Build a VPN server in CentOS to connect external networks to internal networks

Objective to build a VPN server and connect the external network to the internal network. Environment server: centos6.20.client: WindowsXP server configuration # Disable SELinux

Purpose

Build a VPN server to connect the external network to the internal network.

 

Environment

Server: CentOS 6.2 32

Client: Windows XP

Server Configuration

# Disable SELinuxsed-I '/^ SELINUX \ B/s/=. */= disabled/'/etc/selinux/configsetenforce 0 # install EPEL source (default yum source does not have openvpn and easy-rsa software package) rpm-ivh http://mirrors.ustc.edu.cn/fedora/epel/5/i386/epel-release-5-4.noarch.rpm # Install openvpn and the easy-rsa software package yum-y install openvpn easy-rsa # switch to the/usr/share/easy-rsa/2.0/directory cd/usr/share/easy-rsa/ 2.0/# Initialize the environment variable source vars # clear all certificate-related files. /clean-all # generate CA-related files (press enter all the way ). /build-ca # generate related files on the server (press enter all the way until you are prompted to enter y/n, enter y and press enter twice ). /build-key-server # generate client-related files (press enter all the way until y/n is prompted, enter y and press enter twice ). /build-key client # Generate the dh2048.pem file (the file is generated quickly and slowly, so do not interrupt it during this period ). /build-dh # generate ta. key File (anti-DDos) openvpn -- genkey -- secret keys/ta. key # Create a New key Directory mkdir/etc/openvpn/keys under the openvpn configuration Directory # copy the files required by the openvpn configuration file to the newly created keys directory cp/ usr/share/easy-rsa/2.0/keys/{ca. crt, server. {crt, key}, dh2048.pem, ta. key}/etc/openvpn/keys/# Create/etc/openvpn/server. conf file with the following content: port 1194 proto udpdev tunca keys/ca. crtcert keys/server. crtkey keys/server. key # This file shocould be kept secretdh keys/dh2048.pemserver 10.8.0.0 255.255.255.0ifconfig-pool-persist ipp.txt push "route 192.168.1.0 255.255.255.0" #192.168.1.0/24 is the intranet segment of my VPN server, modify keepalive 10 120tls-auth keys/ta according to your actual situation. key 0 # This file is secretcomp-lzopersist-keypersist-tunstatus openvpn-status.logverb 3 # enable the route forwarding function sed-I '/net. ipv4.ip _ forward/s/0/1/'/etc/sysctl. confecho 1>/proc/sys/net/ipv4/ip_forward # configure iptables-Fiptables-Xiptables-p input ACCEPTiptables-p output ACCEPTiptables-p forward ACCEPTiptables-t nat-Fiptables-t nat-Xiptables-t nat-a postrouting-s 10.8.0.0/24-j MASQUERADEservice iptables save # start openvpn and set it to start service openvpn startchkconfig openvpn on

Client Configuration

# Create a client file named client. ovpn), the content is as follows (the reader should pay attention to modifying the public IP address of the server below) clientdev tunproto udpremote server public IP 1194resolv-retry using-keypersist-tunns-cert-type servercomp Copy and paste all the content of/usr/share/easy-rsa/2.0/keys/ca. crt in this Copy and paste all the content of/usr/share/easy-rsa/2.0/keys/client. crt in this Copy and paste all the content of/usr/share/easy-rsa/2.0/keys/client. key in Copy and paste all the content of/usr/share/easy-rsa/2.0/keys/ta. key # Download the client from the server. ovpn, copy it to the config Directory of the openvpn installation directory, and then start the openvpn program to connect to the server. if you can obtain the IP address, if you can ping other machines on the intranet, the configuration is successful. # Finally, the sample text of my client. ovpn is provided for your reference. Clientdev tunproto udpremote 192.168.1.88 1194resolv-retry infinitenobindpersist-keypersist-tunns-cert-type servercomp-lzoverb 3tls-auth [inline] 1 ----- Begin certificate ----- MIIFEjCCA/users/60 txUeGdb/mRGvBK/MH0/hybrid + noD + strong/Strong + 63 hquXuhQSN/dyskyxmhficjy6 H/Strong + YF8CAueE/summary/examples/Examples /examples/h8Xr4jxZjYUB + examples/examples + R4E + examples/+ examples + LbR69o/WHObGiMkc3y + examples + agqglh5vpmleewc + omS2XoJZc3cagw ----- end certificate ----- ----- Begin certificate ----- BEGIN/decrypt + encrypt/decrypt/NRQ8c1KAMmvA/2Uz/decrypt + encrypt/decrypt + f9MFnubIe4tKQ = ----- END CERTIFICATE ----- ----- Begin private key ----- users + users/users + 8bXxCAFAH5 + users/UNOVLxfVTkas8GSpo7Q/users + P3 + users/hfNtm + Fr163IvAX + dT + examples/examples/cCfP08oDR8sThw + examples/w/examples ++ wXQsr/examples/b0dG7pUw + JSkmnpD7BO + examples/examples + LRMJUR41k + xOP /keys + JZOJPgD3L/f5f + keys/kA9Nc4j8SA + sObJl + rAq + keys + 0B // keys + keys/keys // keys + UfAeXvThc9g = ----- END PRIVATE KEY ----- ----- BEGIN OpenVPN Static key V1 ----- BEGIN ----- END OpenVPN Static key V1 -----