· KLDP.org · KLDP.net · KLDP Wiki · KLDP BBS ·
OpenVPN/Tips
OpenVPNÀ¸·Î ÇÒ ¼ö ÀÖ´Â ¿©·¯°¡Áö ÆÁ
[edit]

¼­¹öÂÊÀÇ ´Ù¸¥ ¼­¹öµé ¿¬°áÇϱâ


»ý°¢¸¸Å­ ¾î·ÆÁö ¾Ê½À´Ï´Ù. OpenVPNÀÌ ¼³Ä¡µÈ ¼­¹ö¿¡ IP forwarding ¼³Á¤À» ÇØÁֽðí, ´Ù¸¥ ¼­¹ö¿¡¼­´Â VPN³×Æ®¿öÅ©ÁÖ¼Ò(°¡·É, 10.8.0.0)¿¡ ´ëÇØ OpenVPN ¼­¹ö·Î ¶ó¿ìÆÃÀ» Àâ¾ÆÁÖ¸é µË´Ï´Ù. (tunÀ» »ç¿ëÇÏ´Â °æ¿ìÀÔ´Ï´Ù. tapÀº Çغ¸Áö ¾Ê¾Ò½À´Ï´Ù)

°¡·É OpenVPN ¼­¹öÀÇ private ³×Æ®¤Ô¤·¤Í¤»ÁÖ¼Ò°¡ 192.168.1.110(È£½ºÆ®¸í interface)ÀÌ°í, »ç¿ëÀÚ°¡ OpenVPNÀ» ÅëÇØ µ¿ÀÏ ³×Æ®¿öÅ©»ó¿¡ ÀÖ´Â ´Ù¸¥ ¼­¹ö 192.168.1.107(È£½ºÆ®¸í web1)¿¡ Á¢±ÙÇÏ°í ½ÍÀº °æ¿ì¿¡´Â web1 ¼­¹ö¿¡¼­ ´ÙÀ½ ¸í·ÉÀ» ³»·ÁÁÖ´Â °Í¸¸À¸·Î ¹«³­È÷ Á¢¼ÓÀÌ µÇ´õ±º¿ä. 

[root@web1] route add -net 10.8.0.0 netmask 255.255.255.0 gw 192.168.1.110
[root@web1] netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
10.8.0.0        192.168.1.110   255.255.255.0   UG        0 0          0 eth2
...»ý·«...

¹°·Ð ÀÌ·¸°Ô ÀâÀº routing tableÀº ¸®ºÎÆÃÇÏ¸é ¼Ò¸êµÇ¹Ç·Î ¹èÆ÷ÆÇ¿¡ µû¶ó¼­ °ü·Ã ¼³Á¤ÆÄÀÏÀ» Àâ¾ÆÁÖ¼Å¾ß Çϴµ¥¿ä, Redhat °è¿­Àº /etc/sysconfig/network-scripts/route-eth2(ÆÄÀϸíÀº private network¿ë NIC¿¡ ¸Â°Ô Àâ¾ÆÁÖ¼¼¿ä) ÆÄÀÏÀ» ´ÙÀ½°ú °°ÀÌ ¼öÁ¤ÇÏ½Ã¸é µË´Ï´Ù. 

ADDRESS0=10.8.0.0
NETMASK0=255.255.255.0
GATEWAY0=192.168.1.110

[edit]

SSH Åͳθµ + OpenVPN

¼­¹öÃø Æ÷Æ®°¡ 22¹ø¸¸ ¿­·ÁÀÖ°í ¸ðµÎ ¸·ÇôÀÖ´Â °æ¿ì, SSHÅͳθµ¸¸À» ÅëÇؼ­µµ ¼­¹öÃøÀ¸·Î ¾ó¸¶µçÁö Á¢±ÙÇÒ ¼ö°¡ ÀÖ´Ù. ÀÌ·¸°Ô ÀÏÀÏÈ÷ ÅͳθµÀ» Çϴ°ÍÀÌ ±ÍÂú´Ù°í »ý°¢µÇ¸é SSHÅͳθµ + OpenVPNÀ» ¼³Ä¡ÇÒ ¼öµµ ÀÖ´Ù.

SSHÅͳθµÀ» ¿¹¸¦ µé¾î 1194·Î localhost:1194·Î ¸¸µé¾ú´Ù¸é, OpenVPN Ŭ¶óÀ̾ðÆ®¿¡¼­ ¼­¹ö¸¦ localhost 1194·Î Àâ¾ÆÁÖ¸é µÈ´Ù.

[edit]

Æ®·¡ÇÈÀ» ¸ðµÎ ¼­¹ö·Î (À©µµ¿ìÀÇ °æ¿ì)

openvpn ¼­¹öÃø¿¡ ´ÙÀ½°ú °°Àº ¼³Á¤ÀÌ ÀÖ´ÂÁö È®ÀÎ. 
push "redirect-gateway local"
openvpn ¼­¹ö¸¦ DNS·Î ÇÏ·Á¸é openvpn ¼­¹ö ¼³Á¤¿¡ ´ÙÀ½°ú °°Àº ¼³Á¤ È®ÀÎ. (¿©±â¼­ ¼­¹öÀÇ IP´Â 10.9.0.1·Î ÇÒ´çµÇ´Â °æ¿ì) 
push "dhcp-option DNS 10.9.0.1"
push "dhcp-option WINS 10.9.0.1"
ȤÀº client-config-dir ccd¶ó´Â ¼³Á¤À» openvpn ¼­¹öÃø ¼³Á¤¿¡ ³Ö¾î¼­, /etc/openvpn/ccd µð·ºÅ丮 ¾Æ·¡¿¡ foobar¶ó´Â °èÁ¤À» À§ÇÑ foobarÆÄÀÏÀ» ¸¸µé¾î ´ÙÀ½ÀÇ ¼³Á¤ Ãß°¡ 
# /etc/openvpn/ccd/foobar ÆÄÀÏÀÇ ³»¿ë
#
# client subnet¾Æ·¡¿¡ ÀÖ´Â °æ¿ì.
push "route 192.168.10.128 255.255.255.248 192.168.10.1"
# client À©µµ¿ìÀÇ gateway°¡ 192.168.10.1ÀÎ °æ¿ì

# openvpn server´Â ´ÙÀÌ·ºÆ®·Î Á¢±ÙÇÏ°Ô²û.
push "route openvpn_¼­¹ö_ipÁÖ¼Ò 255.255.255.255 192.168.10.1"

# DNS¸¦ Á÷Á¢ ¼³Á¤ÇÏ°íÀÚ ÇÏ´Â °æ¿ì.
push "route DNS_IPÁÖ¼Ò 255.255.255.255 192.168.10.1"

À§¿Í °°Àº ¼³Á¤Àº ¾Æ·¡¿¡¼­Ã³·³ À©µµ¿ì»ó¿¡¼­ batchÆÄÀÏÀ» ¸¸µé°Å³ª route.exe¸í·ÉÀ» ½ÇÇàÇÏ´Â °Í°ú ¶È °°Àº È¿°ú¸¦ °¡Áø´Ù.
À©µµ¿ì»ó¿¡¼­ batch ÆÄÀÏ·Î ¼³Á¤ÇÏ´Â °æ¿ì

ÀÌ °æ¿ì ÁÖÀÇÇÒ Á¡Àº, 22¹ø Æ÷Æ®·Î ÅͳθµÇÏ°Ô µÉ ¼­¹öÃøÀÇ IP´Â ±×´ë·Î µÎ¾î¾ß ÇÑ´Ù´Â °Í. XPÀÏ °æ¿ì ¾Æ·¡ÀÇ °£´ÜÇÑ ¹èÄ¡ÆÄÀÏÀ» ¸¸µé¾î ½ÃÀÛÇÁ·Î±×·¥¿¡ µÎ¸é Æí¸®ÇÏ´Ù 
route add ¼­¹öÃøIP´ë¿ª mask 255.255.255.0 ÀÚ½ÅÀÇIP
REM route add ¼­¹öÃøIP´ë¿ª mask 255.255.255.0 ȤÀº°øÀ¯±âÀÇGateway
¿¹¸¦ µé¾î ¼­¹öÃø IP°¡ xxx.yyy.zzz.234ÀÌ°í Áý¿¡¼­ ¾²´Â °øÀ¯±âÀÇ Gateway°¡ 192.168.0.1ÀÏ °æ¿ì´Â 
route add xxx.yyy.zzz.0 mask 255.255.255.0 192.168.0.1
ID
Password
Join
You will be given a post of trust and responsibility.
FreeBSD
LinuxdocSgml/Cyrus-IMAP-HOWTO
SharedStub
RichardStallman


sponsored by andamiro
sponsored by cdnetworks
sponsored by HP

Valid XHTML 1.0! Valid CSS! powered by MoniWiki
last modified 2010-11-03 00:53:24
Processing time 0.0041 sec