======使用靜態金鑰加密======
=====LAB架構圖=====
{{:linux:vpn:openvpn-lab1-1.gif?|}}

=====網路配置=====
  * Openvpn-client<code>vpn-client#ifconfig eth0 192.168.30.1/24
vpn-client#route add default gw 192.168.30.254
</code>
  * Router<code>routing#ifconfig eth0 192.168.30.254/24
routing#ifconfig eth1 192.168.50.254/24
routing#vim /etc/sysctl.conf
</code><code>～略～
net.ipv4.ip_forward = 1
～略～
</code>
  * Openvpn-server<code>vpnServer#ifconfig eth0 192.168.50.1/24
vpnServer#ifconfig eth1 192.168.200.254/24
vpnServer#vim /etc/sysctl.conf
</code><code>~略~
net.ipv4.ip_forward = 1
～略～
</code><code>vpnServer# route add -net 192.168.30.0 netmask 255.255.255.0 gw 192.168.50.254</code>
  * WEBTest<code>web#ifconfig eth0 192.168.200.1/24
web#route add default gw 192.168.200.254
</code>
  * 測試Openvpn-client與Openvpn-server是否可以互ping,若通的話,此階段就完成<code>vpn-client#ping 192.168.50.1</code><code>vpnServer#ping 192.168.30.1</code>
=====OpenVPN安裝=====
  * 分別在Openvpn-client and Openvpn-server安裝**epel-release**<code>#rpm -ivh  http://mirror01.idc.hinet.net/EPEL/6/i386/epel-release-6-7.noarch.rpm</code>
  * 分別在Openvpn-client and Openvpn-server安裝**OpenVPN**<code>#yum install openvpn</code>
=====OpenVPN設定靜態金鑰=====
  * 在openvpn-server裡建立靜態金鑰<code>#cd /etc/openvpn/keys
#openvpn --genkey --secret static.key 
</code>
  * 複製static.key到openvpn-client<code>#scp static.key 192.168.30.1:/etc/openvpn/keys</code>
=====OpenVPN設定檔配置=====
  * Openvpn-server<code>vpnServer#vim /etc/openvpn/server1.conf</code><code>dev tun
proto udp
ifconfig 10.0.0.1 10.0.0.2
secret /etc/openvpn/keys/static.key
local 192.168.50.1
keepalive 10 60
comp-lzo
daemon
</code><code>vpnServer# iptables -I INPUT -p udp --dport 1194 -j ACCEPT</code><code>vpnServer# iptables -I INPUT -i tun+ -j ACCEPT</code><code>vpnServer# iptables -I FORWARD -i tun+ -j ACCEPT</code>
  * Openvpn-client<code>vpn-client# vim /etc/openvpn/client1.conf</code><code>remote 192.168.50.1
dev tun
ifconfig 10.0.0.2 10.0.0.1
route 192.168.200.0 255.255.255.0
secret /etc/openvpn/keys/static.key
keepalive 10 60
comp-lzo</code>
  * 啟動OpenVPN<code>vpnServer# openvpn /etc/openvpn/server1.conf</code><code>vpn-client#openvpn /etc/openvpn/client1.conf</code>
======參考資料======
  - [[http://www.server-world.info/en/note?os=CentOS_5&p=openvpn|serverWorld-Install OpenVPN]]
  - [[http://blog.nuface.tw/?p=871|紐菲斯Blog-OpenVPN 建置筆記(第3集)]]
  - [[http://www.books.com.tw/exep/prod/booksfile.php?item=0010521969|Linux Networking錦囊妙計-第九章OpenVPN]]
  - [[http://linux-learning-note.blogspot.tw/2010/06/tuntap.html|虛擬網卡 TUN/TAP 工作原理]]
  - [[http://www.ibm.com/developerworks/cn/linux/l-tuntap/index.html|虛擬網卡 TUN/TAP 驅動程序設計原理]]