OpenVPN/Tips
|
OpenVPNÀ¸·Î ÇÒ ¼ö ÀÖ´Â ¿©·¯°¡Áö ÆÁ
¼¹öÂÊÀÇ ´Ù¸¥ ¼¹öµé ¿¬°áÇϱ⠶»ý°¢¸¸Å ¾î·ÆÁö ¾Ê½À´Ï´Ù. OpenVPNÀÌ ¼³Ä¡µÈ ¼¹ö¿¡ IP forwarding ¼³Á¤À» ÇØÁֽðí, ´Ù¸¥ ¼¹ö¿¡¼´Â VPN³×Æ®¿öÅ©ÁÖ¼Ò(°¡·É, 10.8.0.0)¿¡ ´ëÇØ OpenVPN ¼¹ö·Î ¶ó¿ìÆÃÀ» Àâ¾ÆÁÖ¸é µË´Ï´Ù. (tunÀ» »ç¿ëÇÏ´Â °æ¿ìÀÔ´Ï´Ù. tapÀº Çغ¸Áö ¾Ê¾Ò½À´Ï´Ù)
°¡·É OpenVPN ¼¹öÀÇ private ³×Æ®¤Ô¤·¤Í¤»ÁÖ¼Ò°¡ 192.168.1.110(È£½ºÆ®¸í interface)ÀÌ°í, »ç¿ëÀÚ°¡ OpenVPNÀ» ÅëÇØ µ¿ÀÏ ³×Æ®¿öÅ©»ó¿¡ ÀÖ´Â ´Ù¸¥ ¼¹ö 192.168.1.107(È£½ºÆ®¸í web1)¿¡ Á¢±ÙÇÏ°í ½ÍÀº °æ¿ì¿¡´Â web1 ¼¹ö¿¡¼ ´ÙÀ½ ¸í·ÉÀ» ³»·ÁÁÖ´Â °Í¸¸À¸·Î ¹«³È÷ Á¢¼ÓÀÌ µÇ´õ±º¿ä.
[root@web1] route add -net 10.8.0.0 netmask 255.255.255.0 gw 192.168.1.110 [root@web1] netstat -nr Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 10.8.0.0 192.168.1.110 255.255.255.0 UG 0 0 0 eth2 ...»ý·«... ¹°·Ð ÀÌ·¸°Ô ÀâÀº routing tableÀº ¸®ºÎÆÃÇÏ¸é ¼Ò¸êµÇ¹Ç·Î ¹èÆ÷ÆÇ¿¡ µû¶ó¼ °ü·Ã ¼³Á¤ÆÄÀÏÀ» Àâ¾ÆÁÖ¼Å¾ß Çϴµ¥¿ä, Redhat °è¿Àº /etc/sysconfig/network-scripts/route-eth2(ÆÄÀϸíÀº private network¿ë NIC¿¡ ¸Â°Ô Àâ¾ÆÁÖ¼¼¿ä) ÆÄÀÏÀ» ´ÙÀ½°ú °°ÀÌ ¼öÁ¤ÇÏ½Ã¸é µË´Ï´Ù.
ADDRESS0=10.8.0.0 NETMASK0=255.255.255.0 GATEWAY0=192.168.1.110 SSH Åͳθµ + OpenVPN ¶¼¹öÃø Æ÷Æ®°¡ 22¹ø¸¸ ¿·ÁÀÖ°í ¸ðµÎ ¸·ÇôÀÖ´Â °æ¿ì, SSHÅͳθµ¸¸À» ÅëÇؼµµ ¼¹öÃøÀ¸·Î ¾ó¸¶µçÁö Á¢±ÙÇÒ ¼ö°¡ ÀÖ´Ù. ÀÌ·¸°Ô ÀÏÀÏÈ÷ ÅͳθµÀ» Çϴ°ÍÀÌ ±ÍÂú´Ù°í »ý°¢µÇ¸é SSHÅͳθµ + OpenVPNÀ» ¼³Ä¡ÇÒ ¼öµµ ÀÖ´Ù.
SSHÅͳθµÀ» ¿¹¸¦ µé¾î 1194·Î localhost:1194·Î ¸¸µé¾ú´Ù¸é, OpenVPN Ŭ¶óÀ̾ðÆ®¿¡¼ ¼¹ö¸¦ localhost 1194·Î Àâ¾ÆÁÖ¸é µÈ´Ù.
Æ®·¡ÇÈÀ» ¸ðµÎ ¼¹ö·Î (À©µµ¿ìÀÇ °æ¿ì) ¶openvpn ¼¹öÃø¿¡ ´ÙÀ½°ú °°Àº ¼³Á¤ÀÌ ÀÖ´ÂÁö È®ÀÎ.
push "redirect-gateway local" openvpn ¼¹ö¸¦ DNS·Î ÇÏ·Á¸é openvpn ¼¹ö ¼³Á¤¿¡ ´ÙÀ½°ú °°Àº ¼³Á¤ È®ÀÎ. (¿©±â¼ ¼¹öÀÇ IP´Â 10.9.0.1·Î ÇÒ´çµÇ´Â °æ¿ì)
push "dhcp-option DNS 10.9.0.1" push "dhcp-option WINS 10.9.0.1" ȤÀº
client-config-dir ccd¶ó´Â ¼³Á¤À» openvpn ¼¹öÃø ¼³Á¤¿¡ ³Ö¾î¼, /etc/openvpn/ccd µð·ºÅ丮 ¾Æ·¡¿¡
foobar¶ó´Â °èÁ¤À» À§ÇÑ foobarÆÄÀÏÀ» ¸¸µé¾î ´ÙÀ½ÀÇ ¼³Á¤ Ãß°¡
# /etc/openvpn/ccd/foobar ÆÄÀÏÀÇ ³»¿ë # # client subnet¾Æ·¡¿¡ ÀÖ´Â °æ¿ì. push "route 192.168.10.128 255.255.255.248 192.168.10.1" # client À©µµ¿ìÀÇ gateway°¡ 192.168.10.1ÀÎ °æ¿ì # openvpn server´Â ´ÙÀÌ·ºÆ®·Î Á¢±ÙÇÏ°Ô²û. push "route openvpn_¼¹ö_ipÁÖ¼Ò 255.255.255.255 192.168.10.1" # DNS¸¦ Á÷Á¢ ¼³Á¤ÇÏ°íÀÚ ÇÏ´Â °æ¿ì. push "route DNS_IPÁÖ¼Ò 255.255.255.255 192.168.10.1" À§¿Í °°Àº ¼³Á¤Àº ¾Æ·¡¿¡¼Ã³·³ À©µµ¿ì»ó¿¡¼ batchÆÄÀÏÀ» ¸¸µé°Å³ª
route.exe¸í·ÉÀ» ½ÇÇàÇÏ´Â °Í°ú ¶È °°Àº È¿°ú¸¦ °¡Áø´Ù.
À©µµ¿ì»ó¿¡¼ batch ÆÄÀÏ·Î ¼³Á¤ÇÏ´Â °æ¿ì
ÀÌ °æ¿ì ÁÖÀÇÇÒ Á¡Àº, 22¹ø Æ÷Æ®·Î ÅͳθµÇÏ°Ô µÉ ¼¹öÃøÀÇ IP´Â ±×´ë·Î µÎ¾î¾ß ÇÑ´Ù´Â °Í.
XPÀÏ °æ¿ì ¾Æ·¡ÀÇ °£´ÜÇÑ ¹èÄ¡ÆÄÀÏÀ» ¸¸µé¾î ½ÃÀÛÇÁ·Î±×·¥¿¡ µÎ¸é Æí¸®ÇÏ´Ù
route add ¼¹öÃøIP´ë¿ª mask 255.255.255.0 ÀÚ½ÅÀÇIP REM route add ¼¹öÃøIP´ë¿ª mask 255.255.255.0 ȤÀº°øÀ¯±âÀÇGateway¿¹¸¦ µé¾î ¼¹öÃø IP°¡ xxx.yyy.zzz.234ÀÌ°í Áý¿¡¼ ¾²´Â °øÀ¯±âÀÇ Gateway°¡ 192.168.0.1ÀÏ °æ¿ì´Â route add xxx.yyy.zzz.0 mask 255.255.255.0 192.168.0.1 |
You have no real enemies.    
|
