Install Openvpn in CentOS
Principle:
The core technology of OpenVpn is virtual Nic, followed by SSL protocol implementation. Here we will introduce the virtual nic and its Working Mechanism in OpenVpn:
A virtual Nic is a driver software implemented by using underlying network programming technology. After installation, an Eni appears on the host and can be configured like other NICs. The service program can open the virtual network card at the application layer. If the application software (such as IE) sends data to the virtual network card, the service program can read the data, if the service program writes appropriate data to the virtual network card, the application software can also receive the data. Virtual NICs are implemented in many operating systems, which is also an important reason for OpenVpn to be cross-platform.
In OpenVpn, if a user accesses a remote virtual address (belonging to the address series used by the virtual network adapter, different from the real address), the operating system uses the routing mechanism to route the data packets (in TUN mode) or data frame (TAP mode) is sent to the virtual network card. After the service program receives the data and processes the data, it sends the data from the Internet through SOCKET, the remote service program receives data from the Internet through a SOCKET and sends the data to the virtual Nic after corresponding processing. Then, the application software can receive the data and complete one-way transmission, and vice versa.
Installation environment: Server RHEL 5.3 (IP 192.168.10.191) or above
Client: win7
In Linux, kerner must support tun devices and load the iptables module.
# Modinfo tun
If you need to enable the SSL connection for OpenVPN, you must first install OpenSSL.
# Rpm-qa | grep ssl
If no
# Yum install openssl-devel
2.2.2 For this installation can be downloaded from the official website
Log on to the server through SecureCRT or XShell and upload LZO and OpenVPN. LZO is used for data compression.
Installation Process:
1. Unzip and install lzo
# Tar zxvf lzo.2.06.tar.gz
# Cd lzo-2.06
#./Configure
# Make
# Make install
2. Unzip and install openvpn
# Tar zxvf openvpn-2.2.2.tar.gz
# Cd openvpn-2.2.2
# Configure & make install
3. Produce certificate key
Initialize PKI
# Mkdir/etc/openvpn (this directory is not available by default)
# Cd openvpn-2.2.2
# Cp-r easy-rsa/2.0/etc/openvpn/easy-rsa
# Cd/etc/openvpn/easy-rsa
# Vi vars
Modify the following lines as needed, for example:
Export KEY_COUNTRY = "CN"
Export KEY_PROVINCE = "BJ"
Export KEY_CITY = "Beijing"
Export KEY_ORG = "baidu"
Export KEY_EMAIL = "tech@baidu.cn"
Export KEY_EMAIL = tech@baidu.cn
Export KEY_CN = baidu
Export KEY_NAME = baidu
Export KEY_OU = baidu
Export PKCS11_MODULE_PATH = baidu
Export PKCS11_PIN = 1q2w3e4r
Create Certificate
# ../Vars
NOTE: Ifyou run./clean-all, I will be doing a rm-rf on/etc/openvpn/easy-rsa/keys
(It must be executed only when the certificate is generated for the first time)
#./Clean-all
#./Build-ca (one-way carriage return)
#./Build-key-server (create server key)
(Press enter along the way to the prompt [y/n] And enter y)
# Cd/etc/openvpn/easy-rsa/keys
Copy the generated certificate to/etc/openvpn
# Cp ca. crt dh1024.pem server. crt server. key/etcp/openvpn
Create server. conf
# Cd/etc/openvpn
# Vim server. conf (this file is not available by default)
Local 192.168.10.191
Port 1194
Proto udp
Dev tun
Ca. crt
Cert server. crt
Key server. key
Dh dh1024.pem
Server11.8.0.0255.255.255.0
Keepalive 10 120
Comp-lzo
Persist-key
Persist-tun
Logopenvpn. log
Log-append openvpn. log
Status openvpn-status.log
Verb 3
Start the server
# Openvpn -- config/etc/openvpn/server. conf -- daemon
# Ip
A tun0 device is added and the IP address is 11.8.0.1.
4. Generate the client key
# Cd/etc/openvpn/easy-rsa
#./Build-key client1 (later generation./build-key client2 ...)
(Press enter along the way to the prompt [y/n] And enter y)
Copy the generated client key file ca. crt client1.crt client1.key to win7,
5. win7 Configuration
Copy ca. crt client1.crt client1.key to the config directory under the openvpn installation directory.
And create the client. ovpn (not available by default) file.
Edit client. ovpn with the following content:
Client
Dev tun
Proto udp
Remotely 192.168.10.191 1194
Resolv-retry infinite
Nobind
User nobody
Group nodody
Persist-key
Persis-tun
Ca. crt
Cert client1.crt
Key client1.key
Comp-lzo
Verb 3
Keepalive 10 120
When win7 is connected through a client, the automatically obtained IP address is displayed after successful dialing, and ping11.8.0.1 is successfully connected.
Supplement linux as the client:
Linux clients also need to install lzo and openven (see installation process 1 and installation process 2)
And create/etc/openvpn
Copy ca. crt client1.crt client1.key to/etc/openvpn
Also create client. conf (this file is not available by default)
Edit client. conf in the same way as client. ovpn In the config directory of win7.
Start the client
# Openvpn -- config/etc/openvpn/client. conf -- daemon
# Ip
You can see that the tun0 device automatically obtains the IP address in the 11.8.0 segment, indicating that the dial is successful. You can test ping11.8.0.1.