Home > Developer > Linux

Build a VPN Server to connect external networks to internal networks

Source: Internet
Author: User
Tags ubuntu vps
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Build a VPN Server to connect external networks to internal networks

Statement
Author: Last Night stars
Blog: http://yestreenstars.blog.51cto.com/
This article was created by myself. If you need to reprint it, please indicate the source. Thank you for your cooperation!

Purpose

Build a VPN Server to connect the external network to the internal network.

Environment

Server: CentOS 6.2 32

Client: Windows XP

Server Configuration

# Disable SELinux
Sed-I '/^ SELINUX \ B/s/=. */= disabled/'/etc/selinux/config
Setenforce 0
# Install the EPEL source (the default yum source does not have openvpn and easy-rsa software packages)
Rpm-ivh http://mirrors.ustc.edu.cn/Fedora/epel/5/i386/epel-release-5-4.noarch.rpm
# Install openvpn and easy-rsa software packages
Yum-y install openvpn easy-rsa
# Switch to the/usr/share/easy-rsa/2.0/directory
Cd/usr/share/easy-rsa/2.0/
# Initializing Environment Variables
Source vars
# Clear all certificate-Related Files
./Clean-all
# Generate CA-related files (Press enter all the way)
./Build-ca
# Generate server-related files (Press enter all the way until you are prompted to enter y/n, enter y and press ENTER twice)
./Build-key-server
# Generate client-related files (Press enter all the way until y/n is prompted, enter y and press ENTER twice)
./Build-key client
# Generate the dh2048.pem file (the process is slow, so do not interrupt it during this process)
./Build-dh
# Generate the ta. key File (Anti-DDos)
Openvpn -- genkey -- secret keys/ta. key
# Create a key directory under the openvpn configuration directory
Mkdir/etc/openvpn/keys
# Copy the files required for the openvpn configuration file to the created keys directory.
Cp/usr/share/easy-rsa/2.0/keys/{ca. crt, server. {crt, key}, dh2048.pem, ta. key}/etc/openvpn/keys/
# Create the/etc/openvpn/server. conf file. The content is as follows:
Port 1194
Proto udp
Dev tun
Ca keys/ca. crt
Cert keys/server. crt
Key keys/server. key # This file shocould be kept secret
Dh keys/dh2048.pem
Server 10.8.0.0 255.255.255.0
Ifconfig-pool-persist ipp.txt
Push "route 192.168.1.0 255.255.255.0" #192.168.1.0/24 is the Intranet segment of my VPN Server. You should modify it based on your actual situation.
Keepalive 10 120
Tls-auth keys/ta. key 0 # This file is secret
Comp-lzo
Persist-key
Persist-tun
Status openvpn-status.log
Verb 3
# Enable route forwarding
Sed-I '/net. ipv4.ip _ forward/s/0/1/'/etc/sysctl. conf
Echo 1>/proc/sys/net/ipv4/ip_forward
# Configuring a firewall
Iptables-F
Iptables-X
Iptables-P INPUT ACCEPT
Iptables-P OUTPUT ACCEPT
Iptables-P FORWARD ACCEPT
Iptables-t nat-F
Iptables-t nat-X
Iptables-t nat-a postrouting-s 10.8.0.0/24-j MASQUERADE
# Start openvpn and set it to start upon startup
Service openvpn start
Chkconfig openvpn on

Client Configuration

# Create a client file (named client. ovpn) with the following content (you must modify the following public IP address of the server)
Client
Dev tun
Proto udp
Remote Server public IP 1194
Resolv-retry infinite
Nobind
Persist-key
Persist-tun
Ns-cert-type server
Comp-lzo
Verb 3
Tls-auth [inline] 1
<Ca>
Copy and paste all the content of/usr/share/easy-rsa/2.0/keys/ca. crt in this
</Ca>
<Cert>
Copy and paste all the content of/usr/share/easy-rsa/2.0/keys/client. crt in this
</Cert>
<Key>
Copy and paste all the content of/usr/share/easy-rsa/2.0/keys/client. key in
</Key>
<Tls-auth>
Copy and paste all the content of/usr/share/easy-rsa/2.0/keys/ta. key
</Tls-auth>
 
# Download the client from the server. ovpn, copy it to the config directory of the openvpn installation directory, and then start the openvpn program to connect to the server. If you can obtain the IP address, if you can ping other machines on the Intranet, the configuration is successful.
 
# Finally, the sample text of my client. ovpn is provided for your reference.
Client
Dev tun
Proto udp
Remote IP address 192.168.1.88 1194
Resolv-retry infinite
Nobind
Persist-key
Persist-tun
Ns-cert-type server
Comp-lzo
Verb 3
Tls-auth [inline] 1
<Ca>
----- Begin certificate -----
MIIFEjCCA/qgAwIBAgIJALomSu6uks0gMA0GCSqGSIb3DQEBCwUAMIG2MQswCQYD
Bytes
Bytes
Bytes
Bytes
Bytes
Bytes
A1UECxMUTXlPcmdhbml6YXRpb25hbFVuaXQxGDAWBgNVBAMTD0ZvcnQtRnVuc3Rv
Bytes
Lm15ZG9tYWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArox/60tx
UeGdb/mRGvBK/MH0/egVx1Rv1kDiqXrECJqCM85rMv5h4A3CXFK4jwNDaZz3wybw
9XKpEyPtDfAbWaNaEoZXctEZQzh1Ju8Bhe3laGNmVW + noD + n20sG0E0SAdSmKH7o
BHWGM1xeDNQeKYwQAKuy88WVsH7fFf/wWLyD9p2tTJaxpG88bqNyXeWbEyHyr1g4
3 wvmoZs + 63 hquXuhQSN/dyskyxmhficjyjy/ fuTMVGk0to7KmrVeoEEb5ymf1U1W
WPFWErksN + YF8CAueE/vnm1bdJfBAS7Uv/kkkdlv0iz0dhrl5urvq1k2qw // QsQiX
Bytes
Bytes
Bytes
Bytes
Bytes
YXN5UlNBMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW6CCQC6Jkru
RpLNIDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBJox1vNdG8NvwK
43 w/second
J7H5TMTt2/h8Xr4jxZjYUB + vmmfvf2hi4kiedzkf5 P/6lLxxJE200bKcgp31Jftn
4lK5di/YZF95c8QHPEuqe04DXrUK0MjdQEYtccg4 + R4E + Cfcfvy4N8LEChvdvMtI
Q2cnS3NE6/+ L0g9wzkVvxXbWnlUzVKzNJ5sUp1yU0eqXIh6sS6HhSCJEe1yHhp + L
BR69o/WHObGiMkc3y + WpP9MLWeoePWEfXCEQ2nqE + agqglh5vpmleewc + omS2Xo
JZc3cagw
----- End certificate -----
</Ca>
<Cert>
----- Begin certificate -----
MIIFTzCCBDegAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBtjELMAkGA1UEBhMCVVMx
Bytes
CnQtRnVuc3RvbjEdMBsGA1UECxMUTXlPcmdhbml6YXRpb25hbFVuaXQxGDAWBgNV
BAMTD0ZvcnQtRnVuc3RvbiBDQTEQMA4GA1UEKRMHRWFzeVJTQTEhMB8GCSqGSIb3
Bytes
MzA5MDEyOFowga0xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMM
Bytes
Bytes
Bytes
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAL6VxW3cZuZ7Y4SY0NTQkA3ftIa/yN2D
DCstzZy5XVq + oGOIzU0vD1SkwrwBERhc5FY/yzYK5OZhAM7tdULQ2EsjB2gSu + ol
00NKxwRcppUFQ7xHleTuyaRg4Y4tNxhfJ9XGDyxM/8 ivBrtxolgUKcsJxhWSYhPX
78OAKCIMdxMrmVmB7EkLPrr6C5s41u3NPpKA8VOjJ82JOtYM6qj + BxCqgWbHhEzi
Bytes
WROXl79Q05UvF9VORqzwZKmjtD/MR5rgRg7KHlXBHCuuK67vxpZp0ykCAwEAAaOC
Bytes
Bytes
Bytes
BgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMMU2FuRnJhbmNpc2NvMRUw
Bytes
Bytes
Bytes
A1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDANBgkqhkiG9w0BAQsFAAOC
AQEAFCwWGJGDcOYsF2ByIQXSKUhzCdg + 73YpxrdNiRuauTctq9sxOcM5K4upf76l
QI2LmXoKCLLVNhjUvNdxTE2g2iHAobPpaDFiLqxtu17GhQIQE57FMFa/0w1YO4LG
RLAd6NEp1Bpi/NRQ8c1KAMmvA/2Uz/0i840hJWooWOyR9v15tssaxhYx8MopURx4
SVIwef2cQrIE96emu0F037SqEwLc5ofTDjJpEQ + JmK3u0YQYIqJyp0fgBvPPJ7zP
Uvsizp5vxhn0F6ULtYpSsMgzQNljltjxmrBwnIUD85etqH/hf9WTxbZIxbyIdRvk
2j2G50sGzLYQ + f9MFnubIe4tKQ =
----- End certificate -----
</Cert>
<Key>
----- Begin private key -----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC + lcVt3Gbme2OE
Bytes
7XVC0NhLIwdoErvqJdNDSscEXKaVBUO8R5Xk7smkYOGOLTcYXyfVxg8sTP/Irwa7
CaJYFCnLCcYVkmIT1 +/DgCgiDHcTK5lZgexJCz66 + gubONbtzT6SgPFToyfNiTrW
DOqo/gcQqoFmx4RM4hkcs0kdNLkxy34F6fJPZ1 + 2oo2EFClhulcjd3ZrkJR + 8bXx
CAFAH5 + 5BZCo4nVDt1kTl5e/UNOVLxfVTkas8GSpo7Q/zEea4EYOyh5VwRwrriuu
78aWadMpAgMBAAECggEAXPhu4RLdV53lhC + P3 + EGBN6WEA3KjNR6wS2M2eFK + xN2
5lc732upk3j0tgyvmrvn5jwksm5kd2bopqmlytzatpz/hfNtm + Fr163IvAX + dT + m
Bytes
EETpINFRSSEtrxNe/Z8R3prkHBZ/cCfP08oDR8sThw + RqbqxUe0re2SKQxiIgBXU
5DuhCuoD6fdvLW/w/ArbligWOxAfuNNR5t0aSbRKDCacIaIrwrI5tZUxLiXHSTaj
CN ++ wXQsr/Hs4zHGz0Uyt1X8Cu1d3e3GwlHnVc0KAQKBgQDl1Gl10Jg3ULu1FcLS
NAs1RiTtWOcRP0Xl37ozIhjWY5iUB3SpzpD/pYbJgPnqZf6qwwp1CPdMao/oK4yW
9oQVs7IkdsOxiiq0qrtf/DbBImdxxx8LDpmceW6TEYreiVmjI8ddoNWKaFmqIz4G
1K1rXbCplqoMKFUUHl9PbU5hiQKBgQDUSV4mIBdHMwEGpwUgYr/Yqc0LNdt3HvsO
ZzrxKqFCiB1XE7rc05/2Tt0ll8FSNdlPIwfu3YPUzoU1SCMjb1Q9GrvR9H5DNv24
8wd74ThzOF0xiZUOZwj6X6ZxFvfdUe6hI5h/b0dG7pUw + JSkmnpD7BO + YE1MjjN3
NzqQTnecoQKBgQCyJFiyF0NE7PDxxbJC6OzPGFWbGyPPfInDSgzbgXxbAMvNQZIt
5I0Detvk6HHOO8yPs6oxWQfGVXrB7K + GfAGZiLV2ChBZVs0PSJ8AIVCXlwEzcbIg
MerjHESW/ivznea6ywrHCdk69PM7KyHyzXq2E + LRMJUR41k + xOP/fqwYcQKBgQDI
OU7wnLH3 + JZOJPgD3L/f5f + 8RBb0WqcmpZ0FXFTvAJzTxYsovv2P/kA9Nc4j8SA +
SObJl + rAq + 0eHSTvRhDo9S8TTwxL7zEN4UM8x2dL3WygzYhmJi5koBTHc4djGuT8
3Sr3fwh2UY8rujnQqtcI + 0B // irkoxe2evvw1_w1iqkbgqcjgu0ef + CDR6R2iImL
69xkwp2umQVDPFCJtlJ5Oqg7CRI4HHo2 + ujfDq8hl4ihg0Zq6e + iIrBCBOOFlpLn
XrvhxAv79sB/w5Y3zSwTtqwnpUR65ZKi2X4exza0 // yY77LAuGNcG5oKTUhTBDMz
FPnZX9Q0zJevs0 + UfAeXvThc9g =
----- End private key -----
</Key>
<Tls-auth>
----- BEGIN OpenVPN Static key V1 -----
A692b93eeb708a615914f791ef42a2fb
4d14e99055aa297e564108ed272c25d7
Export cd7a43d5f9d02c84d566406a3a657
84f1e69c23c3d954b1a19dc4d373b8a3
7c717dda-c51e94253a628c4f4a7e98
173a65e0ce9806b2b04f1ce0e45ffacb
67bbca2db49cb3b784153b85fb3d79c4
Bbbf61d9147513957ac4668e541db859
C449eaf04b0d0585dc4c102ca010d91a
5ad275b7fb13e95f0a971a88a7550cb4
3485825fb6304b8537ac9cd6af5fda68
4a0d94d47f3a0478e722f20e0043de1c
C18684f5b68e6f19ad5b302cb9ddc1ca
B326c80c4b6bb235dda607a5fa79fbc8
5da586741a428e2ab390827c5145893a
D78f0bef7c86710ec7752d60cb94cada
----- END OpenVPN Static key V1 -----
</Tls-auth>

Use PPTP to build a VPN

PPTPD for RHEL5.4 VPN service configuration

The problem of configuring NAT forwarding in PPTPd on Ubuntu VPS

Install pptp vpn under CentOS

Linux VPN (PPTPD) + Windows AD unified authentication

Install the VPN Server and the VPN Client on Ubuntu VPS

This article permanently updates the link address:

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
ccna introduction to networks how to manage social networks juniper networks vpn f5 networks vpn array networks ssl vpn array networks vpn convert internal hdd to external
Related Article
Linux under the PS command Usage summary
Linux DNS detailed

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More