Warning: fopen(/volume2/web/typecho/bbs/images/attachicons/pdf.gif): failed to open stream: No such file or directory in /volume2/web/typecho/usr/plugins/Watermark/Plugin.php on line 204

Call Stack:
    0.0000     239944   1. {main}() /volume2/web/typecho/index.php:0
    0.0065     655536   2. Typecho_Router::dispatch() /volume2/web/typecho/index.php:23
    0.0066     659840   3. Typecho_Widget::widget() /volume2/web/typecho/var/Typecho/Router.php:135
    0.0074     781352   4. Widget_Archive->execute() /volume2/web/typecho/var/Typecho/Widget.php:221
    0.0112     792416   5. Widget_Archive->singleHandle() /volume2/web/typecho/var/Widget/Archive.php:1368
    0.0117     794088   6. Widget_Archive->query() /volume2/web/typecho/var/Widget/Archive.php:819
    0.0117     794576   7. Typecho_Db->fetchAll() /volume2/web/typecho/var/Widget/Archive.php:1250
    0.0131     867600   8. call_user_func:{/volume2/web/typecho/var/Typecho/Db.php:395}() /volume2/web/typecho/var/Typecho/Db.php:395
    0.0131     867728   9. Widget_Abstract_Contents->push() /volume2/web/typecho/var/Typecho/Db.php:395
    0.0131     868448  10. Widget_Abstract_Contents->filter() /volume2/web/typecho/var/Widget/Abstract/Contents.php:761
    0.0240     948344  11. Typecho_Plugin->filter() /volume2/web/typecho/var/Widget/Abstract/Contents.php:733
    0.0240     948784  12. Typecho_Plugin->__call() /volume2/web/typecho/var/Widget/Abstract/Contents.php:733
    0.0242     959232  13. call_user_func_array:{/volume2/web/typecho/var/Typecho/Plugin.php:489}() /volume2/web/typecho/var/Typecho/Plugin.php:489
    0.0243     963096  14. Watermark_Plugin::parse() /volume2/web/typecho/var/Typecho/Plugin.php:489
    0.0254    1014848  15. Watermark_Plugin::IsAnimatedGif() /volume2/web/typecho/usr/plugins/Watermark/Plugin.php:186
    0.0254    1014944  16. fopen() /volume2/web/typecho/usr/plugins/Watermark/Plugin.php:204


Warning: filesize(): stat failed for /volume2/web/typecho/bbs/images/attachicons/pdf.gif in /volume2/web/typecho/usr/plugins/Watermark/Plugin.php on line 205

Call Stack:
    0.0000     239944   1. {main}() /volume2/web/typecho/index.php:0
    0.0065     655536   2. Typecho_Router::dispatch() /volume2/web/typecho/index.php:23
    0.0066     659840   3. Typecho_Widget::widget() /volume2/web/typecho/var/Typecho/Router.php:135
    0.0074     781352   4. Widget_Archive->execute() /volume2/web/typecho/var/Typecho/Widget.php:221
    0.0112     792416   5. Widget_Archive->singleHandle() /volume2/web/typecho/var/Widget/Archive.php:1368
    0.0117     794088   6. Widget_Archive->query() /volume2/web/typecho/var/Widget/Archive.php:819
    0.0117     794576   7. Typecho_Db->fetchAll() /volume2/web/typecho/var/Widget/Archive.php:1250
    0.0131     867600   8. call_user_func:{/volume2/web/typecho/var/Typecho/Db.php:395}() /volume2/web/typecho/var/Typecho/Db.php:395
    0.0131     867728   9. Widget_Abstract_Contents->push() /volume2/web/typecho/var/Typecho/Db.php:395
    0.0131     868448  10. Widget_Abstract_Contents->filter() /volume2/web/typecho/var/Widget/Abstract/Contents.php:761
    0.0240     948344  11. Typecho_Plugin->filter() /volume2/web/typecho/var/Widget/Abstract/Contents.php:733
    0.0240     948784  12. Typecho_Plugin->__call() /volume2/web/typecho/var/Widget/Abstract/Contents.php:733
    0.0242     959232  13. call_user_func_array:{/volume2/web/typecho/var/Typecho/Plugin.php:489}() /volume2/web/typecho/var/Typecho/Plugin.php:489
    0.0243     963096  14. Watermark_Plugin::parse() /volume2/web/typecho/var/Typecho/Plugin.php:489
    0.0254    1014848  15. Watermark_Plugin::IsAnimatedGif() /volume2/web/typecho/usr/plugins/Watermark/Plugin.php:186
    0.0257    1015240  16. filesize() /volume2/web/typecho/usr/plugins/Watermark/Plugin.php:205


Warning: filesize(): stat failed for /volume2/web/typecho/bbs/images/attachicons/pdf.gif in /volume2/web/typecho/usr/plugins/Watermark/Plugin.php on line 205

Call Stack:
    0.0000     239944   1. {main}() /volume2/web/typecho/index.php:0
    0.0065     655536   2. Typecho_Router::dispatch() /volume2/web/typecho/index.php:23
    0.0066     659840   3. Typecho_Widget::widget() /volume2/web/typecho/var/Typecho/Router.php:135
    0.0074     781352   4. Widget_Archive->execute() /volume2/web/typecho/var/Typecho/Widget.php:221
    0.0112     792416   5. Widget_Archive->singleHandle() /volume2/web/typecho/var/Widget/Archive.php:1368
    0.0117     794088   6. Widget_Archive->query() /volume2/web/typecho/var/Widget/Archive.php:819
    0.0117     794576   7. Typecho_Db->fetchAll() /volume2/web/typecho/var/Widget/Archive.php:1250
    0.0131     867600   8. call_user_func:{/volume2/web/typecho/var/Typecho/Db.php:395}() /volume2/web/typecho/var/Typecho/Db.php:395
    0.0131     867728   9. Widget_Abstract_Contents->push() /volume2/web/typecho/var/Typecho/Db.php:395
    0.0131     868448  10. Widget_Abstract_Contents->filter() /volume2/web/typecho/var/Widget/Abstract/Contents.php:761
    0.0240     948344  11. Typecho_Plugin->filter() /volume2/web/typecho/var/Widget/Abstract/Contents.php:733
    0.0240     948784  12. Typecho_Plugin->__call() /volume2/web/typecho/var/Widget/Abstract/Contents.php:733
    0.0242     959232  13. call_user_func_array:{/volume2/web/typecho/var/Typecho/Plugin.php:489}() /volume2/web/typecho/var/Typecho/Plugin.php:489
    0.0243     963096  14. Watermark_Plugin::parse() /volume2/web/typecho/var/Typecho/Plugin.php:489
    0.0254    1014848  15. Watermark_Plugin::IsAnimatedGif() /volume2/web/typecho/usr/plugins/Watermark/Plugin.php:186
    0.0259    1015240  16. filesize() /volume2/web/typecho/usr/plugins/Watermark/Plugin.php:205


Warning: fread() expects parameter 1 to be resource, boolean given in /volume2/web/typecho/usr/plugins/Watermark/Plugin.php on line 206

Call Stack:
    0.0000     239944   1. {main}() /volume2/web/typecho/index.php:0
    0.0065     655536   2. Typecho_Router::dispatch() /volume2/web/typecho/index.php:23
    0.0066     659840   3. Typecho_Widget::widget() /volume2/web/typecho/var/Typecho/Router.php:135
    0.0074     781352   4. Widget_Archive->execute() /volume2/web/typecho/var/Typecho/Widget.php:221
    0.0112     792416   5. Widget_Archive->singleHandle() /volume2/web/typecho/var/Widget/Archive.php:1368
    0.0117     794088   6. Widget_Archive->query() /volume2/web/typecho/var/Widget/Archive.php:819
    0.0117     794576   7. Typecho_Db->fetchAll() /volume2/web/typecho/var/Widget/Archive.php:1250
    0.0131     867600   8. call_user_func:{/volume2/web/typecho/var/Typecho/Db.php:395}() /volume2/web/typecho/var/Typecho/Db.php:395
    0.0131     867728   9. Widget_Abstract_Contents->push() /volume2/web/typecho/var/Typecho/Db.php:395
    0.0131     868448  10. Widget_Abstract_Contents->filter() /volume2/web/typecho/var/Widget/Abstract/Contents.php:761
    0.0240     948344  11. Typecho_Plugin->filter() /volume2/web/typecho/var/Widget/Abstract/Contents.php:733
    0.0240     948784  12. Typecho_Plugin->__call() /volume2/web/typecho/var/Widget/Abstract/Contents.php:733
    0.0242     959232  13. call_user_func_array:{/volume2/web/typecho/var/Typecho/Plugin.php:489}() /volume2/web/typecho/var/Typecho/Plugin.php:489
    0.0243     963096  14. Watermark_Plugin::parse() /volume2/web/typecho/var/Typecho/Plugin.php:489
    0.0254    1014848  15. Watermark_Plugin::IsAnimatedGif() /volume2/web/typecho/usr/plugins/Watermark/Plugin.php:186
    0.0261    1015288  16. fread() /volume2/web/typecho/usr/plugins/Watermark/Plugin.php:206


Warning: fclose() expects parameter 1 to be resource, boolean given in /volume2/web/typecho/usr/plugins/Watermark/Plugin.php on line 207

Call Stack:
    0.0000     239944   1. {main}() /volume2/web/typecho/index.php:0
    0.0065     655536   2. Typecho_Router::dispatch() /volume2/web/typecho/index.php:23
    0.0066     659840   3. Typecho_Widget::widget() /volume2/web/typecho/var/Typecho/Router.php:135
    0.0074     781352   4. Widget_Archive->execute() /volume2/web/typecho/var/Typecho/Widget.php:221
    0.0112     792416   5. Widget_Archive->singleHandle() /volume2/web/typecho/var/Widget/Archive.php:1368
    0.0117     794088   6. Widget_Archive->query() /volume2/web/typecho/var/Widget/Archive.php:819
    0.0117     794576   7. Typecho_Db->fetchAll() /volume2/web/typecho/var/Widget/Archive.php:1250
    0.0131     867600   8. call_user_func:{/volume2/web/typecho/var/Typecho/Db.php:395}() /volume2/web/typecho/var/Typecho/Db.php:395
    0.0131     867728   9. Widget_Abstract_Contents->push() /volume2/web/typecho/var/Typecho/Db.php:395
    0.0131     868448  10. Widget_Abstract_Contents->filter() /volume2/web/typecho/var/Widget/Abstract/Contents.php:761
    0.0240     948344  11. Typecho_Plugin->filter() /volume2/web/typecho/var/Widget/Abstract/Contents.php:733
    0.0240     948784  12. Typecho_Plugin->__call() /volume2/web/typecho/var/Widget/Abstract/Contents.php:733
    0.0242     959232  13. call_user_func_array:{/volume2/web/typecho/var/Typecho/Plugin.php:489}() /volume2/web/typecho/var/Typecho/Plugin.php:489
    0.0243     963096  14. Watermark_Plugin::parse() /volume2/web/typecho/var/Typecho/Plugin.php:489
    0.0254    1014848  15. Watermark_Plugin::IsAnimatedGif() /volume2/web/typecho/usr/plugins/Watermark/Plugin.php:186
    0.0263    1015336  16. fclose() /volume2/web/typecho/usr/plugins/Watermark/Plugin.php:207

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://gmpg.org/xfn/11">
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />
<title>openwrt下openvpn 53端口UDP VPN架设  - zhigao记录分享</title>
<link rel="stylesheet" type="text/css" media="all" href="http://www.zhigao5191.com/usr/themes/mzai/style.css" />
<meta name="description" content="&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; 看了openwrt.org.cn的关于OPENWRT下OPENVPN服务器架设，一直尝试着在自己的DB120下架设VPN服务器。而用途最广的就要..." />
<meta name="keywords" content="openwrt openvpn 53 UDP" />
<meta name="generator" content="Typecho 1.1/17.10.30" />
<meta name="template" content="mzai" />
<link rel="pingback" href="http://zhigao5191.com/action/xmlrpc" />
<link rel="EditURI" type="application/rsd+xml" title="RSD" href="http://zhigao5191.com/action/xmlrpc?rsd" />
<link rel="wlwmanifest" type="application/wlwmanifest+xml" href="http://zhigao5191.com/action/xmlrpc?wlw" />
<link rel="alternate" type="application/rss+xml" title="openwrt下openvpn 53端口UDP VPN架设  &raquo; zhigao记录分享 &raquo; RSS 2.0" href="http://zhigao5191.com/feed/computer-network/openwrt-openvpn53-udp.html" />
<link rel="alternate" type="application/rdf+xml" title="openwrt下openvpn 53端口UDP VPN架设  &raquo; zhigao记录分享 &raquo; RSS 1.0" href="http://zhigao5191.com/feed/rss/computer-network/openwrt-openvpn53-udp.html" />
<link rel="alternate" type="application/atom+xml" title="openwrt下openvpn 53端口UDP VPN架设  &raquo; zhigao记录分享 &raquo; ATOM 1.0" href="http://zhigao5191.com/feed/atom/computer-network/openwrt-openvpn53-udp.html" />
<script type="text/javascript">
(function () {
    window.TypechoComment = {
        dom : function (id) {
            return document.getElementById(id);
        },
    
        create : function (tag, attr) {
            var el = document.createElement(tag);
        
            for (var key in attr) {
                el.setAttribute(key, attr[key]);
            }
        
            return el;
        },

        reply : function (cid, coid) {
            var comment = this.dom(cid), parent = comment.parentNode,
                response = this.dom('respond-post-81'), input = this.dom('comment-parent'),
                form = 'form' == response.tagName ? response : response.getElementsByTagName('form')[0],
                textarea = response.getElementsByTagName('textarea')[0];

            if (null == input) {
                input = this.create('input', {
                    'type' : 'hidden',
                    'name' : 'parent',
                    'id'   : 'comment-parent'
                });

                form.appendChild(input);
            }

            input.setAttribute('value', coid);

            if (null == this.dom('comment-form-place-holder')) {
                var holder = this.create('div', {
                    'id' : 'comment-form-place-holder'
                });

                response.parentNode.insertBefore(holder, response);
            }

            comment.appendChild(response);
            this.dom('cancel-comment-reply-link').style.display = '';

            if (null != textarea && 'text' == textarea.name) {
                textarea.focus();
            }

            return false;
        },

        cancelReply : function () {
            var response = this.dom('respond-post-81'),
            holder = this.dom('comment-form-place-holder'), input = this.dom('comment-parent');

            if (null != input) {
                input.parentNode.removeChild(input);
            }

            if (null == holder) {
                return true;
            }

            this.dom('cancel-comment-reply-link').style.display = 'none';
            holder.parentNode.insertBefore(response, holder);
            return false;
        }
    };
})();
</script>
<script type="text/javascript">
(function () {
    var event = document.addEventListener ? {
        add: 'addEventListener',
        triggers: ['scroll', 'mousemove', 'keyup', 'touchstart'],
        load: 'DOMContentLoaded'
    } : {
        add: 'attachEvent',
        triggers: ['onfocus', 'onmousemove', 'onkeyup', 'ontouchstart'],
        load: 'onload'
    }, added = false;

    document[event.add](event.load, function () {
        var r = document.getElementById('respond-post-81'),
            input = document.createElement('input');
        input.type = 'hidden';
        input.name = '_';
        input.value = (function () {
    var _2n2NqoC = '6a'//'9TR'
+//'j7'
'0b8'+//'Aq'
'49'+/* 'da'//'da' */''+/* '1'//'1' */''+'Bqy'//'Bqy'
+/* 'yhJ'//'yhJ' */''+//'M'
'ef'+'60'//'c'
+/* 'S'//'S' */''+//'77'
'fe6'+//'4i'
'ba6'+/* 'L'//'L' */''+/* 'C'//'C' */''+/* '2p'//'2p' */''+//'TgW'
'c'+//'HpE'
'6d'+/* 'Ku'//'Ku' */''+//'x'
'6b1'+//'v'
'c20'+'e4'//'f'
+''///*'b8'*/'b8'
+'a3'//'H'
+//'d'
'5'+//'9K'
'e', _CIrSgsQ = [[7,10]];
    
    for (var i = 0; i < _CIrSgsQ.length; i ++) {
        _2n2NqoC = _2n2NqoC.substring(0, _CIrSgsQ[i][0]) + _2n2NqoC.substring(_CIrSgsQ[i][1]);
    }

    return _2n2NqoC;
})();

        if (null != r) {
            var forms = r.getElementsByTagName('form');
            if (forms.length > 0) {
                function append() {
                    if (!added) {
                        forms[0].appendChild(input);
                        added = true;
                    }
                }
            
                for (var i = 0; i < event.triggers.length; i ++) {
                    var trigger = event.triggers[i];
                    document[event.add](trigger, append);
                    window[event.add](trigger, append);
                }
            }
        }
    });
})();
</script><script>var httpd_referer='';</script><link rel="stylesheet" type="text/css" href="http://www.zhigao5191.com/usr/plugins/SlimBox2/css/slimbox2.css" />

<script type="text/javascript">

  var _gaq = _gaq || [];
  _gaq.push(['_setAccount', 'UA-23423376-1']);
  _gaq.push(['_setDomainName', '.zhigao5191.com']);
  _gaq.push(['_trackPageview']);

  (function() {
    var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
    ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
  })();

</script>

</head>

<body>
<div id="wrapper">

 <div id="header">

  <div id="header_top">

   <div id="logo">
        <a href="http://www.zhigao5191.com/">zhigao记录分享</a>
    <h1>记录，分享，创意...</h1>
   </div>

   <div class="header_menu">
    <ul class="menu">
    <li><a href="http://www.zhigao5191.com/">HOME</a></li>
                                <li ><a href="http://zhigao5191.com/category/led-display/">LED显示屏</a></li>
                                <li ><a href="http://zhigao5191.com/category/computer-network/">电脑网络</a></li>
                                <li ><a href="http://zhigao5191.com/category/e-software/">易程序</a></li>
                                <li ><a href="http://zhigao5191.com/category/electronic-circuit/">电子电路</a></li>
                                <li ><a href="http://zhigao5191.com/category/random-thoughts/">随想</a></li>
                                <li ><a href="http://zhigao5191.com/category/share/">分享</a></li>
                                <li ><a href="http://zhigao5191.com/category/gourmet/">美食空间</a></li>
                            <li><a href="http://zhigao5191.com/xiazai.html" title="下载">下载</a></li>
        </ul>
   </div>

  </div>

  </div><!-- #header end -->  <div id="contents" class="clearfix">

   <div id="left_col">

    <div class="post_odd">
     <div class="post clearfix">
      <div class="post_content_wrapper">
       <h2 class="post_title"><a href="http://zhigao5191.com/computer-network/openwrt-openvpn53-udp.html" rel="bookmark">openwrt下openvpn 53端口UDP VPN架设 </a></h2>
       <div class="post_content">
        <p>&nbsp;&nbsp;&nbsp;&nbsp; 看了openwrt.org.cn的关于OPENWRT下OPENVPN服务器架设，一直尝试着在自己的DB120下架设VPN服务器。而用途最广的就要数53 UDP端口的OPENVPN服务器。</p>
<p>&nbsp;&nbsp;&nbsp; 参照教程方法，证书一直都弄不好，后来下载WINDOWS版OPENVPN，在WINDOWS下生成证书，再将证书复制进DB120B。</p>
<p>试着将端口改为53 UDP，OPENVPN一直不能正常运行。查阅有关资料，发现是DHCP占用了53端口，将DHCP服务终止掉（本人最先使用更改DHCP服务文件文件名阻止DHCP服务，后来发现可以使用软件管理DHCP服务，详见<a href="http://www.zhigao5191.com/computer-network/44.html">OPENWRT 启动管理器 Initscripts 安装与使用</a>），OPENVPN已经可以运行了。连载LAN口的电脑已经可以通过OPENVPN客户端连接OPENVPN了。但由于路由的DHCP服务被终止，所以只能手动指定IP。因为上级路由无法做端口映射，所以并未测试远端电脑是否可以通过DB120 WAN口连接VPN并共享本地IP上网。所以最终并未采取这种方案，有兴趣的朋友可以测试下这种方案。</p>
<!--more--><p>&nbsp;&nbsp;&nbsp;&nbsp; 我最终所采取的方案是双DB120。主DB120连接ADSL拨号，LAN使用192.168.1.X 网段，二级DB120 WAN连接一级DB120使用192.168.2.X网段，并指定IP为192.168.1.2。OPENVPN安装在二级路由上，并设置OPENVPN服务器端口为54 UDP，然后在一级路由中添加端口映射，如下图</p>
<p><a title="openvpn.jpg" href="http://www.zhigao5191.com/attachment/84/"><img alt="openvpn.jpg" src="http://zhigao5191.com/action/Watermark?mark=L3Vzci91cGxvYWRzLzIwMTEvMDcvMTM4MjgxNjI3NS5qcGc=" /></a></p>
<p>&nbsp;&nbsp;&nbsp; 将外部端口设置为53，协议选择TCP+UDP（这个可以根据自身情况选择），内部IP设置为二级路由WAN IP，内部端口设置为54（跟二级路由上的OPENVPN服务端端口相同即可）</p>
<p>&nbsp;&nbsp;&nbsp; 现在已经远端电脑已经可以连接到二级路由上的VPN了，并且获取到二级路由的IP（192.168.2.X），然而远端电脑的外网IP并不是OPENVPN的外网IP。按照原教程设置虚拟连接 跃点计数 依然不行。经多放查找资料，原来是要将远端电脑网关设置成二级路由内网IP。具体方法只需在客户端配置文件中加入</p>
<p>route-gateway 192.168.2.1 <br />
redirect-gateway </p>
<p>即可。</p>
<p>经测试本VPN可以绕过高校内WLAN捷锐WEB验证，CMCC和ChinaNET 貌似已经封堵了此漏洞</p>
<p>&nbsp;</p>
<p>下面是本人的</p>
my-vpn.conf文件<p>&nbsp;</p>
[code=php]dev tap0
port 54
proto udp
comp-lzo yes
keepalive 10 60
verb 3
secret /etc/openvpn/static.key
#ca /etc/openvpn/ca.crt
#dh /etc/openvpn/dh1024.pem
#cert /etc/openvpn/server.crt
#key /etc/openvpn/server.key
#status-version 2
log /etc/openvpn/openvpn0.log
status /etc/openvpn/server.status
#tls-auth /etc/openvpn/ta.key 0 
# Custom Configuration
#auth-user-pass-verify /etc/openvpn/checkpsw.sh via-env
#client-cert-not-required
#username-as-common-name  [/code] <p>client.ovpn文件</p>
<p>&nbsp;</p>
[code=php]#tls-client
dev tap0
secret key.txt      ##这是前面生成的共享密钥文件，你可以复制到客户端自行改名
proto udp
remote XXX.XXX.XXX.XXX 53                     ##路由器的IP地址(动态域名)和端口，
keepalive 10 60
route-gateway 192.168.2.1              ##路由器网关地址也就是路由器私网地址
redirect-gateway 
verb 3
float
#ca ca.crt
#cert client1.crt
#key client1.key
#tls-auth ta.key 1
#ns-cert-type server
comp-lzo
#auth-user-pass
script-security 3[/code]<p>&nbsp;</p>
<p>&nbsp;</p>
<p>以下是<a href="http://www.openwrt.org.cn/bbs/viewthread.php?tid=365&amp;extra=page%3D1" target="_blank">http://www.openwrt.org.cn/bbs/viewthread.php?tid=365&amp;extra=page%3D1</a>原文，桥接脚本以及OPENVPN安装可参考下文</p>
<span class="t_tag" href="http://www.openwrt.org.cn/bbs/tag.php?name=%E7%BD%91%E7%BB%9C">网络</span>上关于Linux下架设openvpn的资料很多，openwrt也是<span class="t_tag" href="http://www.openwrt.org.cn/bbs/tag.php?name=linux">linux</span>，所以基本<span class="t_tag" href="http://www.openwrt.org.cn/bbs/tag.php?name=%E8%AE%BE%E7%BD%AE">设置</span>大同小异，但关于openwrt下的vpn网络环境设置<span class="t_tag" href="http://www.openwrt.org.cn/bbs/tag.php?name=%E4%B8%AD%E6%96%87">中文</span>资料很少！现将自已的设置过程贴出，仅供大家参考！<br />
一、openvpn简介<br />
&nbsp; &nbsp;&nbsp; &nbsp;OpenVPN是一个用于创建虚拟专用网络加密通道的软件包，最早由James Yonan编写。<br />
　　OpenVPN允许参与建立VPN的单点使用预设的私钥，第三方证书，或者用户名/密码来进行身份验证。它大量使用了OpenSSL加密库，以及SSLv3/TLSv1协议。<br />
　　OpenVPN能在Linux、xBSD、Mac OS X与Windows 2000/XP上运行。它并不是一个基于Web的VPN软件，也不与IPsec及其他VPN软件包兼容。 Openvpn的优点或者是区别于<span class="t_tag" href="http://www.openwrt.org.cn/bbs/tag.php?name=pptp">pptp</span>的是：设置灵活，<span class="t_tag" href="http://www.openwrt.org.cn/bbs/tag.php?name=%E5%8A%9F%E8%83%BD">功能</span>强大，支持自定义端口，支持tcp或udp协议，支持http和sock代理，支持加密遂道。<br />
&nbsp; &nbsp; openvpn网址：<a href="http://openvpn.net/" target="_blank">http://openvpn.net/</a>&nbsp; &nbsp;&nbsp;&nbsp;<span class="t_tag" href="http://www.openwrt.org.cn/bbs/tag.php?name=%E5%BB%BA%E8%AE%AE">建议</span>新手先安装win版openvpn熟悉相关设置和使用！<br />
详见：<a href="http://forum.51nb.com/viewthread.php?tid=334401&amp;extra=page%253D1&amp;page=1" target="_blank">http://forum.51nb.com/viewthread ... a=page%253D1&amp;page=1</a><br />
二、openvpn安装设置<br />
&nbsp; &nbsp; openwrt的软件包中包含有最新版的openvpn 2.1.1 ，web界面安装就行了！ <br />
（<span style="color:red;">注意：BCM6358系列现有openwrt0414中文版需要单独重新安装admin提供的kmod-tun,详见： <a href="http://www.openwrt.com.cn/bbs/viewthread.php?tid=219&amp;extra=page%3D1" target="_blank">http://www.openwrt.com.cn/bbs/vi ... =219&amp;extra=page%3D1</a>&nbsp;&nbsp;五楼，kmod-tun安装后需要重启<span class="t_tag" href="http://www.openwrt.org.cn/bbs/tag.php?name=%E8%B7%AF%E7%94%B1">路由</span>器才能启用，后续新版要看具体情况确定需不需要单独安装kmod-tun</span>）<br />
&nbsp; &nbsp; openvpn的配置有点对点、路由、<span class="t_tag" href="http://www.openwrt.org.cn/bbs/tag.php?name=%E6%A1%A5%E6%8E%A5">桥接</span>等多种模式，用户验证方式有<span class="t_tag" href="http://www.openwrt.org.cn/bbs/tag.php?name=%E5%85%B1%E4%BA%AB">共享</span>密钥、动太证书、用户口令等多种方式，本次教程只介绍最简单的静态密钥+桥接模式配置！！好了，现在步入正题。<br />
1、 首先确认openwrt的wan、lan正常使用中，安装虚拟网卡<span class="t_tag" href="http://www.openwrt.org.cn/bbs/tag.php?name=%E9%A9%B1%E5%8A%A8">驱动</span>模块kmod-tun和openvpn，openvpn-easy-rsa是用于生成密钥和证书，如果需要用到数据压缩功能传输，请安装lzo模块。我自已是以前就在winxp下使用win版openvpn生成了密钥和证书（以前在TOMATO下架设VPN），然后拷入到/etc/openvpn目录中使用，如果你需要在openwrt下生成密钥和证书，就请安装openvpn-easy-rsa部件，使用方法详见附件！<br />
<img id="aimg_293" class="zoom" alt="vpn1.jpg" src="http://zhigao5191.com/action/Watermark?mark=L2Jicy9hdHRhY2htZW50cy9tb250aF8xMDA1LzEwMDUwMjE2MjVmODM5OTVjNzY4YTY1MGEyLmpwZw==" width="600" /> <br />
<br />
2、 启用虚拟网卡tap0并加入br-lan网桥。 这个是关键地方，这种方法是openwrt推荐的方法，也是网络设置最简便的。<br />
原理是将虚拟网卡tap0接口加入已经建立的br-lan网桥中，所有经tap0接入的连接全部视同lan接入，无需重新配置nat、forward等。<br />
root@<span class="t_tag" href="http://www.openwrt.org.cn/bbs/tag.php?name=OpenWrt">OpenWrt</span># brctl show&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp; ##显示现有网桥情况<div class="blockcode">
<div id="code0">
<ol>
<li>bridge name&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;bridge id&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp; STP enabled&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;interfaces<br />
</li>
<li>br-lan&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp; 8000.007404037df3&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;no&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp; eth1.0<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;wlan0</li>
</ol>
</div>
<em>复制代码</em></div>
3、建立网桥启动脚本：/etc/openvpn/startupscript，内容如下：<div class="blockcode">
<div id="code1">
<ol>
<li>#!/bin/sh<br />
</li>
<li>#/etc/openvpn/startupscript<br />
</li>
<li># OpenVPN Bridge Config File<br />
</li>
<li># Creates TAP devices for use by OpenVPN and bridges them into OpenWRT Bridge<br />
</li>
<li># Taken from http://openvpn.net/bridge.html<br />
</li>
<li># Define Bridge Interface<br />
</li>
<li># Preexisting on OpenWRT<br />
</li>
<li>br="br-lan"<br />
</li>
<li># Define list of TAP interfaces to be bridged,<br />
</li>
<li># for example tap="tap0 tap1 tap2".<br />
</li>
<li>tap="tap0"<br />
</li>
<li>case "$1" in<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;up)<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp; # Make sure module is loaded<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp; insmod tun<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp; # Build tap devices<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp; for t in $tap; do<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;openvpn --mktun --dev $t<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp; done<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp; # Add TAP interfaces to OpenWRT bridge<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp; for t in $tap; do<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;brctl addif $br $t<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp; done<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp; #Configure bridged interfaces<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp; for t in $tap; do<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;ifconfig $t 0.0.0.0 promisc up<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp; done<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;;;<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;down)<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp; for t in $tap; do<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;ifconfig $t 0.0.0.0 down<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp; done<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp; for t in $tap; do<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;brctl delif $br $t<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp; done<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp; for t in $tap; do<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;openvpn --rmtun --dev $t<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp; done<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp; rmmod tun<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;;;<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;*)<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp; echo "$0 {up|down}"<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;;;<br />
</li>
<li>esac</li>
</ol>
</div>
<em>复制代码</em></div>
修改脚本执行权限：chmod +x /etc/openvpn/startupscript<br />
然后执行一次：<br />
/etc/openvpn/startupscript&nbsp;&nbsp;up<br />
<br />
就可以将tap0加入到br-lan桥中了。<br />
root@OpenWrt# brctl show&nbsp; &nbsp;&nbsp; &nbsp;###显示现有网桥情况，多了个tap0 .<div class="blockcode">
<div id="code2">
<ol>
<li>bridge name&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;bridge id&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp; STP enabled&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;interfaces<br />
</li>
<li>br-lan&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp; 8000.007404037df3&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;no&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp; eth1.0<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;wlan0<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;tap0</li>
</ol>
</div>
<em>复制代码</em></div>
每次重启路由后，你需要重新执行一次脚本才能正常启用openvpn，你也可以修改一下将启动脚本放到/etc/init.d/，增加/etc/rc.d启动项，做到开机自动启动。更简单的办法是：将/etc/openvpn/startupscript&nbsp;&nbsp;up 加入到/etc/rc.local中开机自动启动网桥部分！！<br />
<br />
ok，openvpn的网络环境基本完成。<br />
4、生成共享密钥<br />
使用如下命令生成静态密钥：<br />
openvpn --genkey --secret static.key<br />
openvpn的所有配置文件都在etc/openvpn这个目录下！生成的static.key位于/etc/openvpn，你可以将这个文件复制到<span class="t_tag" href="http://www.openwrt.org.cn/bbs/tag.php?name=%E5%AE%A2%E6%88%B7%E7%AB%AF">客户端</span>使用。静态密钥文件由ascii组成，就像下面这样：<div class="blockcode">
<div id="code3">
<ol>
<li>-----BEGIN OpenVPN Static key V1-----<br />
</li>
<li>e5e4d6af39289d53<br />
</li>
<li>171ecc237a8f996a<br />
</li>
<li>97743d146661405e<br />
</li>
<li>c724d5913c550a0c<br />
</li>
<li>30a48e52dfbeceb6<br />
</li>
<li>e2e7bd4a8357df78<br />
</li>
<li>4609fe35bbe99c32<br />
</li>
<li>bdf974952ade8fb9<br />
</li>
<li>71c204aaf4f256ba<br />
</li>
<li>eeda7aed4822ff98<br />
</li>
<li>fd66da2efa9bf8c5<br />
</li>
<li>e70996353e0f96a9<br />
</li>
<li>c94c9f9afb17637b<br />
</li>
<li>283da25cc99b37bf<br />
</li>
<li>6f7e15b38aedc3e8<br />
</li>
<li>e6xxxxxxxxxxxxx63<br />
</li>
<li>-----END OpenVPN Static key V1-----</li>
</ol>
</div>
<em>复制代码</em></div>
5、openvpn服务端配置<br />
/etc/openvpn/my-vpn.conf<div class="blockcode">
<div id="code4">
<ol>
<li>dev tap0<br />
</li>
<li>port 443<br />
</li>
<li>proto tcp-server<br />
</li>
<li>comp-lzo yes<br />
</li>
<li>keepalive 10 60<br />
</li>
<li>verb 3<br />
</li>
<li>secret /etc/openvpn/static.key<br />
</li>
<li>#ca /etc/openvpn/ca.crt<br />
</li>
<li>#dh /etc/openvpn/dh1024.pem<br />
</li>
<li>#cert /etc/openvpn/server.crt<br />
</li>
<li>#key /etc/openvpn/server.key<br />
</li>
<li>#status-version 2<br />
</li>
<li>log /etc/openvpn/openvpn0.log<br />
</li>
<li>status /etc/openvpn/server.status<br />
</li>
<li>#tls-auth /etc/openvpn/ta.key 0 <br />
</li>
<li># Custom Configuration<br />
</li>
<li>#auth-user-pass-verify /etc/openvpn/checkpsw.sh via-env<br />
</li>
<li>#client-cert-not-required<br />
</li>
<li>#username-as-common-name </li>
</ol>
</div>
<em>复制代码</em></div>
6、启动openvpn服务 （启动前记得将<span class="t_tag" href="http://www.openwrt.org.cn/bbs/tag.php?name=%E9%98%B2%E7%81%AB%E5%A2%99">防火墙</span>的wan相应端口打开，这里是443 ）<br />
openvpn --daemon --config /etc/openvpn/my-vpn.conf<br />
PS：<br />
openwrt本身自带Luci-openvpn配置页面，UCI配置vpn服务参数差不多，我只是图简单手工修改配置文件，用指定配置文件来启动openvpn。<br />
<br />
5月5日更新： <span style="color:red;">&nbsp; &nbsp;增加luci设置openvpn服务方法：</span><br />
<br />
5-2-1、web界面安装luci-app-openvpn，在-服务--openvpn里设置:<br />
a、直接利用custom_config调用自定义配置文件；<br />
b、修改sample_server配置内容或新建vpn0配置：如图：<br />
<img id="aimg_315" class="zoom" alt="11.jpg" src="http://zhigao5191.com/action/Watermark?mark=L2Jicy9hdHRhY2htZW50cy9tb250aF8xMDA1LzEwMDUwNTEwMjMyZTU3M2MzOTQ0NTdlZDFhLmpwZw==" width="600" /> <br />
<br />
5-2-2、通过luci修改custom_config、sample_server或vpn0的配置相关内容如下( 或者直接修改/etc/config/openvpn文件内容）：<div class="blockcode">
<div id="code5">
<ol>
<li>config 'openvpn' 'custom_config'<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;option 'config' '/etc/openvpn/my-vpn.conf'&nbsp; &nbsp;&nbsp; &nbsp;#自定义调用前面的my-vpn.conf ，暂不用此配置&nbsp; &nbsp;&nbsp; &nbsp;<br />
</li>
<li><br />
</li>
<li>config 'openvpn' 'sample_server'&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;option 'port' '443'<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;option 'dev' 'tap0'<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;option 'ca' '/etc/openvpn/ca.crt'<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;option 'cert' '/etc/openvpn/server.crt'<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;option 'key' '/etc/openvpn/server.key'<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;option 'dh' '/etc/openvpn/dh1024.pem'<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;option 'keepalive' '10 120'<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;option 'comp_lzo' '1'<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;option 'persist_key' '1'<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;option 'persist_tun' '1'<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;option 'log' '/etc/openvpn/openvpn.log'<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;option 'verb' '3'<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;option 'enable' '0'&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;#0.不启用<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;option 'proto' 'tcp'<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;option 'client_to_client' '1'<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;option 'dev_type' 'tap'<br />
</li>
<li><br />
</li>
<li>config 'openvpn' 'sample_client'<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;option 'enable' '0'&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;#0.不启用<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;option 'client' '1'<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;option 'dev' 'tun'<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;option 'proto' 'udp'<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;list 'remote' 'my_server_1 1194'<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;option 'resolv_retry' 'infinite'<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;option 'nobind' '1'<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;option 'persist_key' '1'<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;option 'persist_tun' '1'<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;option 'ca' '/etc/openvpn/ca.crt'<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;option 'cert' '/etc/openvpn/client.crt'<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;option 'key' '/etc/openvpn/client.key'<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;option 'comp_lzo' '1'<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;option 'verb' '3'<br />
</li>
<li><br />
</li>
<li>config 'openvpn' 'vpn0'<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp; option 'enable' '1'&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;# 1.启用<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp; option 'port' '443'<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;option 'dev' 'tap0'<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;option 'comp_lzo' '1'<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;option 'secret' '/etc/openvpn/static.key'<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;option 'verb' '3'<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;option 'dev_type' 'tap'<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;option 'proto' 'tcp-server'<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp; option 'persist_key' '1'<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;option 'persist_tun' '1'<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;option 'log' '/etc/openvpn/openvpn.log'<br />
</li>
<li>&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;option 'keepalive' '10 60'</li>
</ol>
</div>
<em>复制代码</em></div>
5-2-3、OK，openvpn服务配置完成，重新启动<span class="t_tag" href="http://www.openwrt.org.cn/bbs/tag.php?name=%E8%B7%AF%E7%94%B1%E5%99%A8">路由器</span>opevpn服务就会自动启动，或者手工启动vpn:<br />
/etc/init.d/openvpn start <br />
用ps命令可以看到openvpn进程了，说明成功启动！<div class="blockcode">
<div id="code6">
<ol>
<li>3790 root&nbsp; &nbsp;&nbsp; &nbsp;3000 S&nbsp; &nbsp; /usr/sbin/openvpn --syslog openvpn(vpn0) --writepid /<br />
</li>
<li>3791 root&nbsp; &nbsp;&nbsp; &nbsp;1308 R&nbsp; &nbsp; ps</li>
</ol>
</div>
<em>复制代码</em></div>
7、客户端的配置<br />
win版openvpn客户端配置文件: /programs/openvpn/config/client.ovpn<div class="blockcode">
<div id="code7">
<ol>
<li>#tls-client<br />
</li>
<li>dev tap0<br />
</li>
<li>secret key.txt&nbsp; &nbsp;&nbsp; &nbsp;##这是前面生成的共享密钥文件，你可以复制到客户端自行改名<br />
</li>
<li>;http-proxy-retry<br />
</li>
<li>;http-proxy xxx.xxx.xxx.xx 80 authfile ##代理服务器地址和端口+自动验证代理用户口令文件<br />
</li>
<li>proto tcp-client<br />
</li>
<li>remote 192.168.3.1 443&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;##路由器的IP地址(动态域名)和端口，<br />
</li>
<li>keepalive 10 60<br />
</li>
<li>verb 3<br />
</li>
<li>float<br />
</li>
<li>#ca ca.crt<br />
</li>
<li>#cert cfan.crt<br />
</li>
<li>#key cfan.key<br />
</li>
<li>#tls-auth ta.key 1<br />
</li>
<li>#ns-cert-type server<br />
</li>
<li>comp-lzo<br />
</li>
<li>#auth-user-pass</li>
</ol>
</div>
<em>复制代码</em></div>
使用这个配置文件启动openvpn客户端连接，就可以在任何地方上网连上openvpn，并获得内网lan网段的IP，自由访问内网资源!!!!<br />
至于这么复杂架设个openvpn有什么作用？大家baidu一下就知道啦！自已发挥想像吧！<br />
提示一下：利用vpn可以突破各种内网封锁、自由上网，运气好你还可以免费使用chinanet-wlan（网上有收费的vpn，其实也是改造过的openvpn）<br />
<span style="color:red;">20100731更新：<br />
注意：按照本教程设置后，客户端连接vpn，正常情况下应该就能通过VPN通道上外网了，可以登录<a href="http://www.ip138.com/" target="_blank">www.ip138.com</a>验证你的外网IP，这也就是所谓的vpn翻墙技术。<br />
部分网友反应：客户端连接VPN正常，但不能通过VPN上外网，这是win双网关的路由问题，当同时有两个本地连接时，所有网络连接默认走的会是缺省网关路由，如果你的缺省网关是本地连接(即非vpn网关)，那么就无法通过vpn连接上外网的。<span class="t_tag" href="http://www.openwrt.org.cn/bbs/tag.php?name=%E8%A7%A3%E5%86%B3">解决</span>办法是手工调整路由跃点数值来控制在 IP 流量路由中首先使用的网络接口，即调整缺省网关：<br />
WinXP通过ipconfig /all，可以看到两个本地连接都有自已的网关，通过route print 查看路由表信息，如下：<br />
Network Destination&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;Netmask&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp; Gateway&nbsp; &nbsp;&nbsp; &nbsp; Interface&nbsp;&nbsp;Metric<br />
0.0.0.0&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp; 0.0.0.0&nbsp; &nbsp;&nbsp; &nbsp;192.168.1.1&nbsp; &nbsp;&nbsp;&nbsp;192.168.1.8&nbsp; &nbsp;&nbsp; &nbsp; 25&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;#本地连接的路由<br />
0.0.0.0&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp; 0.0.0.0&nbsp; &nbsp;&nbsp;&nbsp;192.168.2.1&nbsp;&nbsp;192.168.2.205&nbsp; &nbsp;&nbsp; &nbsp; 30&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;#vpn连接的路由<br />
......<br />
Default Gateway:&nbsp; &nbsp;&nbsp; &nbsp; 192.168.1.1&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp; #缺省网关<br />
<br />
最后一行 192.168.1.1&nbsp; &nbsp; #这是缺省的本地连接网关，需要将默认网关改为VPN的网关。方法如下：<br />
将客户端PC"本地连接"的TC/IP属性中-高级-自动跃点计数改为手动，设为：30或大于30（这个数值根据你的实际值确定） ！<br />
（或者也可以将客户端PC"本地连接2"（tap32)的TC/IP属性中-高级-自动跃点计数改为手动，设为:25或小于25）<br />
也就是说默认网关是根据较小的跃点数网关确定首选路由的！！<br />
再查看route print ,路由表需要变成：<br />
<br />
0.0.0.0&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp; 0.0.0.0&nbsp; &nbsp;&nbsp; &nbsp;192.168.1.1&nbsp; &nbsp;&nbsp;&nbsp;192.168.1.8&nbsp; &nbsp;&nbsp; &nbsp; 30<br />
0.0.0.0&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp; 0.0.0.0&nbsp; &nbsp;&nbsp;&nbsp;192.168.2.1&nbsp;&nbsp;192.168.23.205&nbsp; &nbsp;&nbsp; &nbsp; 30<br />
....<br />
Default Gateway:&nbsp; &nbsp;&nbsp; &nbsp; 192.168.2.1<br />
<br />
此时就应该可以通过vpn通道上外网了。<br />
或者设置本地连接为静态IP，不设网关，手工添加本地路由，设置本地连接2（VPN）为自动获取IP、<span class="t_tag" href="http://www.openwrt.org.cn/bbs/tag.php?name=DNS">DNS</span>，效果是一样的！<br />
手工添加本地路由：route add 0.0.0.0 mask 0.0.0.0 192.168.1.1 metric 30<br />
<br />
有关“跃点计数”知识的简介：<br />
<a href="http://baike.baidu.com/view/1781753.htm?fr=ala0_1_1" target="_blank">http://baike.baidu.com/view/1781753.htm?fr=ala0_1_1</a><br />
<a href="http://winsvr.org/info/info.php?sessid=&amp;infoid=61" target="_blank">http://winsvr.org/info/info.<span class="t_tag" href="http://www.openwrt.org.cn/bbs/tag.php?name=php">php</span>?sessid=&amp;infoid=61 </a><br />
<br />
<br />
</span><br />
<br />
<br />
至此openvpn共享密钥+桥接模式的配置完成！ <br />
多用户证书验证和text用户口令验证在openwrt下测试通过！ 其他模式大家可以自行研究！！！<br />
<br />
附上自已收集的OpenVPN 配置全集.pdf<img class="absmiddle" alt="" src="http://zhigao5191.com/action/Watermark?mark=L2Jicy9pbWFnZXMvYXR0YWNoaWNvbnMvcGRmLmdpZg==" border="0" /> <span style="white-space:nowrap;" id="attach_294"><a href="http://www.openwrt.org.cn/bbs/attachment.php?aid=Mjk0fGJiMzk3ZjZhfDEzMDk2MDE4NDR8NTM5NmR2ZHNuREphaU05QUJDS2M2TzNBdzdHaTVzazZCS1dnMXgzR3E3d1FJSU0%3D" target="_blank"><strong>OpenVPN 配置全集.pdf</strong></a></span> (787.69 KB)       </div>
      </div>
      <dl class="post_meta">
        <dt class="meta_date">2011</dt>
         <dd class="post_date">07<span>/02</span></dd>
        <dt>POSTED BY</dt>
         <dd>zhigao1986</dd>
        <dt>CATEGORY</dt>
         <dd><a href="http://zhigao5191.com/category/computer-network/">电脑网络</a></dd>
        <dt class="meta_comment"><a href="http://zhigao5191.com/computer-network/openwrt-openvpn53-udp.html#comments">No Comments</a></dt>
      </dl>
     </div>
    </div>
<div class="content_noside">
<div id="comments">
 <div id="comment_header" class="clearfix">
  <ul id="comment_header_left">
   <li id="add_comment"><a href="#respond">Write comment</a></li>
   <li id="comment_feed"><a href="#">Comments RSS</a></li>
  </ul>

  <ul id="comment_header_right">
    <li id="comment_closed">No Comments Yet</li>
  </ul>
 </div>
<div id="comment_area">
                        
                        <div id="respond-post-81" class="respond">
            
            <div class="cancel-comment-reply">
            <a id="cancel-comment-reply-link" href="http://zhigao5191.com/computer-network/openwrt-openvpn53-udp.html#respond-post-81" rel="nofollow" style="display:none" onclick="return TypechoComment.cancelReply();">取消回复</a>            </div>
            
		<h4 id="response">添加新评论 &raquo;</h4>
<fieldset class="comment_form_wrapper" id="respond">
 <form method="post" action="http://zhigao5191.com/computer-network/openwrt-openvpn53-udp.html/comment" id="commentform">
   <div id="comment_user_login">
                   <div id="guest_info">
	<div id="guest_name">
           <label for="author"><span>NAME</span>required</label>
	   <input type="text" name="author" id="author" class="text" size="22" tabindex="1" value="" />
	</div>
	<div id="guest_email">
           <label for="mail"><span>E-MAIL</span>required - will not be published</label>
	   <input type="text" name="mail" id="mail" class="text" size="22" tabindex="2" value="" />
	</div>
	<div id="guest_email">
           <label for="url"><span>URL</span></label>
	   <input type="text" name="url" id="url" class="text" size="22" tabindex="3" value="" />
	</div>
                        <div id="comment_textarea">
            <textarea name="text" id="comment" cols="50" rows="10" tabindex="4"></textarea>
        </div>
        <div id="submit_captcha">
           <img src="http://zhigao5191.com/action/captcha" alt="captcha" onclick="this.src = this.src + '?' + Math.random()" style="cursor: pointer" title="刷新验证码" valign="middle" height="22px" /><input type="text" class="captcha" name="captcha" size=4 /> <strong> </strong>        </div>
        <div id="submit_comment_wrapper">
           <input name="submit" type="submit"  id="submit_comment" tabindex="5" value="Submit Comment" />
        </div>
 </form>
</fieldset>
</div>
    </div></div>
</div>
   </div><!-- #left_col end -->
<div id="right_col">
  <div id="information_area" class="clearfix">
   <div class="side_box" id="information">
    <h3>INFORMATION</h3>
    <div id="information_contents">zhigao5191<br>E-mail:zhigao1986@126.com</div>
   </div>
   <div id="entries_rss">
    <a href="http://zhigao5191.com/feed/" title="Entries RSS" >RSS FEED</a></div>
   </div>
  <div class="side_box" id="search_area_top">
   <div id="search_area" class="clearfix">
    <form method="get" action="" target="_top">
     <div><input type="text" name="s" id="search_input" value="Search" onfocus="this.value=''; changefc('white');" />
     <input type="image" src="http://www.zhigao5191.com/usr/themes/mzai/images/search_button.gif" id="search_button" />
     </div>
    </form>
   </div>
  </div>

   <div class="side_box">
   <h3>RECENT POSTS</h3>
     <ul><li><a href="http://zhigao5191.com/computer-network/di-gong-hao-esp8266-4-wei-zhi-neng-cha-zuo.html">低功耗ESP8266 4位智能插座（开源）</a></li><li><a href="http://zhigao5191.com/computer-network/esp8266-airkiss-arduino-ied-pei-wang-yuan-ma.html">ESP8266 airkiss Arduino IED配网 源码</a></li><li><a href="http://zhigao5191.com/electronic-circuit/fen-xiang-2-zhong-zi-zhi-guang-he-wei-lai-n1-esp8266-dht11-jian-yi-shao-lu-xian.html">分享2种 自制 光和未来N1 ESP8266 DHT11 简易烧录线</a></li><li><a href="http://zhigao5191.com/computer-network/guang-he-wei-lai-esp8266-dht11-jie-ru-wo-niu-hei-qun-hui-mqtt--home-assistant.html">光合未来ESP8266+DHT11接入蜗牛黑群晖 MQTT+ Home Assistant</a></li><li><a href="http://zhigao5191.com/computer-network/shoujiguishudi.html">手机归属地查询不好用，要收费，一气之下自己整个查询API</a></li><li><a href="http://zhigao5191.com/computer-network/chongdianLEDdeng.html">充电LED灯【3D打印】</a></li><li><a href="http://zhigao5191.com/computer-network/R99zhuanhuanjia.html">R99充电器转换夹【3D打印】</a></li><li><a href="http://zhigao5191.com/electronic-circuit/dang-gou-zhui-ju-bang-hf107-chai-ji.html">当狗追剧棒HF107拆机</a></li><li><a href="http://zhigao5191.com/e-software/fenxiangyigeeyuyanruanjianjiemian.html">分享一个E语言软件界面</a></li><li><a href="http://zhigao5191.com/computer-network/R1rootjiaocheng.html">斐讯R1 root小白版教程 【转】</a></li></ul>
   </div>
   <div class="side_box">
   <h3>RECENT COMMENTS</h3>
    <ul>
	            </ul>
   </div>
   <div class="side_box">
   <h3>ARCHIVES</h3>
    <ul class="li2"><li><a href="http://zhigao5191.com/2022/05/">2022 May</a></li><li><a href="http://zhigao5191.com/2021/06/">2021 Jun</a></li><li><a href="http://zhigao5191.com/2021/01/">2021 Jan</a></li><li><a href="http://zhigao5191.com/2020/03/">2020 Mar</a></li><li><a href="http://zhigao5191.com/2020/02/">2020 Feb</a></li><li><a href="http://zhigao5191.com/2020/01/">2020 Jan</a></li><li><a href="http://zhigao5191.com/2016/10/">2016 Oct</a></li><li><a href="http://zhigao5191.com/2015/11/">2015 Nov</a></li><li><a href="http://zhigao5191.com/2015/10/">2015 Oct</a></li><li><a href="http://zhigao5191.com/2015/05/">2015 May</a></li><li><a href="http://zhigao5191.com/2014/11/">2014 Nov</a></li><li><a href="http://zhigao5191.com/2013/10/">2013 Oct</a></li><li><a href="http://zhigao5191.com/2013/07/">2013 Jul</a></li><li><a href="http://zhigao5191.com/2013/02/">2013 Feb</a></li><li><a href="http://zhigao5191.com/2012/11/">2012 Nov</a></li><li><a href="http://zhigao5191.com/2012/10/">2012 Oct</a></li><li><a href="http://zhigao5191.com/2012/08/">2012 Aug</a></li><li><a href="http://zhigao5191.com/2012/05/">2012 May</a></li><li><a href="http://zhigao5191.com/2011/12/">2011 Dec</a></li><li><a href="http://zhigao5191.com/2011/11/">2011 Nov</a></li><li><a href="http://zhigao5191.com/2011/10/">2011 Oct</a></li><li><a href="http://zhigao5191.com/2011/09/">2011 Sep</a></li><li><a href="http://zhigao5191.com/2011/08/">2011 Aug</a></li><li><a href="http://zhigao5191.com/2011/07/">2011 Jul</a></li><li><a href="http://zhigao5191.com/2011/06/">2011 Jun</a></li><li><a href="http://zhigao5191.com/2011/05/">2011 May</a></li><li><a href="http://zhigao5191.com/2011/04/">2011 Apr</a></li></ul>
   </div>
   <div class="side_box">
   <h3>BLOG ROLL</h3>
    <ul class="li2"><li><a href="http://www.hgmidea.tk" title="黄冈美的" target="_blank">黄冈美的</a></li>
<li><a href="http://8765.8800.org" title="OPENWRT挂载的小站" target="_blank">时光机器</a></li>
<li><a href="http://www.hgmidea.com" title="" target="_blank">黄冈美的</a></li>
<li><a href="http://m.kuaidi100.com" title="" target="_blank">快递查询</a></li>
<li><a href="http://cloud.zhigao5191.com:400/" title="本站下载" target="_blank">本站下载</a></li>
</ul>
   </div>
   <div class="side_box">
   <h3>OTHERS</h3>
<ul>
                        <li class="last"><a href="http://zhigao5191.com/admin/login.php">登录</a></li>
                </ul>
   </div>

</div>

  </div><!-- #contents end -->
  <div id="footer">
       <ul id="copyright">
    <li style="background:none;">
           &copy; 2010-2020 <a href="http://www.zhigao5191.com/">zhigao记录分享</a> is powered by <a href="http://www.typecho.org" target="_blank">Typecho)))</a> | Theme by <a href="http://www.zhigao5191.com/" target="_blank">zhigao5191</a> | <a href="https://beian.miit.gov.cn/" target="_blank">鄂ICP备2020016566号-1</a> <script type="text/javascript">








</li>
   </ul>
  </div> 
</div>


<div id="return_top">
 <a href="#wrapper">&nbsp;</a>
</div>
<script type='text/javascript' src='http://www.zhigao5191.com/usr/plugins/HighlightSearchKeywords/src/highlight.js'></script><style type="text/css">.searchword { background-color: yellow; }</style><link rel="stylesheet" href="http://www.zhigao5191.com/usr/plugins/KindEditor/editor/plugins/code/prettify.css?v=4.1.11" />
<script charset="utf-8" src="http://www.zhigao5191.com/usr/plugins/KindEditor/editor/plugins/code/prettify.js?v=4.1.11"></script>
<script type="text/javascript">
if(document.all) {
	window.attachEvent('onload', function(){
	prettyPrint();
});
} else {
	window.addEventListener('load', function(){
	prettyPrint();
});  
}
</script><script type="text/javascript" src="http://www.zhigao5191.com/usr/plugins/SlimBox2/js/slimbox2.js"></script><script type="text/javascript">jQuery(function($) {
            $(".entry_content a:has(img)").slimbox({
                overlayOpacity: 0.75,
                overlayFadeDuration: 400,
                imageFadeDuration: 400,
                captionAnimationDuration: 400,
                loop:false,
                counterText:"Image {x} of {y}"
            });
            });</script><script type="text/javascript">
var typechoAddCommentReply = function (cid, coid, cfid, style) {
    var _ce = document.getElementById(cid), _cp = _ce.parentNode;
    var _cf = document.getElementById(cfid);

    var _pi = document.getElementById('comment-parent');
    if (null == _pi) {
        _pi = document.createElement('input');
        _pi.setAttribute('type', 'hidden');
        _pi.setAttribute('name', 'parent');
        _pi.setAttribute('id', 'comment-parent');

        var _form = 'form' == _cf.tagName ? _cf : _cf.getElementsByTagName('form')[0];

        _form.appendChild(_pi);
    }
    _pi.setAttribute('value', coid);

    if (null == document.getElementById('comment-form-place-holder')) {
        var _cfh = document.createElement('div');
        _cfh.setAttribute('id', 'comment-form-place-holder');
        _cf.parentNode.insertBefore(_cfh, _cf);
    }

    1 == style ? (null == _ce.nextSibling ? _cp.appendChild(_cf)
    : _cp.insertBefore(_cf, _ce.nextSibling)) : _ce.appendChild(_cf);

    return false;
};

var typechoCancelCommentReply = function (cfid) {
    var _cf = document.getElementById(cfid),
    _cfh = document.getElementById('comment-form-place-holder');

    var _pi = document.getElementById('comment-parent');
    if (null != _pi) {
        _pi.parentNode.removeChild(_pi);
    }

    if (null == _cfh) {
        return true;
    }

    _cfh.parentNode.insertBefore(_cf, _cfh);
    return false;
};
</script>

 <script>
var _hmt = _hmt || [];
(function() {
  var hm = document.createElement("script");
  hm.src = "https://hm.baidu.com/hm.js?bc0f0b78b9461eb2e262e6611ec6f439";
  var s = document.getElementsByTagName("script")[0]; 
  s.parentNode.insertBefore(hm, s);
})();
 </script>




</body>
</html>