【linux系统下载_学习_教程_编程_软件】提供全系列Linux发行版下载学习-Linux部落
当前位置: 主页 > Linux系统教程 > 服务应用 >

centos系统openvpn安装配置

时间:2017-08-29 16:43来源:原创 作者:admin 点击:
------分隔线----------------------------
服务端配置:
安装依赖
#yum -y install openssl-devel pam-devel
#tar xvf lzo-2.0.6.tar.gz
#cd lzo-2.0.6
#./configure
#make
#make check
#make install

安装openvpn
#tar xvf openvpn-2.2.2.tar.gz
#cd openvpn-2.2.2
#./configure --prefix=/usr/local/openvpn
#make
#make install
#mkdir /usr/local/openvpn/etc
#mkdir /usr/local/openvpn/var
#cd /root/openvpn-2.2.2
#cp sample-config-files/server.conf /usr/local/openvpn/etc/
#cp -a easy-rsa/  /usr/local/openvpn/
#cd /usr/local/openvpn/easy-rsa/2.0
 
添加环境变量
#vim /etc/profile
export EASY_RSA='/usr/local/openvpn/easy_rsa/2.0'
export KEY_CONFIG="$EASY_RSA/openssl.cnf"
export KEY_DIR="$EASY_RSA/keys"
 
#vim vars
export KEY_COUNTRY="CN"
export KEY_PROVINCE="CA"
export KEY_CITY="SZ"
export KEY_ORG="Company"
export KEY_EMAIL="test@vpn.com"
#source vars

生成服务端证书
#./clean-all
#./build-ca
#./build-key-server server
#./build-key test
#./build-dh

修改服务端配置文件
#cat /usr/local/openvpn/etc/server.conf | grep -v "^#" | grep -v "^;"|grep –v ^$
port 1194
proto udp
dev tun
ca /usr/local/openvpn/easy-rsa/2.0/keys/ca.crt
cert /usr/local/openvpn/easy-rsa/2.0/keys/server.crt
key /usr/local/openvpn/easy-rsa/2.0/keys/server.key  
dh /usr/local/openvpn/easy-rsa/2.0/keys/dh1024.pem
server 10.0.8.0 255.255.255.0
ifconfig-pool-persist /usr/local/openvpn/var/ipp.txt
push "route 192.168.100.0 255.255.255.0"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 120
comp-lzo
max-clients 100
persist-key
persist-tun
status /usr/local/openvpn/var/openvpn-status.log
log         /usr/local/openvpn/var/openvpn.log
verb 3
duplicate-cn                           #允许客户端共用证书

添加iptables规则
#iptables -A INPUT -p udp --dport 1194 -j ACCEPT
#iptables -t nat -A POSTROUTING -s 10.0.8.0/24 -j MASQUERADE 

开启路由转发
# echo 1 > /proc/sys/net/ipv4/ip_forward

启动服务端进程
#/usr/local/openvpn/sbin/openvpn --config /usr/local/openvpn/etc/server.conf
服务端安装就完成了

 
Linux openvpn客户端安装:
安装依赖
#yum -y install openssl-devel pam-devel
#tar xvf lzo-2.0.6.tar.gz
#cd lzo-2.0.6
#./configure
#make
#make check
#make install

安装openvpn
#tar xvf openvpn-2.2.2.tar.gz
#cd openvpn-2.2.2
#./configure --prefix=/usr/local/openvpn
#make
#make install

修改配置文件:
client
dev tun
proto udp
remote x.x.x.x 1194   #x.x.x.x替换成服务端的ip或者域名
resolv-retry infinite
nobind
persist-key
persist-tun
ca /usr/local/openvpn/etc/ca.crt
cert /usr/local/openvpn/etc/test.crt
key /usr/local/openvpn/etc/test.key
ns-cert-type server
comp-lzo
verb 3
log /usr/local/openvpn/var/openvpn.log

启动客户端
/usr/local/openvpn/sbin/openvpn /usr/local/openvpn/etc/client.conf &

客户端用ifconfig命令查看openvpn是否连接成功并获取到了IP
centos系统openvpn安装配置
 
已经获取到了IP,openvpn安装完成!
本文地址:http://www.linuxzone.net/server/93.html
------分隔线----------------------------
栏目列表