성태의 닷넷 이야기
홈 주인
모아 놓은 자료
프로그래밍
질문/답변
사용자 관리
사용자
메뉴
아티클
외부 아티클
유용한 코드
온라인 기능
MathJax 입력기
최근 덧글
[정성태] Working with Rust Libraries from C#...
[정성태] Detecting blocking calls using asyn...
[정성태] 아쉽게도, 커뮤니티는 아니고 개인 블로그입니다. ^^
[정성태] 질문이 잘 이해가 안 됩니다. 우선, 해당 소스코드에서 ILis...
[양승조
] var대신 dinamic으로 선언해서 해결은 했습니다. 맞는 해...
[양승조
] 또 막혔습니다. ㅠㅠ var list = props[i].Ge...
[양승조
] 아. 감사합니다. 어제는 안됐던것 같은데....정신을 차려야겠네...
[정성태] "props[i].GetValue(props[i])" 코드에서 ...
[정성태] 저렇게 조각 코드 말고, 실제로 재현이 되는 예제 프로젝트를 압...
[정성태] Modules 창(Ctrl+Shift+U)을 띄워서, 해당 Op...
글쓰기
제목
이름
암호
전자우편
HTML
홈페이지
유형
제니퍼 .NET
닷넷
COM 개체 관련
스크립트
VC++
VS.NET IDE
Windows
Team Foundation Server
디버깅 기술
오류 유형
개발 환경 구성
웹
기타
Linux
Java
DDK
Math
Phone
Graphics
사물인터넷
부모글 보이기/감추기
내용
<div style='display: inline'> <h1 style='font-family: Malgun Gothic, Consolas; font-size: 20pt; color: #006699; text-align: center; font-weight: bold'>윈도우에 OpenVPN 설치 - 클라이언트 측 구성</h1> <p> OpenVPN 서버를 구성했으니,<br /> <br /> <pre style='margin: 10px 0px 10px 10px; padding: 10px 0px 10px 10px; background-color: #fbedbb; overflow: auto; font-family: Consolas, Verdana;' > 윈도우에 OpenVPN 설치 - 서버 측 구성 ; <a target='tab' href='https://www.sysnet.pe.kr/2/0/12224'>https://www.sysnet.pe.kr/2/0/12224</a> </pre> <br /> 이제 해당 네트워크에 참여할 클라이언트 측 구성을 할 차례입니다. OpenVPN의 경우 이 과정도 서버와 동일한 설치 파일을 사용하는데,<br /> <br /> <pre style='margin: 10px 0px 10px 10px; padding: 10px 0px 10px 10px; background-color: #fbedbb; overflow: auto; font-family: Consolas, Verdana;' > OpenVPN - Windows 10/Server 2016/Server 2019 installer (NSIS) GnuPG Signature openvpn-install-2.4.9-I601-Win10.exe ; <a target='tab' href='https://openvpn.net/community-downloads/'>https://openvpn.net/community-downloads/</a> </pre> <br /> 단지 이번에는 설치 과정에 나오는 질문들은 모두 그냥 기본값으로 두고 설치를 진행해도 됩니다. (즉, "EasyRSA2 Certificate Management Scripts" 구성 요소를 설치할 필요는 없습니다.)<br /> <br /> 설치가 완료되면, 이번에도 마찬가지로 "C:\Program Files\OpenVPN"에 파일이 위치합니다.<br /> <br /> <hr style='width: 50%' /><br /> <br /> 바이너리는 클라이언트에 설치했지만, 이제 다시 서버 쪽 환경으로 넘어가서 ca 인증 기관으로부터 클라이언트를 위한 인증서를 하나 발급받아야 합니다.<br /> <br /> <pre style='margin: 10px 0px 10px 10px; padding: 10px 0px 10px 10px; background-color: #fbedbb; overflow: auto; font-family: Consolas, Verdana;' > // 서버 측에서 클라이언트를 위한 인증서 생성 (Common Name은 임의의 값 사용) C:\Users\clntusr> <span style='color: blue; font-weight: bold'>cd "C:\Program Files\OpenVPN\easy-rsa"</span> C:\Program Files\OpenVPN\easy-rsa> <span style='color: blue; font-weight: bold'>vars</span> C:\Program Files\OpenVPN\easy-rsa> <span style='color: blue; font-weight: bold'>build-key client1</span> Ignoring -days; not generating a certificate Generating a RSA private key ..........................................................................++++ .....................................................................................................................................................................................................++++ writing new private key to 'keys\client1.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [US]: State or Province Name (full name) [CA]: Locality Name (eg, city) [SanFrancisco]: Organization Name (eg, company) [OpenVPN]: Organizational Unit Name (eg, section) [changeme]: Common Name (eg, your name or your server's hostname) [changeme]:<span style='color: blue; font-weight: bold'>myvpnclient1</span> Name [changeme]: Email Address [mail@host.domain]: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: Using configuration from openssl-1.0.0.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows countryName :PRINTABLE:'US' stateOrProvinceName :PRINTABLE:'CA' localityName :PRINTABLE:'SanFrancisco' organizationName :PRINTABLE:'OpenVPN' organizationalUnitName:PRINTABLE:'changeme' commonName :PRINTABLE:'myvpnclient1' name :PRINTABLE:'changeme' emailAddress :IA5STRING:'mail@host.domain' Certificate is to be certified until Jun 9 00:33:57 2030 GMT (3650 days) Sign the certificate? [y/n]:<span style='color: blue; font-weight: bold'>y</span> 1 out of 1 certificate requests certified, commit? [y/n]<span style='color: blue; font-weight: bold'>y</span> Write out database with 1 new entries Data Base Updated C:\Program Files\OpenVPN\easy-rsa> </pre> <br /> 명령이 완료되었으면 "C:\Program Files\OpenVPN\easy-rsa\keys" 폴더에 client1.crt, client1.csr, client1.key 파일이 생성됩니다. 그럼, 이전에 생성해 두었던 ca.crt, ta.key 파일을 포함한 다음의 파일들을,<br /> <br /> <ul> <li>ca.crt</li> <li>client1.crt</li> <li>client1.key</li> <li>ta.key</li> </ul> <br /> 클라이언트 측의 "C:\Program Files\OpenVPN\config" 폴더에 복사합니다. 또한 서버 때와 마찬가지로 OpenVPN의 동작 환경을 미리 정의한 템플릿 파일인 "C:\Program Files\OpenVPN\sample-config\client.ovpn"을 "C:\Program Files\OpenVPN\config" 폴더에 복사한 후, 다음의 설정들을 변경해 줍니다.<br /> <br /> <pre style='margin: 10px 0px 10px 10px; padding: 10px 0px 10px 10px; background-color: #fbedbb; overflow: auto; font-family: Consolas, Verdana;' > // 만약 OpenVPN 서버의 주소가 my.test.com이라면, remote my.test.com 1194 cert client1.crt key client1.key </pre> <br /> (그 외 값들도 원한다면 자신의 환경에 따라 적절하게 변경한 후), 마지막으로 관리자 권한의 cmd.exe 명령행에서 다음의 명령어로 VPN 연결을 할 수 있습니다.<br /> <br /> <pre style='margin: 10px 0px 10px 10px; padding: 10px 0px 10px 10px; background-color: #fbedbb; overflow: auto; font-family: Consolas, Verdana;' > C:\Program Files\OpenVPN\config> <span style='color: blue; font-weight: bold'>..\bin\openvpn client.ovpn</span> Thu Jun 11 09:42:17 2020 OpenVPN 2.4.9 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Apr 16 2020 Thu Jun 11 09:42:17 2020 Windows version 6.2 (Windows 8 or greater) 64bit Thu Jun 11 09:42:17 2020 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10 Thu Jun 11 09:42:17 2020 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Jun 11 09:42:17 2020 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Thu Jun 11 09:42:17 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]64.102.56.78:1194 Thu Jun 11 09:42:17 2020 Socket Buffers: R=[65536->65536] S=[65536->65536] Thu Jun 11 09:42:17 2020 UDP link local: (not bound) Thu Jun 11 09:42:17 2020 UDP link remote: [AF_INET]64.102.56.78:1194 Thu Jun 11 09:42:17 2020 TLS: Initial packet from [AF_INET]64.102.56.78:1194, sid=35cbd3b6 a489989e Thu Jun 11 09:42:17 2020 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=OpenVPN, OU=changeme, CN=<span style='color: blue; font-weight: bold'>myca</span>, name=changeme, emailAddress=mail@host.domain Thu Jun 11 09:42:17 2020 VERIFY KU OK Thu Jun 11 09:42:17 2020 Validating certificate extended key usage Thu Jun 11 09:42:17 2020 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Thu Jun 11 09:42:17 2020 VERIFY EKU OK Thu Jun 11 09:42:17 2020 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=OpenVPN, OU=changeme, CN=<span style='color: blue; font-weight: bold'>myvpn</span>, name=changeme, emailAddress=mail@host.domain Thu Jun 11 09:42:17 2020 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 4096 bit RSA Thu Jun 11 09:42:17 2020 [myvpn] Peer Connection Initiated with [AF_INET]64.102.56.78:1194 Thu Jun 11 09:42:18 2020 SENT CONTROL [myvpn]: 'PUSH_REQUEST' (status=1) Thu Jun 11 09:42:18 2020 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 8.8.8.8,dhcp-option DNS 168.126.63.1,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM' Thu Jun 11 09:42:18 2020 OPTIONS IMPORT: timers and/or timeouts modified Thu Jun 11 09:42:18 2020 OPTIONS IMPORT: --ifconfig/up options modified Thu Jun 11 09:42:18 2020 OPTIONS IMPORT: route options modified Thu Jun 11 09:42:18 2020 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Thu Jun 11 09:42:18 2020 OPTIONS IMPORT: peer-id set Thu Jun 11 09:42:18 2020 OPTIONS IMPORT: adjusting link_mtu to 1624 Thu Jun 11 09:42:18 2020 OPTIONS IMPORT: data channel crypto options modified Thu Jun 11 09:42:18 2020 Data Channel: using negotiated cipher 'AES-256-GCM' Thu Jun 11 09:42:18 2020 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Thu Jun 11 09:42:18 2020 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Thu Jun 11 09:42:18 2020 interactive service msg_channel=0 Thu Jun 11 09:42:18 2020 ROUTE_GATEWAY 192.168.0.1/255.255.255.0 I=23 HWADDR=1c:23:dc:45:8d:d7 Thu Jun 11 09:42:18 2020 open_tun Thu Jun 11 09:42:18 2020 TAP-WIN32 device [Local Area Connection] opened: \\.\Global\{ADBBCAAE-B7AA-4553-89CD-97141B40AA6F}.tap Thu Jun 11 09:42:18 2020 TAP-Windows Driver Version 9.24 Thu Jun 11 09:42:19 2020 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {ADBBCAAE-B7AA-4553-89CD-97141B40AA6F} [DHCP-serv: 10.8.0.5, lease-time: 31536000] Thu Jun 11 09:42:19 2020 Successful ARP Flush on interface [89] {ADBBCAAE-B7AA-4553-89CD-97141B40AA6F} Thu Jun 11 09:42:24 2020 TEST ROUTES: 1/1 succeeded len=1 ret=1 a=0 u/d=up Thu Jun 11 09:42:24 2020 C:\WINDOWS\system32\route.exe ADD 10.8.0.0 MASK 255.255.255.0 10.8.0.5 Thu Jun 11 09:42:24 2020 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=25 and dwForwardType=4 Thu Jun 11 09:42:24 2020 Route addition via IPAPI succeeded [adaptive] Thu Jun 11 09:42:24 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Thu Jun 11 09:42:24 2020 <span style='color: blue; font-weight: bold'>Initialization Sequence Completed</span> </pre> <br /> 정상적으로 연결되었다면 서버 측 콘솔에는 다음과 같은 식의 내용들이 출력됩니다.<br /> <br /> <pre style='margin: 10px 0px 10px 10px; padding: 10px 0px 10px 10px; background-color: #fbedbb; overflow: auto; font-family: Consolas, Verdana;' > Thu Jun 11 09:42:16 2020 165.24.56.23:59374 TLS: Initial packet from [AF_INET6]::ffff:165.24.56.23:59374, sid=c8110058 5fa1884e Thu Jun 11 09:42:16 2020 165.24.56.23:59374 VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=OpenVPN, OU=changeme, CN=<span style='color: blue; font-weight: bold'>myca</span>, name=changeme, emailAddress=mail@host.domain Thu Jun 11 09:42:16 2020 165.24.56.23:59374 VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=OpenVPN, OU=changeme, CN=<span style='color: blue; font-weight: bold'>myvpnclient1</span>, name=changeme, emailAddress=mail@host.domain Thu Jun 11 09:42:16 2020 165.24.56.23:59374 peer info: IV_VER=2.4.9 Thu Jun 11 09:42:16 2020 165.24.56.23:59374 peer info: IV_PLAT=win Thu Jun 11 09:42:16 2020 165.24.56.23:59374 peer info: IV_PROTO=2 Thu Jun 11 09:42:16 2020 165.24.56.23:59374 peer info: IV_NCP=2 Thu Jun 11 09:42:16 2020 165.24.56.23:59374 peer info: IV_LZ4=1 Thu Jun 11 09:42:16 2020 165.24.56.23:59374 peer info: IV_LZ4v2=1 Thu Jun 11 09:42:16 2020 165.24.56.23:59374 peer info: IV_LZO=1 Thu Jun 11 09:42:16 2020 165.24.56.23:59374 peer info: IV_COMP_STUB=1 Thu Jun 11 09:42:16 2020 165.24.56.23:59374 peer info: IV_COMP_STUBv2=1 Thu Jun 11 09:42:16 2020 165.24.56.23:59374 peer info: IV_TCPNL=1 Thu Jun 11 09:42:16 2020 165.24.56.23:59374 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 4096 bit RSA Thu Jun 11 09:42:16 2020 165.24.56.23:59374 [myvpnclient1] Peer Connection Initiated with [AF_INET6]::ffff:165.24.56.23:59374 Thu Jun 11 09:42:16 2020 myvpnclient1/165.24.56.23:59374 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled) Thu Jun 11 09:42:16 2020 myvpnclient1/165.24.56.23:59374 MULTI: Learn: 10.8.0.6 -> myvpnclient1/165.24.56.23:59374 Thu Jun 11 09:42:16 2020 myvpnclient1/165.24.56.23:59374 MULTI: primary virtual IP for myvpnclient1/165.24.56.23:59374: 10.8.0.6 Thu Jun 11 09:42:17 2020 myvpnclient1/165.24.56.23:59374 PUSH: Received control message: 'PUSH_REQUEST' Thu Jun 11 09:42:17 2020 myvpnclient1/165.24.56.23:59374 SENT CONTROL [myvpnclient1]: 'PUSH_REPLY,dhcp-option DNS 8.8.8.8,dhcp-option DNS 168.126.63.1,route 10.8.0.0 255.255.255.0,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM' (status=1) Thu Jun 11 09:42:17 2020 myvpnclient1/165.24.56.23:59374 Data Channel: using negotiated cipher 'AES-256-GCM' Thu Jun 11 09:42:17 2020 myvpnclient1/165.24.56.23:59374 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Thu Jun 11 09:42:17 2020 myvpnclient1/165.24.56.23:59374 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key </pre> <br /> 일단, 이렇게 잘 동작하는 것을 확인했으면 이후로는 "OpenVPN GUI" 프로그램을 이용해 트레이 아이콘의 "Connect" 메뉴로 VPN 접속을 편리하게 수행할 수 있습니다.<br /> </p><br /> <br /><hr /><span style='color: Maroon'>[이 글에 대해서 여러분들과 의견을 공유하고 싶습니다. 틀리거나 미흡한 부분 또는 의문 사항이 있으시면 언제든 댓글 남겨주십시오.]</span> </div>
첨부파일
스팸 방지용 인증 번호
1599
(왼쪽의 숫자를 입력해야 합니다.)