Build a VPN Server in CentOS to connect external networks to internal networks
Purpose
Build a VPN Server to connect the external network to the internal network.
Environment
Server: CentOS 6.2 32
Client: Windows XP
Server Configuration
# Disable SELinuxsed-I '/^ SELINUX \ B/s/=. */= disabled/'/etc/selinux/configsetenforce0 # Install the EPEL source (the default yum source does not have openvpn or easy-rsa Software Package) rpm-ivhhttp: // configure (Press enter all the way ). /build-ca # generate related files on the server (Press enter all the way until you are prompted to enter y/n, enter y and press ENTER twice ). /build-key-serverserver # generate client-related files (Press enter all the way until y/n is prompted, enter y and press ENTER twice ). /build-keyclient # generate the dh2048.pem file (the file is generated quickly and slowly, so do not interrupt it during this period ). /build-dh # generate ta. key File (Anti-DDos) openvpn -- genkey -- secretkeys/ta. key # create a new key directory mkdir/etc/openvpn/keys under the openvpn configuration directory # copy the files required by the openvpn configuration file to the newly created keys directory cp/ usr/share/easy-rsa/2.0/keys/{ca. crt, server. {crt, key}, dh2048.pem, ta. key}/etc/openvpn/keys/# create/etc/openvpn/server. conf file with the following content: port1194protoudpdevtuncakeys/ca. crtcertkeys/server. crtkeykeys/server. key # Thisfileshouldbekeptsecretdhkeys/dh2048.pemserver10.8.0.0255.255.255.0ifconfig-pool-persistipp.txt push "route192.168.1.0255.255.255.0" #192.168.1.0/24 is the Intranet segment of my VPN Server, the reader should modify the keepalive10120tls-authkeys/ta according to their actual situation. key0 # Thisfileissecretcomp-lzopersist-keypersist-tunstatusopenvpn-status.logverb3 # enable the route forwarding function sed-I '/net. ipv4.ip _ forward/s/0/1/'/etc/sysctl. confecho1>/proc/sys/net/ipv4/ip_forward # configure the firewall iptables-Fiptables-Xiptables-PINPUTACCEPTiptables-POUTPUTACCEPTiptables-PFORWARDACCEPTiptables-tnat-Fiptables-tnat-Xiptables-tnat-APOSTROUTING-s10.8.0.0/24-jMASQUERADEserviceiptablessave # Start the openvpn service and set it to boot serviceopenvpnstartchkconfigopenvpnon
Client Configuration
# Create a client file named client. ovpn), the content is as follows (you must modify the public IP address of the server below) clientdevtunprotoudpremote server public network IP1194resolv-retryinfinitenobindpersist-keypersist-tunns-cert-typeservercomp-lzoverb3tls-auth [inline] 1 <ca> will/usr/share/easy-rsa/2.0/keys/ca. copy and paste all contents of the crt to </ca> <cert>/usr/share/easy-rsa/2.0/keys/client. copy and paste all contents of the crt to </cert> <key>/usr/share/easy-rsa/2.0/keys/client. copy and paste all the key content here </key> <tls-auth>/usr/share/easy-rsa/2.0/k Eys/ta. copy and paste all the key content here </tls-auth> # download the client from the server. ovpn, copy it to the config directory of the openvpn installation directory, and then start the openvpn program to connect to the server. If you can obtain the IP address, if you can ping other machines on the Intranet, the configuration is successful. # Finally, the sample text of my client. ovpn is provided for your reference. Certificate-retryinfinitenobindpersist-keypersist-tunns-cert-typeservercomp-lzoverb3tls-auth [inline] 1 <ca> ----- BEGINCERTIFICATE ----- MIIFEjCCA/protocol/60 txUeGdb/mRGvBK/MH0/protocol + noD + protocol/protocol + 63 hquXuhQSN/protocol + YF8CAueE /examples/h8Xr4jxZjYUB + examples/examples + R4E + examples/+ examples + LbR69o/WHObGiMkc3y + examples + agqglh5vpmleewc + certificate ----- ENDCERTIFICATE ----- </ca> <cert> ----- BEGINCERTIFICATE ----- Certificate/certificate + Certificate/NRQ8c1KAMmvA/2Uz/certificate + Certificate/certificate + f9MFnubIe4tKQ ==----- ENDCERTIFICATE ----- </cert> <key> ----- BEGINPRIVATEKEY ----- encrypt + encrypt/decrypt + encrypt NiTrWDOqo/encrypt + 8bXxCAFAH5 + encrypt/UNOVLxfVTkas8GSpo7Q/P3 + + cores/hfNtm + Fr163IvAX + dT + cores/Z8R3prkHBZ/cCfP08oDR8sThw + cores/w/cores + + wXQsr/cores/b0dG7pUw + JSkmnpD7BO + examples/examples + LRMJUR41k + xOP/examples + JZOJPgD3L/f5f + examples/kA9Nc4j8SA + sObJl + rAq + example + 0B // example + example/Example // token + UfAeXvThc9g ==----- ENDPRIVATEKEY ----- </key> <tls-auth> ----- BEGINOpenVPNStatickeyV1 ----- token ----- ENDOpenVPNStatickeyV1 ----- </tls-auth>