Install OpenVPN server in yum under Centos

Install OpenVPN server in yum under Centos

OpenVPN is an open-source VPN software that uses ssl to encrypt and exchange data. The data is secure. You can use the TCP/UDP protocol and custom ports, which are not easily controlled by the ISP, it is a good alternative to PPTPD.
The Centos official source does not have OpenVPN software. you can install the EPEL source first.
Installation:

Rpm-ivh http://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpmyum install openvpn

Configuration:

Cp-R/usr/share/openvpn/easy-rsa/etc/openvpn/# It may also be the following directory # cp-R/usr/share/doc/openvpn- */easy-rsa/etc/openvpn # the latest version does not contain easy-ras, # wget https://github.com/OpenVPN/easy-rsa/releases/download/2.2.2/EasyRSA-2.2.2.tgzcd/etc/openvpn/easy-rsa/2.0 chmod + x. /* source. /vars the variable in this file can be edited. The default value is enough.

Generate a key. Press enter by default.

. /Clean-all # Clear all generated certificates. /build-ca server # generate the CA certificate. /build-key-server # generate the server certificate. /build-key client1 # generate client certificate. Execute multiple certificates #. /build-key client2./build-dh # generate the Diffie Hellman parameter openvpn -- genkey -- secret ta. key # Use tls-auth to defend against attacks. Optional.

Edit the server configuration file:

Vim/etc/openvpn/server. conf # Add the following content: port 1194 # default listening port. You can modify proto udp # default udp protocol, poor network conditions (tcpdev tunca/etc/openvpn/easy-rsa/2.0/keys/ca. crtcert/etc/openvpn/easy-rsa/2.0/keys/server. crtkey/etc/openvpn/easy-rsa/2.0/keys/server. keydh/etc/openvpn/easy-rsa/2.0/keys/dh1024.pemtls-auth/etc/openvpn/easy-rsa/2.0/keys/ta. key 0 server 10.8.0.0 255.255.255.0 # The client assigns IPclient-to-client # allows the client to communicate with the client keepalive 10 120 # ask online every 10 seconds, 120 seconds no response reconnect # ping 10 # ping-restart 120 # similar to keepalivecomp-lzouser nobodygroup nogroup # client-cert-not-required # use password verification # auth-user-pass- verify/etc/openvpn/checkpsw. sh via-env # Use the password in the file for verification # script-security 3 system # cooperate with the above, allow File Password verification # plugin/usr/lib/openvpn/openvpn-auth-pam.so login # Use System user verification ifconfig-pool-persist ipp.txt # record allocated IPclient-config-dir/etc/openvpn /client # persist-key in the configuration file directory for specific users # do not re-read keypersist-tun during reconnection # Same as above, do not re-enable the tun device status/var/log/openvpn-status.loglog/var/log/openvpn. logverb 4duplicate-cn # One certificate can be used to log on multiple times to push "dhcp-option DNS 10.8.0.1" # synchronize DNSpush "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4"

Package and download keys

Tar zcvf keys.tar.gz keys/

Start OpenVpn and enable kernel forwarding:

Service openvpn start # start openvpn service chkconfig openvpn on # Set openvpn to start echo 1>/proc/sys/net/ipv4/ip_forward # enable forwarding echo "echo 1>/proc/sys /net/ipv4/ip_forward ">/etc/rc. local # Add a startup Item or modify sysctl

Enable NAT routing:

Iptables-t nat-a postrouting-o eth0-j MASQUERADEservice iptalbes save # save rules

Install and configure the Windows OpenVPN client.
After installation, copy the downloaded key to the installation directory config and create the configuration file client. ovpn. The content is as follows:

Clientdev tunproto udpremote ip port # Set the IP address and port to persist-keypersist-tunca. crtcert client1.crtkey client1.keytls-auth ta. key 1ns-cert-type servercomp-lzoverb 3redirect-gateway def1 # set as the default route script-security 2 system # Allow adding routes using system commands # route-method exe # Same as above, used in earlier versions # route-delay 2

OK. The long process is over. Enjoy your journey to secure the internet.