Openvpn requires Tun support. Most vps are not enabled by default. You can use this command to detect: Cat
/Dev/NET/TUN
If the returned information is: Cat:/dev/NET/TUN: file descriptor in bad state
It means it is normal. Otherwise, send a ticket to the VPs company and ask them for help.
If you need to connect to openvpn to access the Internet and support the iptables_nat module, run this command to check:
Iptables-T Nat-A postrouting-s 10.8.0.0/24-ovenet0-J Masquerade
I found it here:/usr/share/openvpn/easy-RSA
Everyone should be the same.
Run the command CP-r/usr/share/openvpn/easy-RSA/etc/openvpn/to remove the easy-RSA folder/
Run the command CP-r/usr/share/openvpn/easy-RSA/etc/openvpn/to remove the easy-RSA folder/
Then enter CD/etc/openvpn/easy-RSA/2.0 to generate the certificate required by openvpn.
VI vars is used to edit environment variables. The vi usage of the editor is involved here. If you don't use it, Google it yourself.
Modify the last few lines according to the actual situation:
Export key_country = "cn"
Export key_province = "GD"
Export key_city = "GZ"
Export key_org = "black-xstar net Empire"
Export key_email = "webmaster [at] black-xstar.com"
Save and run the. vars settings.
Next, run./build-caserver to create a Certificate Authority.
After creating the CA, generate the server certificate and enter./build-key-server.
Server
Enter the command:./build-key Client1. Here, Client1 is the client name, if the second is Client2.
Finally, the Diffie Hellman parameter is generated:./build-DH, which takes some time.
First, CD .. go back to the upper-level directory, and then create a configuration file in VI server. conf. Enter the following content:
Port 443
PROTO TCP
Dev Tun
Ca/etc/openvpn/easy-RSA/2.0/keys/CA. CRT
CERT/etc/openvpn/easy-RSA/2.0/keys/server. CRT
Key/etc/openvpn/easy-RSA/2.0/keys/server. Key
DH/etc/openvpn/easy-RSA/2.0/keys/dh1024.pem
Server 10.8.0.0 255.255.255.0
Push "Redirect-Gateway def1"
Push "DHCP-option DNS 208.67.222.222"
Push "DHCP-option DNS 208.67.220.220"
Client-to-client
Keepalive 10 120
Comp-lzo
Persist-Key
Persist-Tun
Verb 3
So far, openvpn has been configured. Next, set Internet access.
Enter VI/etc/sysctl. conf to start editing, and change net. ipv4.ip _ forward = 0 to net. ipv4.ip _ forward =
1. Save. Then run the sysctl-p command.
Enter iptables-T Nat-A postrouting-s10.8.0.0/24-j snat -- to-source 1.2.3.4 to add the rule. Note that the IP address of your VPS is changed to 1.2.3.4.
Iptables-F postrouting-T Nat
Iptables-T Nat-A postrouting-s10.8.0.0/24-j snat -- to-Source
'Curl http: // 169.254.169.254/2008-02-01/meta-data/local-ipv4-Q'
Then save iptables settings with/etc/init. d/iptables save, and then/etc/init. d/iptables
Restart restart.
Add openvpn to start up, use vi
/Etc/rc. Local: Click Edit and add/usr/sbin/openvpn -- config/etc/openvpn/server. conf & to the end.
Then, find the ca. CRT, client1.crt, and client1.key files in the downloaded keys folder and put them in C: \ Program.
Files \ openvpn \ config.
Create a text file named "client1.ovpn" and enter the following content:
Client
Dev Tun
PROTO TCP
Remote 1.2.3.4 443
Resolv-retry infinite
Nobind
Persist-Key
Persist-Tun
CA. CRT
CERT client1.crt
Key client1.key
NS-cert-type Server
Comp-lzo
Verb 3
Replace line 1.2.3.4 of Line 4 with the IP address of VPs, and save the configuration.