我的home主机的配置例子如下
home.up如下
#!/bin/sh
route add –net 192.168.1.0/24 10.1.0.1
openvpn-startup.sh如下
#!/bin/sh
/usr/local/sbin/openvpn --config /etc/openvpn/static-home.conf
static-home.conf如下
dev tun0
remote 61.131.58.x
ifconfig 10.1.0.2 10.1.0.1
up ./home.up
secret /etc/openvpn/static.key
port 5000
comp-lzo
ping 15
ping 15
ping-restart 45
ping-timer-rem
persist-tun
persist-key
verb 3
在office主机及home主机两端起用pf防火墙,编辑/etc/sysctl.conf
net.inet.ip.forwarding=1
net.inet6.ip6.forwarding=1并去掉前面的#号
编辑/etc/rc.conf
pf=YES
我的office主机的pf.conf如下:
ext_if="rl1" # replace with actual external interface name i.e., dc0
int_if="rl0" # replace with actual internal interface name i.e., dc1
internal_net="192.168.1.0/24"
priv_nets="{
127.0.0.0/8,
192.168.0.0/16,
172.16.0.0/12,
10.0.0.0/8
}"
set optimization aggressive
scrub in all
nat on $ext_if from $internal_net to any -> 61.131.58.x/32
block all
pass quick on lo0 all
pass quick on tun0 all
pass in on $int_if from any to any keep state
pass out on $int_if from any to any keep state
block drop in quick on $ext_if from $priv_nets to any
block drop out quick on $ext_if from any to $priv_nets
pass out on $ext_if proto tcp all modulate state flags S/SA
pass out on $ext_if proto { udp,icmp } all keep state
我的home主机的pf.conf如下:
ext_if="rl1" # replace with actual external interface name i.e., dc0
int_if="rl0" # replace with actual internal interface name i.e., dc1
internal_net="192.168.0.0/24"
priv_nets="{
127.0.0.0/8,
192.168.0.0/16,
172.16.0.0/12,
10.0.0.0/8
}"
set optimization aggressive
scrub in all
nat on $ext_if from $internal_net to any -> 218.85.158.244/32
block all
pass quick on lo0 all
pass quick on tun0 all
pass in on $int_if from any to any keep state
pass out on $int_if from any to any keep state
block drop in quick on $ext_if from $priv_nets to any
block drop out quick on $ext_if from any to $priv_nets
pass out on $ext_if proto tcp all modulate state flags S/SA
pass out on $ext_if proto { udp,icmp } all keep state
重起office和home主机
#cd /etc/openvpn
#./openvpn-startup.sh
在局域网1 A client端 ping 局域网2 b client端
ping 192.168.0.45
责任编辑:小草
您现在的位置: 
