安裝並配置好Openvpn
1、修改註冊表HKEY_LOCAL_MACHINE\SOFTWARE\OpenVPN-GUI
allow_service=1,service_only=1,silent_connection=1,show_balloon=1,show_script_window=1
silent_connection=1是爲了使openvpn在啓動後不彈出窗口,通常必須設置。service_only、llow_service、show_script_window及show_balloon可根據個人喜好設置,其具體意義見方法二的附圖。我通常設置service_only=1, show_balloon=2,這樣openvpn只以服務方式運行,而且每次重新連接時都會有提示。
2、增加HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Currentversion\Run\Openvpn
"C:\Program Files\OpenVPN\bin\openvpn-gui-1.0.3.exe"
這樣可使openvpn-gui在用戶登錄後運行。
3、運行services.msc,修改OpenVPN Service服務爲自動啓動,使openvpn在開機後自動連接(即使用戶未登錄)。
若在系統啓動後立即登錄windows,可能會使openvpn-gu在openvpn service啓動之前運行,這樣會導致openvpn-gui的tray icon不能根據連接情況變化,而且菜單中的connet等項目不可用。如果出現這種情況,可等openvpn服務啓動後,在openvpn-gui菜單上選exit退出,然後重新運行openvpn-gui即可解決。
方法二:
1、修改註冊表HKEY_LOCAL_MACHINE\SOFTWARE\OpenVPN-GUI
llow_service=0
2、在註冊表中增加HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OpenVPN
"C:\\Program Files\\OpenVPN\\bin\\openvpn-gui-1.0.3.exe --connect client.ovpn"
還可使用其他選項,以覆蓋註冊表中open-gui的相關設置,可用openvpn-gui --help查看有哪些選項,如下:
上圖中的option參數在註冊表中均有對應項目。
方法一用戶不登錄openvpn也會啓動,方法二必須在用戶登錄到windows之後纔會生效。
如果openvpn啓動後連接不上,可能是防火牆設置問題,參見下文:
OpenVPN Notes -- Firewall on the Windows client
In general, it's a good idea to always protect a VPN client or server with a firewall.
The important points for setting up firewalling on a Windows system running OpenVPN are:
- Make sure that your connection to the internet is always firewalled, especially when you are running a VPN. VPNs create trusted relationships between geographically disparate networks, and if any network on the VPN is compromised by a virus or worm, the exploit has the potential of jumping across the VPN and infecting other machines.
- You can enable firewalling on a given network adapter by going to Control Panel -> Network Connections, right-click on the icon that represents your link to the internet, select "Properties", go the the "Advanced" tab, and enable "Internet Connection Firewall".
- If you are running OpenVPN as a server on a Windows machine, you will need to configure your firewall to allow incoming clients to connect to OpenVPN's port number which is "UDP 1194" by default.
- In general, running OpenVPN as a client doesn't require any special firewall configuration, provided you use the --ping option to preserve the state of the OpenVPN connection in the firewall.
- In general, you don't need to enable firewalling on the TAP-Win32 adapter. Once an IP packet appears to be "coming in" on the TAP-Win32 adapter, it has already been decrypted and authenticated by OpenVPN, even though the connection between OpenVPN peers might transit an untrusted network such as the internet.
- One case where you might want to firewall the TAP-Win32 adapter is if you are connecting to an untrusted machine, or a machine which will route or bridge your connection with an untrusted network.
win7將網絡分爲家庭網絡、辦公網絡、公共網絡三個類別,對每個類別可以單獨設置防火牆策略,使用openvpn時要注意目前電腦工作在哪個網絡下,並檢查防火牆是否允許openvpn的數據包通過。
原文地址:http://hi.baidu.com/lvgb/blog/item/61dbbb7ec0540f330dd7dacc.html