OpenVPN作为一个成熟的VPN,通常具备以下特性:
- 机密性:对数据进行加密,确保数据在传输过程中不被非法查看。加密有对于流的加密:RC4、数据块加密:DES、3DES、AES 128/192/256
- 完整性:对接收到数据包进行完整性验证,以确保数据在传输过程中没被篡改。例如MD5、SHA1、SHA2
- 真实性:验证数据源,以保证数据来自真实的发送者。
- 抗重性:防止恶意用户通过重复发送捕获到数据包所进行的攻击,即接收方会拒绝旧的或重复的数据包。
当然,有些时候为了追求性能或是网络已经足够安全,可以关闭加密。
1.安装OpenVPN和easy-rsa
在终端中输入命令即可完成安装。
apt update && apt install openvpn easy-rsa
easy-rsa用于签发OpenVPN的证书。
2.使用easy-rsa生成证书
easy-rsa安装完成后,在/usr/share/easy-rsa下存放着easy-rsa的脚本,我们可以使用这些脚本轻松生成证书。
/usr/share/easy-rsa# ls
build-ca build-key-pass build-req-pass list-crl openssl.cnf vars
build-dh build-key-pkcs12 clean-all openssl-0.9.6.cnf pkitool whichopensslcnf
build-inter build-key-server inherit-inter openssl-0.9.8.cnf revoke-full
build-key build-req keys openssl-1.0.0.cnf sign-req
如果没有这些文件,说明easy-rsa版本不对。我这边使用的是easy-rsa 2.x版本的,可以在这里
找到。个人认为easy-rsa 2.x生成证书更方便一点。
先设置证书参数的变量。拷贝一份变量模板,再打开变量配置文件,我这使用vim打开。
#cp vars.example vars
#vim vars
改动的地方在文件底部附近,可以按照个人喜好进行修改,但不要留空,KEY_COUNTRY字段请用两个字符的国家/地区代号。
# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
export KEY_COUNTRY="CN"
export KEY_PROVINCE="CA"
export KEY_CITY="Kalami"
export KEY_ORG="Fort-Funston"
export KEY_EMAIL="Kalami@kalami.com"
export KEY_OU="XueitOrganizationalUnit"
# X509 Subject Field
export KEY_NAME="EasyRSA"
然后就可以用下面的命令生成证书
#载入环境变量
source vars
# 清除keys目录下所有与证书相关的文件
# 下面步骤生成的证书和密钥都在/usr/share/easy-rsa/keys目录里
./clean-all
# 生成根证书ca.crt和根密钥ca.key(一路按回车即可)
./build-ca --batch
# 为服务端生成证书和私钥
./build-key-server --batch server
# 每一个登陆的VPN客户端需要有一个证书
# 为客户端生成证书和私钥
./build-key --batch client
#使用for循环批量生成客户端证书和私钥
for i in (seq 1 10)
do
./build-key --batch clienti
done
# 创建Diffie-Hellman密钥,会生成dh2048.pem文件(生成过程比较慢,在此期间不要去中断它)
./build-dh
# 生成ta.key文件(防DDos攻击、UDP淹没等恶意攻击)
openvpn --genkey --secret keys/ta.key
将生成的keys文件夹复制到/etc/openvpn下
cp -r keys /etc/openvpn
3.创建服务器配置文件
gzip -d /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz
cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf /etc/openvpn/
cd /etc/openvpn
#创建client config dir
mkdir /etc/openvpn/ccd
打开/etc/openvpn/server.conf,按照你的需求修改配置文件。
#监听的本地ip地址
#如果程序不能监听ipv6地址,请改成
#local 0.0.0.0
local ::
#本地端口。不建议用默认的1194端口。改成你喜欢的端口。
port 1194
# TCP or UDP server?
#UPD流量可能会被运营商QoS;使用TCP会出现TCP over TCP,在高丢包率网络下严重影响传输效率
#看情况选择协议
;proto tcp
proto udp
#指定程序采用二层隧道还是三层隧道。
#因为传输二层数据会多传一个以太网数据帧头部,所以会带来一点带宽浪费。
#推荐使用三层隧道,也就是tun模式。
;dev tap
dev tun
# Any X509 key management system can be used.
# OpenVPN can also use a PKCS #12 formatted key file
# (see "pkcs12" directive in man page).
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key # This file should be kept secret
dh /etc/openvpn/dh2048.pem
#openvpn服务器和客户端之间的网段。
server 10.8.0.0 255.255.255.0
#推送服务器的路由给客户端
push "route 192.168.10.0 255.255.255.0"
# Maintain a record of client <-> virtual IP address
# associations in this file. If OpenVPN goes down or
# is restarted, reconnecting clients can be assigned
# the same virtual IP address from the pool that was
# previously assigned.
ifconfig-pool-persist /var/log/openvpn/ipp.txt
#用户配置文件夹
client-config-dir /etc/openvpn/ccd
#是否允许客户端和客户端之间通信
client-to-client
#是否允许多个客户端使用同一个证书
duplicate-cn
#心跳包
#每隔10秒一次,120秒未收到回复则判定客户端掉线
keepalive 10 120
tls-auth /etc/openvpn/keys/ta.key 0 # This file is secret
cipher AES-256-GCM
#启用lz4-v2压缩流量
compress lz4-v2
push "compress lz4-v2"
# It's a good idea to reduce the OpenVPN
# daemon's privileges after initialization.
#
# You can uncomment this out on
# non-Windows systems.
;user nobody
;group nogroup
# The persist options will try to avoid
# accessing certain resources on restart
# that may no longer be accessible because
# of the privilege downgrade.
persist-key
persist-tun
# Output a short status file showing
# current connections, truncated
# and rewritten every minute.
status /var/log/openvpn/openvpn-status.log
;log /var/log/openvpn/openvpn.log
log-append /var/log/openvpn/openvpn.log
# Set the appropriate level of log
# file verbosity.
#
# 0 is silent, except for fatal errors
# 4 is reasonable for general usage
# 5 and 6 can help to debug connection problems
# 9 is extremely verbose
verb 3
# Notify the client that when the server restarts so it
# can automatically reconnect.
explicit-exit-notify 1
配置文件修改完成后,可以使用下面的命令启动程序
service openvpn@server start
启动成功后会看到一块虚拟网卡
#ifconfig
tun: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.8.0.1 netmask 255.255.255.255 destination 10.8.0.2
inet6 fe80::2b96:4d98:3735:9a0 prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2 bytes 96 (96.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
如果启动失败了,可以查看日志/var/log/openvpn/openvpn.log来判断错误原因。
4.Windows客户端配置
client
dev tun0
proto udp
#把10.99.99.99 1194换成你的服务器的ip和端口
remote 10.99.99.99 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
#client.crt和client.key可以成对替换成其它的客户端证书
cert client.crt
key client.key
ns-cert-type server
tls-auth ta.key 1
compress lz4-v2
verb 3
将上面的代码保存为client.ovpn,然后将ca.crt,client.key,client.crt,ta.key从/etc/openvpn/keys里复制出来,和client.ovpn保存在一个文件夹里。就可以在其它客户端里导入配置文件了。
5.服务器网络配置
如果就加密访问服务器本身的话,不用配置网络,本章和下面一章都不用看了。
服务器端启动了,配置导入了,别急着连接。先配置一下网络。
首先要开启内核的数据包转发。打开/etc/sysctl.conf,在此文件里添加一行。
net.ipv4.ip_forward=1
然后输入sysctl -p,这样就已经打开内核数据包转发了。
如果要通过隧道访问另一个网段,而且本服务器不是这个网段的网关,就要设置NAT策略或者静态路由。
例如,外部客户端连到Ubuntu服务器上的OpenVPN服务端,而这台Ubuntu服务器是路由器下面的一个设备,外部客户端想要访问路由器或者路由器下面的其它设备。
先说NAT策略,使用iptables即可完成设置。
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE
iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -A FORWARD -d 10.8.0.0/24 -j ACCEPT
如果不做NAT策略,也可以在路由器上设置一条静态路由,将10.8.0.0/24这个网段的数据包的转发至Ubuntu服务器的ip地址。
6.移动设备Anddroid和IOS配置文件
client
dev tun
proto tcp
# 改成你自己需要的地址和端口
remote xx.xx.com 9999
resolv-retry infinite
nobind
persist-key
persist-tun
ns-cert-type server
auth-user-pass
compress lz4-v2
verb 3
## 证书
<ca>
-----BEGIN CERTIFICATE-----
MIIFHDCCBASgAwIBAgIUJ4WZWV2YOpVZWfnhkqK2xOFJJJ8wDQYJKoZIhvcNAQEL
BQAwgbIxCzAJBgNVBAYTAkNOMQswCQYDVQQIEwJDQTEPMA0GA1UEBxMGS2FsYW1p
MRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24xIDAeBgNVBAsTF1h1ZWl0T3JnYW5pemF0
aW9uYWxVbml0MRgwFgYDVQQDEw9Gb3J0LUZ1bnN0b24gQ0ExEDAOBgNVBCkTB0Vh
c3lSU0ExIDAeBgkqhkiG9w0BCQEWEUthbGFtaUBrYWxhbWkuY29tMB4XDTIyMTAx
MDA2MTQwMFoXDTMyMTAwNzA2MTQwMFowgbIxCzAJBgNVBAYTAkNOMQswCQYDVQQI
EwJDQTEPMA0GA1UEBxMGS2FsYW1pMRUwEwYDVQQKEwxGb3J0LUZ1bnN0b24xIDAe
BgNVBAsTF1h1ZWl0T3JnYW5pemF0aW9uYWxVbml0MRgwFgYDVQQDEw9Gb3J0LUZ1
bnN0b24gQ0ExEDAOBgNVBCkTB0Vhc3lSU0ExIDAeBgkqhkiG9w0BCQEWEUthbGFt
aUBrYWxhbWkuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuZVk
0BJKoWpLUEL2QuPwL1skE1QSGpL1W4KwxkvyhWDZg6hxZ5NVRylaSsfmo+aHipRM
1sktskJxJNwvTn9BfEFnbeFGhFIpEnwhnjgkEIZofXgUVZlE9etRNsBgW/nTb46O
NgkwfFTUHrAz6mTW2OPNGCD95xxW4brQcS/gEsYNN5yzxl74wXqNmmcxRtPrX6aE
OwKa+ME7ZykuVorcwAEO/TJXzPB/pY0tixzFk5pKf2q0JHBBiylqVzeHmoK5rcxO
/T67c1IozN+i6TQta1vgS55aNXuBVCpo8HsdeFze/3PC/sOSfFV5LaeyArE8frfn
PLgCtarJdBGdtOq66wIDAQABo4IBJjCCASIwHQYDVR0OBBYEFJhtDPiHzusbLYtS
f2f0oB2M5VYqMIHyBgNVHSMEgeowgeeAFJhtDPiHzusbLYtSf2f0oB2M5VYqoYG4
pIG1MIGyMQswCQYDVQQGEwJDTjELMAkGA1UECBMCQ0ExDzANBgNVBAcTBkthbGFt
aTEVMBMGA1UEChMMRm9ydC1GdW5zdG9uMSAwHgYDVQQLExdYdWVpdE9yZ2FuaXph
dGlvbmFsVW5pdDEYMBYGA1UEAxMPRm9ydC1GdW5zdG9uIENBMRAwDgYDVQQpEwdF
YXN5UlNBMSAwHgYJKoZIhvcNAQkBFhFLYWxhbWlAa2FsYW1pLmNvbYIUJ4WZWV2Y
OpVZWfnhkqK2xOFJJJ8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEA
NyP6wNHYVCjn3PB4TZWuwJxsPU7wuipVMBSGmjsOvXpsbUy0GQmm+rhUPm2Yc7Cs
+/CUvsFXSkws0l4Lhk3JFlhEmdsEGJ8R47Uei6YBt5msJ1TZJ5SSx/NRFHs4quFH
dH/q1Wv/EkoplehGNu4xw9DCQh+XZ95COqK42UggPedPN6/1fyl95gyJYRaKEjmD
drOTcVhMRNcap6Nm5LuTOEmUpKRsQZTSufEv4cVyCmH3ODnY2U/C8apORaxX2CXm
sYryDCjn4V0pnPV0G3uAZW5+mIrE/tELxef8mx0N9k7dtEImNWeF8aClPqauyGMF
Q26w2MGkuONtMp0T7FTecQ==
-----END CERTIFICATE-----
</ca>
<cert>
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=CN, ST=CA, L=Kalami, O=Fort-Funston, OU=XueitOrganizationalUnit, CN=Fort-Funston CA/name=EasyRSA/emailAddress=Kalami@kalami.com
Validity
Not Before: Oct 10 06:17:59 2022 GMT
Not After : Oct 7 06:17:59 2032 GMT
Subject: C=CN, ST=CA, L=Kalami, O=Fort-Funston, OU=XueitOrganizationalUnit, CN=client/name=EasyRSA/emailAddress=Kalami@kalami.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:58:f7:10:3c:5c:44:3d:a3:bd:e1:00:fa:ee:
84:5a:57:41:41:48:29:57:8c:41:db:8a:c5:83:3f:
73:a1:e9:94:10:a5:fe:a5:fe:26:59:45:6c:73:87:
1d:ef:d5:3a:7d:67:c0:30:9d:8e:81:53:d9:9a:0f:
cb:93:6a:ee:0d:58:b6:1d:6e:8e:a4:45:01:86:e6:
3b:c4:d5:39:06:01:7c:e4:e9:97:e2:c2:c2:00:a0:
60:a2:ca:d5:43:7b:d1:5d:c9:92:70:f8:dd:4b:4a:
5f:26:4c:d4:91:ec:37:1f:07:f9:96:02:84:b5:78:
c7:4b:bd:ea:d5:e2:52:e3:8e:02:bd:32:78:c0:3f:
73:15:ca:25:21:25:6b:7a:c9:b9:98:21:a0:00:f9:
96:12:fe:28:a4:65:97:55:50:cc:96:a6:42:4a:1e:
b5:b7:30:db:f7:2c:c3:28:ea:9b:f6:b7:76:30:05:
2a:b9:b8:f2:17:2b:42:d7:cc:bf:a6:99:2e:3a:3c:
8c:c4:0c:cb:c4:ed:95:53:32:3f:f1:09:01:e2:28:
a2:e6:43:5c:63:dd:39:a0:b5:69:df:93:4a:71:ca:
da:86:79:f6:d3:af:fc:6e:12:aa:20:ae:c4:da:fd:
52:84:5f:79:86:85:85:6e:eb:49:7f:cb:c8:f1:c8:
de:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
Easy-RSA Generated Certificate
X509v3 Subject Key Identifier:
9A:94:9C:EA:E2:EE:9A:6E:B0:2E:B9:2A:EC:E6:2E:3D:A1:5E:78:CC
X509v3 Authority Key Identifier:
keyid:98:6D:0C:F8:87:CE:EB:1B:2D:8B:52:7F:67:F4:A0:1D:8C:E5:56:2A
DirName:/C=CN/ST=CA/L=Kalami/O=Fort-Funston/OU=XueitOrganizationalUnit/CN=Fort-Funston CA/name=EasyRSA/emailAddress=Kalami@kalami.com
serial:27:85:99:59:5D:98:3A:95:59:59:F9:E1:92:A2:B6:C4:E1:49:24:9F
X509v3 Extended Key Usage:
TLS Web Client Authentication
X509v3 Key Usage:
Digital Signature
X509v3 Subject Alternative Name:
DNS:client
Signature Algorithm: sha256WithRSAEncryption
24:14:15:99:d4:30:6a:a4:cd:46:72:0b:ca:42:f5:b3:ae:67:
03:2d:01:e9:ce:02:9a:f0:8d:96:d8:9f:44:78:ad:88:71:6a:
65:1b:3d:92:19:70:20:0e:7d:29:61:63:b5:aa:9f:88:8e:e3:
ae:63:e0:a5:92:23:9f:c1:b4:5d:72:d5:2d:3d:d6:50:10:e8:
3c:22:d8:d1:04:1d:2d:20:00:36:74:99:24:79:3f:0a:43:e2:
ad:85:f5:17:5c:26:80:c6:80:49:91:69:51:54:06:93:b5:b8:
53:e5:8e:bd:96:a5:06:7e:79:15:ef:11:10:6d:62:31:7a:5c:
21:42:bf:c6:69:6d:78:50:c5:ca:75:3d:84:01:db:2d:6e:44:
02:e1:14:0f:52:d9:00:57:ed:cd:dc:b3:cb:bf:23:71:30:97:
5e:20:11:a6:1c:9a:5b:97:d9:08:48:34:6a:48:cc:cb:ae:13:
ab:e0:9e:a4:18:9b:24:f1:25:d3:2f:dc:2a:e7:01:aa:73:06:
4b:25:29:de:e1:90:b1:06:55:d4:01:1b:26:47:f0:61:aa:bf:
61:b9:a7:63:ca:59:4f:7c:95:00:d7:ab:b8:6a:de:bd:16:f1:
70:71:9b:e5:4b:f4:49:55:8b:03:33:81:49:ff:6d:16:0a:bc:
75:f1:15:2b
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBsjELMAkGA1UEBhMCQ04x
CzAJBgNVBAgTAkNBMQ8wDQYDVQQHEwZLYWxhbWkxFTATBgNVBAoTDEZvcnQtRnVu
c3RvbjEgMB4GA1UECxMXWHVlaXRPcmdhbml6YXRpb25hbFVuaXQxGDAWBgNVBAMT
D0ZvcnQtRnVuc3RvbiBDQTEQMA4GA1UEKRMHRWFzeVJTQTEgMB4GCSqGSIb3DQEJ
ARYRS2FsYW1pQGthbGFtaS5jb20wHhcNMjIxMDEwMDYxNzU5WhcNMzIxMDA3MDYx
NzU5WjCBqTELMAkGA1UEBhMCQ04xCzAJBgNVBAgTAkNBMQ8wDQYDVQQHEwZLYWxh
bWkxFTATBgNVBAoTDEZvcnQtRnVuc3RvbjEgMB4GA1UECxMXWHVlaXRPcmdhbml6
YXRpb25hbFVuaXQxDzANBgNVBAMTBmNsaWVudDEQMA4GA1UEKRMHRWFzeVJTQTEg
MB4GCSqGSIb3DQEJARYRS2FsYW1pQGthbGFtaS5jb20wggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDRWPcQPFxEPaO94QD67oRaV0FBSClXjEHbisWDP3Oh
6ZQQpf6l/iZZRWxzhx3v1Tp9Z8AwnY6BU9maD8uTau4NWLYdbo6kRQGG5jvE1TkG
AXzk6ZfiwsIAoGCiytVDe9FdyZJw+N1LSl8mTNSR7DcfB/mWAoS1eMdLverV4lLj
jgK9MnjAP3MVyiUhJWt6ybmYIaAA+ZYS/iikZZdVUMyWpkJKHrW3MNv3LMMo6pv2
t3YwBSq5uPIXK0LXzL+mmS46PIzEDMvE7ZVTMj/xCQHiKKLmQ1xj3TmgtWnfk0px
ytqGefbTr/xuEqogrsTa/VKEX3mGhYVu60l/y8jxyN6BAgMBAAGjggGHMIIBgzAJ
BgNVHRMEAjAAMC0GCWCGSAGG+EIBDQQgFh5FYXN5LVJTQSBHZW5lcmF0ZWQgQ2Vy
dGlmaWNhdGUwHQYDVR0OBBYEFJqUnOri7ppusC65KuzmLj2hXnjMMIHyBgNVHSME
geowgeeAFJhtDPiHzusbLYtSf2f0oB2M5VYqoYG4pIG1MIGyMQswCQYDVQQGEwJD
TjELMAkGA1UECBMCQ0ExDzANBgNVBAcTBkthbGFtaTEVMBMGA1UEChMMRm9ydC1G
dW5zdG9uMSAwHgYDVQQLExdYdWVpdE9yZ2FuaXphdGlvbmFsVW5pdDEYMBYGA1UE
AxMPRm9ydC1GdW5zdG9uIENBMRAwDgYDVQQpEwdFYXN5UlNBMSAwHgYJKoZIhvcN
AQkBFhFLYWxhbWlAa2FsYW1pLmNvbYIUJ4WZWV2YOpVZWfnhkqK2xOFJJJ8wEwYD
VR0lBAwwCgYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMBEGA1UdEQQKMAiCBmNsaWVu
dDANBgkqhkiG9w0BAQsFAAOCAQEAJBQVmdQwaqTNRnILykL1s65nAy0B6c4CmvCN
ltifRHitiHFqZRs9khlwIA59KWFjtaqfiI7jrmPgpZIjn8G0XXLVLT3WUBDoPCLY
0QQdLSAANnSZJHk/CkPirYX1F1wmgMaASZFpUVQGk7W4U+WOvZalBn55Fe8REG1i
MXpcIUK/xmlteFDFynU9hAHbLW5EAuEUD1LZAFftzdyzy78jcTCXXiARphyaW5fZ
CEg0akjMy64Tq+CepBibJPEl0y/cKucBqnMGSyUp3uGQsQZV1AEbJkfwYaq/Ybmn
Y8pZT3yVANeruGrevRbxcHGb5Uv0SVWLAzOBSf9tFgq8dfEVKw==
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDRWPcQPFxEPaO9
4QD67oRaV0FBSClXjEHbisWDP3Oh6ZQQpf6l/iZZRWxzhx3v1Tp9Z8AwnY6BU9ma
D8uTau4NWLYdbo6kRQGG5jvE1TkGAXzk6ZfiwsIAoGCiytVDe9FdyZJw+N1LSl8m
TNSR7DcfB/mWAoS1eMdLverV4lLjjgK9MnjAP3MVyiUhJWt6ybmYIaAA+ZYS/iik
ZZdVUMyWpkJKHrW3MNv3LMMo6pv2t3YwBSq5uPIXK0LXzL+mmS46PIzEDMvE7ZVT
Mj/xCQHiKKLmQ1xj3TmgtWnfk0pxytqGefbTr/xuEqogrsTa/VKEX3mGhYVu60l/
y8jxyN6BAgMBAAECggEAcfbpgKgrXmbj5bFAlFoWKQwJFR3Qi71p+Lch8OIw87qx
hSKobvrdK4n0kSvEK1S745sAcDbFZjgcZJcmrtjuQMvDUGBoPJroSuS5Mt0UjuVu
dTuJGMQHUsn78YNT98nG3zSliOShq6QQCkyXB9084KK5x2UVk6jtbZk05zyu/PrN
Cm+4w17Ep8kP/ODJu2krOKGCMryrcZQyjWiHTaoXaCDw0n98WLee3m3YDi9yqXzq
cDsp8t90p6cqLB6v47hfaiTzjoNrFVl6YdulEa2s0D2vh+0Bfz1Mub5nJ2AePkzy
bJQCVWqHK2QUFZeOTS+k0iDsFVbtKFt7bUKiXZwLdQKBgQDosnkcKg+T8Rn1jzfr
wFjc4Amp7FXaVkB2uDHP8gq34b54xGN9srrL9RExSdi4dKetbsLFK2jGqet2VElp
2relJ6V2pwKvoAPswnduW5Qt5z/tiiXmqV3V7ux8zow/ld9TKt4qUdR8FTUpAOYB
4ttuSat0l7T5wmUhZTMpgn5iDwKBgQDmT+Ps3RWPFu17AaMruwXVz4CCZxvDf9aH
SBOgpzGx3q+RTJy5XllKsjtwmwc79CBU10p9Rx9JUa6pVmFUloeCwSVOh+7Wuutl
mBWeLSBlzufDTfm65gLhbFFpa1uZ5G3F5yAv8we/l61/N8RtqWVn2dmq5Jbokq42
OE1iHlAGbwKBgDvmJTLQyO3GNG53jWeMPdOtgA9TnM31QebNh1UF8yheXc9sjke/
CEKUNPbBEZ55uOf2CQEEKZZqCwiMrdEn0fobeIZQe2qGADyj2mZ4AG7IhjY5R4RW
uKbnN8zwxj1f8PrRoBq4sb+3HdYOOyblJKMBJ7d9jcJ0/d9Y05Ct3KaVAoGAGP1c
JsxKVY9QT0N7N/iABpYQRJX5fjn1xhH9BzZ8/ubBuAtPChIBsEgsiOhZXZj8lRgT
HgrEi0kQoZEc2HfI1lgsuxumv6fieNCKr/IHjORpY1inmy7v6xO8taqPcuBFRO7y
ICHHmnNTwPUFHD0AIseRhaht82hO/NUZGGdfmYMCgYEA3w0ibP/BOq7PgKuE5jcd
KrfJLTC3Vqlh+oSrYLAmv005mS3nd9KoTYyrTnRKbPQ5TzSIAPJtNdZqDmXmWi0f
hD8ORewGNzHBeR3dIUBtUjxyWKp6uujSiaXuEkg59vpAXdIeUBsgwtklFbj0XU7y
0v3YF8AfekJ3/qfyNq0fQMg=
-----END PRIVATE KEY-----
</key>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
f849e2eb9fb3f4669a948494a8e58cdf
7d3dba5e653c1c09b30009a61eb1be08
668c9fad8302ce1d433326a4f96efe13
b0110986e494a353592f66566b2f8f41
436df32dacf3cf3c9c526654223d5955
3d4c5c6e4987ba600ddcba4be64495d2
cff5b2b4a1240a17b6f0e9cec04c1c55
0a31e65749c77436d31cde7471f3ed78
f91a55fafff1a3261e79835cffc4da0d
ed1d1642081f7f167b8290467c20ec5f
5b83b99e4e7648db3fb8923ddcf58467
9dfb5d502074bdbc65ab1cfa20136ddd
bbc6d6394c5cbd95f58b9da9bb9d55b1
b9cc17134fe13bc332c2bb4b092eabbb
af906a3ffb3c53ca450cf2b17fa4cd5c
495abf6200e8206d99c8fe48e85905e5
-----END OpenVPN Static key V1-----
</tls-auth>
- 微信扫码赞助
-
- 支付宝赞助
-
