ddwrt open*** tun
1.ddwrt Open××× Server 配置
打开DD-WRT的Open×××服务器daemon选择wan up模式按下表填入信息
Public Server Cert (CA Cert) ca.crt
Certificate Revoke List (空)
Public Server Cert server.crt
Private Server Key server.key
DH PEM dh1024.pem
Open××× Config (看下面的服务器config)
Open××× TLS Auth (空)
注意只要填Begin/End之间的内容就可以了含Begin/End
-----BEGIN CERTIFICATE-----
证书内容。。。
-----ENDCERTIFICATE-----
2.服务器的Open××× Config如下
port 1194
proto tcp
dev tun0
dh /tmp/open***/dh.pem
ca /tmp/open***/ca.crt
cert /tmp/open***/cert.pem
key /tmp/open***/key.pem
server 10.8.0.0 255.255.255.0
push "route 192.168.1.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 202.96.128.86"
push "dhcp-option DNS 202.96.134.33"
push "dhcp-option DNS 192.168.1.1"
client-to-client
keepalive 10 120
comp-lzo
persist-key
persist-tun
verb 3
mute 20
3.设置DD的启动脚本web登录后在管理-》命令里面设置
open*** --mktun --dev tun0
4.设置DD的防火墙脚本web登录后在管理-》命令里面设置
iptables -I FORWARD 3 -i tun0 -o br0 -m state --state RELATED,ESTABLISHED -j logaccept
iptables -I POSTROUTING 3 -t nat -o tun0 -s 10.8.0.0/24 -d 10.8.0.0/24 -j MASQUERADE
iptables -I INPUT 1 -p tcp --dport 1194 -j ACCEPT
iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT
5.客户端配置
client
;dev tap
dev tun
;dev-node MyTap
;proto tcp
proto tcp
remote shmq.3322.org 1194
;remote my-server-2 1194
;remote-random
resolv-retry infinite
nobind
;user nobody
;group nobody
persist-key
persist-tun
;http-proxy-retry # retry on connection failures
;http-proxy [proxy server] [proxy port #]
;mute-replay-warnings
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
;tls-auth ta.key 1
comp-lzo
# Set log file verbosity.
verb 3
mute 20
注意1.时间设置UTC+8 夏令是为none 。
2.关闭ddwrt的防火墙。
有什么问题可以加我QQ:504714639
http://pan.baidu.com/s/1c0xmllI
另一种防火墙配置
iptables -I FORWARD 3 -i tun0 -o br0 -m state --state RELATED,ESTABLISHED -j logaccept
iptables -I POSTROUTING 3 -t nat -o tun0 -s 10.8.0.0/24 -d 10.8.0.0/24 -j MASQUERADE
iptables -I INPUT 1 -p tcp --dport 1194 -j ACCEPT
iptables -I INPUT 1 -p udp --dport 1194 -j ACCEPT
iptables -I FORWARD 1 --source 10.8.0.0/24 -j ACCEPT
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o br0 -j MASQUERADE
转载于:https://blog.51cto.com/huangxuehai/1537801