Centos VPs accesses the Internet through openvpn

Openvpn requires Tun support. Most vps are not enabled by default. You can use this command to detect: Cat
/Dev/NET/TUN

If the returned information is: Cat:/dev/NET/TUN: file descriptor in bad state
It means it is normal. Otherwise, send a ticket to the VPs company and ask them for help.

 

If you need to connect to openvpn to access the Internet and support the iptables_nat module, run this command to check:

Iptables-T Nat-A postrouting-s 10.8.0.0/24-ovenet0-J Masquerade

 

I found it here:/usr/share/openvpn/easy-RSA
Everyone should be the same.

Run the command CP-r/usr/share/openvpn/easy-RSA/etc/openvpn/to remove the easy-RSA folder/

 

Run the command CP-r/usr/share/openvpn/easy-RSA/etc/openvpn/to remove the easy-RSA folder/

Then enter CD/etc/openvpn/easy-RSA/2.0 to generate the certificate required by openvpn.

VI vars is used to edit environment variables. The vi usage of the editor is involved here. If you don't use it, Google it yourself.

Modify the last few lines according to the actual situation:

Export key_country = "cn"

Export key_province = "GD"

Export key_city = "GZ"

Export key_org = "black-xstar net Empire"

Export key_email = "webmaster [at] black-xstar.com"

Save and run the. vars settings.

 

Next, run./build-caserver to create a Certificate Authority.

 

 

After creating the CA, generate the server certificate and enter./build-key-server.
Server

 

Enter the command:./build-key Client1. Here, Client1 is the client name, if the second is Client2.

 

Finally, the Diffie Hellman parameter is generated:./build-DH, which takes some time.

 

 

First, CD .. go back to the upper-level directory, and then create a configuration file in VI server. conf. Enter the following content:

Port 443

PROTO TCP

Dev Tun

Ca/etc/openvpn/easy-RSA/2.0/keys/CA. CRT

CERT/etc/openvpn/easy-RSA/2.0/keys/server. CRT

Key/etc/openvpn/easy-RSA/2.0/keys/server. Key

DH/etc/openvpn/easy-RSA/2.0/keys/dh1024.pem

Server 10.8.0.0 255.255.255.0

Push "Redirect-Gateway def1"

Push "DHCP-option DNS 208.67.222.222"

Push "DHCP-option DNS 208.67.220.220"

Client-to-client

Keepalive 10 120

Comp-lzo

Persist-Key

Persist-Tun

Verb 3

 

So far, openvpn has been configured. Next, set Internet access.

Enter VI/etc/sysctl. conf to start editing, and change net. ipv4.ip _ forward = 0 to net. ipv4.ip _ forward =
1. Save. Then run the sysctl-p command.

Enter iptables-T Nat-A postrouting-s10.8.0.0/24-j snat -- to-source 1.2.3.4 to add the rule. Note that the IP address of your VPS is changed to 1.2.3.4.

 

Iptables-F postrouting-T Nat

Iptables-T Nat-A postrouting-s10.8.0.0/24-j snat -- to-Source
'Curl http: // 169.254.169.254/2008-02-01/meta-data/local-ipv4-Q'

 

Then save iptables settings with/etc/init. d/iptables save, and then/etc/init. d/iptables
Restart restart.

 

Add openvpn to start up, use vi
/Etc/rc. Local: Click Edit and add/usr/sbin/openvpn -- config/etc/openvpn/server. conf & to the end.

 

 

Then, find the ca. CRT, client1.crt, and client1.key files in the downloaded keys folder and put them in C: \ Program.
Files \ openvpn \ config.

Create a text file named "client1.ovpn" and enter the following content:

Client

Dev Tun

PROTO TCP

Remote 1.2.3.4 443

Resolv-retry infinite

Nobind

Persist-Key

Persist-Tun

CA. CRT

CERT client1.crt

Key client1.key

NS-cert-type Server

Comp-lzo

Verb 3

Replace line 1.2.3.4 of Line 4 with the IP address of VPs, and save the configuration.