Openvpn construction in CentOS, centosopenvpn
OpenVPN is a VPN software based on tunnel encryption. The following describes how to install OpenVPN in CentOS 6.5:
Setenforce 0yum install-y openssl-devel lzorpm-ivh http://mirrors.sohu.com/fedora-epel/6/x86_64/epel-release-6-8.noarch.rpmcd/etc/yum. repos. d/cp epel. repo epel. repo. baksed-I's/^ secure list = https/secure list = http/'/etc/yum. repos. d/epel. repoyum install openvpn easy-rsacd/usr/share/easy-rsa/2.0/vim vars modify province/city, unit and other related information source vars. /clean-all. /build-ca. /build-key-server. /build-key client1./build-dh generate dm2048 information openvpn -- genkey -- secret keys/ta. key Generation ta, key prevents DDos, UDP, flood, and other attacks mkdir-p/etc/openvpn/keyscd/etc/openvpn/keys/cp/usr/share/easy-rsa/2.0/keys/{ca. crt, server. {crt, key}, dh2048.pem, ta. key }./
Vim server. conf
port 1194proto tcpdev tunca /etc/openvpn/keys/ca.crtcert /etc/openvpn/keys/server.crtkey /etc/openvpn/keys/server.keydh keys/dh2048.pemserver 10.8.0.0 255.255.255.0ifconfig-pool-persist ipp.txtpush "route 10.10.20.0 255.255.255.0"push "route 10.10.30.0 255.255.255.0"client-to-clientduplicate-cnkeepalive 10 120tls-auth keys/ta.key 0comp-lzopersist-keypersist-tunstatus openvpn-status.loglog-append openvpn.logverb 5
Enable iptables forwarding
Sed-I '/net. ipv4.ip _ forward/s/0/1/'/etc/sysctl. conf
Modify firewall configuration: vim/etc/sysconfig/iptables
# Generated by iptables-save v1.4.7 on Thu May 28 15:13:30 2015*nat:PREROUTING ACCEPT [0:0]:POSTROUTING ACCEPT [0:0]:OUTPUT ACCEPT [0:0]-A POSTROUTING -s 10.8.0.0/24 -o em2 -j MASQUERADE COMMIT# Completed on Thu May 28 15:13:30 2015# Generated by iptables-save v1.4.7 on Thu May 28 15:13:30 2015*filter:INPUT ACCEPT [0:0]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [1265:195030]-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 1194 -j ACCEPT -A INPUT -s 10.8.0.0/24 -j ACCEPT -A FORWARD -i tun+ -j ACCEPT#-A INPUT -j REJECT --reject-with icmp-host-prohibited#-A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT
Note: The-o em2 in the firewall is the IP address network port of the VPN Server intranet.
The client. ovpn configuration of the client is as follows:
client dev tun proto tcpremote internet 1194 resolv-retry infinitenobindpersist-key persist-tun ca ca.crtcert client1.crtkey client1.keyns-cert-type server tls-auth ta.key 1comp-lzo verb 3
Client:
OpenVPN 2.3.3 Windows 32-bit installation file:
Http://swupdate.openvpn.org/community/releases/openvpn-install-2.3.3-I002-i686.exe
OpenVPN 2.3.3 Windows 64-bit installation file:
Http://swupdate.openvpn.org/community/releases/openvpn-install-2.3.3-I002-x86_64.exe
Set the client on the OpenVPN server. ovpn, ca. crt, client1.crt, client1.key, and ta. key to the config folder under the Windows Client installation directory (C: \ Program Files \ OpenVPN \ config)