jeremy9678 wrote:
好的!謝謝你那我再...(恕刪)
你買的時候地區選國內的, 不過不要選青島 (好像是華北1區), 聽說不太好.
個人積分:11分
文章編號:62405882
個人積分:204分
文章編號:62407847
新的liunx 工作站又開始不支援用密碼的ipsec ..要改用金鑰,, SVM8421 又只有密碼方式的ipsec ..
等半天原廠也無法支援.
這篇router os 也看了很久..心一狠...就給他弄了台CCR 回來.
但是發現跟一般的router 有很大的差異..我的實體配置如下.
我現在卡在NAT 不開DHCP server 要用MAC 綁定ip 的方式..20幾台的PC+NAS+print+網路設備..
還有mail server + DNS server ,我以前是用1:1 NAT 只接把外部ip 轉道內部ip給 mail server + DNS server 用.
另外還有防火牆的部分..完全模不著頭緒...
最後就是要開openvpn 連到內網的 Linux CAD workstation , 還有NAS 取檔..
有請先進幫忙指導了...
個人積分:204分
文章編號:62407976
個人積分:618分
文章編號:62408141
個人積分:204分
文章編號:62408346
個人積分:1603分
文章編號:62410153
LoveTaiwan wrote:中華固6請您這麼設:
以前是用1:1 NAT 只接把外部ip 轉道內部ip給 mail server + DNS server 用.
/ip firewall address (ether1設定6組固定ip)
/ip route (新增路由,指定固6的gateway)
/ip firewall nat (新增mail server)
mail server:
NAT入:
NAT出:
其它的server依樣畫葫蘆即可
開openvpn 連到內網的 Linux CAD workstation同上NAT您要指定一個固定IP給Router用,但不用像Server一樣設NAT入.
且記住NAT出在順序上要擺在所有server NAT出的下方,不能擺在任一個上方.
1. /ip pool (新增ovpn-pool)
pool的規則請依:
10.0.0.0/30
10.0.0.4/30
10.0.0.8/30
10.0.0.12/30...以下類推.
想開多少帳號,就需新增多少組pool
2. /file 將ovpn的ca.crt與ca.key(或個人準備的憑證),從桌面拉進file視窗
3. /system certificate (用import分別將ca.crt與ca.key進行匯入,匯入成功會註示KT)
4. /interface ovpn-server (開啟ovpn-server)
5. /ppp profile (vpn設定擋,同樣每組帳號都得新增一組vpn-profile)
6. /ppp secret (新增ovpn帳號)
7.開啟Windows電腦的附屬應用程式,選擇WordPad編輯ovpn-client設定檔
ca存放ca.crt / cert存放client.crt / key存放client.key
(或者使用您個人憑證,但需與ovpn-server相對應)
client若client使用的是Windows桌機 ,ovpn-client設定檔可刪去cert與key這兩個憑證內容
dev tun
remote 1.23.123.123 1194
proto tcp
auth-user-pass
redirect-gateway
mute-replay-warnings
<ca>
-----BEGIN CERTIFICATE-----
MIIDBDCCAm2gAwIBAgIJAM8oNFlxL3rSMA0GCSqGSIb3DQEBBAUAMGAxCzAJBgNV
BAYTAlRXMQswCQYDVQQIEwJUVzEPMA0GA1UEBxMGVGFpcGVpMQ0wCwYDVQQKEwRo
b21lMSQwIgYJKoZIhvcNAQkBFhV4eHh4eHh4eEB5YWhvby5jb20udHcwHhcNMTIx
MjExMTYyNDIzWhcNMjIxMjA5MTYyNDIzWjBgMQswCQYDVQQGEwJUVzELMAkGA1UE
CBMCVFcxDzANBgNVBAcTBlRhaXBlaTENMAsGA1UEChMEaG9tZTEkMCIGCSqGSIb3
DQEJARYVeHh4eHh4eHhAeWFob28uY29tLnR3MIGfMA0GCSqGSIb3DQEBAQUAA4GN
ADCBiQKBgQDTIffwLYBebqwQBSGb8K9wIF4b5HRVoTqfS8ZTc07TB07DZkGcTOX4
HhEnW093KggwVfzRLXk+xzw2uK6iQjJo+9DJqsVviw8sQivs+ZtxAgiZSEeMfsY+
03YRXgYm6N684qt25ge/EyhuO6peWNRIcS3nW1FXPJ736e1+l/yVQQIDAQABo4HF
MIHCMB0GA1UdDgQWBBQAirU2p0HRWb6DBzGl+UpFzghiAzCBkgYDVR0jBIGKMIGH
gBQAirU2p0HRWb6DBzGl+UpFzghiA6FkpGIwYDELMAkGA1UEBhMCVFcxCzAJBgNV
BAgTAlRXMQ8wDQYDVQQHEwZUYWlwZWkxDTALBgNVBAoTBGhvbWUxJDAiBgkqhkiG
9w0BCQEWFXh4eHh4eHh4QHlhaG9vLmNvbS50d4IJAM8oNFlxL3rSMAwGA1UdEwQF
MAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAP/rusq6/L1Ju0F8yJPUtvqq7i2WevRUW
b0s0uy076XX/njvY16QnGeqZSw7mi59TSa2kEkO/nDPcCE88y6Q2yCl+CHx3hZLe
2zBuxZ4kCaVlAVks8XI2PbqYxASAH8INzDrqfY0ISsGiIVACGnIS9O3DmUtV93De
NLzt4kDBET0=
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIIDJzCCApCgAwIBAgIBAjANBgkqhkiG9w0BAQQFADBgMQswCQYDVQQGEwJUVzEL
MAkGA1UECBMCVFcxDzANBgNVBAcTBlRhaXBlaTENMAsGA1UEChMEaG9tZTEkMCIG
CSqGSIb3DQEJARYVeHh4eHh4eHhAeWFob28uY29tLnR3MB4XDTEyMTIxMjAxMzA1
OFoXDTIyMTIxMDAxMzA1OFowYDELMAkGA1UEBhMCVFcxCzAJBgNVBAgTAlRXMQ0w
CwYDVQQKEwRob21lMQ8wDQYDVQQDEwZjbGllbnQxJDAiBgkqhkiG9w0BCQEWFXh4
eHh4eHh4QHlhaG9vLmNvbS50dzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
wUOdzSIu/vGFAoYo8nTzjVzwSftSwxRF9qlMsfFZfE/aVWhUpxFdWFio7qV+oo6j
lSvYsEFGC49rmjs0gpc8eoZo65doMzDwwkN4lxu30Jjqah9HtY5EcZX9R1Gl6t3Q
lhD9nUDEjSDH8SWY81uG60/yvV2V/7WW0eWI2iw4/D0CAwEAAaOB8DCB7TAJBgNV
HRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZp
Y2F0ZTAdBgNVHQ4EFgQUk6pp88OQjLIFQ+v9UAm6UHC3od4wgZIGA1UdIwSBijCB
h4AUAIq1NqdB0Vm+gwcxpflKRc4IYgOhZKRiMGAxCzAJBgNVBAYTAlRXMQswCQYD
VQQIEwJUVzEPMA0GA1UEBxMGVGFpcGVpMQ0wCwYDVQQKEwRob21lMSQwIgYJKoZI
hvcNAQkBFhV4eHh4eHh4eEB5YWhvby5jb20udHeCCQDPKDRZcS960jANBgkqhkiG
9w0BAQQFAAOBgQBE2ATIoN2IBunjlIeSz+eXDd4D8du3Si807i/9knICweBY4Wsv
P/9lpozqcklyRdEFG9UjAfYoz54ULEspiPS7oHKd4bIZsabMLBSAxKq4MvEiIto4
EjKCMSt8WTaSAvES63Hva1kqHhWK50eRAg5llS1awdegu2P5nNxxhB9Knw==
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQDBQ53NIi7+8YUChijydPONXPBJ+1LDFEX2qUyx8Vl8T9pVaFSn
EV1YWKjupX6ijqOVK9iwQUYLj2uaOzSClzx6hmjrl2gzMPDCQ3iXG7fQmOpqH0e1
jkRxlf1HUaXq3dCWEP2dQMSNIMfxJZjzW4brT/K9XZX/tZbR5YjaLDj8PQIDAQAB
AoGAYhEUdq3c2QLm8mPvTTBpEZdSWsgLs++KnOJFh5mnRbwjVulM40WdbyH1/rq9
anEksqIAH1fP2jfZavaV65ogVk1q8sSZ1JfY6m0SDlvlMryPmEHnuWbUIJsvmKRB
nN/BwAkbbOB1s2uRHntgs+ktxVTATnre0iI+P5PVfmluKkECQQDx71mcrEvDSL6t
MYPgmm99OoaCC0JuqNMbh1Qw2hMSzreCJFDeghPOwfYDcj235egXjuLdWJCNdsLk
oTx72P+tAkEAzH/perm9Rq1M7UUhw+nKIJqFRyf+VtR1Wk3j4xQmbRfvBns2YjGR
4BB7FlVNyP94z/H1X6TZrrNHPMmjQVlA0QJAU2V9T2t5Bk0KJWt/GSpDKjjFawh0
ku6xLrkchWZ20rHdQghAtCLEry3fHtr/eWfP9Gb1vvUrhwgcMHGABvULVQJAD67X
lwPbkioENkYQ+tdZGvr+saBNjxcoEM7cZTPMZp1pRVP5rbojd82LwwCzwHBnMXta
2ATqdM1m7zB/hqlzoQJBAOM89P0LVPQrcKlp/fN+lIJQQli3jOsUwLNFYbWlqTr8
sa3O2zc8OFj/aPlcSgvmm64H3z5Aa4Pld6lz58ic8bU=
-----END RSA PRIVATE KEY-----
</key>
7.下載OpenVPN Connect
不管您手機使用的是android或ios,
第一次安裝完請關閉OpenVPN Connect的Force AES-CBC ciphersuites
8.將編輯完的ovpn-client設定檔用傳輸線上傳手機,並試著連線.
9.一個ovpn帳號可同時允許2個裝置連線,就這樣
ether port 可以串起來當作一般switch 用嗎Bridge可以任意組合.
1. /interface bridge (新增一組新的bridge-2th)
2. /interface bridge port (建立bridge 與 port的關聯)
將port從舊的bridge 換成bridge-2th即可.
若ether4與ether5同為bridge-2th ,這樣ether4-ether5就同屬獨立新switch ,
與其它的ether分開.
個人積分:67分
文章編號:62413843
個人積分:67分
文章編號:62414198
個人積分:54397分
文章編號:62415242
個人積分:204分
文章編號:62418642
