システム屋

CentOS側

port 1194
proto udp
dev tun
ca /etc/openvpn/easyrsa/pki/ca.crt
cert /etc/openvpn/easyrsa/pki/issued/center_server.crt
key /etc/openvpn/easyrsa/pki/private/center_server.key
dh /etc/openvpn/easyrsa/pki/dh.pem
server 10.254.0.0 255.255.0.0
ifconfig-pool-persist ipp.txt
push “route 192.168.10.0 255.255.255.0”
client-config-dir ccd
route 10.0.0.0 255.0.0.0
keepalive 10 120
tls-auth /etc/openvpn/easyrsa/pki/ta.key 0 # This file is secret
cipher AES-256-CBC
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
verb 3
explicit-exit-notify 1

EdgeRouter側

client
dev tun
proto udp
remote xxx.xxx.xxx.xxx 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca /config/openvpn/ca.crt
cert /config/openvpn/siten_client.crt
key /config/openvpn/siten_client.key
remote-cert-tls server                                     <– ここが肝心です
tls-auth /config/openvpn/ta.key 1
cipher AES-256-CBC
comp-lzo
verb 3
log /var/log/openvpn.log
status /var/log/openvpn-status.log

Comments are closed.