因工作需要,要实现安全的远程管理.只有这一种方法..也曾想过傻的喝的用NAT 端口映射在网关上实现.但是此方法太傻.怕自己忘了.记录一下吧:
1.安装bash Shells:
目录: /usr/ports/shells/bash
Command:
$ cd /usr/ports/shells/bash
$ sudo make install clean
安装shells bash:
/usr/ports/shells/bash
===> Compressing manual pages for bash-4.1.7_2
===> Registering installation for bash-4.1.7_2
===> Cleaning for bison-2.4.3,1
===> Cleaning for m4-1.4.15,1
===> Cleaning for bash-4.1.7_2
2.安装OpenSSL:
目录:山炮安装方法(ports)
Command:
$ sudo pkg_add -r openssl
Fetching Done.nssl.tbz...
Copy /usr/local/openssl/openssl.cnf.sample to /usr/local/openssl/openssl.cnf
and edit it to fit your needs.
3.安装OpenVPN:
目录:山炮安装方法(ports)
Command:
$ sudo pkg_add -r openvpn
### ------------------------------------------------------------------------
### Edit /etc/rc.conf[.local] to start OpenVPN automatically at system
### startup. See /usr/local/etc/rc.d/openvpn for details.
### ------------------------------------------------------------------------
### For compatibility notes when interoperating with older OpenVPN
### versions, please, see <http://openvpn.net/relnotes.html>
### ------------------------------------------------------------------------
===> Installing rc.d startup script(s)
===> Compressing manual pages for openvpn-2.1.3
===> Running ldconfig
/sbin/ldconfig -m /usr/local/lib
===> Registering installation for openvpn-2.1.3
===> SECURITY REPORT:
This port has installed the following files which may act as network
servers and may therefore pose a remote security risk to the system.
/usr/local/sbin/openvpn
This port has installed the following startup scripts which may cause
these network services to be started at boot time.
/usr/local/etc/rc.d/openvpn
If there are vulnerabilities in these programs there may be a security
risk to the system. FreeBSD makes no guarantee about the security of
ports included in the Ports Collection. Please type 'make deinstall'
to deinstall the port if this is a concern.
For more information, and contact details about the security
status of this software, see the following webpage:
http://openvpn.net/index.php/open-source.html
===> Cleaning for lzo2-2.03_2
===> Cleaning for pkcs11-helper-1.07
===> Cleaning for libtool-2.2.6b
===> Cleaning for pkg-config-0.25
===> Cleaning for xz-4.999.9_1
===> Cleaning for gmake-3.81_4
===> Cleaning for gettext-0.18_1
===> Cleaning for libiconv-1.13.1_1
===> Cleaning for openvpn-2.1.3
备注:lzo可用可不用(Server.conf注释或pkg_delete)
4.省着在折腾:
A.mkdir /etc/69606789WNVd/openvpn/
B.cp -R /usr/local/share/doc/openvpn/easy-rsa/2.0 /etc/69606789*^WNVd/openvpn/
C.sudo chmod -R 775 /etc/69606789WNVd/openvpn/
5.配置过程:
切换Shell环境: $bash
. ./vars
./clean-all #初始化
./build-ca #创建CA
./build-server man_server
./build-client
6.cd /usr/local/share/doc/openvpn找到server.conf与client.conf配置模板,拿过来~(启动权限65534啥也不给)
7.server.conf
8.client.conf
9.修改rc.conf:
openvpn_enable="YES"
指定openvpn程序目录同时指定configfile目录
整理~别忘了