun+)\u7528iptables\u53d7\u4fe1\u30eb\u30fc\u30eb\u524a\u9664
target=’INPUT’ delete
\n
# VPN\u30a4\u30f3\u30bf\u30d5\u30a7\u30fc\u30b9(tun+)\u7528iptables\u8ee2\u9001\u30eb\u30fc\u30eb\u524a\u9664
target=’FORWARD’ delete
\n
# VPN\u30a4\u30f3\u30bf\u30d5\u30a7\u30fc\u30b9(tun+)\u7528iptables\u9001\u4fe1\u30eb\u30fc\u30eb\u524a\u9664
target=’OUTPUT’ delete
\n
——————————–
\n
chmod +x \/etc\/openvpn\/openvpn-shutdown\u3000\u2190\u3000OpenVPN\u505c\u6b62\u6642\u5b9f\u884c\u30b9\u30af\u30ea\u30d7\u30c8\u3078\u5b9f\u884c\u6a29\u9650\u4ed8\u52a0
\n
\uff1cOpenVPN\u30ed\u30b0\u30ed\u30fc\u30c6\u30fc\u30b7\u30e7\u30f3\u8a2d\u5b9a\uff1e
\n
vi \/etc\/logrotate.d\/openvpn\u3000\u2190\u3000OpenVPN\u30ed\u30b0\u30ed\u30fc\u30c6\u30fc\u30b7\u30e7\u30f3\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u65b0\u898f\u4f5c\u6210
\n
——————————–
\n
\/var\/log\/openvpn.log
{
missingok notifempty sharedscripts postrotate \/etc\/rc.d\/init.d\/openvpn restart 2>&1 > \/dev\/null || true endscript
}<\/p>\n
——————————–<\/p>\n
\uff1cOpenVPN\u8d77\u52d5(\u30b5\u30fc\u30d0\u30fc\u5074)\uff1e
\n
# OpenVPN\u8d77\u52d5
\n
vi \/etc\/rc.d\/init.d\/openvpn\u3000\u2190\u3000OpenVPN\u8d77\u52d5\u30b9\u30af\u30ea\u30d7\u30c8\u7de8\u96c6
\n
——————————–
\n
echo 1 > \/proc\/sys\/net\/ipv4\/ip_forward\u3000\u2190\u3000\u884c\u982d\u306e#\u3092\u524a\u9664\u3057\u3066\u30b3\u30e1\u30f3\u30c8\u89e3\u9664(\u30d1\u30b1\u30c3\u30c8\u8ee2\u9001\u6709\u52b9\u5316) ——————————–
\n
\/etc\/rc.d\/init.d\/openvpn start\u3000\u2190\u3000OpenVPN\u8d77\u52d5
\n
openvpn \u3092\u8d77\u52d5\u4e2d: [ OK ]
\n
chkconfig openvpn on\u3000\u2190\u3000OpenVPN\u81ea\u52d5\u8d77\u52d5\u8a2d\u5b9a<\/p>\n
\uff1cWindows\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u5074\u8a2d\u5b9a\uff1e
\n
# \u30c0\u30a6\u30f3\u30ed\u30fc\u30c9 http:\/\/swupdate.openvpn.org\/community\/releases\/openvpn-install-2.3.2-I001-x86_64.exe
\n
C:\\Program Files\\OpenVPN\\sample-config\\client.ovpn \u3092\u4e0b\u8a18\u306b\u30b3\u30d4\u30fc
\n
C:\\Program Files\\OpenVPN\\config\\client.ovpn
\n
# \u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u7de8\u96c6
\n
C:\\Program Files\\OpenVPN\\config\\client.ovpn
\n
remote 133.242.165.31 1194
\n
cert tkn.crt
\n
key tkn.key
\n
ns-cert-type server
\n
tls-auth ta.key 1<\/p>\n
\uff1cCA\u8a3c\u660e\u66f8\u3001\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u30fb\u79d8\u5bc6\u9375\u3001TLS\u8a8d\u8a3c\u9375\u8a2d\u7f6e\u3000\u203b\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u5074\u4f5c\u696d\uff1e
\n
\u30b5\u30fc\u30d0\u30fc\u5074\u304b\u3089CA\u8a3c\u660e\u66f8(\/etc\/openvpn\/ca.crt)\u3001\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8(\/etc\/openvpn\/easy-rsa\/keys\/tkn.crt)\u3001\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u79d8\u5bc6\u9375(\/etc\/openvpn\/easy-rsa\/keys\/tkn.key)\u3001TLS\u8a8d\u8a3c\u9375(\/etc\/openvpn\/ta.key)\u3092\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u5074\u3078\u6301\u3061\u8fbc\u307f\u3001\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u683c\u7d0d\u30d5\u30a9\u30eb\u30c0(C:\\Program Files\\OpenVPN\\config)\u3078\u683c\u7d0d\u3059\u308b\u3002
\n
\u203bCA\u8a3c\u660e\u66f8\u3001\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u3001\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u79d8\u5bc6\u9375\u3001TLS\u8a8d\u8a3c\u9375\u3092\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u5074\u3078\u6301\u3061\u8fbc\u3080\u969b\u306f\u3001\u30d5\u30ed\u30c3\u30d4\u30fc\u30c7\u30a3\u30b9\u30af\u3001USB\u30e1\u30e2\u30ea\u7b49\u306e\u53ef\u642c\u5a92\u4f53\u7d4c\u7531\u307e\u305f\u306f\u3001SCP\u3084SFTP\u7b49\u306e\u6697\u53f7\u5316\u3055\u308c\u305f\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u7d4c\u7531\u7b49\u306e\u5b89\u5168\u306a\u7d4c\u8def\u3067\u6301\u3061\u8fbc\u3080\u3053\u3068
\n
\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u3092\u5b9f\u884c\u3057\u3001\u30bf\u30b9\u30af\u30c8\u30ec\u30a4\u306e\u30a2\u30a4\u30b3\u30f3\u3092\u30af\u30ea\u30c3\u30af\u3057\u63a5\u7d9a
\n
\n\u5c1a\u3001Windows\u306eOpenVPN\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u30a2\u30a4\u30b3\u30f3\u304c\u9ec4\u8272\u304b\u3089\u5148\u306b\u9032\u307e\u305a\u3001\u30ed\u30b0\u306b\u4f55\u3082\u66f8\u304b\u308c\u3066\u3044\u306a\u3044\u5834\u5408\u3001openvpn.exe\u3092\u30bf\u30b9\u30af\u30de\u30cd\u30fc\u30b8\u30e3\u304b\u3089\u524a\u9664\u3057\u3001\u518d\u5ea6\u8d77\u52d5\u3057\u305f\u3068\u3053\u308d\u6b63\u5e38\u306b\u52d5\u3044\u305f\u3053\u3068\u304c\u3042\u3063\u305f\u306e\u3067\u3001\u4e00\u5fdc\u30e1\u30e2\u3002<\/p>\n
\u4ee5\u4e0a<\/p>\n","protected":false},"excerpt":{"rendered":"
\u6700\u8fd1\u3001\u8907\u6570\u30b5\u30fc\u30d0\u30fc\u3092\u7ba1\u7406\u3057\u3066\u3044\u308b\u3068\u3001WinSCP\u3068\u304b\u3067\u3044\u3061\u3044\u3061\u63a5\u7d9a\u3059\u308b\u306e\u304c\u5104\u52ab\u3002 \u30d5\u30a1\u30a4\u30eb\u306e\u53d6\u5f97\u30fb\u66f4\u65b0\u3092Samba\u7d4c\u7531\u3067\u884c\u3044\u305f\u304f\u306a\u3063\u3066\u304d\u305f\u306e\u3067VPN\u63a5\u7d9a\u53ef\u80fd\u306b\u3002 CentOS6.4 \u306b OpenVPN2.3.2 \u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3059\u308b\u969b\u306b\u3001easy-rsa \u3068\u3044\u3046\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u304c\u306a\u304f\u306f\u307e\u3063\u305f\u70ba\u3001\u624b\u9806\u3092\u30e1\u30e2\u3002 Yum\u3067\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3067\u3001\u30ea\u30dd\u30b8\u30c8\u30ea\u306f epel \u3092\u4f7f\u7528\u3002\u30ec\u30dd\u30b8\u30c8\u30ea\u8ffd\u52a0\u306f\u4e0b\u8a18\u3092\u53c2\u7167\u3002 http:\/\/www.tooyama.org\/yum-addrepo-epel.html<\/p>\n
\uff1c\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\uff1e yum -y install openvpn yum -y install easy-rsa \u2190 \u3053\u308c\u304c\u308f\u304b\u3089\u305a\u306f\u307e\u3063\u305f\u30fb\u30fb\u30fb<\/p>\n
\uff1c\u30de\u30b9\u30bfCA\u8a3c\u660e\u66f8\u3001\u9375\u306e\u751f\u6210\uff1e cp \/usr\/share\/doc\/openvpn-*\/sample\/sample-config-files\/server.conf \/etc\/openvpn\/ cp -ai \/usr\/share\/easy-rsa\/2.0 \/etc\/openvpn\/easy-rsa cd \/etc\/openvpn\/easy-rsa<\/p>\n
\uff1c\u8a3c\u660e\u66f8\u306e\u60c5\u5831\u3092\u7de8\u96c6\uff1e vi vars export KEY_COUNTRY=”JP” export KEY_PROVINCE=”Saitama” export KEY_CITY=”Tokorozawa” export KEY_ORG=”tkn.jp” export KEY_EMAIL=”xxxx@tkn.jp” #export KEY_EMAIL=mail@host.domain #export KEY_CN=changeme #export KEY_NAME=changeme #export KEY_OU=changeme #export PKCS11_MODULE_PATH=changeme […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-191","post","type-post","status-publish","format-standard","hentry","category-centos","odd"],"_links":{"self":[{"href":"https:\/\/www.tkn.jp\/index.php?rest_route=\/wp\/v2\/posts\/191","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tkn.jp\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tkn.jp\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tkn.jp\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tkn.jp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=191"}],"version-history":[{"count":9,"href":"https:\/\/www.tkn.jp\/index.php?rest_route=\/wp\/v2\/posts\/191\/revisions"}],"predecessor-version":[{"id":231,"href":"https:\/\/www.tkn.jp\/index.php?rest_route=\/wp\/v2\/posts\/191\/revisions\/231"}],"wp:attachment":[{"href":"https:\/\/www.tkn.jp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=191"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tkn.jp\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=191"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tkn.jp\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=191"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}