频道栏目
首页 > 系统 > Linux > 正文

嵌入式(arm linux)搭建openvpn客户端

2018-06-13 14:38:44      个评论    来源:Jayson 博客  
收藏   我要投稿

嵌入式(arm linux)搭建openvpn客户端。

搭建openvpn客户端需要 openvpn openssl lzo

一、lzo-2.10

1、下载:https://www.oberhumer.com/opensource/lzo/download/

2、配置

./configure --host=arm-hisiv100nptl-linux CC=arm-hisiv100nptl-linux-gcc --prefix=/work/my/code/vpn/openvpn/lzo/install

3、编译

make

4、安装

make install

安装在这个目录下/work/my/code/vpn/openvpn/lzo/install,后面配置openvpn需要。

二、openssl-1.0.2n

1、下载:https://ftp.openssl.org/source/old/1.0.2/

2、配置

./Configure linux-elf no-asm  shared --prefix=/work/my/code/vpn/openvpn/openssl/install

修改:Makfile
1、
CC=gcc  CC= arm-hisiv100nptl-linux-gcc

2、
AR=arm-hisiv100nptl-linux-ar $(ARFLAGS) r
RANLIB= arm-hisiv100nptl-linux-ranlib

这里要使用动态库,所以要有shared选项。使用静态库,配置openvpn会检测不过。

3、编译

make

4、安装

make install

安装在/work/my/code/vpn/openvpn/openssl/install目录,配置openvpn时用

把生成的 libcrypto.so.1.0.0 ?libssl.so.1.0.0 拷贝到设备/lib目录里。openvpn执行需要这两个库。

三、openvpn-2.4.6

1、下载:https://www.techspot.com/downloads/5182-openvpn.html

2、配置

./configure --host=arm-hisiv100nptl-linux --disable-lz4  --disable-plugins \
CC=arm-hisiv100nptl-linux-gcc \
--prefix=/work/my/code/vpn/openvpn/openvpn_src/install \
OPENSSL_CFLAGS="-I/work/my/code/vpn/openvpn/openssl/install/include" \
OPENSSL_LIBS="-L/work/my/code/vpn/openvpn/openssl/install/lib -lssl -lcrypto" \
LZO_CFLAGS="-I/work/my/code/vpn/openvpn/lzo/install/include" \
LZO_LIBS="-L/work/my/code/vpn/openvpn/lzo/install/lib -llzo2"

3、编译

make

4、安装

make install

5、把生成的opevpn执行文件下载到开发板

建立一个openvpnclient 目录,里面添加文件如下:

root@ubuntu16:/work/nfs/bin/vpn/openvpnclient# ls -l
总用量 2412
-rw-r--r-- 1 hjx  hjx     1781 6月   8 13:57 ca.crt
-rwxrwxrwx 1 root root    3479 6月  12 13:54 client.ovpn
-rw-r--r-- 1 hjx  hjx     5591 6月   8 13:57 FFOpenvpnClient.crt
-rw------- 1 hjx  hjx     1704 6月   8 13:57 FFOpenvpnClient.key
-rwxr--r-- 1 hjx  hjx  2414251 6月  12 10:15 openvpn

其他的几个文件都是上篇文章生成的。

6、配置内核kernel

make menuconfig

\

\

\


选择生成模块驱动的方式,这样就不需要重新下载内核镜像。

7、加载tun驱动模块

# ./tun.ko 

9、启动openvpn

openvpn --config client.ovpn
# ./openvpn --config client.ovpn
Tue Jun 12 20:32:06 2018 OpenVPN 2.4.6 arm-hisiv100nptl-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH/PKTINFO] [AEAD] built on Jun 12 2018
Tue Jun 12 20:32:06 2018 library versions: OpenSSL 1.0.2n  7 Dec 2017, LZO 2.10
Tue Jun 12 20:32:06 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.9.161:1194
Tue Jun 12 20:32:06 2018 Socket Buffers: R=[87380->87380] S=[16384->16384]
Tue Jun 12 20:32:06 2018 Attempting to establish TCP connection with [AF_INET]192.168.9.161:1194 [nonblock]
Tue Jun 12 20:32:07 2018 TCP connection established with [AF_INET]192.168.9.161:1194
Tue Jun 12 20:32:07 2018 TCP_CLIENT link local: (not bound)
Tue Jun 12 20:32:07 2018 TCP_CLIENT link remote: [AF_INET]192.168.9.161:1194
Tue Jun 12 20:32:07 2018 TLS: Initial packet from [AF_INET]192.168.9.161:1194, sid=1d8d70aa a5ebeee6
Tue Jun 12 20:32:07 2018 VERIFY OK: depth=1, C=CH, ST=FJ, L=XiaMen, O=Four-Faith, OU=Four-Faith-Dvr, CN=Four-Faith CA, name=FFOpenvpnServer, emailAddress=1029421735@qq.com
Tue Jun 12 20:32:07 2018 VERIFY KU OK
Tue Jun 12 20:32:07 2018 Validating certificate extended key usage
Tue Jun 12 20:32:07 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Jun 12 20:32:07 2018 VERIFY EKU OK
Tue Jun 12 20:32:07 2018 VERIFY OK: depth=0, C=CH, ST=FJ, L=XiaMen, O=Four-Faith, OU=Four-Faith-Dvr, CN=FFOpenvpnServer, name=FFOpenvpnServer, emailAddress=1029421735@qq.com
Tue Jun 12 20:32:07 2018 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Tue Jun 12 20:32:07 2018 [FFOpenvpnServer] Peer Connection Initiated with [AF_INET]192.168.9.161:1194
Tue Jun 12 20:32:08 2018 SENT CONTROL [FFOpenvpnServer]: 'PUSH_REQUEST' (status=1)
Tue Jun 12 20:32:08 2018 PUSH: Received control message: 'PUSH_REPLY,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Tue Jun 12 20:32:08 2018 OPTIONS IMPORT: timers and/or timeouts modified
Tue Jun 12 20:32:08 2018 OPTIONS IMPORT: --ifconfig/up options modified
Tue Jun 12 20:32:08 2018 OPTIONS IMPORT: route options modified
Tue Jun 12 20:32:08 2018 Outgoing Data Channel: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jun 12 20:32:08 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Tue Jun 12 20:32:08 2018 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jun 12 20:32:08 2018 Incoming Data Channel: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jun 12 20:32:08 2018 WARNING: INSECURE cipher with block size less than 128 bit (64 bit).  This allows attacks like SWEET32.  Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Tue Jun 12 20:32:08 2018 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jun 12 20:32:08 2018 WARNING: cipher with small block size in use, reducing reneg-bytes to 64MB to mitigate SWEET32 attacks.
Tue Jun 12 20:32:08 2018 ROUTE_GATEWAY 192.168.9.1/255.255.255.0 IFACE=eth0 HWADDR=c2:4f:b4:b3:97:d7
Tue Jun 12 20:32:08 2018 TUN/TAP device tun0 opened
Tue Jun 12 20:32:08 2018 TUN/TAP TX queue length set to 100
Tue Jun 12 20:32:08 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Tue Jun 12 20:32:08 2018 /sbin/ifconfig tun0 10.8.0.6 pointopoint 10.8.0.5 mtu 1500
Tue Jun 12 20:32:08 2018 /sbin/route add -net 10.8.0.0 netmask 255.255.255.0 gw 10.8.0.5
Tue Jun 12 20:32:08 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Jun 12 20:32:08 2018 Initialization Sequence Completed

看到tun0 10.8.0.6,说明连接成功,服务器分配给我们ip地址了。

10、查看tuno

# ifconfig
eth0      Link encap:Ethernet  HWaddr C2:4F:B4:B3:97:D7  
          inet addr:192.168.9.166  Bcast:192.168.9.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:26035021 errors:0 dropped:4868 overruns:0 frame:0
          TX packets:6958380 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:578648897 (551.8 MiB)  TX bytes:989138257 (943.3 MiB)
          Interrupt:119 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:7162 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7162 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:15002931 (14.3 MiB)  TX bytes:15002931 (14.3 MiB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.8.0.6  P-t-P:10.8.0.5  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

# 

11、ping 10.8.0.1 服务器

# ping 10.8.0.1
PING 10.8.0.1 (10.8.0.1): 56 data bytes
64 bytes from 10.8.0.1: seq=0 ttl=64 time=2.750 ms
64 bytes from 10.8.0.1: seq=1 ttl=64 time=2.190 ms

能正常通信

12、ping 10.8.0.10 window客户端

# ping 10.8.0.10 
PING 10.8.0.10 (10.8.0.10): 56 data bytes
64 bytes from 10.8.0.10: seq=0 ttl=128 time=4.554 ms
64 bytes from 10.8.0.10: seq=1 ttl=128 time=2.231 ms
64 bytes from 10.8.0.10: seq=2 ttl=128 time=3.651 ms

能通信,说明两个客户端之间可以相互通信了。

到此arm linux客户端搭建完成。

上一篇:Linux中的软链接和硬链接对比分析
下一篇:Ubuntu 18系统下怎么快速安装gcc?
相关文章
图文推荐

关于我们 | 联系我们 | 广告服务 | 投资合作 | 版权申明 | 在线帮助 | 网站地图 | 作品发布 | Vip技术培训 | 举报中心

版权所有: 红黑联盟--致力于做实用的IT技术学习网站