制作:
cd /data/openvpn(安装目录)
cd scripts/
. ./vars
./build-key ***(用户名)
cd keys/
将生成的 ***.crt; ***.csr; ***.key;复制出来
把ca安全证书和client复制出来,并修改client里面的:
# file can be used for all clients.
ca ca.crt
cert ***.crt
key ***.key
cd /data/openvpn(安装目录)
cd scripts/
. ./vars
./build-key ***(用户名)
cd keys/
将生成的 ***.crt; ***.csr; ***.key;复制出来
把ca安全证书和client复制出来,并修改client里面的:
# file can be used for all clients.
ca ca.crt
cert ***.crt
key ***.key
然后把它们放在一同一个文件夹中,放到Open×××安装目录下的config目录下
然后刷新一下openvpn,连接它就会自动分配一个IP,然后选择一个限制IP
然后刷新一下openvpn,连接它就会自动分配一个IP,然后选择一个限制IP
限制:
cd openvpn/
cd bin/
vi user-nat.sh
cd openvpn/
cd bin/
vi user-nat.sh
#!/bin/sh
iptables -t nat -F
iptables -t nat -F
iptables -A INPUT -j ACCEPT
iptables -A OUTPUT -j ACCEPT
iptables -A FORWARD -j ACCEPT
iptables -A OUTPUT -j ACCEPT
iptables -A FORWARD -j ACCEPT
#125** SNAT 10.25.7.x
iptables -t nat -A POSTROUTING -s 10.61.0.6 -d 10.25.61.0/255.255.255.0 -j SNAT --to-source 10.25.61.80
iptables -t nat -A POSTROUTING -s 10.61.0.6 -d 10.25.61.0/255.255.255.0 -j SNAT --to-source 10.25.61.80
#lhm
iptables -t nat -A POSTROUTING -s 10.61.0.10 -d 10.25.61.0/255.255.255.0 -j SNAT --to-source 10.25.61.80
iptables -t nat -A POSTROUTING -s 10.61.0.10 -d 10.25.61.0/255.255.255.0 -j SNAT --to-source 10.25.61.80
#wadao(允许登录机器,其他的限制登录)
iptables -t nat -A POSTROUTING -s 10.61.0.46 -d 10.25.61.114 -j SNAT --to-source 10.25.61.80
iptables -t nat -A POSTROUTING -s 10.61.0.46 -d 10.25.61.115 -j SNAT --to-source 10.25.61.80
iptables -t nat -A POSTROUTING -s 10.61.0.46 -d 10.25.61.114 -j SNAT --to-source 10.25.61.80
iptables -t nat -A POSTROUTING -s 10.61.0.46 -d 10.25.61.115 -j SNAT --to-source 10.25.61.80
#source /etc/profile
#./user-nat.sh
