背景
- openvpn server.conf
port 1194
;proto tcp
proto udp
dev tun
;dev tap
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/server.crt
key /etc/openvpn/server/server.key
tls-auth /etc/openvpn/server/ta.key 0
dh /etc/openvpn/server/dh.pem
log /etc/openvpn/hbase2/openvpn.log
duplicate-cn
local 172.16.0.250
push "route 10.234.0.0 255.255.255.0"
push "route 172.16.0.0 255.255.255.0"
script-security 2
client-connect /etc/openvpn/hbase2/up.sh
client-disconnect /etc/openvpn/hbase2/down.sh
#up /etc/openvpn/hbase2/up.sh
#client-config-dir /etc/openvpn/hbase2/ccd
server 10.237.0.0 255.255.255.0
ifconfig-pool-persist /etc/openvpn/hbase2/ipp.txt 0
keepalive 10 120
cipher AES-256-CBC
persist-key
persist-tun
status /etc/openvpn/hbase2/openvpn-status.log
verb 3
explicit-exit-notify 1
script-security 3
auth-user-pass-verify /etc/openvpn/hbase2/check.sh via-env
username-as-common-name
设置固定客户端ip
# 添加配置
client-config-dir /etc/openvpn/hbase2/ccd
ifconfig-pool-persist /etc/openvpn/hbase2/ipp.txt
ccd文件夹中新增文件名CN
vim /etc/openvpn/hbase2/ccd/test-cn
ifconfig-push 10.237.0.13 10.237.0.14