Interconectarea sediilor companieiEmil CHERICHEȘ

Geek Meet #3 Tîrgu Mureș

12 Decembrie 2009

Situația

LinuxDistribuția folosită

EPELExtra Packages for Enterprise Linux

http://fedoraproject.org/wiki/EPEL

su -c 'rpm -Uvhhttp://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-3.noarch.rpm'

OpenVPN# yum install openvpn

Interfețele TAPInterfețele de rețea virtuale pe care comunică OpenVPN

#! /bin/bash## network Bring up/down tun0## chkconfig: 2345 9 90# description: Activates/Deactivates tap0.#case $1 instart)

/usr/sbin/tunctl -t tap0;;stop)

/usr/sbin/tunctl -d tap0;;*)

echo $"Usage: $0 {start|stop}"exit 1

Esacexit $rc

chkconfig tunctl on

/etc/init.d/tunctl

RețeauaConfigurarea bridge-ului

yum install bridge-utils tunctlcd /etc/sysconfig/network-scripts/cp ifcfg-eth0 ifcfg-br0

ifcfg-eth0:DEVICE=eth0BOOTPROTO=staticBRIDGE=br0HWADDR=08:00:27:A1:51:87ONBOOT=yesTYPE=Ethernet

ifcfg-br0:DEVICE=br0TYPE=BridgeBOOTPROTO=staticIPADDR=192.168.1.1NETMASK=255.255.255.0ONBOOT=yes

ifcfg-tap0:DEVICE=tap0BOOTPROTO=staticONBOOT=yesBRIDGE=br0

OpenSSLGenerarea certificatelor

ca.crt

OpenSSLGenerarea certificatelor

gw1.crt gw1.key

OpenSSLGenerarea certificatelor

gw2.crt gw2.key

OpenSSLGenerarea certificatelor

dh1024.pem

certificatelecare unde trebuie puse

Serverca.crtgw1.crtgw1.keydh1024.pem

Clientca.crtgw2.crtgw2.key

/etc/openvpn

/usr/share/doc/openvpn-2.1/sample-config-files/

server.confServerul OpenVPN

port 1194proto udpdev tap0ca ca.crtcert gw1.crt

key gw1.keydh dh1024.pemserver-bridge 192.168.1.1 255.255.255.0 192.168.1.230 192.168.1.235client-to-clientkeepalive 10 120comp-lzopersist-keypersist-tunstatus openvpn-status.logverb 3

client.confClientul OpenVPN

clientdev tap0proto udpremote GW1_PUBLIC_IP 1194resolv-retry infinitenobindpersist-keypersist-tunca ca.crtcert gw2.crtkey gw2.keyns-cert-type servercomp-lzoverb 3

startupPornirea servicului și setarea inițializării sistemului

service openvpn startchkconfig openvpn on

Situația

MulțumescEmil CHERIHCHEȘ

http://emil.cheriches.ro