TXT

OpenVPN Install ffe

By Martin Long,2014-11-16 19:26
16 views 0
OpenVPN Install ffe

    我注意到Linux TAP驱动(内核2.4.212.4.22)使用TCP对话建立会话?如果--mssifx使用了一个比较小值时会引起会话停止。TCP会话表现为VPN对端ping正常的情况下也会有停止和重新连接的现象。

    * 如果使用OpenBSD包过滤PF构建的防火墙并且过滤规则中包含“scrub”指令?你通过隧道和Linux系统通信可能会有问题?因为scrubbing将会丢弃从Linux主机发送的分片包。这种现象通常表现为小包和ping报文可以通过但是大包和“正常的流量”将不能通过。为了避免这个情况?增加“no-df”到scrub指令?这样包过滤器(PF)将会让分片使用“不分片”标志并且让其通过。

    * 不建议OFB CFB 加密算法和静态密钥混合使用?并且在OpenVPN版本1.2.1和更高版本将会提示错误。如果你使用--cipher 选项明确的选择使用 OFB CFB 加密算法并且你使用的时静态密钥方式?当两端的OpenVPN程序在刚好在同一个时间发起连接可能会导致IV冲突?因为OpenVPN使用时间戳和一个顺序号作为OFB CFBIV加密算法?如果你使用的时CBC~默认?加密算法?或者你使用OFBCFB加密算法配置SSL/TSL验证将不存在这个问题。

--------------------------------------------------------------------------------

Openvpn.spec文件?用来创建RPM二进制文件包

    # OpenVPN spec file, used to drive rpmbuild

# OPTIONS

#

# Disable LZO

# rpmbuild -tb [openvpn.x.tar.gz] --define 'without_lzo 1'

#

# Disable PAM plugin

# rpmbuild -tb [openvpn.x.tar.gz] --define 'without_pam 1'

#

# Allow passwords to be read from files

    # rpmbuild -tb [openvpn.x.tar.gz] --define 'with_password_save 1'

#

# Use this on RH9 and RHEL3

    # rpmbuild -tb [openvpn.x.tar.gz] --define 'with_kerberos 1'

Summary: OpenVPN is a robust and highly flexible VPN daemon by James Yonan.

Name: openvpn

Version: 2.0.7

Release: 1

URL: http://openvpn.net/

Source0:

    http://prdownloads.sourceforge.net/openvpn/%{name}-%{version}.tar.gz

License: GPL

Group: Applications/Internet

Vendor: James Yonan

Packager: James Yonan

BuildRoot: %{_tmppath}/%{name}-%(id -un)

#

# Include dependencies manually

#

AutoReq: 0

BuildRequires: openssl-devel >= 0.9.6

Requires: openssl >= 0.9.6

%if "%{_vendor}" == "Mandrakesoft"

    %{!?without_lzo:BuildRequires: liblzo1-devel >= 1.07}

    %{!?without_lzo:Requires: liblzo1 >= 1.07}

%else

%if "%{_vendor}" == "MandrakeSoft"

    %{!?without_lzo:BuildRequires: liblzo1-devel >= 1.07}

    %{!?without_lzo:Requires: liblzo1 >= 1.07}

%else

    %{!?without_lzo:BuildRequires: lzo-devel >= 1.07}

    %{!?without_lzo:Requires: lzo >= 1.07}

%endif

%endif

%{!?without_pam:BuildRequires: pam-devel}

%{!?without_pam:Requires: pam}

#

# Description

#

%description

OpenVPN is a robust and highly flexible VPN daemon by James Yonan.

OpenVPN supports SSL/TLS security,

ethernet bridging,

    TCP or UDP tunnel transport through proxies or NAT,

    support for dynamic IP addresses and DHCP,

    scalability to hundreds or thousands of users,

    and portability to most major OS platforms.

#

# Define vendor type

#

    %if "%{_vendor}" == "suse" || "%{_vendor}" == "pc"

%define VENDOR SuSE

%else

%define VENDOR %_vendor

%endif

#

# Should we build the auth-pam module?

#

    %define build_auth_pam 1

%{?without_pam:%define build_auth_pam 0}

#

# Other definitions

#

    %define debug_package %{nil}

#

# Build OpenVPN binary

#

%prep

%setup -q

%build

%configure

    --disable-dependency-tracking %{?with_password_save:--enable-password-save} %{?w

    ithout_lzo:--disable-lzo} %{?with_kerberos:--with-ssl-headers=/usr/kerberos/incl

    ude}

%__make

%__strip %{name}

    # Build down-root plugin

    pushd plugin/down-root

%__make

popd

    # Build auth-pam plugin

    %if %{build_auth_pam}

    pushd plugin/auth-pam

%__make

popd

%endif

#

    # Installation section

#

%install

[ %{buildroot} != "/" ] && rm -rf %{buildroot}

# Install man page

    %__install -c -d -m 755 %{buildroot}%{_mandir}/man8

    %__install -c -m 755 %{name}.8 %{buildroot}%{_mandir}/man8

# Install binary

%__install -c -d -m 755 %{buildroot}%{_sbindir}

    %__install -c -m 755 %{name} %{buildroot}%{_sbindir}

# Install init script

%if "%{VENDOR}" == "SuSE"

%__install -c -d -m 755 %{buildroot}/etc/init.d

%__sed -e 's#openvpn=\"/usr/local/sbin/openvpn\"#openvpn=\"/usr/sbin/openvpn\"#'

    < suse/%{name}.init > %{_tmppath}/%{name}.init

%__install -c -m 755 %{_tmppath}/%{name}.init %{buildroot}/etc/init.d/%{name}

%__rm %{_tmppath}/%{name}.init

%else

    %__install -c -d -m 755 %{buildroot}/etc/rc.d/init.d

%__install -c -m 755

    sample-scripts/%{name}.init %{buildroot}/etc/rc.d/init.d/%{name}

%endif

# Install /etc/openvpn

    %__install -c -d -m 755 %{buildroot}/etc/%{name}

#

# Build /usr/share/openvpn

#

    %__mkdir_p %{buildroot}%{_datadir}/%{name}

#

# Install the plugins

#

    %__mkdir_p %{buildroot}%{_datadir}/%{name}/plugin/lib

for pi in auth-pam down-root; do

     %__mv -f plugin/$pi/README plugin/README.$pi

     if [ -e plugin/$pi/openvpn-$pi.so ]; then

     %__install -c -m 755

    plugin/$pi/openvpn-$pi.so %{buildroot}%{_datadir}/openvpn/plugin/lib/openvpn-$pi

    .so

     fi

done

    %__mv -f plugin/README plugin/README.plugins

#

# Clean section

#

%clean

    [ %{buildroot} != "/" ] && rm -rf %{buildroot}

#

    # On Linux 2.4, make the device node

#

%post

case "`uname -r`" in

2.4*)

     /bin/mkdir /dev/net >/dev/null 2>&1

     /bin/mknod /dev/net/tun c 10 200 >/dev/null 2>&1

     ;;

esac

#

# Handle the init script

#

    /sbin/chkconfig --add %{name}

%if "%{VENDOR}" == "SuSE"

    /etc/init.d/openvpn restart

%else

    /sbin/service %{name} condrestart

%endif

%preun

if [ "$1" = 0 ]

then

     %if "%{VENDOR}" == "SuSE"

     /etc/init.d/openvpn stop

     %else

     /sbin/service %{name} stop

     %endif

     /sbin/chkconfig --del %{name}

fi

Report this document

For any questions or suggestions please email
cust-service@docsford.com