Introduction
Articles
Snapshots
Links
Books
Commerce
Outdoors
Me :)

Your comments & suggestions may be mailed to:
archeryring@nm.ru

Copyright ї 1998 Taras Plakhotnichenko
Most recent revision 24 Dec 2011


стрельба из лука в России

The first archery dedicated WEB site in Russia




Работающая конфигурация OpenVPN (Linux) c фиксированным  IP для кадого клиента +  Подключение к  шаре на Samb'е

Server :

dev tap0
port 1194
proto udp
mode server
daemon
ifconfig-pool 10.0.0.2 10.0.0.15
ifconfig 10.0.0.1 255.255.255.0
tls-server
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
ifconfig-pool-persist /etc/openvpn/ipp.txt
persist-tun
persist-key
comp-lzo
#if clients are wished to be connected simultanously with the same key - uncomment the string below
#duplicate-cn
cipher BF-CBC
max-clients 10
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
#if verb set to 3 or < the file ipp.txt will not be updated
verb 4

This file (ipp.txt) is created while starting the openvpn daemon - no need to fill it:

client2,10.0.0.2
client1,10.0.0.3

Client1 (OpenVPN 2.2.2 Windows):

dev tap
proto udp
remote x.x.x.x
port 1194
client
tls-client
comp-lzo
ns-cert-type server
ca ca.crt
cert client1.crt
key client1.key
ping 15
ping-restart 120
ping-timer-rem
persist-key
persist-tun
verb 3
ca ca.crt
cert client1.crt
key client1.key

Client2 (OpenVPN 2.2.2 Windows):

dev tap
proto udp
remote 178.20.233.187
port 1194
client
tls-client
comp-lzo
ns-cert-type server
ca ca.crt
cert client1.crt
key client1.key
ping 15
ping-restart 120
ping-timer-rem
persist-key
persist-tun
verb 3
ca ca.crt
cert client2.crt
key client2.key

Generating certs and keys:

cp -R /usr/share/doc/openvpn-2.2.0/easy-rsa/2.0/ /etc/openvpn/easy-rsa/
vi /etc/openvpn/easy-rsa/2.0/vars

***
export KEY_COUNTRY="RU"
export KEY_PROVINCE="RU"
export KEY_CITY="S.Petersburg"
export KEY_ORG="mycompany"
export KEY_EMAIL="mycompany@mycompany.ru"
***

cd /etc/openvpn/easy-rsa/2.0
chmod g+x *
. ./vars
./clean-all
./build-ca
./build-dh

./build-key-server server

***
Common Name (eg, your name or your server's hostname) [server]:server
***

./build-key client1

***
Common Name (eg, your name or your server's hostname) [ ]:client1
***

Add new client:

source ./vars
./build-key client2

Samba - smb.conf:

[global]
netbios name = samba server
interfaces = 10.0.0.1
workgroup = WORKGROUP
server string = File Server
log file = /var/log/samba/%m.log
max log size = 500
security = share
# passdb backend = tdbsam
# encrypt passwords = yes
# smb passwd file = /etc/samba/smbpasswd
load printers = no
printcap name = /dev/null
smb ports = 139
dns proxy = no
unix charset = utf8
display charset = utf8
dos charset = cp866
wins support = yes
os level = 255
socket options = TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 IPTOS_LOWDELAY
[files]
veto files = /*lost+found*/
comment = public
path = /srv
public = yes
writable = yes
printable = no
guest ok = yes
force user = nobody
create mask = 0660
force create mode = 0660
directory mask = 0770
force directory mode = 0770



По ссылке подробнее. Для многопользовательского режима надо бы еще обратить внимение на блокировки файлов - вот эти (выделены ">"):

[1C-bases]
comment = Our 1C tank-a-drom
path = /home/1С
public = no
valid users = lu mari dina
writeable = yes
printable = no
create mask = 0770
browseable = yes
share modes = yes
>oplocks = no
>level2 oplocks = no
>blocking locks = no
>locking = yes
>strict locking = no
force create mode = 0770
force directory mode = 0770