Mini CentOS6.3 32-bit openvpn2.2.2 notes

Mini CentOS6.3 32-bit openvpn2.2.2 note found that pptp vpn was not available in the past, so I tried OPENVPN! GOOGLE started after turning it over. In the test environment, 512 of ttvps memory VPS and 32-bit centos6.3 mini installation version are available. the general steps are quite simple. www.2cto.com 1. the kernel must support the tun device and load the iptables module. check whether tun is installed: modinfo tun filename:/lib/modules/2.6.32-279. el6.i686/kernel/drivers/net/tun. ko alias: char-major-10-200 license: GPL author: (C) 1999-2004 Max kranyansky <maxk@qualcomm.com> description: Universal TUN/TAP device driver srcversion: includepends: v Ermagic: 2.6.32-279. el6.i686 SMP mod_unload modversions 686 is probably supported... (this first step is copied online. The result is output on VPS .) 2. install some dependent packages yum install iptables openssl lzo pam openssl-devel lzo-devel pam-devel if you are installing rpm, you do not need to install the following three development packages, here we compile and install .... 3. Download The openvpn source code !! Download from http://openvpn.net/index.php/open-source/downloads.html. I downloaded a tar.gz package on VPS, 2.2.2. I have a way to download it from the official website. I can't use this connection for the time being !! The current directory of the wget http://d.lvtao.net/linux/lib/openvpn-2.2.2.tar.gz is/root/lazy .... (^_^) 4. install openvpn tar zxvf openvpn-2.2.2.tar.gz cd openvpn-2.2.2. /configure make & make install: Some people still prompt errors in this step. If you want to install centos6.3 mini, remember to install gcc and make yum install gcc make for the reasons, not explained 4. make a certificate and copy easy-rsa to mkdir-p/etc/openvpn cp-R easy-rsa/etc/openvpn cd/etc/openvpn/easy-rsa under/etc/openvpn. /2.0 open The vars file with a familiar editing tool, modify the following according to actual conditions: Several variables: export KEY_COUNTRY = "CN" export KEY_PROVINCE = "CA" export KEY_CITY = "BJ" export KEY_ORG = "MY_ORG" export KEY_EMAIL = "admin@lvtao.net, let's guess .. Haha configure openssl, according to the system installed openssl version, copy the corresponding openssl-version.cnf file, the target file name is openssl. cnf, or create a file link to view the version rpm-q openssl openssl-1.0.0-25.el6_3.1.i686 cp openssl-1.0.0.cnf openssl. cnf then execute the following command .. there are two vertices before/vars, and there is a space in the middle .. /vars. /clean-all. /build-ca press enter to check whether some files ca are generated. crt ca. key index.txt serial: Generate server key. /build-key-server ttvps the ttvps here is the specified name label. If it is not specified, a prompt will be prompted during execution to enter a carriage return to Sign the certificate? [Y/n]: y [here please y] 1 out of 1 certificate requests certified, commit? [Y/n] y [Please y] Here to generate the client key. /build-key client1 where client1 is the client name. If there are multiple clients, you need to generate multiple keys and press enter to Sign the certificate? [Y/n]: y [here please y] 1 out of 1 certificate requests certified, commit? [Y/n] y [Please y] generate the Diffie Hellman parameter here. This step is required on the server and may take a long time :#. /build-dh till now, we have created a complete key and Certificate file, and copied the server certificate to the/etc/openvpn/directory www.2cto.com cd keys cp ca under the keys directory. crt ca. key ttvps. crt ttvps. key dh1024.pem/etc/openvpn/package the client file or directly download the local ca. crt ca. key client1.crt client1.csr client1.key for client vpn 5. configure the server to copy the configuration file cp/root/openvpn-2.2.2/sample-config-files/server. conf/etc/openvpn. conf port 1194 proto tcp dev t Un ca/etc/openvpn/ca. crt cert/etc/openvpn/ttvps. crt key/etc/openvpn/ttvps. key dh/etc/openvpn/dh1024.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 8.8.8.8.8" push "dhcp-option DNS 8.8.4.4 "push" route 172.16.0.0 255.255.255.0 "client-to-client keepalive 10 120 comp-lzo persist-key persist-tun status openvpn-status.lo G verb 4 script-security 3 edit/etc/sysctl. find net. ipv4.ip _ forward = 0 to net. ipv4.ip _ forward = 1 save and then execute sysctl-p to add routing rules: 172.16.0.65 your server IP iptables-t nat-a postrouting-s 10.8.0.0/24-j SNAT -- to-source 172.16.0.65 or iptables-t nat-a postrouting-s 10.8.0.0/24-j MASQUERADE can also enable www.2cto.com # iptables-t nat-a postrouting-s 10.8.0.0/24-j MASQUERADE to open the openvpn Port: iptables-a input-m st Ate -- state NEW-m udp-p udp -- dport 1194-j ACCEPT save iptables rules and restart the service/etc/init. d/iptables save/etc/init. d/iptables restart start openvpn/usr/local/sbin/openvpn -- daemon -- config/etc/openvpn. conf use netstat-ln to check whether the port of 1194openvpn is up 6. the client copies the 5 downloaded files to the OpenVPN \ config directory. create a new file named client1.ovpn as follows. where *. *. *. * Your Server IP client dev tun proto tcp remote *. *. *. * 1194 resolv-retry infinite nobind per Sist-key persist-tun ca. crt cert client1.crt key client1.key ns-cert-type server comp-lzo verb 4 route-method exe route-delay 2 then connect! Www.2cto.com I encountered several problems when installing and using it for the first time. The first problem was that I could not connect to the openvpn server normally. It was verified that the problem was caused by iptables settings on the server and then the connection was completed, some GFW websites such as facebook youtue cannot be accessed for many reasons, what I have encountered is that the server has not set push "dhcp-option DNS 8.8.8" push "redirect-gateway def1 bypass-dhcp". The host used in this article uses www.ttvps.net 512 memory to configure the host system centos6.3 minisetup 32-bit