OpenVPN�$B$r;H$C$F�(B...
�$B!V2H$N30$+$i$b!"�(Bsamba�$B$K$h$k%U%!%$%k6&M-$r0BA4$K9T$($?$i$$$$$J!W$H;W$C$?$N$,!"$3$H$NH/C<$G$9!#�(BOpenSSL�$B$G:n@.$7$?>ZL@=q$r;HMQ$7$F!"$=$N4D6-9=C[$r9T$$$^$7$?!#�(B
�$B%M%C%H%o!<%/9=@.?^�(B
�$B9=@.?^$,$J$$$H8e$+$iFI$_D>$7$F$bM}2r$9$k$N$K;~4V$,$+$+$j$^$9!#3(?4$OA4$/;}$C$F$$$J$$$?$a!"�(BASCII�$B%"!<%H$GI=8=!#�(B(�$B>.3X@8$N;~!"2?$+$NE8<(2q$GF~>^$7$?5-21$O$"$k$,�(B...)
�$B%M%C%H%o!<%/9=@.?^�(B(VPN�$B4D6-9=C[A0�(B)
[ �$BL5K!�(BPC ]
|202.xxx.yyy.zzz
|
--+--------+------------------
|
NSPIXP etc...
|
-----------+--------+--------- �$B$3$3$+$i>e$,L5K!COBS!"2<$,2f$,2H!J7h$7$FL5K!COBS$G$O�(B...�$B$J$$!K�(B
|
|61.205.236.173
+--------+--------+ (Linux Box)
| [WAN] |
| | |
| [NAT] |
| | |
| IP Routing |
| | |
| [LAN] |
+--------+--------+
|192.168.0.254
| 192.168.0.0/24
----+-------------+--------+----------------+------------------------------
| | |
|192.168.0.250 |192.168.0.10 |192.168.0.20 ...
[ SERVER ] [ PC ] [ PC ]
SERVER �$B$K$O!"�(Bsamba�$B$r4^$a$F!"$=$NB>%5!<%P$bF0:n$7$F$$$^$9!#�(B
�$B%M%C%H%o!<%/9=@.?^�(B(VPN�$B4D6-9=C[8e�(B)
�$B:#2s$O!"�(BVPN�$BMQ$K?75,$N%M%C%H%o!<%/�(BID�$B$rJ'$$=P$9$3$H$K$7$^$7$?!#�(BEthernet�$B%V%j%C%8$r;HMQ$9$l$P!"$9$C$-$j$9$k$+$J$H$b;W$C$?$N$G$9$,!"$=$l$O
[ �$BL5K!�(BPC ]
| 202.xxx.yyy.zzz
|VPN:192.168.100.100
--+--------+------------------
|
NSPIXP etc...
|
-----------+--------+--------- �$B$3$3$+$i>e$,L5K!COBS!"2<$,2f$,2H!J7h$7$FL5K!COBS$G$O�(B...�$B$J$$!K�(B
|
|61.205.236.173
+--------+--------+ (Linux Box)
| [WAN] |
| | |
| [NAT] |
| | |
| IP Routing |
| | |
| [LAN] |
+--------+--------+
| 192.168.0.254
|VPN:192.168.100.1
| 192.168.0.0/24
----+-------------+--------+----------------+------------------------------
| | |
|192.168.0.250 |192.168.0.10 |192.168.0.20 ...
[ SERVER ] [ PC ] [ PC ]
Linux Server(192.168.0.254)�$B$G$N:n6H�(B
OpenVPN�$B$N�(Brebuild&install
RPM�$B$r:n@.$7$^$;$&!#�(Bhttp://openvpn.sourceforge.net�$B$+$i�(BTarball�$B$r%@%&%s%m!<%I$7$^$7$g$&!#�(B
$ tar zxvf openvpn-2.0_beta15.tar.gz
$ cp -a openvpn-2.0_beta15/openvpn.spec ~/rpm/SPECS
$ cp -a openvpn-2.0_beta15.tar.gz ~/rpm/SOURCES
$ rpmbuild -ba --target=i686 ~/rpm/SPECS/openvpn.spec
lzo�$B05=L$,$&$s$L$s$+$s$L$s$G%(%i!<$H$J$j$^$9!#�(BSPEC�$B%U%!%$%k$r=$@5$9$l$P$h$$$N$G$7$g$&$,!"CWL?E*7g4Y$N>l9g$r=|$$$F�(BSPEC�$B%U%!%$%k$O=$@5$7$?$/$J$$$N$G!"�(Blzo-1.08-3.dag.src.rpm�$B$r@h$s$8$F�(Brebuild&install�$B!#$3$l$GLdBj$J$/!"�(Bopenvpn�$B$b�(Brebuild�$B$G$-$^$7$?!#�(B
RPM�$B$r%$%s%9%H!<%k$7$^$;$&!#�(B
$ cd ~/rpm/RPMS/i686
$ sudo rpm -ivh openvpn-2.0_beta15-1.i686.rpm
OpenVPN�$B$N@_Dj�(B
/etc/openvpn�$B$H$$$&%G%#%l%/%H%j$,:n@.$5$l$^$9!#$3$3$K@_Dj%U%!%$%k$r3JG<$7$F$$$-$^$9!#$J$*!"@_Dj%U%!%$%k$O$=$N3HD%;R$,�(B .conf �$B$G$"$l$PL>>N$OLd$o$l$^$;$s!#�(B(/etc/rc.d/init.d/openvpn �$B;2>H!K�(B
�$B$H$j$"$($:!"�(BLinux�$B%5!<%P$N@_Dj%U%!%$%k$r8+$F$_$^$7$g$&!#�(B
$ sudo cat /etc/openvpn/tls-server.conf
cd /etc/openvpn
tls-server
dev tap0 # �$B%H%s%M%k%G%P%$%9�(B
#proto tcp-server # tls-server�$B$r;XDj$9$k$H$-$O!";XDj$7$J$$$3$H�(B!
ifconfig 192.168.100.1 255.255.255.0 # VPN�$B>e$G$N�(BIP�$B%"%I%l%9�(B
local 192.168.0.254 # LAN�$B>e$G$N�(BIP�$B%"%I%l%9�(B
port 5000 # OpenVPN�$B$NBT$A7?�(BCA�$B>ZL@=q!JG'>Z5!4X$N>ZL@=q!K�(B
cert mx-cert.pem # �$BG'>Z5!4X=pL>:Q$_%5!<%P>ZL@=q�(B
key mx.pem # �$B%5!<%P>ZL@=q$NHkL)80�(B
#key-method 2 # �$B%5!<%P$H%/%i%$%"%s%H$G�(BOpenVPN�$B$N%P!<%8%g%s$,0c$&$H@_Dj$;$6$k$rF@$J$/$J$k2DG=@-Bg�(B
persist-key
persist-tun
ping-restart 600
ping 60
comp-lzo # LZO�$B05=L�(B
verb 1 # debug(0, 1, 2, 3, 9)
mute 10 # mute
$
dh�$B!"�(Bca�$B!"�(Bcert�$B!"�(Bkey�$B$N3F%Q%i%a!<%?$K;XDj$7$F$$$k%U%!%$%k$N:n@.J}K!$O!"�(Bfreeradius 0.9.3 & openssl 0.9.7d�$B$G�(B802.1x EAP-TLS�$BG'>Z$J$k$b$N$r�(B...�$B!J2r@bJT!K�(B�$B$N�(B[Diffie-Hellman�$B%Q%i%a!<%?$N:n@.�(B]�$B!"�(B[�$BG'>Z5!4X�(B(CA)�$B$N@_N)�(B]�$B!"�(B[�$B%5!<%P>ZL@=q$N:n@.�(B]�$B$N3F9`$r;2>H$/$@$5$$!#�(B
�$B$J$*!">e5-�(BURI�$B$N$H$*$j%5!<%P>ZL@=q$NHkL)80$r:n@.$9$k$H$=$N%"%/%;%9$NEY!J!a�(BOpenVPN�$B$N5/F0$NEY!K$K%Q%9%U%l!<%:$NF~NO$,I,MW$H$J$j$^$9!#1?MQ$r$I$&$9$k$N$+$K0M$k$H$3$m$G$9$,!"$3$l$,l9g$O0J2<$N%3%^%s%I$G6&DL80$G0E9f2=$5$l$?HkL)80$rI|9f2=$7$F$*$-!"$=$l$r;XDj$9$l$P$h$$$G$9!#�(B
# openssl rsa -in mx.pem -out mx.privkey.pem
OpenVPN�$B$N@_Dj$O0J>e$G$9!#�(B
IP�$B%k!<%F%#%s%0$N@_Dj�(B
�$B$3$l$^$G$N@_Dj$G�(BOpenVPN�$B$O5/F0$O$G$-$^$9$,!"�(BVPN�$B$K78$o$k%Q%1%C%H$,;W$C$?$H$*$j$KHt$S8r$$$^$;$s!#$=$3$GI,MW$H$J$k$N$,!"�(BVPN�$B$N�(BIP�$B%k!<%F%#%s%0@_Dj$G$9!#�(B
�$B$^$:$O!"L5K!COBS$+$iHt$s$G$/$k�(BVPN�$B@\B3MW5a$N%Q%1%C%H$r�(BLinux Server(192.168.0.254)�$B$K%G%#%9%Q%C%A$5$;$k!"$$$o$f$k�(BNAT�$B$G$9!#0J2<$KI,MW:GDc8B$N�(Biptables�$B%3%^%s%I$r5-$7$^$9!#�(B
# iptables -A PREROUTING -d 61.205.236.173 -p tcp -m tcp --dport 5000 -j DNAT --to-destination 192.168.0.254:5000
# iptables -A PREROUTING -d 61.205.236.173 -p udp -m udp --dport 5000 -j DNAT --to-destination 192.168.0.254:5000
#
# iptables -A INPUT -i ppp0 -j ppp-in
# iptables -A ppp-in -p tcp -m state --state NEW -m tcp --dport 5000 -j ACCEPT
# iptables -A ppp-in -p udp -m udp --dport 5000 -j ACCEPT
�$BB3$$$F!"�(BVPN�$B@\B3$,40N;$7$?8e$K�(BVPN�$B$+$i$N%Q%1%C%H$r
# iptables -A INPUT -i tap+ -j ACCEPT
�$BL5K!�(BPC(202.xxx.yyy.zzz)�$B$G$N:n6H�(B
OpenVPN�$B$N�(BInstall
http://openvpn.sourceforge.net�$B$+$i�(BWindows Installer�$B$r%@%&%s%m!<%I$7$^$7$g$&!#$=$7$F
OpenVPN�$B$N@_Dj�(B
C:\Program Files\OpenVPN\config\vpnclient.conf �$B$H$7$F@_Dj%U%!%$%k$r:n@.$7$^$7$?!#FbMF$O0J2<$N$H$*$j!#�(B
tls-client
dev tap # �$B%H%s%M%k%G%P%$%9�(B
remote 61.205.236.173 # OpenVPN�$B%5!<%P$N�(BIP�$B%"%I%l%9�(B
port 5000 # OpenVPN�$B%5!<%P$N�(BPort�$BHV9f�(B
#proto tcp-client
ifconfig 192.168.100.100 255.255.255.0 # VPN�$B>e$G$N�(BIP�$B%"%I%l%9�(B
ca config\\cacert.pem # �$B<+8J=pL>7?�(BCA�$B>ZL@=q!JG'>Z5!4X$N>ZL@=q!K�(B
cert config\\noguchi-cert.pem # �$BG'>Z5!4X=pL>:Q$_%/%i%$%"%s%H>ZL@=q�(B
key config\\noguchi.pem # �$B%/%i%$%"%s%H>ZL@=q$NHkL)80�(B
persist-key
persist-tun
ping-restart 1800
ping 60
#key-method 2
comp-lzo # LZO�$B05=L�(B
route 192.168.0.0 255.255.255.0 192.168.100.1
verb 3 # debug(1, 2, 3, 9)
mute 10 # mute
ca�$B!"�(Bcert�$B!"�(Bkey�$B$N3F%Q%i%a!<%?$K;XDj$7$F$$$k%U%!%$%k$N:n@.J}K!$O!"�(Bfreeradius 0.9.3 & openssl 0.9.7d�$B$G�(B802.1x EAP-TLS�$BG'>Z$J$k$b$N$r�(B...�$B!J2r@bJT!K�(B�$B$N�(B[�$BG'>Z5!4X�(B(CA)�$B$N@_N)�(B]�$B!"�(B[�$B%/%i%$%"%s%H>ZL@=q$N:n@.�(B]�$B$N3F9`$r;2>H$/$@$5$$!#�(B
�$B$3$l$G%5!<%P!"%/%i%$%"%s%H$H$b�(BOpenVPN�$B$N@_Dj$,40N;$7$^$7$?!#�(B
VPN�$B@\B3�(B
VPN�$B$K@\B3$7$F$_$k�(B
�$BL5K!�(BPC�$B>e$K$F%3%^%s%I%W%m%s%W%H$rN)$A>e$2!"�(Bopenvpn�$B$r
C:\>cd C:\Program Files\OpenVPN
C:\Program Files\OpenVPN>
C:\Program Files\OpenVPN>openvpn --config config/vpnclient.conf
Sun Nov 07 20:32:04 2004 OpenVPN 2.0_beta15 Win32-MinGW [SSL] [LZO] built on Oct
28 2004
Enter Private Key Password:
�$B%/%i%$%"%s%H>ZL@=q$NHkL)80$KBP$9$k%Q%9%U%l!<%:$rF~NO$7$^$9!#$9$k$H�(B...
Sun Nov 07 20:32:08 2004 LZO compression initialized
Sun Nov 07 20:32:08 2004 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:
0 EL:0 ]
Sun Nov 07 20:32:08 2004 TAP-WIN32 device [VPN �$B@\B3�(B] opened: \\.\Gl
obal\{3D693549-6189-4B5F-8A39-5E647F7F2BE8}.tap
Sun Nov 07 20:32:08 2004 TAP-Win32 Driver Version 8.1
Sun Nov 07 20:32:08 2004 TAP-Win32 MTU=1500
Sun Nov 07 20:32:08 2004 Notified TAP-Win32 driver to set a DHCP IP/netmask of 1
92.168.100.100/255.255.255.0 on interface {3D693549-6189-4B5F-8A39-5E647F7F2BE8} [
DHCP-serv: 192.168.100.0, lease-time: 31536000]
Sun Nov 07 20:32:08 2004 Successful ARP Flush on interface [1376261] {3D693549-6
189-4B5F-8A39-5E647F7F2BE8}
Sun Nov 07 20:32:08 2004 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:19 ET:3
2 EL:0 ]
Sun Nov 07 20:32:08 2004 Local Options hash (VER=V4): '4bf8e197'
Sun Nov 07 20:32:08 2004 Expected Remote Options hash (VER=V4): '2f06f1e2'
Sun Nov 07 20:32:08 2004 UDPv4 link local (bound): [undef]:5000
Sun Nov 07 20:32:08 2004 UDPv4 link remote: 61.205.236.173:5000
Sun Nov 07 20:32:08 2004 TLS: Initial packet from 61.205.236.173:5000, sid=919af
a05 8f55dc19
Sun Nov 07 20:32:08 2004 VERIFY OK: depth=1, /C=JP/O=ORG3.NET/OU=ORG3.NET_CA/CN=
ORG3.NET_Certification_Authority
Sun Nov 07 20:32:08 2004 VERIFY OK: depth=0, /C=JP/O=ORG3.NET/OU=ORG3.NET_CA/CN=
a.mx.org3.net
Sun Nov 07 20:32:10 2004 Data Channel Encrypt: Cipher 'BF-CBC' initialized with
128 bit key
Sun Nov 07 20:32:10 2004 Data Channel Encrypt: Using 160 bit message hash 'SHA1'
for HMAC authentication
Sun Nov 07 20:32:10 2004 Data Channel Decrypt: Cipher 'BF-CBC' initialized with
128 bit key
Sun Nov 07 20:32:10 2004 Data Channel Decrypt: Using 160 bit message hash 'SHA1'
for HMAC authentication
Sun Nov 07 20:32:10 2004 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES2
56-SHA, 1024 bit RSA
Sun Nov 07 20:32:10 2004 [a.mx.org3.net] Peer Connection Initiated with 61.205.2
36.173:5000
Sun Nov 07 20:32:10 2004 TEST ROUTES: 1/1 succeeded len=1 ret=1 a=0 u/d=up
Sun Nov 07 20:32:10 2004 route ADD 192.168.0.0 MASK 255.255.255.0 192.168.100.1
Sun Nov 07 20:32:10 2004 Route addition via IPAPI succeeded
Sun Nov 07 20:32:10 2004 Initialization Sequence Completed
�$B"(I,MW:GDc8B$N>pJs$N$_$r%9%/%j!<%sI=<($5$;$?$$>l9g$O!"�(Bverb�$B$r�(B0�$B$K$7$F$/$@$5$$!#�(B
VPN�$B@\B3$N3NG'�(B
�$B$-$A$s$H@\B3$5$l$F$$$k$+$r3NG'$7$^$7$g$&!#$^$:$O!"L5K!�(BPC�$B>e$+$i$N3NG'$G$9!#$b$�$D%3%^%s%I%W%m%s%W%H$r5/F0$7$F!"�(Bping�$B%3%^%s%I$r
C:\>ping 192.168.100.1
Pinging 192.168.100.1 with 32 bytes of data:
Reply from 192.168.100.1: bytes=32 time=585ms TTL=64
Reply from 192.168.100.1: bytes=32 time=597ms TTL=64
Reply from 192.168.100.1: bytes=32 time=479ms TTL=64
Reply from 192.168.100.1: bytes=32 time=487ms TTL=64
Ping statistics for 192.168.100.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 479ms, Maximum = 597ms, Average = 537ms
C:\>
�$B%Q%1%C%H$,Ht$V$3$H$,3NG'$G$-$^$7$?!#B3$$$F$O!"�(BLAN�$BB&$N�(BPC�$B$KBP$7$F�(Bping�$B%3%^%s%I$r
C:\>ping 192.168.0.20
Pinging 192.168.0.20 with 32 bytes of data:
Reply from 192.168.0.20: bytes=32 time=633ms TTL=249
Reply from 192.168.0.20: bytes=32 time=529ms TTL=249
Reply from 192.168.0.20: bytes=32 time=471ms TTL=249
Reply from 192.168.0.20: bytes=32 time=600ms TTL=249
Ping statistics for 192.168.0.20:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 471ms, Maximum = 633ms, Average = 558ms
C:\>
�$B$3$A$i$bBg>fIW$N$h$&$G$9!#$-$A$s$H�(Brouting�$B$5$l$F$$$k$+$r3NG'$9$k$?$a!"�(Btracert�$B%3%^%s%I$G3NG'$7$F$_$^$9!#�(B
C:\>tracert 192.168.0.20
Tracing route to 192.168.0.20 over a maximum of 30 hops
1 730 ms 769 ms 629 ms 192.168.100.1
2 635 ms 489 ms 583 ms 192.168.0.20
Trace complete.
C:\>
�$B$3$A$i$bLdBj$"$j$^$;$s!#�(B
�$B$5$F
$ ping 192.168.100.100
PING 192.168.100.100 (192.168.100.100) 56(84) bytes of data.
64 �$B%P%$%H1~Ez�(B �$BAw?.85�(B 192.168.100.100: icmp_seq=0 ttl=128 �$B;~4V�(B=1163 �$B%_%jIC�(B
64 �$B%P%$%H1~Ez�(B �$BAw?.85�(B 192.168.100.100: icmp_seq=1 ttl=128 �$B;~4V�(B=484 �$B%_%jIC�(B
64 �$B%P%$%H1~Ez�(B �$BAw?.85�(B 192.168.100.100: icmp_seq=2 ttl=128 �$B;~4V�(B=577 �$B%_%jIC�(B
64 �$B%P%$%H1~Ez�(B �$BAw?.85�(B 192.168.100.100: icmp_seq=3 ttl=128 �$B;~4V�(B=478 �$B%_%jIC�(B
64 �$B%P%$%H1~Ez�(B �$BAw?.85�(B 192.168.100.100: icmp_seq=4 ttl=128 �$B;~4V�(B=451 �$B%_%jIC�(B
64 �$B%P%$%H1~Ez�(B �$BAw?.85�(B 192.168.100.100: icmp_seq=5 ttl=128 �$B;~4V�(B=426 �$B%_%jIC�(B
--- 192.168.100.100 ping �$BE}7W�(B ---
�$BAw?.%Q%1%C%H?t�(B 7, �$B.�(B/�$BJ?6Q�(B/�$B:GBg�(B/mdev = 426.246/597.001/1163.490/257.634�$B%_%jIC�(B, pipe 3
$
�$B$3$A$i$bLdBj$"$j$^$;$s!"$a$G$?$7$a$G$?$7!#�(B
VPN�$B@\B3$N=*N;�(B
VPN�$B@\B3$r%/%m!<%:$9$k$H$-$O!"�(B[F4]�$B$r2!2<$7$^$9!#�(B
Sun Nov 07 20:32:39 2004 TCP/UDP: Closing socket
Sun Nov 07 20:32:39 2004 route DELETE 192.168.0.0
Sun Nov 07 20:32:39 2004 Route deletion via IPAPI succeeded
Sun Nov 07 20:32:39 2004 Closing TUN/TAP interface
Sun Nov 07 20:32:39 2004 SIGTERM[hard,] received, process exiting
C:\Program Files\OpenVPN>
�$B$H$3$m$G�(Bsamba�$B$O!)�(B
�$B:G=*L\E*$G$"$C$?�(Bsamba�$B$r;HMQ$7$F$N%U%!%$%k6&M-$b$-$A$s$H$G$-$F$$$k$3$H$r3NG'$7$^$7$?!#FC$K@_Dj$O$$$8$C$F$^$;$s!#$,!"CY$9$.$k�(B...