Build a server on the Intranet to connect to the Intranet from the Internet
Build a server on the Intranet to connect to the Intranet from the Internet
Environment
Server: CentOS 6.7 32-bit
Client: Windows XP
Server Configuration
# Disable SELinux
Sed-I '/^ SELINUX \ B/s/=. */= disabled/'/etc/selinux/config
Setenforce 0
# Install the EPEL source (the default yum source does not have openvpn and easy-rsa software packages)
Rpm-ivh http://mirrors.ustc.edu.cn/Fedora/epel/5/i386/epel-release-5-4.noarch.rpm
# Install openvpn and easy-rsa software packages
Yum-y install openvpn easy-rsa
# Switch to the/usr/share/easy-rsa/2.0/directory
Cd/usr/share/easy-rsa/2.0/
# Initializing Environment Variables
Source vars
# Clear all certificate-Related Files
./Clean-all
# Generate CA-related files (Press enter all the way)
./Build-ca
# Generate server-related files (Press enter all the way until you are prompted to enter y/n, enter y and press ENTER twice)
./Build-key-server
# Generate client-related files (Press enter all the way until y/n is prompted, enter y and press ENTER twice)
./Build-key client
# Generate the dh2048.pem file (the process is slow, so do not interrupt it during this process)
./Build-dh
# Generate the ta. key File (Anti-DDos)
Openvpn -- genkey -- secret keys/ta. key
# Create a key directory under the openvpn configuration directory
Mkdir/etc/openvpn/keys
# Copy the files required for the openvpn configuration file to the created keys directory.
Cp/usr/share/easy-rsa/2.0/keys/{ca. crt, server. {crt, key}, dh2048.pem, ta. key}/etc/openvpn/keys/
# Create the/etc/openvpn/server. conf file. The content is as follows:
Port 1194
Proto udp
Dev tun
Ca keys/ca. crt
Cert keys/server. crt
Key keys/server. key # This file shocould be kept secret
Dh keys/dh2048.pem
Server 10.8.0.0 255.255.255.0
Ifconfig-pool-persist ipp.txt
Push "route 192.168.1.0 255.255.255.0" #192.168.1.0/24 is the Intranet segment of my VPN Server. You should modify it based on your actual situation.
Keepalive 10 120
Tls-auth keys/ta. key 0 # This file is secret
Comp-lzo
Persist-key
Persist-tun
Status openvpn-status.log
Verb 3
# Enable route forwarding
Sed-I '/net. ipv4.ip _ forward/s/0/1/'/etc/sysctl. conf
Echo 1>/proc/sys/net/ipv4/ip_forward
# Configuring a firewall
Iptables-F
Iptables-X
Iptables-P INPUT ACCEPT
Iptables-P OUTPUT ACCEPT
Iptables-P FORWARD ACCEPT
Iptables-t nat-F
Iptables-t nat-X
Iptables-t nat-a postrouting-s 10.8.0.0/24-j MASQUERADE
Service iptables save
# Start openvpn and set it to start upon startup
Service openvpn start
Chkconfig openvpn on
Client Configuration
# Create a client file (named client. ovpn) with the following content (you must modify the following public IP address of the server)
Client
Dev tun
Proto udp
Remote Server public IP 1194
Resolv-retry infinite
Nobind
Persist-key
Persist-tun
Ns-cert-type server
Comp-lzo
Verb 3
Tls-auth [inline] 1
<Ca>
Copy and paste all the content of/usr/share/easy-rsa/2.0/keys/ca. crt in this
</Ca>
<Cert>
Copy and paste all the content of/usr/share/easy-rsa/2.0/keys/client. crt in this
</Cert>
<Key>
Copy and paste all the content of/usr/share/easy-rsa/2.0/keys/client. key in
</Key>
<Tls-auth>
Copy and paste all the content of/usr/share/easy-rsa/2.0/keys/ta. key
</Tls-auth>
Download client from the server. ovpn, copy it to the config directory of the openvpn installation directory, and then start the openvpn program to connect to the server. If you can obtain the IP address, if you can ping other machines on the Intranet, the configuration is successful.
Finally, the sample text of my client. ovpn is provided for your reference.
Client
Dev tun
Proto udp
Remote IP address 192.168.1.88 1194
Resolv-retry infinite
Nobind
Persist-key
Persist-tun
Ns-cert-type server
Comp-lzo
Verb 3
Tls-auth [inline] 1
<Ca>
----- Begin certificate -----
MIIFEjCCA/qgAwIBAgIJALomSu6uks0gMA0GCSqGSIb3DQEBCwUAMIG2MQswCQYD
Bytes
Bytes
Bytes
Bytes
Bytes
Bytes
A1UECxMUTXlPcmdhbml6YXRpb25hbFVuaXQxGDAWBgNVBAMTD0ZvcnQtRnVuc3Rv
Bytes
Lm15ZG9tYWluMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArox/60tx
UeGdb/mRGvBK/MH0/egVx1Rv1kDiqXrECJqCM85rMv5h4A3CXFK4jwNDaZz3wybw
9XKpEyPtDfAbWaNaEoZXctEZQzh1Ju8Bhe3laGNmVW + noD + n20sG0E0SAdSmKH7o
BHWGM1xeDNQeKYwQAKuy88WVsH7fFf/wWLyD9p2tTJaxpG88bqNyXeWbEyHyr1g4
3 wvmoZs + 63 hquXuhQSN/dyskyxmhficjyjy/ fuTMVGk0to7KmrVeoEEb5ymf1U1W
WPFWErksN + YF8CAueE/vnm1bdJfBAS7Uv/kkkdlv0iz0dhrl5urvq1k2qw // QsQiX
Bytes
Bytes
Bytes
Bytes
Bytes
YXN5UlNBMSEwHwYJKoZIhvcNAQkBFhJtZUBteWhvc3QubXlkb21haW6CCQC6Jkru
RpLNIDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQBJox1vNdG8NvwK
43 w/second
J7H5TMTt2/h8Xr4jxZjYUB + vmmfvf2hi4kiedzkf5 P/6lLxxJE200bKcgp31Jftn
4lK5di/YZF95c8QHPEuqe04DXrUK0MjdQEYtccg4 + R4E + Cfcfvy4N8LEChvdvMtI
Q2cnS3NE6/+ L0g9wzkVvxXbWnlUzVKzNJ5sUp1yU0eqXIh6sS6HhSCJEe1yHhp + L
BR69o/WHObGiMkc3y + WpP9MLWeoePWEfXCEQ2nqE + agqglh5vpmleewc + omS2Xo
JZc3cagw
----- End certificate -----
</Ca>
<Cert>
----- Begin certificate -----
MIIFTzCCBDegAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBtjELMAkGA1UEBhMCVVMx
Bytes
CnQtRnVuc3RvbjEdMBsGA1UECxMUTXlPcmdhbml6YXRpb25hbFVuaXQxGDAWBgNV
BAMTD0ZvcnQtRnVuc3RvbiBDQTEQMA4GA1UEKRMHRWFzeVJTQTEhMB8GCSqGSIb3
Bytes
MzA5MDEyOFowga0xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMM
Bytes
Bytes
Bytes
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAL6VxW3cZuZ7Y4SY0NTQkA3ftIa/yN2D
DCstzZy5XVq + oGOIzU0vD1SkwrwBERhc5FY/yzYK5OZhAM7tdULQ2EsjB2gSu + ol
00NKxwRcppUFQ7xHleTuyaRg4Y4tNxhfJ9XGDyxM/8 ivBrtxolgUKcsJxhWSYhPX
78OAKCIMdxMrmVmB7EkLPrr6C5s41u3NPpKA8VOjJ82JOtYM6qj + BxCqgWbHhEzi
Bytes
WROXl79Q05UvF9VORqzwZKmjtD/MR5rgRg7KHlXBHCuuK67vxpZp0ykCAwEAAaOC
Bytes
Bytes
Bytes
BgNVBAYTAlVTMQswCQYDVQQIEwJDQTEVMBMGA1UEBxMMU2FuRnJhbmNpc2NvMRUw
Bytes
Bytes
Bytes
A1UdJQQMMAoGCCsGAQUFBwMCMAsGA1UdDwQEAwIHgDANBgkqhkiG9w0BAQsFAAOC
AQEAFCwWGJGDcOYsF2ByIQXSKUhzCdg + 73YpxrdNiRuauTctq9sxOcM5K4upf76l
QI2LmXoKCLLVNhjUvNdxTE2g2iHAobPpaDFiLqxtu17GhQIQE57FMFa/0w1YO4LG
RLAd6NEp1Bpi/NRQ8c1KAMmvA/2Uz/0i840hJWooWOyR9v15tssaxhYx8MopURx4
SVIwef2cQrIE96emu0F037SqEwLc5ofTDjJpEQ + JmK3u0YQYIqJyp0fgBvPPJ7zP
Uvsizp5vxhn0F6ULtYpSsMgzQNljltjxmrBwnIUD85etqH/hf9WTxbZIxbyIdRvk
2j2G50sGzLYQ + f9MFnubIe4tKQ =
----- End certificate -----
</Cert>
<Key>
----- Begin private key -----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC + lcVt3Gbme2OE
Bytes
7XVC0NhLIwdoErvqJdNDSscEXKaVBUO8R5Xk7smkYOGOLTcYXyfVxg8sTP/Irwa7
CaJYFCnLCcYVkmIT1 +/DgCgiDHcTK5lZgexJCz66 + gubONbtzT6SgPFToyfNiTrW
DOqo/gcQqoFmx4RM4hkcs0kdNLkxy34F6fJPZ1 + 2oo2EFClhulcjd3ZrkJR + 8bXx
CAFAH5 + 5BZCo4nVDt1kTl5e/UNOVLxfVTkas8GSpo7Q/zEea4EYOyh5VwRwrriuu
78aWadMpAgMBAAECggEAXPhu4RLdV53lhC + P3 + EGBN6WEA3KjNR6wS2M2eFK + xN2
5lc732upk3j0tgyvmrvn5jwksm5kd2bopqmlytzatpz/hfNtm + Fr163IvAX + dT + m
Bytes
EETpINFRSSEtrxNe/Z8R3prkHBZ/cCfP08oDR8sThw + RqbqxUe0re2SKQxiIgBXU
5DuhCuoD6fdvLW/w/ArbligWOxAfuNNR5t0aSbRKDCacIaIrwrI5tZUxLiXHSTaj
CN ++ wXQsr/Hs4zHGz0Uyt1X8Cu1d3e3GwlHnVc0KAQKBgQDl1Gl10Jg3ULu1FcLS
NAs1RiTtWOcRP0Xl37ozIhjWY5iUB3SpzpD/pYbJgPnqZf6qwwp1CPdMao/oK4yW
9oQVs7IkdsOxiiq0qrtf/DbBImdxxx8LDpmceW6TEYreiVmjI8ddoNWKaFmqIz4G
1K1rXbCplqoMKFUUHl9PbU5hiQKBgQDUSV4mIBdHMwEGpwUgYr/Yqc0LNdt3HvsO
ZzrxKqFCiB1XE7rc05/2Tt0ll8FSNdlPIwfu3YPUzoU1SCMjb1Q9GrvR9H5DNv24
8wd74ThzOF0xiZUOZwj6X6ZxFvfdUe6hI5h/b0dG7pUw + JSkmnpD7BO + YE1MjjN3
NzqQTnecoQKBgQCyJFiyF0NE7PDxxbJC6OzPGFWbGyPPfInDSgzbgXxbAMvNQZIt
5I0Detvk6HHOO8yPs6oxWQfGVXrB7K + GfAGZiLV2ChBZVs0PSJ8AIVCXlwEzcbIg
MerjHESW/ivznea6ywrHCdk69PM7KyHyzXq2E + LRMJUR41k + xOP/fqwYcQKBgQDI
OU7wnLH3 + JZOJPgD3L/f5f + 8RBb0WqcmpZ0FXFTvAJzTxYsovv2P/kA9Nc4j8SA +
SObJl + rAq + 0eHSTvRhDo9S8TTwxL7zEN4UM8x2dL3WygzYhmJi5koBTHc4djGuT8
3Sr3fwh2UY8rujnQqtcI + 0B // irkoxe2evvw1_w1iqkbgqcjgu0ef + CDR6R2iImL
69xkwp2umQVDPFCJtlJ5Oqg7CRI4HHo2 + ujfDq8hl4ihg0Zq6e + iIrBCBOOFlpLn
XrvhxAv79sB/w5Y3zSwTtqwnpUR65ZKi2X4exza0 // yY77LAuGNcG5oKTUhTBDMz
FPnZX9Q0zJevs0 + UfAeXvThc9g =
----- End private key -----
</Key>
<Tls-auth>
----- BEGIN OpenVPN Static key V1 -----
A692b93eeb708a615914f791ef42a2fb
4d14e99055aa297e564108ed272c25d7
Export cd7a43d5f9d02c84d566406a3a657
84f1e69c23c3d954b1a19dc4d373b8a3
7c717dda-c51e94253a628c4f4a7e98
173a65e0ce9806b2b04f1ce0e45ffacb
67bbca2db49cb3b784153b85fb3d79c4
Bbbf61d9147513957ac4668e541db859
C449eaf04b0d0585dc4c102ca010d91a
5ad275b7fb13e95f0a971a88a7550cb4
3485825fb6304b8537ac9cd6af5fda68
4a0d94d47f3a0478e722f20e0043de1c
C18684f5b68e6f19ad5b302cb9ddc1ca
B326c80c4b6bb235dda607a5fa79fbc8
5da586741a428e2ab390827c5145893a
D78f0bef7c86710ec7752d60cb94cada
----- END OpenVPN Static key V1 -----
</Tls-auth>
This article permanently updates the link address: