<\/h2>\n\n\n\n
- \u30ea\u30e2\u30fc\u30c8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\uff08OpenVPN\u30b5\u30fc\u30d0\u304c\u3042\u308b\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\uff09\u3068\u30ed\u30fc\u30ab\u30eb\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\uff08OpenVPN\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u304c\u3042\u308b\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\uff09\u306e\u30b5\u30d6\u30cd\u30c3\u30c8\u30de\u30b9\u30af\u304c\u7570\u306a\u308b\u5fc5\u8981\u304c\u3042\u308b\u3002
\u4f8b\uff1a\u30ea\u30e2\u30fc\u30c8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u304c\u3001192.168.0.0\/24\u306e\u5834\u5408\u3001\u30ed\u30fc\u30ab\u30eb\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u306f192.168.0.0\/24\u4ee5\u5916\u3067\u3042\u308b\u5fc5\u8981\u304c\u3042\u308b\u3002 <\/li> - OpenVPN\u3067\u306f\u30eb\u30fc\u30c6\u30a3\u30f3\u30b0\u65b9\u5f0f\u306e\u3053\u3068\u3092TUN\u3068\u7565\u3057\u3001\u30d6\u30ea\u30c3\u30b8\u65b9\u5f0f\u306e\u3053\u3068\u3092TAP\u3068\u7565\u3059\u308b\u3002<\/li>
- \u30d6\u30ea\u30c3\u30b8\u65b9\u5f0f\u3092\u5229\u7528\u3059\u308b\u305f\u3081\u306b\u306f\u9759\u7684\u9375\u65b9\u5f0f\u3067\u306f\u30c0\u30e1\u307f\u305f\u3044\u306a\u306e\u3067\u3001PKI\u65b9\u5f0f\u3092\u5229\u7528\u3059\u308b \u3002<\/li>
- \u30b5\u30fc\u30d0\u3067\u306fOpenVPN2.4.10<\/strong>\u3092\u5229\u7528\u3059\u308b\u30022.5.0\u3082\u30ea\u30ea\u30fc\u30b9\u3055\u308c\u3066\u3044\u308b\u304c\u3001\u516c\u5f0f\u306e\u8cc7\u6599\u306b\u66f8\u304b\u308c\u3066\u3044\u308b\u3088\u3046\u306a\u30d0\u30c3\u30c1\u30d5\u30a1\u30a4\u30eb\u304c\u540c\u68b1\u3055\u308c\u3066\u3044\u306a\u3044\u306e\u3067\u3001\u516c\u5f0f\u306e\u8cc7\u6599\u901a\u308a\u306b\u9032\u3081\u308b\u3053\u3068\u304c\u3067\u304d\u306a\u3044\u305f\u3081\u3002 <\/li>
- \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u3067\u306fOpenVPN2.5.0<\/strong>\u3092\u5229\u7528\u3059\u308b\u3002 <\/li>
- UDP\u306e\u30dd\u30fc\u30c8\u756a\u53f71194\u3092\u4f7f\u7528\u3059\u308b\u306e\u3067\u3001\u30dd\u30fc\u30c8\u958b\u653e\u3092\u9069\u5207\u306b\u884c\u3046\u5fc5\u8981\u304c\u3042\u308b\u3002 <\/li>
- OpenVPN\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u6642\u306b\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30a2\u30c0\u30d7\u30bf\u304c\u8ffd\u52a0\u3055\u308c\u308b\u306e\u3067\u3001\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u5b8c\u4e86\u6642\u306b\u4e00\u65e6\u518d\u8d77\u52d5\u3057\u305f\u65b9\u304c\u826f\u3044\u3002
\u81ea\u5206\u306e\u74b0\u5883\u3067\u306f\u518d\u8d77\u52d5\u305b\u305a\u306bOpenVPN\u306e\u518d\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3092\u7e70\u308a\u8fd4\u3059\u3068NIC\u306e\u30c9\u30e9\u30a4\u30d0\u3092\u518d\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3059\u308b\u3053\u3068\u306b\u306a\u3063\u305f\u3002 <\/li>- \u30b5\u30fc\u30d0\u306b\u306fOpenVPN\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u6642\u306bEasyRSA\u95a2\u9023\u3082\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3059\u308b\u5fc5\u8981\u304c\u3042\u308b\u3002\uff08\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u6642\u306b\u30ab\u30b9\u30bf\u30de\u30a4\u30ba\u3092\u9078\u629e\u3057\u3066\u3001EasyRSA\u95a2\u9023\u306b\u30c1\u30a7\u30c3\u30af\u3092\u5165\u308c\u308c\u3070\u826f\u3044\uff09 <\/li><\/ul>\n\n\n\n
\u5927\u307e\u304b\u306a\u624b\u9806<\/h2>\n\n\n\n
- \u30de\u30b9\u30bf\u30fc\u8a8d\u8a3c\u6a5f\u95a2(CA)\u306e\u8a3c\u660e\u66f8\u3068\u9375\u306e\u751f\u6210\u3002<\/li>
- \u30b5\u30fc\u30d0\u7528\u306e\u8a3c\u660e\u66f8\u3068\u9375\u306e\u751f\u6210\u3002<\/li>
- \u30b5\u30fc\u30d0\u306e\u6e96\u5099\u3002<\/li>
- \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u6e96\u5099\u3002<\/li><\/ol>\n\n\n\n
\u8a3c\u660e\u66f8\u3068\u9375\u306e\u751f\u6210\u3002\uff08\u5927\u307e\u304b\u306a\u624b\u98061\u756a\u30682\u756a\uff09<\/h2>\n\n\n\n
\u3053\u3053\u304b\u3089\u306f\u30b5\u30fc\u30d0\u5074\u3067\u64cd\u4f5c\u3092\u884c\u3046\u3002
OpenVPN\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u306f\u5b8c\u4e86\u3057\u3066\u3044\u308b\u3082\u306e\u3068\u3059\u308b\u3002
\u30b3\u30de\u30f3\u30c9\u30d7\u30ed\u30f3\u30d7\u30c8\u306f\u7ba1\u7406\u8005\u6a29\u9650\u3067\u5b9f\u884c\u3057\u3066\u3044\u308b\u3068\u3059\u308b\u3002
C:\\Program Files\\OpenVPN\\easy-rsa\\README.txt\u3092\u53c2\u8003\u306b\u884c\u3048\u3070\u826f\u3044\u3002<\/p>\n\n\n\ncd C:\\Program Files\\OpenVPN\\easy-rsa\ninit-config.bat<\/pre>\n\n\n\n
\u4e0a\u8a18\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3059\u308b\u3068\u3001vars.bat\u30d5\u30a1\u30a4\u30eb\u304c\u4f5c\u6210\u3055\u308c\u308b\u306e\u3067\u3001vars.bat\u30d5\u30a1\u30a4\u30eb\u306e\u4e2d\u8eab\u306e\u672b\u5c3e\u306b\u3042\u308b\u6b21\u306e\u90e8\u5206\u3092\u4e0b\u8a18\u306e\u3088\u3046\u306b\u7de8\u96c6\u3059\u308b\u3002<\/p>\n\n\n\n
KEY_COUNTRY=JP
KEY_PROVINCE=\u90fd\u9053\u5e9c\u770c\u540d\u3092\u5165\u529b\u3002
KEY_CITY=\u5e02\u753a\u6751\u540d\u3092\u5165\u529b\u3002
KEY_ORG=\u7d44\u7e54\u540d\u3092\u5165\u529b\u3002
KEY_EMAIL=\u30e1\u30fc\u30eb\u30a2\u30c9\u30ec\u30b9\u3092\u5165\u529b\u3002
KEY_CN=\u30b5\u30fc\u30d0\u306e\u30db\u30b9\u30c8\u540d\u3092\u5165\u529b\u3002
KEY_NAME=KEY_CN\u3068\u540c\u3058\u30b5\u30fc\u30d0\u306e\u30db\u30b9\u30c8\u540d\u3092\u5165\u529b\u3002
KEY_OU=\u7d44\u7e54\u540d\u3092\u5165\u529b
\u3067\u826f\u3044\u306f\u305a\u3002 <\/p>\n\n\n\n\u305d\u308c\u304b\u3089\u6b21\u306e\u30b3\u30de\u30f3\u30c9\u3092\u9806\u756a\u306b\u5b9f\u884c\u3057\u3066\u3044\u304f\u3002\uff08\u30a8\u30e9\u30fc\u304c\u51fa\u3066\u3044\u306a\u3044\u3053\u3068\u3092\u78ba\u8a8d\u3059\u308b\u3053\u3068\uff09<\/p>\n\n\n\n
vars.bat\nclean-all.bat\nvars.bat\nbuild-ca.bat\nvars.bat\nbuild-dh.bat\nvars.bat\nbuild-key-server \u30b5\u30fc\u30d0\u306e\u30db\u30b9\u30c8\u540d\uff08vars.bat\u306b\u8a18\u5165\u3057\u3066\u3044\u308bKEY_CN\u3068\u540c\u3058\u3082\u306e\uff09\ncd C:\\Program Files\\OpenVPN\nopenvpn --genkey --secret ta.key<\/pre>\n\n\n\n
\u6b21\u306bvars.bat\u3092\u30b3\u30d4\u30fc\u3057\u3066\u3001vars_client1.bat\u3068\u3067\u3082\u540d\u524d\u3092\u5909\u66f4\u3059\u308b\u3002
\u305d\u306e\u5f8c\u3001vars_client1.bat\u30d5\u30a1\u30a4\u30eb\u306e\u4e2d\u8eab\u306e\u672b\u5c3e\u306b\u3042\u308b\u6b21\u306e\u90e8\u5206\u3092\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u7528\u306b\u7de8\u96c6\u3057\u3066\u4fdd\u5b58\u3059\u308b\u3002<\/p>\n\n\n\n- KEY_CN=\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u30db\u30b9\u30c8\u540d<\/li>
- KEY_NAME=KEY_CN\u3068\u540c\u3058\u30db\u30b9\u30c8\u540d\u3002<\/li><\/ul>\n\n\n\n
\u305d\u308c\u304b\u3089\u6b21\u306e\u30b3\u30de\u30f3\u30c9\u3092\u9806\u756a\u306b\u5b9f\u884c\u3057\u3066\u3001\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u7528\u306e\u8a3c\u660e\u66f8\u3068\u9375\u3092\u751f\u6210\u3059\u308b\u3002<\/p>\n\n\n\n
cd C:\\Program Files\\OpenVPN\\easy-rsa\nvars_client1.bat\nbuild-key \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u30db\u30b9\u30c8\u540d<\/pre>\n\n\n\n
\u4e0a\u8a18\u3092\u884c\u3046\u3068\u3001\u6b21\u306e\u30d5\u30a1\u30a4\u30eb\u304c\u4f5c\u6210\u3055\u308c\u3066\u3044\u308b\u306f\u305a\u3002<\/p>\n\n\n\n
- C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ca.crt\uff1a\u30b5\u30fc\u30d0\u3068\u5168\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u3067\u5fc5\u8981\u3002<\/li>
- C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ ca.key\uff1a\u7f72\u540d\u3059\u308bPC\u306e\u307f\u5fc5\u8981\u3002<\/li>
- C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ dh\u6570\u5b57.pem\uff1a\u30b5\u30fc\u30d0\u306e\u307f\u5fc5\u8981\u3002<\/li>
- C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ \u30b5\u30fc\u30d0\u306e\u30db\u30b9\u30c8\u540d.crt\uff1a\u30b5\u30fc\u30d0\u306e\u307f\u5fc5\u8981\u3002<\/li>
- C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ \u30b5\u30fc\u30d0\u306e\u30db\u30b9\u30c8\u540d.key\uff1a\u30b5\u30fc\u30d0\u306e\u307f\u5fc5\u8981\u3002<\/li>
- C:\\Program Files\\OpenVPN\\ta.key\uff1a\u30b5\u30fc\u30d0\u3068\u5168\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u3067\u5fc5\u8981\u3002<\/li>
- C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u30db\u30b9\u30c8\u540d.crt\uff1a\u30af\u30e9\u30a4\u30a2\u30f3\u30c81\u306e\u307f\u5fc5\u8981\u3002<\/li>
- C:\\Program Files\\OpenVPN\\easy-rsa\\keys\\ \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u30db\u30b9\u30c8\u540d.key\uff1a\u30af\u30e9\u30a4\u30a2\u30f3\u30c81\u306e\u307f\u5fc5\u8981\u3002<\/li><\/ul>\n\n\n\n
\u3053\u308c\u3067\u30d5\u30a1\u30a4\u30eb\u306e\u4f5c\u6210\u306f\u5b8c\u4e86\u3002<\/p>\n\n\n\n
\u30b5\u30fc\u30d0\u306e\u6e96\u5099\u3002<\/h2>\n\n\n\n
\u4e0b\u8a18\u306e\u3088\u3046\u306b\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\uff08ovpn\u30d5\u30a1\u30a4\u30eb\uff09\u3092\u7de8\u96c6\u3057\u305f\u3002
\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u306fC:\\Program Files\\OpenVPN\\sample-config\\server.ovpn\u3092\u5143\u306b\u7de8\u96c6\u3057\u3066\u3001C:\\Program Files\\OpenVPN\\config\u30d5\u30a9\u30eb\u30c0\u3078\u8a2d\u7f6e\u3057\u305f\u3002
<\/p>\n\n\n\n\n
\n#################################################\n# Sample OpenVPN 2.0 config file for #\n# multi-client server. #\n# #\n# This file is for the server side #\n# of a many-clients <-> one-server #\n# OpenVPN configuration. #\n# #\n# OpenVPN also supports #\n# single-machine <-> single-machine #\n# configurations (See the Examples page #\n# on the web site for more info). #\n# #\n# This config should work on Windows #\n# or Linux\/BSD systems. Remember on #\n# Windows to quote pathnames and use #\n# double backslashes, e.g.: #\n# "C:\\\\Program Files\\\\OpenVPN\\\\config\\\\foo.key" #\n# #\n# Comments are preceded with '#' or ';' #\n#################################################\n\n# Which local IP address should OpenVPN\n# listen on? (optional)\n;local a.b.c.d\n\n# Which TCP\/UDP port should OpenVPN listen on?\n# If you want to run multiple OpenVPN instances\n# on the same machine, use a different port\n# number for each one. You will need to\n# open up this port on your firewall.\nport 1194\n\n# TCP or UDP server?\n;proto tcp\nproto udp4\n\n# "dev tun" will create a routed IP tunnel,\n# "dev tap" will create an ethernet tunnel.\n# Use "dev tap0" if you are ethernet bridging\n# and have precreated a tap0 virtual interface\n# and bridged it with your ethernet interface.\n# If you want to control access policies\n# over the VPN, you must create firewall\n# rules for the the TUN\/TAP interface.\n# On non-Windows systems, you can give\n# an explicit unit number, such as tun0.\n# On Windows, use "dev-node" for this.\n# On most systems, the VPN will not function\n# unless you partially or fully disable\n# the firewall for the TUN\/TAP interface.\ndev tap\n;dev tun\n\n# Windows needs the TAP-Win32 adapter name\n# from the Network Connections panel if you\n# have more than one. On XP SP2 or higher,\n# you may need to selectively disable the\n# Windows firewall for the TAP adapter.\n# Non-Windows systems usually don't need this.\n;dev-node MyTap\ndev-node OpenVPNTAP\uff08\u30b3\u30f3\u30c8\u30ed\u30fc\u30eb\u30d1\u30cd\u30eb\u304b\u3089\u898b\u308c\u308b\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30a2\u30c0\u30d7\u30bf\u30fc\u540d\u3092\u5165\u529b\u3059\u308b\uff09\n\n# SSL\/TLS root certificate (ca), certificate\n# (cert), and private key (key). Each client\n# and the server must have their own cert and\n# key file. The server and all clients will\n# use the same ca file.\n#\n# See the "easy-rsa" directory for a series\n# of scripts for generating RSA certificates\n# and private keys. Remember to use\n# a unique Common Name for the server\n# and each of the client certificates.\n#\n# Any X509 key management system can be used.\n# OpenVPN can also use a PKCS #12 formatted key file\n# (see "pkcs12" directive in man page).\n;ca ca.crt\n;cert server.crt\n;key server.key # This file should be kept secret\nca 'C:\/Program Files\/OpenVPN\/easy-rsa\/keys\/ca.crt'\ncert 'C:\/Program Files\/OpenVPN\/easy-rsa\/keys\/winsrv.crt'\nkey 'C:\/Program Files\/OpenVPN\/easy-rsa\/keys\/winsrv.key'\n\n# Diffie hellman parameters.\n# Generate your own with:\n# openssl dhparam -out dh2048.pem 2048\n;dh dh2048.pem\ndh 'C:\/Program Files\/OpenVPN\/easy-rsa\/keys\/dh2048.pem'\n\n# Network topology\n# Should be subnet (addressing via IP)\n# unless Windows clients v2.0.9 and lower have to\n# be supported (then net30, i.e. a \/30 per client)\n# Defaults to net30 (not recommended)\n;topology subnet\n\n# Configure server mode and supply a VPN subnet\n# for OpenVPN to draw client addresses from.\n# The server will take 10.8.0.1 for itself,\n# the rest will be made available to clients.\n# Each client will be able to reach the server\n# on 10.8.0.1. Comment this line out if you are\n# ethernet bridging. See the man page for more info.\n;server 10.8.0.0 255.255.255.0\n\n# Maintain a record of client <-> virtual IP address\n# associations in this file. If OpenVPN goes down or\n# is restarted, reconnecting clients can be assigned\n# the same virtual IP address from the pool that was\n# previously assigned.\nifconfig-pool-persist ipp.txt\n\n# Configure server mode for ethernet bridging.\n# You must first use your OS's bridging capability\n# to bridge the TAP interface with the ethernet\n# NIC interface. Then you must manually set the\n# IP\/netmask on the bridge interface, here we\n# assume 10.8.0.4\/255.255.255.0. Finally we\n# must set aside an IP range in this subnet\n# (start=10.8.0.50 end=10.8.0.100) to allocate\n# to connecting clients. Leave this line commented\n# out unless you are ethernet bridging.\n;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100\nserver-bridge 192.168.1.8 255.255.255.0 192.168.1.200 192.168.1.220\n\n# Configure server mode for ethernet bridging\n# using a DHCP-proxy, where clients talk\n# to the OpenVPN server-side DHCP server\n# to receive their IP address allocation\n# and DNS server addresses. You must first use\n# your OS's bridging capability to bridge the TAP\n# interface with the ethernet NIC interface.\n# Note: this mode only works on clients (such as\n# Windows), where the client-side TAP adapter is\n# bound to a DHCP client.\n;server-bridge\n\n# Push routes to the client to allow it\n# to reach other private subnets behind\n# the server. Remember that these\n# private subnets will also need\n# to know to route the OpenVPN client\n# address pool (10.8.0.0\/255.255.255.0)\n# back to the OpenVPN server.\n;push "route 192.168.10.0 255.255.255.0"\n;push "route 192.168.20.0 255.255.255.0"\npush "route 192.168.1.0 255.255.255.0"\n\n# To assign specific IP addresses to specific\n# clients or if a connecting client has a private\n# subnet behind it that should also have VPN access,\n# use the subdirectory "ccd" for client-specific\n# configuration files (see man page for more info).\n\n# EXAMPLE: Suppose the client\n# having the certificate common name "Thelonious"\n# also has a small subnet behind his connecting\n# machine, such as 192.168.40.128\/255.255.255.248.\n# First, uncomment out these lines:\n;client-config-dir ccd\n;route 192.168.40.128 255.255.255.248\n# Then create a file ccd\/Thelonious with this line:\n# iroute 192.168.40.128 255.255.255.248\n# This will allow Thelonious' private subnet to\n# access the VPN. This example will only work\n# if you are routing, not bridging, i.e. you are\n# using "dev tun" and "server" directives.\n\n# EXAMPLE: Suppose you want to give\n# Thelonious a fixed VPN IP address of 10.9.0.1.\n# First uncomment out these lines:\n;client-config-dir ccd\n;route 10.9.0.0 255.255.255.252\n# Then add this line to ccd\/Thelonious:\n# ifconfig-push 10.9.0.1 10.9.0.2\n\n# Suppose that you want to enable different\n# firewall access policies for different groups\n# of clients. There are two methods:\n# (1) Run multiple OpenVPN daemons, one for each\n# group, and firewall the TUN\/TAP interface\n# for each group\/daemon appropriately.\n# (2) (Advanced) Create a script to dynamically\n# modify the firewall in response to access\n# from different clients. See man\n# page for more info on learn-address script.\n;learn-address .\/script\n\n# If enabled, this directive will configure\n# all clients to redirect their default\n# network gateway through the VPN, causing\n# all IP traffic such as web browsing and\n# and DNS lookups to go through the VPN\n# (The OpenVPN server machine may need to NAT\n# or bridge the TUN\/TAP interface to the internet\n# in order for this to work properly).\n;push "redirect-gateway def1 bypass-dhcp"\n\n# Certain Windows-specific network settings\n# can be pushed to clients, such as DNS\n# or WINS server addresses. CAVEAT:\n# http:\/\/openvpn.net\/faq.html#dhcpcaveats\n# The addresses below refer to the public\n# DNS servers provided by opendns.com.\n;push "dhcp-option DNS 208.67.222.222"\n;push "dhcp-option DNS 208.67.220.220"\n\n# Uncomment this directive to allow different\n# clients to be able to "see" each other.\n# By default, clients will only see the server.\n# To force clients to only see the server, you\n# will also need to appropriately firewall the\n# server's TUN\/TAP interface.\n;client-to-client\n\n# Uncomment this directive if multiple clients\n# might connect with the same certificate\/key\n# files or common names. This is recommended\n# only for testing purposes. For production use,\n# each client should have its own certificate\/key\n# pair.\n#\n# IF YOU HAVE NOT GENERATED INDIVIDUAL\n# CERTIFICATE\/KEY PAIRS FOR EACH CLIENT,\n# EACH HAVING ITS OWN UNIQUE "COMMON NAME",\n# UNCOMMENT THIS LINE OUT.\n;duplicate-cn\n\n# The keepalive directive causes ping-like\n# messages to be sent back and forth over\n# the link so that each side knows when\n# the other side has gone down.\n# Ping every 10 seconds, assume that remote\n# peer is down if no ping received during\n# a 120 second time period.\n;keepalive 10 120\nkeepalive 10 60\n\n# For extra security beyond that provided\n# by SSL\/TLS, create an "HMAC firewall"\n# to help block DoS attacks and UDP port flooding.\n#\n# Generate with:\n# openvpn --genkey --secret ta.key\n#\n# The server and each client must have\n# a copy of this key.\n# The second parameter should be '0'\n# on the server and '1' on the clients.\n;tls-auth ta.key 0 # This file is secret\ntls-auth 'C:\/Program Files\/OpenVPN\/ta.key' 0\n\n# Select a cryptographic cipher.\n# This config item must be copied to\n# the client config file as well.\n# Note that v2.4 client\/server will automatically\n# negotiate AES-256-GCM in TLS mode.\n# See also the ncp-cipher option in the manpage\ncipher AES-256-CBC\n\n# Enable compression on the VPN link and push the\n# option to the client (v2.4+ only, for earlier\n# versions see below)\n;compress lz4-v2\n;push "compress lz4-v2"\n\n# For compression compatible with older clients use comp-lzo\n# If you enable it here, you must also\n# enable it in the client config file.\n;comp-lzo\n\n# The maximum number of concurrently connected\n# clients we want to allow.\n;max-clients 100\n\n# It's a good idea to reduce the OpenVPN\n# daemon's privileges after initialization.\n#\n# You can uncomment this out on\n# non-Windows systems.\n;user nobody\n;group nobody\n\n# The persist options will try to avoid\n# accessing certain resources on restart\n# that may no longer be accessible because\n# of the privilege downgrade.\npersist-key\npersist-tun\n\n# Output a short status file showing\n# current connections, truncated\n# and rewritten every minute.\nstatus openvpn-status.log\n\n# By default, log messages will go to the syslog (or\n# on Windows, if running as a service, they will go to\n# the "\\Program Files\\OpenVPN\\log" directory).\n# Use log or log-append to override this default.\n# "log" will truncate the log file on OpenVPN startup,\n# while "log-append" will append to it. Use one\n# or the other (but not both).\n;log openvpn.log\n;log-append openvpn.log\nlog-append openvpn.log\n\n# Set the appropriate level of log\n# file verbosity.\n#\n# 0 is silent, except for fatal errors\n# 4 is reasonable for general usage\n# 5 and 6 can help to debug connection problems\n# 9 is extremely verbose\nverb 3\n\n# Silence repeating messages. At most 20\n# sequential messages of the same message\n# category will be output to the log.\n;mute 20\n\n# Notify the client that when the server restarts so it\n# can automatically reconnect.\nexplicit-exit-notify 1\n<\/pre>\n<\/p>\n\n\n\n
\u307e\u305f\u3001\u30b3\u30f3\u30c8\u30ed\u30fc\u30eb\u30d1\u30cd\u30eb\u304b\u3089\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30a2\u30c0\u30d7\u30bf\u306e\u540d\u524d\u3092\u6b21\u306e\u753b\u50cf\u306e\u3088\u3046\u306b(OpenVPNTAP\u306b)\u5909\u66f4\u3057\u305f\u3002<\/p>\n\n\n\n
![\"\"](\"https:\/\/shinke1987.net\/wp-content\/uploads\/2021\/01\/5dbeb3c51adfdfd0cdb3a810b1f15502.png\")
<\/figure>\n\n\n\n\u305d\u308c\u304b\u3089\u30a2\u30c0\u30d7\u30bf\u306b\u5bfe\u3057\u3066\u30d6\u30ea\u30c3\u30b8\u306e\u8a2d\u5b9a\u3092\u3059\u308b\u3002
\u4e0a\u8a18\u306e\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30a2\u30c0\u30d7\u30bf\u304c\u8868\u793a\u3055\u308c\u3066\u3044\u308b\u72b6\u614b\u3067\u3001
OpenVPNTAP\u3068\u30a4\u30fc\u30b5\u30cd\u30c3\u30c8\u3092Ctrl\u3092\u5229\u7528\u3057\u30662\u3064\u9078\u629e\u3057\u3066\u3001
\u53f3\u30af\u30ea\u30c3\u30af\u304b\u3089\u30d6\u30ea\u30c3\u30b8\u3092\u4f5c\u6210\u3059\u308b\u3068Netowork Bridge\u304c\u4f5c\u6210\u3055\u308c\u308b\u306e\u3067\u3001
\u305d\u306e\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30a2\u30c0\u30d7\u30bf\u306b\u5bfe\u3057\u3066\u3001
OpenVPN\u306e\u30b5\u30fc\u30d0\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3067\u6307\u5b9a\u3057\u305fIP\u30a2\u30c9\u30ec\u30b9\u7b49\u306e\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u60c5\u5831\u3092\u5165\u529b\u3059\u308b\u3002<\/p>\n\n\n\n\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u6e96\u5099\u3002<\/h2>\n\n\n\n
\u3053\u3053\u304b\u3089\u306f\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u5074\u3067\u306e\u64cd\u4f5c\u3068\u306a\u308b\u3002
\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306b\u6b21\u306e\u30d5\u30a1\u30a4\u30eb\u3092\u79fb\u52d5\u3059\u308b\u3002<\/p>\n\n\n\n- ca.crt\uff08\u30b5\u30fc\u30d0\u306e\u6e96\u5099\u3067\u4f5c\u6210\u3057\u305f\u3082\u306e\uff09\uff1a\u8a2d\u7f6e\u5834\u6240\u306fC:\\Program Files\\OpenVPN\\easy-rsa\\keys\u30d5\u30a9\u30eb\u30c0\u5185\u3002<\/li>
- \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u30db\u30b9\u30c8\u540d.crt\uff08\u30b5\u30fc\u30d0\u306e\u6e96\u5099\u3067\u4f5c\u6210\u3057\u305f\u3082\u306e\uff09\uff1a\u8a2d\u7f6e\u5834\u6240\u306fC:\\Program Files\\OpenVPN\\easy-rsa\\keys\u30d5\u30a9\u30eb\u30c0\u5185\u3002 <\/li>
- \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u30db\u30b9\u30c8\u540d.key\uff08\u30b5\u30fc\u30d0\u306e\u6e96\u5099\u3067\u4f5c\u6210\u3057\u305f\u3082\u306e\uff09\uff1a\u8a2d\u7f6e\u5834\u6240\u306fC:\\Program Files\\OpenVPN\\easy-rsa\\keys\u30d5\u30a9\u30eb\u30c0\u5185\u3002 <\/li>
- ta.key\uff08\u30b5\u30fc\u30d0\u306e\u6e96\u5099\u3067\u4f5c\u6210\u3057\u305f\u3082\u306e\uff09\uff1a\u8a2d\u7f6e\u5834\u6240\u306fC:\\Program Files\\OpenVPN\u30d5\u30a9\u30eb\u30c0\u5185\u3002 <\/li><\/ul>\n\n\n\n
\u4e0b\u8a18\u306e\u3088\u3046\u306b\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\uff08ovpn\u30d5\u30a1\u30a4\u30eb\uff09\u3092\u7de8\u96c6\u3057\u305f\u3002
\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u306fC:\\Program Files\\OpenVPN\\sample-config\\client.ovpn\u3092\u5143\u306b\u7de8\u96c6\u3057\u3066\u3001C:\\Program Files\\OpenVPN\\config\u30d5\u30a9\u30eb\u30c0\u3078\u8a2d\u7f6e\u3057\u305f\u3002 <\/p>\n\n\n\n\n##############################################\n# Sample client-side OpenVPN 2.0 config file #\n# for connecting to multi-client server. #\n# #\n# This configuration can be used by multiple #\n# clients, however each client should have #\n# its own cert and key files. #\n# #\n# On Windows, you might want to rename this #\n# file so it has a .ovpn extension #\n##############################################\n\n# Specify that we are a client and that we\n# will be pulling certain config file directives\n# from the server.\nclient\n\n# Use the same setting as you are using on\n# the server.\n# On most systems, the VPN will not function\n# unless you partially or fully disable\n# the firewall for the TUN\/TAP interface.\ndev tap\n;dev tun\n\n# Windows needs the TAP-Win32 adapter name\n# from the Network Connections panel\n# if you have more than one. On XP SP2,\n# you may need to disable the firewall\n# for the TAP adapter.\n;dev-node MyTap\ndev-node OpenVPNTAP\n\n# Are we connecting to a TCP or\n# UDP server? Use the same setting as\n# on the server.\n;proto tcp\nproto udp4\n\n# The hostname\/IP and port of the server.\n# You can have multiple remote entries\n# to load balance between the servers.\nremote maec.co.jp 1194\n;remote my-server-2 1194\n\n# Choose a random host from the remote\n# list for load-balancing. Otherwise\n# try hosts in the order specified.\n;remote-random\n\n# Keep trying indefinitely to resolve the\n# host name of the OpenVPN server. Very useful\n# on machines which are not permanently connected\n# to the internet such as laptops.\nresolv-retry infinite\n\n# Most clients don't need to bind to\n# a specific local port number.\nnobind\n\n# Downgrade privileges after initialization (non-Windows only)\n;user nobody\n;group nobody\n\n# Try to preserve some state across restarts.\npersist-key\npersist-tun\n\n# If you are connecting through an\n# HTTP proxy to reach the actual OpenVPN\n# server, put the proxy server\/IP and\n# port number here. See the man page\n# if your proxy server requires\n# authentication.\n;http-proxy-retry # retry on connection failures\n;http-proxy [proxy server] [proxy port #]\n\n# Wireless networks often produce a lot\n# of duplicate packets. Set this flag\n# to silence duplicate packet warnings.\n;mute-replay-warnings\n\n# SSL\/TLS parms.\n# See the server config file for more\n# description. It's best to use\n# a separate .crt\/.key file pair\n# for each client. A single ca\n# file can be used for all clients.\n;ca ca.crt\n;cert client.crt\n;key client.key\nca 'C:\/Program Files\/OpenVPN\/easy-rsa\/keys\/ca.crt'\ncert 'C:\/Program Files\/OpenVPN\/easy-rsa\/keys\/D-shinke-home.crt'\nkey 'C:\/Program Files\/OpenVPN\/easy-rsa\/keys\/D-shinke-home.key'\n\n# Verify server certificate by checking that the\n# certicate has the correct key usage set.\n# This is an important precaution to protect against\n# a potential attack discussed here:\n# http:\/\/openvpn.net\/howto.html#mitm\n#\n# To use this feature, you will need to generate\n# your server certificates with the keyUsage set to\n# digitalSignature, keyEncipherment\n# and the extendedKeyUsage to\n# serverAuth\n# EasyRSA can do this for you.\nremote-cert-tls server\n\n# If a tls-auth key is used on the server\n# then every client must also have the key.\ntls-auth 'C:\/Program Files\/OpenVPN\/ta.key' 1\n\n# Select a cryptographic cipher.\n# If the cipher option is used on the server\n# then you must also specify it here.\n# Note that v2.4 client\/server will automatically\n# negotiate AES-256-GCM in TLS mode.\n# See also the ncp-cipher option in the manpage\ncipher AES-256-CBC\n\n# Enable compression on the VPN link.\n# Don't enable this unless it is also\n# enabled in the server config file.\n#comp-lzo\n\n# Set log file verbosity.\nverb 3\n\n# Silence repeating messages\n;mute 20\n\n<\/pre><\/p>\n\n\n\n
\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30a2\u30c0\u30d7\u30bf\u306eIP\u30a2\u30c9\u30ec\u30b9\u7b49\u306e\u8a2d\u5b9a\u306f\u81ea\u52d5\u69cb\u6210\u3067\u826f\u3044\u3002<\/p>\n\n\n\n
\u3053\u308c\u3067\u30b5\u30fc\u30d0\u5074\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u5185\u306e\u30d7\u30ea\u30f3\u30bf\u3078\u5370\u5237\u3059\u308b\u3053\u3068\u3082\u3067\u304d\u305f\u3002<\/p>\n\n\n\n
\u30b5\u30fc\u30d0\u3067\u306e\u8a71\u3060\u3051\u3069\u3001OpenVPNService\u3068\u3044\u3046\u30b5\u30fc\u30d3\u30b9\u3092\u81ea\u52d5\u8d77\u52d5\u3059\u308b\u3088\u3046\u306b\u8a2d\u5b9a\u3057\u3066\u304a\u304f\u3068\u3001config\u5185\u306eovpn\u30d5\u30a1\u30a4\u30eb\u3092\u8aad\u307f\u8fbc\u3093\u3067\u81ea\u52d5\u3067\u63a5\u7d9a\u3057\u3066\u304f\u308c\u308b\u3088\u3046\u306b\u306a\u308b\u306e\u3067\u3001\u30b5\u30fc\u30d0\u306f\u30b5\u30fc\u30d3\u30b9\u3092\u81ea\u52d5\u8d77\u52d5\u3059\u308b\u3088\u3046\u306b\u3057\u3066\u304a\u3044\u3066\u3082\u826f\u3044\u304b\u3082\u3057\u308c\u306a\u3044\u3002<\/p>\n\n\n\n
\u30b5\u30fc\u30d0\u3067\u30b5\u30fc\u30d3\u30b9\u304c\u5b9f\u884c\u3055\u308c\u3066OpenVPN\u304c\u63a5\u7d9a\u3055\u308c\u3066\u3082\u3001
\u30b5\u30fc\u30d0\u306eOpenVPN GUI\u3067\u306f\u63a5\u7d9a\u6e08\u307f\u3068\u884c\u3063\u305f\u8868\u793a\u306b\u306a\u3089\u306a\u3044\u306e\u3067\u6ce8\u610f\u3002<\/p>\n\n\n\n\u4f59\u8ac7<\/h2>\n\n\n\n
\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306eWindows10\u306ePC\u306bOpenVPN2.4.10\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u305f\u3068\u3053\u308d\u3001TAP\u306e\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30a2\u30c0\u30d7\u30bf\u304c\u8ffd\u52a0\u3055\u308c\u306a\u304b\u3063\u305f\u306e\u3067\u3001\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306b\u306f2.5.0\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3059\u308b\u3053\u3068\u306b\u3057\u305f\u3002<\/p>\n\n\n\n
\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30a2\u30c0\u30d7\u30bf\u3092\u8ffd\u52a0\u3059\u308b\u6642\u306b\u554f\u984c\u304c\u8d77\u304d\u305f\u3089\u3001\u6b21\u306e\u30ed\u30b0\u3092\u898b\u308b\u3068\u826f\u3044\u3002
C:\\Windows\\inf\\setupapi.dev.log<\/p>\n\n\n\n\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u3092\u8ffd\u52a0\u3059\u308b\u5834\u5408<\/h2>\n\n\n\n
\u30b5\u30fc\u30d0\u3067vars_\u30db\u30b9\u30c8\u540d.bat\u3068\u3044\u3046\u30d5\u30a1\u30a4\u30eb\u3092\u4f5c\u6210\u3057\u3001\u4e0b\u8a182\u30ab\u6240\u3092\u7de8\u96c6\u3057\u3066\u4fdd\u5b58\u3059\u308b\u3002<\/p>\n\n\n\n
- KEY_CN=\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u30db\u30b9\u30c8\u540d<\/li>
- KEY_NAME=KEY_CN\u3068\u540c\u3058\u30db\u30b9\u30c8\u540d<\/li><\/ul>\n\n\n\n
\u6b21\u306b\u30b5\u30fc\u30d0\u306e\u30b3\u30de\u30f3\u30c9\u30d7\u30ed\u30f3\u30d7\u30c8\u3067\u3001
cd C:\\Program Files\\OpenVPN\\easy-rsa
build-key.bat \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u30db\u30b9\u30c8\u540d
\u3092\u5b9f\u884c\u3057\u3066\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u30db\u30b9\u30c8\u540d.crt\u3068\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u30db\u30b9\u30c8\u540d.key\u3092\u4f5c\u6210\u3057\u3001
\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u6e96\u5099\u3067\u66f8\u304b\u308c\u3066\u3044\u308b\u30d5\u30a1\u30a4\u30eb\u3092\u8ffd\u52a0\u3057\u305f\u3044\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306b\u79fb\u52d5\u3055\u305b\u3066\u3001\uff08ovpn\u30d5\u30a1\u30a4\u30eb\u306f\u65e2\u306b\u63a5\u7d9a\u3067\u304d\u3066\u3044\u308b\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u3082\u306e\u3092\u4f7f\u3044\u56de\u305b\u3070\u826f\u3044\uff09OpenVPN\u3092\u9069\u5207\u306b\u30bb\u30c3\u30c8\u30a2\u30c3\u30d7\u3059\u308c\u3070\u826f\u3044\u3002
<\/p>\n\n\n\n<\/p>\n","protected":false},"excerpt":{"rendered":"
\u74b0\u5883 \u3010 \u30b5\u30fc\u30d0 \u3011Windows Server 2012R2 \u3010 \u30af\u30e9\u30a4\u30a2\u30f3\u30c8 \u3011\u30ce\u30fc\u30c8PC\uff08Surface\u3001SIM\u30ab\u30fc\u30c9\u5229\u7528\uff09\uff08Win10\uff09\u81ea\u5b85\u306e\u30c7\u30b9\u30af\u30c8\u30c3\u30d7PC\uff08Win10\uff09 \u8981\u4ef6 \u30ea\u30e2\u30fc\u30c8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\uff08OpenV […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16,29],"tags":[71,64,17,59],"class_list":["post-603","post","type-post","status-publish","format-standard","hentry","category-windows","category-windowsserver","tag-openvpn","tag-vpn","tag-windows","tag-windowsserver"],"_links":{"self":[{"href":"https:\/\/shinke1987.net\/index.php?rest_route=\/wp\/v2\/posts\/603","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/shinke1987.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/shinke1987.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/shinke1987.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/shinke1987.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=603"}],"version-history":[{"count":28,"href":"https:\/\/shinke1987.net\/index.php?rest_route=\/wp\/v2\/posts\/603\/revisions"}],"predecessor-version":[{"id":634,"href":"https:\/\/shinke1987.net\/index.php?rest_route=\/wp\/v2\/posts\/603\/revisions\/634"}],"wp:attachment":[{"href":"https:\/\/shinke1987.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=603"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/shinke1987.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=603"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/shinke1987.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=603"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u3067\u306fOpenVPN2.5.0<\/strong>\u3092\u5229\u7528\u3059\u308b\u3002 <\/li>