{"id":664,"date":"2018-03-06T13:52:26","date_gmt":"2018-03-06T04:52:26","guid":{"rendered":"https:\/\/fsck.jp\/?p=664"},"modified":"2019-06-05T10:54:04","modified_gmt":"2019-06-05T01:54:04","slug":"openvpn-%e3%81%a7-l2vpn-%e3%82%92%e4%bd%9c%e6%88%90%e3%81%99%e3%82%8b","status":"publish","type":"post","link":"https:\/\/fsck.jp\/?p=664","title":{"rendered":"Raspberry Pi \u3067 OpenVPN \u30b5\u30fc\u30d0\u3092\u4f5c\u6210 (L2VPN\u7de8)"},"content":{"rendered":"

OpenVPN \u3068 tap \u30a4\u30f3\u30bf\u30fc\u30d5\u30a7\u30a4\u30b9\u3092\u4f7f\u3063\u3066\u3001\u81ea\u5b85\u306b\u63a5\u7d9a\u3067\u304d\u308b\u30ec\u30a4\u30e4\u30fc2 (\u30d6\u30ea\u30c3\u30b8\u30e2\u30fc\u30c9) VPN\u3092\u4f5c\u6210\u3059\u308b\u3002Layer2\u30e2\u30fc\u30c9\u3060\u3068\u3001\u81ea\u5b85\u5916\u304b\u3089 VPN \u63a5\u7d9a\u3057\u305f\u3068\u304d\u306b bonjour \u3084 Windows \u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u691c\u7d22\u306e\u3088\u3046\u306a\u30b5\u30fc\u30d3\u30b9\u304c\u3001\u81ea\u5b85\u5185\u3068\u540c\u69d8\u306b\u4f7f\u3048\u308b\u306e\u304c\u30e1\u30ea\u30c3\u30c8\u3002<\/p>\n

\u81ea\u5b85\u5185\u30b5\u30fc\u30d0: Raspberry Pi 2 (Raspbian 9.x stretch)
\n\u74b0\u5883\u306f\u4ee5\u4e0b\u306e\u56f3\u306e\u901a\u308a\u3002<\/p>\n

\"\"<\/a><\/p>\n

\u3053\u306e\u6587\u66f8\u306e\u624b\u9806\u4ee5\u5916\u306b\u5225\u9014\u3001\u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8\u63a5\u7d9a\u30eb\u30fc\u30bf\u3067\u30b5\u30fc\u30d3\u30b9\u30dd\u30fc\u30c8\u3092\u5916\u90e8\u516c\u958b (\u30b9\u30bf\u30c6\u30a3\u30c3\u30af NAT) \u3057\u3066\u304a\u304f\u5fc5\u8981\u304c\u3042\u308b\u3002<\/p>\n

\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u5074\u306e\u8981\u4ef6\u3068\u3057\u3066\u3001Apple iOS \u7cfb\u6a5f\u5668\u306f tap \u30c7\u30d0\u30a4\u30b9\u306b\u5bfe\u5fdc\u3057\u3066\u3044\u306a\u3044\u305f\u3081\u3001Layer2 VPN \u3092\u5229\u7528\u3067\u304d\u306a\u3044\u306e\u3067\u672c\u7a3f\u306e\u30bf\u30fc\u30b2\u30c3\u30c8\u304b\u3089\u5916\u308c\u308b\u3002Android \u7cfb\u3082\u6a19\u6e96 API<\/a> \u3068\u6a19\u6e96\u30af\u30e9\u30a4\u30a2\u30f3\u30c8<\/a>\u3067\u306f tap \u306b\u5bfe\u5fdc\u3057\u3066\u3044\u306a\u3044\uff08\u7aef\u672b\u306e root \u6a29\u9650\u304c\u3042\u308c\u3070\u5bfe\u5fdc\u53ef\u80fd\u3002\u307e\u305f\u6709\u6599\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u306e OpenVPN Client<\/a> \u306f tap \u306b\u5bfe\u5fdc\u3057\u3066\u3044\u308b\uff09\u3002Windows \u7528\u306e OpenVPN GUI<\/a>\u3001Mac \u306e Tunnelblick<\/a> \u306a\u3069\u306f tap \u30c7\u30d0\u30a4\u30b9\u306b\u5bfe\u5fdc\u3057\u3066\u3044\u308b\u3002<\/p>\n

1. OpenVPN \u30d1\u30c3\u30b1\u30fc\u30b8\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/h2>\n

OpenVPN \u672c\u4f53\u3068\u3001\u30d6\u30ea\u30c3\u30b8\u8a2d\u5b9a\u306b\u5fc5\u8981\u306a bridge-utils \u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3059\u308b\u3002<\/p>\n

$ sudo apt install openvpn bridge-utils<\/code><\/p>\n

2. Raspbian \u306e\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30a4\u30f3\u30bf\u30fc\u30d5\u30a7\u30a4\u30b9\u3092 bridge \u8a2d\u5b9a\u306b\u3059\u308b<\/h2>\n

\u30b5\u30fc\u30d0\u5074\u306e eth0 \u30c7\u30d0\u30a4\u30b9\u3092\u76f4\u63a5\u4f7f\u308f\u305a\u3001\u30d6\u30ea\u30c3\u30b8\u30c7\u30d0\u30a4\u30b9 br0 \u3092\u4f7f\u3044 eth0 \u3092\u305d\u306e\u30e1\u30f3\u30d0\u30fc\u3068\u3059\u308b\u3088\u3046\u306b\u8a2d\u5b9a\u3059\u308b\u3002OpenVPN\u30b5\u30fc\u30d0\u30d7\u30ed\u30b0\u30e9\u30e0\u306e\u4f7f\u3046 tap0 \u30c7\u30d0\u30a4\u30b9\u3082 br0 \u306e\u30e1\u30f3\u30d0\u30fc\u3068\u3057\u3066\u3001\u30d6\u30ea\u30c3\u30b8\u63a5\u7d9a\u3067\u304d\u308b\u3088\u3046\u306b\u3059\u308b\u3002<\/p>\n

\u30b5\u30fc\u30d0\u306e IP \u30a2\u30c9\u30ec\u30b9\u3068\u3057\u3066\u306f\u3001\u56fa\u5b9a\u30a2\u30c9\u30ec\u30b9\u3092\u8a2d\u5b9a\u3059\u308b\uff08\u81ea\u5b85\u5185\u306eIP\u30a2\u30c9\u30ec\u30b9\u3092\u30eb\u30fc\u30bf\u306eDHCP\u306b\u4efb\u305b\u3066\u3044\u308b\u306a\u3089\u3001DHCP\u914d\u5e03\u7bc4\u56f2\u5916\u306e\u30a2\u30c9\u30ec\u30b9\u3067\u56fa\u5b9a\u3059\u308b\uff09\u3002<\/p>\n

\u30de\u30b7\u30f3\u8d77\u52d5\u6642\u306b\u81ea\u52d5\u7684\u306b\u30d6\u30ea\u30c3\u30b8\u30c7\u30d0\u30a4\u30b9\u304c\u6709\u52b9\u306b\u306a\u308b\u3088\u3046\u3001interfaces \u30d5\u30a1\u30a4\u30eb\u3092\u7de8\u96c6\u3059\u308b\u3002<\/p>\n

$ sudo vi \/etc\/network\/interfaces<\/code><\/p>\n

auto br0\niface br0 inet static\n        address 192.168.100.20\n        netmask 255.255.255.0\n        network 192.168.100.0\n        broadcast 192.168.100.255\n        gateway 192.168.100.1\n        dns-nameservers 192.168.100.1\n        dns-search example.com\n        bridge_ports eth0<\/pre>\n
\u3082\u3068\u3082\u3068 eth0 \u3060\u3063\u305f\u3068\u3053\u308d\u3092 br0 \u306b\u3057\u3066\u3001bridge_ports eth0 \u3092\u8ffd\u52a0\u3059\u308b\u3088\u3046\u306b\u7de8\u96c6\u3059\u308b\u3002<\/p>\n
\u3053\u3053\u3067\u4e00\u5ea6\u518d\u8d77\u52d5\u3057\u3066\u3001br0 \u306b IP \u30a2\u30c9\u30ec\u30b9\u304c\u4ed8\u304f\u3053\u3068\u3092\u78ba\u8a8d\u3059\u308b\u3002
\n$ sudo shutdown -r now<\/code><\/p>\n
\u8d77\u52d5\u3057\u305f\u3089 IP \u30a2\u30c9\u30ec\u30b9\u306e\u72b6\u6cc1\u3092\u78ba\u8a8d\u3059\u308b\u3002br0 \u306b IP \u30a2\u30c9\u30ec\u30b9\u304c\u4ed8\u3044\u3066\u3044\u308c\u3070 OK\u3002<\/p>\n
$ ip a\n1: lo: <loopback,up,lower_up> mtu 65536 qdisc noqueue state UNKNOWN group defaul\nt qlen 1000\n    link\/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00\n    inet 127.0.0.1\/8 scope host lo\n       valid_lft forever preferred_lft forever\n2: eth0: <broadcast,multicast,up,lower_up> mtu 1500 qdisc pfifo_fast master br0\nstate UP group default qlen 1000\n    link\/ether 00:00:5e:00:53:11 brd ff:ff:ff:ff:ff:ff\n3: br0: <broadcast,multicast,up,lower_up> mtu 1500 qdisc noqueue state UP group\ndefault qlen 1000\n    link\/ether 00:00:5e:00:53:fe brd ff:ff:ff:ff:ff:ff\n    inet 192.168.100.20\/24 brd 192.168.100.255 scope global br0\n       valid_lft forever preferred_lft forever<\/broadcast,multicast,up,lower_up><\/broadcast,multicast,up,lower_up><\/loopback,up,lower_up><\/pre>\n
3. OpenVPN \u30b5\u30fc\u30d0\u8a2d\u5b9a<\/h2>\n
OpenVPN \u30b5\u30fc\u30d0\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3059\u308b\u3002\u30b5\u30f3\u30d7\u30eb\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u30b3\u30d4\u30fc\u3057\u3066\u3001\u305d\u308c\u3092\u30d9\u30fc\u30b9\u306b\u7de8\u96c6\u3059\u308b\u3002<\/p>\n
$ sudo mkdir -p \/var\/log\/openvpn \/etc\/openvpn\/ccd
\n$ sudo cp \/usr\/share\/doc\/openvpn\/examples\/sample-config-files\/server.conf.gz \/etc\/openvpn\/server\/
\n$ sudo gzip -d \/etc\/openvpn\/server\/server.conf.gz
\n$ sudo mv \/etc\/openvpn\/server\/{server,udp7231}.conf
\n$ sudo vi \/etc\/openvpn\/server\/udp7231.conf<\/code><\/p>\n
port 7231\nproto udp\ndev tap\nca ca.crt\ncert server.crt\nkey server.key\ndh dh2048.pem\nserver-bridge 192.168.100.0 255.255.255.0 192.168.100.192 192.168.100.223\npush \"dhcp-option DNS 192.168.100.1\"\npush \"dhcp-option DOMAIN example.com\"\nclient-to-client\nkeepalive 10 120\ntls-auth ta.key 0\ncipher AES-256-CBC\nuser nobody\ngroup nogroup\npersist-key\npersist-tun\nstatus \/var\/log\/openvpn\/openvpn-status.log\nlog-append  \/var\/log\/openvpn\/openvpn.log\nverb 3\nexplicit-exit-notify 1\ncrl-verify crl.pem<\/pre>\n
dev tap \u8a2d\u5b9a\u306b\u3059\u308b\u3068\u3053\u308d\u304c\u30d6\u30ea\u30c3\u30b8\u65b9\u5f0f\u306e\u8981\u306b\u306a\u308b\u3002server-bridge \u8a2d\u5b9a\u306b\u306f\u3001VPN \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306b\u914d\u5e03\u3059\u308b IP \u30a2\u30c9\u30ec\u30b9\u306e\u7bc4\u56f2\u3092\u6307\u5b9a\u3059\u308b\u3002\u81ea\u5b85\u5185\u30eb\u30fc\u30bf\u306e DHCP \u3067\u306f\u3001\u3053\u306e\u7bc4\u56f2\u3092\u914d\u5e03\u5bfe\u8c61\u5916\u306b\u3057\u3066\u304a\u304f\u3053\u3068\u3002<\/p>\n
\u30c8\u30e9\u30f3\u30b9\u30dd\u30fc\u30c8\u5c64\u30d7\u30ed\u30c8\u30b3\u30eb\u306f UDP \u3092\u5229\u7528\u3059\u308b\uff08TCP over TCP \u554f\u984c<\/a>\u3092\u907f\u3051\u308b\u305f\u3081\uff09\u3002\u5229\u7528\u3059\u308b\u30dd\u30fc\u30c8\u306f\u5ff5\u306e\u305f\u3081\u6a19\u6e96\u306e 1194 \u304b\u3089\u5909\u3048\u3066\u304a\u304f\u3053\u3068\u3068\u3057\u3066\u3001\u9069\u5f53\u306b\u30e9\u30f3\u30c0\u30e0\u3067\u6c7a\u3081\u308b\u3002\u4eca\u56de\u306f 7231 \u3068\u3057\u305f\u3002<\/p>\n
4. \u30b5\u30fc\u30d0\u8a3c\u660e\u66f8\u306e\u6e96\u5099<\/h2>\n
easy-rsa \u30d1\u30c3\u30b1\u30fc\u30b8\u3092\u5229\u7528\u3057\u3066 CA \u3092\u4f5c\u6210\u3057\u3001\u30b5\u30fc\u30d0\u8a3c\u660e\u66f8\u30fb\u9375\u3092\u4f5c\u6210\u3059\u308b\u3002CA \u4f5c\u696d\u7528\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3068\u3057\u3066\u3001\/etc\/openvpn\/easy-rsa \u3092\u4f5c\u6210\u3059\u308b\u3002<\/p>\n
$ sudo make-cadir \/etc\/openvpn\/easy-rsa
\n$ sudo -i
\n# cd \/etc\/openvpn\/easy-rsa
\n# ln -s openssl-1.0.0.cnf openssl.cnf
\n# vi vars<\/code><\/p>\n
\u4ee5\u4e0b\u306e\u3088\u3046\u306a\u8a2d\u5b9a\u3092var\u30d5\u30a1\u30a4\u30eb\u306b\u8a18\u8ff0\u3059\u308b\u3002<\/p>\n
export KEY_SIZE=2048\nexport KEY_COUNTRY=\"JP\"\nexport KEY_PROVINCE=\"Aichi\"\nexport KEY_CITY=\"Nagoya\"\nexport KEY_ORG=\"Home\"\nexport KEY_EMAIL=\"root@raspberrypi.example.com\"\nexport KEY_OU=\"Server\"<\/pre>\n
CA \u3092\u4f5c\u6210\u3057\u3001\u30b5\u30fc\u30d0\u9375\u30fb\u8a3c\u660e\u66f8\u3092\u4f5c\u6210\u3059\u308b\u3002<\/p>\n
# . vars
\n# .\/clean-all
\n# .\/build-ca
\n# .\/build-key-server server<\/code><\/p>\n
TLS Static Key \u3068 DH Key\u3092\u4f5c\u6210\u3059\u308b\u3002DH Key\u306e\u751f\u6210\u306b\u306f\u304b\u306a\u308a\u306e\u6642\u9593\u304c\u304b\u304b\u308b\uff08Raspberry Pi\u3067\u306f10\u5206\u4ee5\u4e0a\uff09<\/p>\n
# openvpn --genkey --secret \/etc\/openvpn\/server\/ta.key
\n# .\/build-dh
\n# cp -p keys\/ca.crt keys\/server.crt keys\/server.key keys\/dh2048.pem \/etc\/openvpn\/server\/
\n# exit<\/code><\/p>\n
5. OpenVPN \u30b5\u30fc\u30d3\u30b9\u306e\u6709\u52b9\u5316\u3068\u8d77\u52d5<\/h2>\n
\u30b5\u30fc\u30d0\u5074 OpenVPN \u30b5\u30fc\u30d3\u30b9\u7528\u306e systemd \u30e6\u30cb\u30c3\u30c8\u30d5\u30a1\u30a4\u30eb\u306f \/lib\/systemd\/system\/openvpn-server@.service \u3067\u3042\u308b\u3002@\u306e\u5f8c\u306b\u3001\u30b5\u30fc\u30d0\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u306e\u30c9\u30c3\u30c8\u3088\u308a\u524d\u306e\u540d\u524d\uff08\u4eca\u56de\u306e\u5834\u5408\u306f “udp7231″\uff09\u3092\u6307\u5b9a\u3057\u3066\u6709\u52b9\u5316\u30fb\u8d77\u52d5\u3059\u308b\u3002<\/p>\n
\u30b5\u30fc\u30d3\u30b9\u3092\u6709\u52b9\u5316\u3057\u3001\u8d77\u52d5\u3059\u308b\u3002
\n$ sudo systemctl enable openvpn-server@udp7231
\nCreated symlink \/etc\/systemd\/system\/multi-user.target.wants\/openvpn-server@udp7231.service \u2192 \/lib\/systemd\/system\/openvpn-server@.service.
\n$ sudo systemctl start openvpn-server@udp7231<\/code><\/p>\n
\u3053\u308c\u3060\u3051\u3060\u3068\u3001\u30d6\u30ea\u30c3\u30b8\u30c7\u30d0\u30a4\u30b9 br0 \u306b tap0 \u30c7\u30d0\u30a4\u30b9\u304c\u7d44\u307f\u8fbc\u307e\u308c\u305a\u3001VPN \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u3068 LAN \u3068\u306e\u76f8\u4e92\u901a\u4fe1\u304c\u3067\u304d\u306a\u3044\u3002\/etc\/systemd \u4ee5\u4e0b\u306b\u8ffd\u52a0\u306e systemd \u30e6\u30cb\u30c3\u30c8\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3057\u3066\u3001\u305d\u306e\u4e2d\u3067 tap0 \u3092 br0 \u306b\u8ffd\u52a0\u3059\u308b\u51e6\u7406\u3092\u884c\u3046\u3002<\/p>\n
$ sudo vi \/etc\/systemd\/system\/openvpn-bridge.service<\/code><\/p>\n
[Unit]\nDescription=OpenVPN bridge service\nRequires=openvpn-server@udp7231.service\nAfter=openvpn-server@udp7231.service\n\n[Service]\nType=oneshot\nRemainAfterExit=yes\nExecStart=\/bin\/sh -c '\/sbin\/brctl addbr br0 || \/bin\/true'\nExecStartPost=\/bin\/sh -c '\/sbin\/brctl addif br0 tap0 || \/bin\/true'\nExecStartPost=\/sbin\/ip link set tap0 up\nExecReload=\/bin\/true\nExecStop=\/sbin\/brctl delif br0 tap0\n\n[Install]\nWantedBy=multi-user.target<\/pre>\n
brctl addbr br0 \u306e\u884c\u306f\u672c\u6765\u5fc5\u8981\u306a\u3044\u306f\u305a\uff08br0 \u306e\u7acb\u3061\u4e0a\u3052\u306f \/etc\/network\/interfaces \u306b\u66f8\u3044\u3066\u3042\u308c\u3070\u81ea\u52d5\u7684\u306b\u5b9f\u884c\u3055\u308c\u308b\uff09\u306a\u306e\u3060\u304c\u3001\u30bf\u30a4\u30df\u30f3\u30b0\u306e\u554f\u984c\u3067 openvpn \u30b5\u30fc\u30d3\u30b9\u8d77\u52d5\u6642\u306b\u307e\u3060 br0 \u304c\u7121\u3044\u5834\u5408\u304c\u3042\u308a\u3001\u6b21\u306e\u884c\u306e brctl addif br0 tap0 \u306b\u5931\u6557\u3059\u308b\u3053\u3068\u304c\u3042\u308b\u305f\u3081\u3001\u5ff5\u306e\u305f\u3081\u52a0\u3048\u3066\u3044\u308b\u3002<\/p>\n
\u4e0a\u8a18\u3067\u4f5c\u6210\u3057\u305f\u81ea\u4f5c\u30b5\u30fc\u30d3\u30b9\u3092\u8d77\u52d5\u3059\u308b\u3002
\n$ sudo systemctl enable openvpn-bridge
\nCreated symlink \/etc\/systemd\/system\/multi-user.target.wants\/openvpn-bridge.service \u2192 \/etc\/systemd\/system\/openvpn-bridge.service.
\n$ sudo systemctl start openvpn-bridge<\/code><\/p>\n
6. iptables \u8a2d\u5b9a<\/h2>\n
\u30ed\u30fc\u30ab\u30eb\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u8a2d\u5b9a\u3067\u3001OpenVPN \u306e\u5229\u7528\u3059\u308b\u30dd\u30fc\u30c8\u3092\u958b\u3051\u3066\u304a\u304f\u3002<\/p>\n
iptables \u306e\u8a2d\u5b9a\u306b iptables-persistent \u30d1\u30c3\u30b1\u30fc\u30b8\u3092\u5229\u7528\u3057\u3066\u3044\u308b\u5834\u5408\u306f\u3001\/etc\/iptables\/rules.v4 \u3092\u7de8\u96c6\u3057\u3066\u4ee5\u4e0b\u306e\u884c\u3092\u52a0\u3048\u308b\u3002<\/p>\n
-A INPUT -p udp -m udp --dport 7231 -j ACCEPT<\/pre>\n
\u8a2d\u5b9a\u3092\u518d\u8aad\u307f\u8fbc\u307f\u3059\u308b\u3002
\n$ sudo netfilter-persistent reload<\/code><\/p>\n
\u3082\u3057iptables\u76f4\u63a5\u3067\u306f\u306a\u304fufw\u3092\u4f7f\u3063\u3066\u3044\u308b\u306e\u3067\u3042\u308c\u3070\u3001\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3067\u30b5\u30fc\u30d3\u30b9\u30dd\u30fc\u30c8\u3092\u958b\u3051\u308b\u3002
\n$ sudo ufw allow 7231\/udp
\n$ sudo ufw reload<\/code><\/p>\n
\u30d6\u30ea\u30c3\u30b8\u8a2d\u5b9a\u306e\u5834\u5408\u3001\u30d1\u30b1\u30c3\u30c8\u30d5\u30a9\u30ef\u30fc\u30c7\u30a3\u30f3\u30b0\u306e\u8a2d\u5b9a\uff08sysctl -w net.ipv4.ip_forward=1\uff09\u306f\u4e0d\u8981\u3002<\/p>\n
7. \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u5074\u8a2d\u5b9a\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u306e\u4f5c\u6210<\/h2>\n
\u8a2d\u5b9a\u3092\u8907\u6570\u306e\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306b\u914d\u5e03\u3059\u308b\u305f\u3081\u3001\u5143\u3068\u306a\u308b\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3059\u308b\u3002<\/p>\n
$ sudo cp \/usr\/share\/doc\/openvpn\/examples\/sample-config-files\/client.conf \/etc\/openvpn\/client\/client.template
\n$ sudo vi \/etc\/openvpn\/client\/client.template<\/code><\/p>\n
client\ndev tap\nproto udp\nremote 203.0.113.10 7231\nresolv-retry infinite\nnobind\npersist-key\npersist-tun\nremote-cert-tls server\nkey-direction 1\ncipher AES-256-CBC\nverb 3\n<tls-auth>\n\u3053\u3053\u306b \/etc\/openvpn\/server\/ta.key \u30d5\u30a1\u30a4\u30eb\u306e\u5185\u5bb9\u3092\u30da\u30fc\u30b9\u30c8\u3059\u308b\u3002\n<\/tls-auth>\n<ca>\n\u3053\u3053\u306b \/etc\/openvpn\/server\/ca.crt \u30d5\u30a1\u30a4\u30eb\u306e\u5185\u5bb9\u3092\u30da\u30fc\u30b9\u30c8\u3059\u308b\u3002\n<\/ca>\n<key>\n<\/key>\n<cert>\n<\/cert>\n<\/pre>\n
\u8a3c\u660e\u66f8\u30fb\u9375\u30d5\u30a1\u30a4\u30eb\u7b49\u3092\u5225\u30d5\u30a1\u30a4\u30eb\u306e\u5f62\u3067\u914d\u5e03\u3057\u3066\u3082\u826f\u3044\u304c\u3001\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u306e\u4e2d\u306b\u53d6\u308a\u8fbc\u3080\u5f62\u306b\u3057\u3066\u307f\u308b\u3002\u8a2d\u5b9a\u3092\u5358\u4e00\u30d5\u30a1\u30a4\u30eb\u3067\u914d\u5e03\u3067\u304d\u308c\u3070\u53d6\u308a\u56de\u3057\u304c\u826f\u3044\u305f\u3081\u3002<\/p>\n
8. \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u306e\u767a\u884c\u3068\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u306e\u4f5c\u6210<\/h2>\n
\u30c6\u30b9\u30c8\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u7528\u306e\u8a2d\u5b9a\u3092\u4f5c\u6210\u3057\u3066\u3001\u52d5\u4f5c\u691c\u8a3c\u3057\u3066\u307f\u308b\u3002<\/p>\n
\u307e\u305a\u30011\u756a\u76ee\u306e\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u9375\u30fb\u8a3c\u660e\u66f8 (client1\u3068\u547d\u540d) \u3092\u767a\u884c\u3059\u308b\u3002<\/p>\n
$ sudo -i
\n# cd \/etc\/openvpn\/easy-rsa
\n# . vars
\n# .\/build-key client1
\n# exit<\/code><\/p>\n
\u30af\u30e9\u30a4\u30a2\u30f3\u30c81\u306e\u305f\u3081\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb (client1.ovpn) \u3092\u30c6\u30f3\u30d7\u30ec\u30fc\u30c8\u304b\u3089\u4f5c\u6210\u3059\u308b\u3002<\/p>\n
$ sudo cp \/etc\/openvpn\/client\/{client.template,client1.ovpn}
\n$ sudo vi \/etc\/openvpn\/client\/client1.ovpn<\/code><\/p>\n
client1.ovpn \u30d5\u30a1\u30a4\u30eb\u306e\u4e2d\u306e <cert>, <key> \u5404\u30bb\u30af\u30b7\u30e7\u30f3\u306e\u4e2d\u306b\u3001\u4f5c\u6210\u3057\u305f\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8 (client1.crt) \u3068\u9375 (client1.key) \u30d5\u30a1\u30a4\u30eb\u306e\u5185\u5bb9\u3092\u30b3\u30d4\u30fc&\u30da\u30fc\u30b9\u30c8\u3059\u308b\u3002<\/p>\n
\u4f5c\u6210\u3057\u305f \/etc\/openvpn\/client\/client1.ovpn \u30d5\u30a1\u30a4\u30eb\u3092\u914d\u5e03\u3057\u3066\u3001\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u30c7\u30d0\u30a4\u30b9\u306b\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u3066\u63a5\u7d9a\u78ba\u8a8d\u3059\u308b\u3002<\/p>\n
\u63a5\u7d9a\u6210\u529f\u3059\u308b\u3088\u3046\u306a\u3089\u3001client2\u3001client3\u3001…\u3068\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u540c\u69d8\u306b\u4f5c\u6210\u3057\u3066\u3044\u304f\u3002<\/p>\n
9. \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u306e\u5931\u52b9\u624b\u7d9a\u304d<\/h2>\n
\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u3092\u4f7f\u308f\u306a\u304f\u306a\u3063\u305f\u3089\u3001\u8a3c\u660e\u66f8\u3092\u5931\u52b9\u3055\u305b\u3066\u304a\u304f\u3002client1\u3092\u5931\u52b9\u3055\u305b\u308b\u305f\u3081\u306b\u306f\u3001\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3059\u308b\u3002<\/p>\n
$ sudo -i
\n# cd \/etc\/openvpn\/easy-rsa
\n# . vars
\n# .\/revoke-all client1<\/code><\/p>\n","protected":false},"excerpt":{"rendered":"
OpenVPN \u3068 tap \u30a4\u30f3\u30bf\u30fc\u30d5\u30a7\u30a4\u30b9\u3092\u4f7f\u3063\u3066\u3001\u81ea\u5b85\u306b\u63a5\u7d9a\u3067\u304d\u308b\u30ec\u30a4\u30e4\u30fc2 (\u30d6\u30ea\u30c3\u30b8\u30e2\u30fc\u30c9) VPN\u3092\u4f5c\u6210\u3059\u308b\u3002Layer2\u30e2\u30fc\u30c9\u3060\u3068\u3001\u81ea\u5b85\u5916\u304b\u3089 VPN \u63a5\u7d9a\u3057\u305f\u3068\u304d\u306b bonjour \u3084 Windows \u30cd\u30c3 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[22,23,15,12],"tags":[],"_links":{"self":[{"href":"https:\/\/fsck.jp\/index.php?rest_route=\/wp\/v2\/posts\/664"}],"collection":[{"href":"https:\/\/fsck.jp\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fsck.jp\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fsck.jp\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/fsck.jp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=664"}],"version-history":[{"count":0,"href":"https:\/\/fsck.jp\/index.php?rest_route=\/wp\/v2\/posts\/664\/revisions"}],"wp:attachment":[{"href":"https:\/\/fsck.jp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=664"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fsck.jp\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=664"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fsck.jp\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=664"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}