在windows下安裝open的發(fā)法
在windows下安裝open的發(fā)法
一般在Windows系統(tǒng)上使用Open作為服務(wù)器的應(yīng)該不是很多,相反,在Windows下用Open作為客戶端接入的應(yīng)該非常多,尤其是XP這種桌面系統(tǒng)或者Windows 2003 Server作為客戶端。應(yīng)用也是非常多的。
這里我僅僅做了在Windows 2003 Server上的Open客戶端,其實(shí)要做成Server的話,也差不多。
系統(tǒng)環(huán)境:Windows 2003 Server。雙路網(wǎng)卡,一路接192.168.0.0/24網(wǎng)段,此網(wǎng)段出局,網(wǎng)關(guān)為192.168.0.101。另一路接192.168.1.0/24網(wǎng)段。讓此臺Win2k3作為Client段接入之前交代過的Open Server。Open Server的IP地址為123.123.123.233。
在Windows下使用的是基于NT系統(tǒng)的安裝包
open-2.0.9-gui-1.0.3-install.exe 下載地址: http://www.jb51.net/softs/120505.html
安裝:雙擊+下一步+完成(這里我使用的默認(rèn)安裝路徑 C:\Program Files\Open )
1.首先通過找到安裝的路徑,并且查看下面有些什么東西。可以通過資源瀏覽器或者Cmd,個人認(rèn)為Cmd可能看的比較清楚。(另外下面dir出來的東西當(dāng)中很多其實(shí)是默認(rèn)沒有的,是我后來加進(jìn)去的,比如一些Client的證書密鑰以及ta密鑰等等,要添加什么東西,放在什么位置,之后我都會詳細(xì)講。)
---------------------------------------------------------------
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
切換工作目錄到Open的默認(rèn)安裝路徑下
C:\Documents and Settings\Administrator>cd C:\Program Files\Open
通過dir命令看看安裝路徑下面有些什么內(nèi)容
C:\Program Files\Open>dir
Volume in drive C is system
Volume Serial Number is 785C-92D5
Directory of C:\Program Files\Open
2007-08-28 16:48 .
2007-08-28 16:48 ..
2007-08-28 16:34 bin
2007-08-27 14:09 1,233 ca.crt (這個是CA根證書文件,是從Server端拿過來的。和Server端用的是同一個CA根證書)
2007-08-28 17:33 config (存放Open主配置文件的目錄,無論是作為Client還是Server)
2007-08-28 16:34 driver
2007-08-28 16:34 easy-rsa
2006-10-01 20:37 83 INSTALL-win32.txt
2007-08-28 16:39 3,530 kc1.crt (這個是Client端的證書文件,是根據(jù)CA根證書簽發(fā)的)
2007-08-28 16:39 684 kc1.csr (這個荂lient端的SSL請求連接證書文件,也是根據(jù)CA根證書簽發(fā)的)
2007-08-28 16:39 887 kc1.key (這個是Client端的密鑰文件,也是根據(jù)CA根證書簽發(fā)的)
2005-04-21 17:54 28,387 license.txt
2007-08-28 16:45 log
2005-08-18 14:20 8,705 Open GUI ReadMe.txt
2004-05-16 15:30 766 open.ico
2007-08-28 16:34 sample-config
2007-08-27 14:09 636 ta.key (這個是ta.key密鑰文件,從Server那里拿過來的,和Server端用的是同一個ta密鑰文件)
2007-08-28 16:35 72,907 Uninstall.exe
10 File(s) 117,818 bytes
8 Dir(s) 1,629,716,480 bytes free
------------------------------------------------------------------------
還記得在一套Open系統(tǒng)中一個Client需要從服務(wù)器那里得到些什么嗎?
當(dāng)然就是5個文件:
(1)CA根證書文件
(2)TA密鑰文件
(3)Client端的證書文件
(4)Client端的密鑰文件
(5)Client端的SSL請求連接文件
還有一樣?xùn)|西就是根據(jù)自己的Server實(shí)際情況配置的:
(6)Client主配置文件。(注意,與Linux系統(tǒng)不同的是在Windows系統(tǒng)下主配置文件后綴名為.ovpen,而在Linux系統(tǒng)下后綴名為.conf)
所以基本上一共需要以上這6樣?xùn)|西。
2.整備Client主配置文件
在Windows系統(tǒng)下,Open的主配置文件是放在安裝目錄下的一個叫config的目錄中的。
轉(zhuǎn)到安裝路徑下的一個叫config的目錄下,里面放的就是 Client端的配置文件。
C:\Program Files\Open>cd config
查看整個文件下的內(nèi)容
C:\Program Files\Open\config>dir
------------------------------------------------------------------------------------
Volume in drive C is system
Volume Serial Number is 785C-92D5
Directory of C:\Program Files\Open\config
2007-08-28 17:33 .
2007-08-28 17:33 ..
2007-08-28 17:33 383 client.o (默認(rèn)安裝好后是沒有這個文件的,需要手動創(chuàng)造編輯,并且后綴名為.o)
2007-08-28 17:24 385 client.o.bak (這個文件也是默認(rèn)沒有的,是我對主配置文件的模版?zhèn)浞?,請養(yǎng)成良好的習(xí)慣)
2007-08-28 16:34 213 README.txt
3 File(s) 981 bytes
2 Dir(s) 1,638,834,176 bytes free
C:\Program Files\Open\config>
----------------------------------------------------------
3.編輯client.o這個主配置文件
----------------------------------------------------------
dev tun
dev-node
(設(shè)定的網(wǎng)絡(luò)接口名。注意在Windows系統(tǒng)中必須要有這一條,在啟動Open進(jìn)程的時候會啟動一個虛擬虛擬網(wǎng)絡(luò)接口,它必須要有一個名字,可以隨便起,當(dāng)運(yùn)行Open進(jìn)程時,可以通過ipconfig/all來看到多出來這個名字的網(wǎng)絡(luò)連接。而在Linux系統(tǒng)中就不需要配置這一項(xiàng),會自動啟動一個tun0的網(wǎng)絡(luò)接口。)
proto udp
remote 123.123.123.233 9988
resolv-retry infinite
nobind
#user nobody
#group nobody
(注意在Windows系統(tǒng)中這兩行必須注釋掉,這是在Linux系統(tǒng)中指定Open服務(wù)的宿主用戶的,而在Windows系統(tǒng)中用不上,如果不注釋的話會引起報錯)
persist-key
persist-tun
ca "C:\Program Files\Open\ca.crt"
cert "C:\Program Files\Open\kc1.crt"
key "C:\Program Files\Open\kc1.key"
(這里就是指定根證書CA,客戶端證書,客戶端密鑰的路徑。順便提一下,由于我對Windows命令行下的路徑表示不是很熟悉,所以這里我一共吃藥3次。也希望大家能夠注意一下:1.首先,不像Linux下有默認(rèn)的主配置路徑/etc/open/,至少我用Set命令沒有看到過Open在Windows下所用的變量路徑,以致于直接打文件名的話在運(yùn)行Open的時候會提示你找不到正確證書和密鑰這樣錯誤,所以必須要在這里打上絕對路徑,囧。2.其次,在Windows系統(tǒng)中路徑使用的是反斜杠桿,但是在配置文件中,你必須要像我這樣使用雙反斜杠表示,單斜杠就會報錯,囧。3.最后,即時你注意到了上面兩點(diǎn)也還是不夠,你會發(fā)現(xiàn)如“Program Files”這樣的目錄名當(dāng)中有空格,因此你必須要像我這樣在輸入完整的路徑之后加上雙引號才行,否則也會抱錯,囧)
ns-cert-type server
tls-auth "C:\Program Files\Open\ta.key" 1
(指定TA密鑰的路徑,請使用絕對路徑來表示,路徑格式要求請參考上面。另外作為Client的話后面要跟上參數(shù)1,如果作為Server的話后面要跟上參數(shù)0)
comp-lzo
verb 3
;mute 20
---------------------------------------------
這里我偷懶,我直接把一些證書密鑰直接丟安裝路徑下了,其實(shí)可以做的規(guī)范些,就是自己在安裝路徑下建立一個Key或者別的名字的目錄,將證書密鑰這些文件都統(tǒng)一整理到這個目錄下,然后再在主配置文件中寫明這些文件的位置(反正也是要打絕對路徑的- -),還是那句話,請嚴(yán)格仔細(xì)的核準(zhǔn)主配置文件中的文件路徑。
4.未啟動Open進(jìn)程時先察看網(wǎng)絡(luò)接口。
這個是我這臺主機(jī)上原有的網(wǎng)絡(luò)接口信息。安裝好Open-GUI后會多出一張網(wǎng)絡(luò)接口,不過默認(rèn)是未連接的。
------------------------------------------------------
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\Documents and Settings\Administrator>ipconfig/all
Windows IP Configuration
Host Name . . . . . . . . . . . . : kserver
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter :
Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : TAP-Win32 Adapter V8
Physical Address. . . . . . . . . : 00-FF-6F-CB-56-CF
Ethernet adapter NET1:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller
Physical Address. . . . . . . . . : 00-18-8B-82-52-1A
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.102
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 202.96.209.5
202.96.209.133
Ethernet adapter NET0:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : ADMtek AN983 10/100 PCI Adapter
Physical Address. . . . . . . . . : 00-E0-4C-B3-F3-43
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.198
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.0.201
202.96.209.133
C:\Documents and Settings\Administrator>
--------------------------------------------------
5.運(yùn)行Open進(jìn)程
運(yùn)行方法很多:
(1)可以通過圖形界面的方式用鼠標(biāo)點(diǎn)擊操作 C:\Program Files\Open\bin\open-gui.exe
(2)也可以在Cmd命令行里輸入執(zhí)行命令 open-gui --connect client.o
(3)也可以用鼠標(biāo)右擊你的client.o主配置文件(如果是服務(wù)端的話右擊server.o文件),然后在彈出的快捷菜單中選中“Start Open on this config file”。
6.查看成功運(yùn)行Open后的信息
顯示
--------------------------------------------------------
Thu Aug 30 08:52:41 2007 Open 2.0.9 Win32-MinGW [SSL] [LZO] built on Oct 1 2
006
Thu Aug 30 08:52:41 2007 IMPORTANT: Open's default port number is now 1194, b
ased on an official port number assignment by IANA. Open 2.0-beta16 and earl
ier used 5000 as the default port.
Thu Aug 30 08:52:41 2007 Control Channel Authentication: using 'C:\Program Files
\Open\ta.key' as a Open static key file
Thu Aug 30 08:52:41 2007 Outgoing Control Channel Authentication: Using 160 bit
message hash 'SHA1' for HMAC authentication
Thu Aug 30 08:52:41 2007 Incoming Control Channel Authentication: Using 160 bit
message hash 'SHA1' for HMAC authentication
Thu Aug 30 08:52:41 2007 LZO compression initialized
Thu Aug 30 08:52:41 2007 Control Channel MTU parms [ L:1542 D:166 EF:66 EB:0 ET:
0 EL:0 ]
Thu Aug 30 08:52:41 2007 Data Channel MTU parms [ L:1542 D:1450 EF:42 EB:135 ET:
0 EL:0 AF:3/1 ]
Thu Aug 30 08:52:41 2007 Local Options hash (VER=V4): '504e774e'
Thu Aug 30 08:52:41 2007 Expected Remote Options hash (VER=V4): '14168603'
Thu Aug 30 08:52:41 2007 UDPv4 link local: [undef]
Thu Aug 30 08:52:41 2007 UDPv4 link remote: 123.123.123.233:9988
Thu Aug 30 08:52:41 2007 TLS: Initial packet from 123.123.123.233:9988, sid=2080
0d3a 0b281635
Thu Aug 30 08:52:41 2007 VERIFY OK: depth=1, /C=CN/ST=Shanghai/L=Shanghai/O=Center/O
[email=U=Center/CN=01/emailAddress=kanecruisesisgod@hotmail.com]U=Center/CN=01/emailAddress=kanecruisesisgod@hotmail.com[/email]
Thu Aug 30 08:52:41 2007 VERIFY OK: nsCertType=SERVER
Thu Aug 30 08:52:41 2007 VERIFY OK: depth=0, /C=CN/ST=Shanghai/O=Center/OU=Center/CN=
[email=SRV01/emailAddress=kanecruisesisgod@hotmail.com]SRV01/emailAddress=kanecruisesisgod@hotmail.com[/email]
Thu Aug 30 08:52:42 2007 Data Channel Encrypt: Cipher 'BF-CBC' initialized with
128 bit key
Thu Aug 30 08:52:42 2007 Data Channel Encrypt: Using 160 bit message hash 'SHA1'
for HMAC authentication
Thu Aug 30 08:52:42 2007 Data Channel Decrypt: Cipher 'BF-CBC' initialized with
128 bit key
Thu Aug 30 08:52:42 2007 Data Channel Decrypt: Using 160 bit message hash 'SHA1'
for HMAC authentication
Thu Aug 30 08:52:42 2007 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES2
56-SHA, 1024 bit RSA
Thu Aug 30 08:52:42 2007 [SRV01] Peer Connection Initiated with 123.123.123.233:9988
Thu Aug 30 08:52:43 2007 SENT CONTROL [SRV01]: 'PUSH_REQUEST' (status=1)
Thu Aug 30 08:52:43 2007 PUSH: Received control message: 'PUSH_REPLY,route 111.111.111.36 255.255.255.0,route 222.222.0.98 255.255.0.0,route 123.123.123.2
34 255.255.255.255,route 10.99.0.0 255.255.255.0,ping 10,ping-restart 120,ifconf
ig 10.99.0.10 10.99.0.9'
Thu Aug 30 08:52:43 2007 OPTIONS IMPORT: timers and/or timeouts modified
Thu Aug 30 08:52:43 2007 OPTIONS IMPORT: --ifconfig/up options modified
Thu Aug 30 08:52:43 2007 OPTIONS IMPORT: route options modified
Thu Aug 30 08:52:43 2007 TAP-WIN32 device [] opened: \.\Global\{6FCB56CF-B12
5-4D24-91A3-822CE03972DD}.tap
Thu Aug 30 08:52:43 2007 TAP-Win32 Driver Version 8.4
Thu Aug 30 08:52:43 2007 TAP-Win32 MTU=1500
Thu Aug 30 08:52:43 2007 Notified TAP-Win32 driver to set a DHCP IP/netmask of 1
0.99.0.10/255.255.255.252 on interface {6FCB56CF-B125-4D24-91A3-822CE03972DD} [D
HCP-serv: 10.99.0.9, lease-time: 31536000]
Thu Aug 30 08:52:43 2007 Successful ARP Flush on interface [2] {6FCB56CF-B125-4D
24-91A3-822CE03972DD}
Thu Aug 30 08:52:43 2007 TEST ROUTES: 0/0 succeeded len=4 ret=0 a=0 u/d=down
Thu Aug 30 08:52:43 2007 Route: Waiting for TUN/TAP interface to come up...
Thu Aug 30 08:52:44 2007 TEST ROUTES: 0/0 succeeded len=4 ret=0 a=0 u/d=down
Thu Aug 30 08:52:44 2007 Route: Waiting for TUN/TAP interface to come up...
Thu Aug 30 08:52:45 2007 TEST ROUTES: 4/4 succeeded len=4 ret=1 a=0 u/d=up
Thu Aug 30 08:52:45 2007 route ADD 111.111.111.36 MASK 255.255.255.0 10.99.0.9
Thu Aug 30 08:52:45 2007 route ADD 222.222.0.98 MASK 255.255.0.0 10.99.0.9
Thu Aug 30 08:52:45 2007 route ADD 123.123.123.234 MASK 255.255.255.255 10.99.0.
9
Thu Aug 30 08:52:45 2007 Route addition via IPAPI succeeded
Thu Aug 30 08:52:45 2007 route ADD 10.99.0.0 MASK 255.255.255.0 10.99.0.9
Thu Aug 30 08:52:45 2007 Route addition via IPAPI succeeded
Thu Aug 30 08:52:45 2007 Initialization Sequence Completed
----------------------------------------------------------------------------
(連接成功)連接成功的話,你應(yīng)該在桌面右下角的托盤當(dāng)中看到一個小電腦它的小屏幕顏色從紅(未連接)-黃(正在連接)-綠(已經(jīng)連接上)這樣的過程。
再察看網(wǎng)絡(luò)接口
-------------------------------------------------------------------------------
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\Documents and Settings\Administrator>ipconfig/all
Windows IP Configuration
Host Name . . . . . . . . . . . . : kserver
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter :
(這個名字叫“”的網(wǎng)路接口就是通過Open運(yùn)行起來的虛擬網(wǎng)絡(luò)接口,并且這個“”的名字也是由之前主配置文件中dev-node配置項(xiàng)定義的。)
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Win32 Adapter V8
Physical Address. . . . . . . . . : 00-FF-6F-CB-56-CF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 10.99.0.10
(這個IP地址也是連接成功后由Server分配的)
Subnet Mask . . . . . . . . . . . : 255.255.255.252
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 10.99.0.9
Lease Obtained. . . . . . . . . . : 2007年8月30日 8:52:44
Lease Expires . . . . . . . . . . : 2008年8月29日 8:52:44
Ethernet adapter NET1:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller
Physical Address. . . . . . . . . : 00-18-8B-82-52-1A
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.102
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 202.96.209.5
202.96.209.133
Ethernet adapter NET0:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : ADMtek AN983 10/100 PCI Adapter
Physical Address. . . . . . . . . : 00-E0-4C-B3-F3-43
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.198
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.0.201
202.96.209.133
C:\Documents and Settings\Administrator>
---------------------------------------------------------------------------
察看路由表
------------------------------------------------------------------------
C:\Documents and Settings\Administrator>route PRINT
IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 ff 6f cb 56 cf ...... TAP-Win32 Adapter V8
0x10004 ...00 18 8b 82 52 1a ...... Broadcom 440x 10/100 Integrated Controller
0x10005 ...00 e0 4c b3 f3 43 ...... ADMtek AN983 10/100 PCI Adapter
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.102 20
10.99.0.0 255.255.255.0 10.99.0.9 10.99.0.10 1
10.99.0.8 255.255.255.252 10.99.0.10 10.99.0.10 30
10.99.0.10 255.255.255.255 127.0.0.1 127.0.0.1 30
10.255.255.255 255.255.255.255 10.99.0.10 10.99.0.10 30
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.198 192.168.0.198 20
192.168.0.198 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.198 192.168.0.198 20
192.168.1.0 255.255.255.0 192.168.1.102 192.168.1.102 20
192.168.1.102 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.102 192.168.1.102 20
123.123.123.234 255.255.255.255 10.99.0.9 10.99.0.10 1
111.111.111.0 255.255.255.0 10.99.0.9 10.99.0.10 1
222.222.0.0 255.255.0.0 10.99.0.9 10.99.0.10 1
224.0.0.0 240.0.0.0 10.99.0.10 10.99.0.10 30
224.0.0.0 240.0.0.0 192.168.0.198 192.168.0.198 20
224.0.0.0 240.0.0.0 192.168.1.102 192.168.1.102 20
255.255.255.255 255.255.255.255 10.99.0.10 10.99.0.10 1
255.255.255.255 255.255.255.255 192.168.0.198 192.168.0.198 1
255.255.255.255 255.255.255.255 192.168.1.102 192.168.1.102 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
C:\Documents and Settings\Administrator>
--------------------------------------------------------------------------
這里10.99.0.0網(wǎng)段出現(xiàn),還有其他的一些新增路由如111.111.111.0/24和222.222.0.0/16這些路由,這些都是由Server那里Push過來的。并且他們的Metric是1,因此他們是優(yōu)先匹配這些路由出局的。
ping遠(yuǎn)端 Server主機(jī)虛擬地址
C:\Documents and Settings\Administrator>ping 10.99.0.1
Pinging 10.99.0.1 with 32 bytes of data:
Reply from 10.99.0.1: bytes=32 time=22ms TTL=64
Reply from 10.99.0.1: bytes=32 time=22ms TTL=64
Reply from 10.99.0.1: bytes=32 time=22ms TTL=64
Reply from 10.99.0.1: bytes=32 time=21ms TTL=64
Ping statistics for 10.99.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 21ms, Maximum = 22ms, Average = 21ms
C:\Documents and Settings\Administrator>
連接成功