Building a Local Area Network with openXXX
12/11/24About 2 min
Building a Local Area Network with openXXX
1. Generate Certificates
1.1 Preparation
Install Easy-RSA for generating certificates: Link
1.2 Generate Server and Client Certificates
- Initialize the PKI environment:
easyrsa init-pki- Generate the CA certificate:
easyrsa build-ca- Generate the server certificate and key:
easyrsa gen-req server nopass
easyrsa sign-req server server- Generate the client certificate and key:
easyrsa gen-req client1 nopass
easyrsa sign-req client client1- Generate Diffie-Hellman parameters:
easyrsa gen-dh- Generate the shared secret key file (to enhance security):
openxxx --genkey secret ta.key2. Server Installation
Windows Server
2.1 Installation Program
- Install the main program: Link
2.2 Configure Server
- Create a
server.oxxxfile in theconfigfolder within the installation directory. - Example configuration file content:
port 1194
proto udp
dev tun
ca "C:\\Program Files\\OpenXXX\\EasyRSA\\pki\\ca.crt"
cert "C:\\Program Files\\OpenXXX\\EasyRSA\\pki\\issued\\server.crt"
key "C:\\Program Files\\OpenXXX\\EasyRSA\\pki\\private\\server.key"
dh "C:\\Program Files\\OpenXXX\\EasyRSA\\pki\\dh.pem"
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
tls-auth "C:\\Program Files\\OpenXXX\\config\\ta.key" 0
cipher AES-256-CBC
persist-key
persist-tun
status openxxx-status.log
verb 3Linux Server
It is recommended to use the one-click installation script: GitHub Link
3. Client Installation
Windows/Android Client
3.1 Installation Program
Install the main program: Link
3.2 Configure Client
- Create a new folder, and inside it, create a
clientn.oxxxfile. - Copy the following files into the new folder:
client1.crtclient1.keyca.crtta.key
- Example configuration file content:
client
dev tun
proto udp
remote YOUR_SERVER_IP 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
tls-auth ta.key 1
cipher AES-256-CBC
verb 3
route-nopull # Block all routes
route 192.168.100.0 255.255.255.0 xxx_gateway # Specify the route to pass through3.3 Import Configuration File
Linux Client
Manual Address: https://community.openxxx.net/openxxx/wiki/OpenXXX3Linux
Start the Client
openxxx3 config-import --config client1.oxxx # Import the configuration file
openxxx3 configs-list # View configuration files
openxxx3 sessions-list # View running sessions
openxxx3 session-start --config client1.oxxx # Start the session
openxxx3 session-manage --config ${CONFIGURATION_PROFILE_NAME} --restart # Restart the session
openxxx3 session-manage --config ${CONFIGURATION_PROFILE_NAME} --disconnect # Disconnect the sessionEnable Auto-Start on Boot (Register Service)
[Unit]
Description=OpenXXX 3 Auto Start
After=network.target
[Service]
Type=simple
ExecStart=/usr/bin/openxxx3 session-start --config "${cname}"
# If you need to retry or auto-restart, you can add the following directives
Restart=always
RestartSec=3
[Install]
WantedBy=multi-user.targetAI Translation | AI 翻译
This article was translated from Chinese to English by AI. If there are any inaccuracies, please refer to the original Chinese version.
本文由 AI 辅助从中文翻译为英文。如遇不准确之处,请以中文原版为准。