Build a VPN server in CentOS to connect external networks to internal networks

Source: Internet
Author: User
Objective to build a VPN server and connect the external network to the internal network. Environment server: centos6.20.client: WindowsXP server configuration # Disable SELinux

Purpose

Build a VPN server to connect the external network to the internal network.

 

Environment

Server: CentOS 6.2 32

Client: Windows XP

Server Configuration

  # Disable SELinuxsed-I '/^ SELINUX \ B/s/=. */= disabled/'/etc/selinux/configsetenforce 0 # install EPEL source (default yum source does not have openvpn and easy-rsa software package) rpm-ivh http://mirrors.ustc.edu.cn/fedora/epel/5/i386/epel-release-5-4.noarch.rpm # Install openvpn and the easy-rsa software package yum-y install openvpn easy-rsa # switch to the/usr/share/easy-rsa/2.0/directory cd/usr/share/easy-rsa/ 2.0/# Initialize the environment variable source vars # clear all certificate-related files. /clean-all # generate CA-related files (press enter all the way ). /build-ca # generate related files on the server (press enter all the way until you are prompted to enter y/n, enter y and press enter twice ). /build-key-server # generate client-related files (press enter all the way until y/n is prompted, enter y and press enter twice ). /build-key client # Generate the dh2048.pem file (the file is generated quickly and slowly, so do not interrupt it during this period ). /build-dh # generate ta. key File (anti-DDos) openvpn -- genkey -- secret keys/ta. key # Create a New key Directory mkdir/etc/openvpn/keys under the openvpn configuration Directory # copy the files required by the openvpn configuration file to the newly created keys directory cp/ usr/share/easy-rsa/2.0/keys/{ca. crt, server. {crt, key}, dh2048.pem, ta. key}/etc/openvpn/keys/# Create/etc/openvpn/server. conf file with the following content: port 1194 proto udpdev tunca keys/ca. crtcert keys/server. crtkey keys/server. key # This file shocould be kept secretdh keys/dh2048.pemserver 10.8.0.0 255.255.255.0ifconfig-pool-persist ipp.txt push "route 192.168.1.0 255.255.255.0" #192.168.1.0/24 is the intranet segment of my VPN server, modify keepalive 10 120tls-auth keys/ta according to your actual situation. key 0 # This file is secretcomp-lzopersist-keypersist-tunstatus openvpn-status.logverb 3 # enable the route forwarding function sed-I '/net. ipv4.ip _ forward/s/0/1/'/etc/sysctl. confecho 1>/proc/sys/net/ipv4/ip_forward # configure iptables-Fiptables-Xiptables-p input ACCEPTiptables-p output ACCEPTiptables-p forward ACCEPTiptables-t nat-Fiptables-t nat-Xiptables-t nat-a postrouting-s 10.8.0.0/24-j MASQUERADEservice iptables save # start openvpn and set it to start service openvpn startchkconfig openvpn on

Client Configuration

  # Create a client file named client. ovpn), the content is as follows (the reader should pay attention to modifying the public IP address of the server below) clientdev tunproto udpremote server public IP 1194resolv-retry using-keypersist-tunns-cert-type servercomp Copy and paste all the content of/usr/share/easy-rsa/2.0/keys/ca. crt in this Copy and paste all the content of/usr/share/easy-rsa/2.0/keys/client. crt in this Copy and paste all the content of/usr/share/easy-rsa/2.0/keys/client. key in Copy and paste all the content of/usr/share/easy-rsa/2.0/keys/ta. key # Download the client from the server. ovpn, copy it to the config Directory of the openvpn installation directory, and then start the openvpn program to connect to the server. if you can obtain the IP address, if you can ping other machines on the intranet, the configuration is successful. # Finally, the sample text of my client. ovpn is provided for your reference. Clientdev tunproto udpremote 192.168.1.88 1194resolv-retry infinitenobindpersist-keypersist-tunns-cert-type servercomp-lzoverb 3tls-auth [inline] 1 ----- Begin certificate ----- MIIFEjCCA/users/60 txUeGdb/mRGvBK/MH0/hybrid + noD + strong/Strong + 63 hquXuhQSN/dyskyxmhficjy6 H/Strong + YF8CAueE/summary/examples/Examples /examples/h8Xr4jxZjYUB + examples/examples + R4E + examples/+ examples + LbR69o/WHObGiMkc3y + examples + agqglh5vpmleewc + omS2XoJZc3cagw ----- end certificate ----- ----- Begin certificate ----- BEGIN/decrypt + encrypt/decrypt/NRQ8c1KAMmvA/2Uz/decrypt + encrypt/decrypt + f9MFnubIe4tKQ = ----- END CERTIFICATE ----- ----- Begin private key ----- users + users/users + 8bXxCAFAH5 + users/UNOVLxfVTkas8GSpo7Q/users + P3 + users/hfNtm + Fr163IvAX + dT + examples/examples/cCfP08oDR8sThw + examples/w/examples ++ wXQsr/examples/b0dG7pUw + JSkmnpD7BO + examples/examples + LRMJUR41k + xOP /keys + JZOJPgD3L/f5f + keys/kA9Nc4j8SA + sObJl + rAq + keys + 0B // keys + keys/keys // keys + UfAeXvThc9g = ----- END PRIVATE KEY ----- ----- BEGIN OpenVPN Static key V1 ----- BEGIN ----- END OpenVPN Static key V1 -----

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.