Build a VPN Server in CentOS to connect external networks to internal networks

Source: Internet
Author: User

Build a VPN Server in CentOS to connect external networks to internal networks

Purpose

Build a VPN Server to connect the external network to the internal network.

Environment

Server: CentOS 6.2 32

Client: Windows XP

Server Configuration

# Disable SELinuxsed-I '/^ SELINUX \ B/s/=. */= disabled/'/etc/selinux/configsetenforce0 # Install the EPEL source (the default yum source does not have openvpn or easy-rsa Software Package) rpm-ivhhttp: // configure (Press enter all the way ). /build-ca # generate related files on the server (Press enter all the way until you are prompted to enter y/n, enter y and press ENTER twice ). /build-key-serverserver # generate client-related files (Press enter all the way until y/n is prompted, enter y and press ENTER twice ). /build-keyclient # generate the dh2048.pem file (the file is generated quickly and slowly, so do not interrupt it during this period ). /build-dh # generate ta. key File (Anti-DDos) openvpn -- genkey -- secretkeys/ta. key # create a new key directory mkdir/etc/openvpn/keys under the openvpn configuration directory # copy the files required by the openvpn configuration file to the newly created keys directory cp/ usr/share/easy-rsa/2.0/keys/{ca. crt, server. {crt, key}, dh2048.pem, ta. key}/etc/openvpn/keys/# create/etc/openvpn/server. conf file with the following content: port1194protoudpdevtuncakeys/ca. crtcertkeys/server. crtkeykeys/server. key # Thisfileshouldbekeptsecretdhkeys/dh2048.pemserver10.8.0.0255.255.255.0ifconfig-pool-persistipp.txt push "route192.168.1.0255.255.255.0" #192.168.1.0/24 is the Intranet segment of my VPN Server, the reader should modify the keepalive10120tls-authkeys/ta according to their actual situation. key0 # Thisfileissecretcomp-lzopersist-keypersist-tunstatusopenvpn-status.logverb3 # enable the route forwarding function sed-I '/net. ipv4.ip _ forward/s/0/1/'/etc/sysctl. confecho1>/proc/sys/net/ipv4/ip_forward # configure the firewall iptables-Fiptables-Xiptables-PINPUTACCEPTiptables-POUTPUTACCEPTiptables-PFORWARDACCEPTiptables-tnat-Fiptables-tnat-Xiptables-tnat-APOSTROUTING-s10.8.0.0/24-jMASQUERADEserviceiptablessave # Start the openvpn service and set it to boot serviceopenvpnstartchkconfigopenvpnon

Client Configuration

# Create a client file named client. ovpn), the content is as follows (you must modify the public IP address of the server below) clientdevtunprotoudpremote server public network IP1194resolv-retryinfinitenobindpersist-keypersist-tunns-cert-typeservercomp-lzoverb3tls-auth [inline] 1 <ca> will/usr/share/easy-rsa/2.0/keys/ca. copy and paste all contents of the crt to </ca> <cert>/usr/share/easy-rsa/2.0/keys/client. copy and paste all contents of the crt to </cert> <key>/usr/share/easy-rsa/2.0/keys/client. copy and paste all the key content here </key> <tls-auth>/usr/share/easy-rsa/2.0/k Eys/ta. copy and paste all the key content here </tls-auth> # download the client from the server. ovpn, copy it to the config directory of the openvpn installation directory, and then start the openvpn program to connect to the server. If you can obtain the IP address, if you can ping other machines on the Intranet, the configuration is successful. # Finally, the sample text of my client. ovpn is provided for your reference. Certificate-retryinfinitenobindpersist-keypersist-tunns-cert-typeservercomp-lzoverb3tls-auth [inline] 1 <ca> ----- BEGINCERTIFICATE ----- MIIFEjCCA/protocol/60 txUeGdb/mRGvBK/MH0/protocol + noD + protocol/protocol + 63 hquXuhQSN/protocol + YF8CAueE /examples/h8Xr4jxZjYUB + examples/examples + R4E + examples/+ examples + LbR69o/WHObGiMkc3y + examples + agqglh5vpmleewc + certificate ----- ENDCERTIFICATE ----- </ca> <cert> ----- BEGINCERTIFICATE ----- Certificate/certificate + Certificate/NRQ8c1KAMmvA/2Uz/certificate + Certificate/certificate + f9MFnubIe4tKQ ==----- ENDCERTIFICATE ----- </cert> <key> ----- BEGINPRIVATEKEY ----- encrypt + encrypt/decrypt + encrypt NiTrWDOqo/encrypt + 8bXxCAFAH5 + encrypt/UNOVLxfVTkas8GSpo7Q/P3 + + cores/hfNtm + Fr163IvAX + dT + cores/Z8R3prkHBZ/cCfP08oDR8sThw + cores/w/cores + + wXQsr/cores/b0dG7pUw + JSkmnpD7BO + examples/examples + LRMJUR41k + xOP/examples + JZOJPgD3L/f5f + examples/kA9Nc4j8SA + sObJl + rAq + example + 0B // example + example/Example // token + UfAeXvThc9g ==----- ENDPRIVATEKEY ----- </key> <tls-auth> ----- BEGINOpenVPNStatickeyV1 ----- token ----- ENDOpenVPNStatickeyV1 ----- </tls-auth>

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.