Summary of LinuxOpenVPN server construction

Using OpenVPN, you can quickly build a VPN server in three steps in Linux. 1. install the server program 2. configure Server 3. install client 1. install server software download lzo and openvpn: http://www.oberhumer.com/opensource/lzo/download/http://openvp... "/> <scrip uses OpenVPN to quickly build a VPN server in three steps in Linux.
1. install the server program
2. configure the server
3. install the client
I . Install server software
Download lzo and openvpn:
Http://www.oberhumer.com/opensource/lzo/download/
Http://openvpn.net/release/

Download the required version as needed. I used lzo-1.08.tar.gz and openvpn-2.0.tar.gz. Perform decompression and installation respectively:
#./Configure
# Make & make install
II . Configure the server
1.Generate certificate
Use easy-rsa in the openvpn installation package to generate the corresponding server and client certificates.
Edit the vars file in the easy-rsa directory as needed:
Export D = "'pwd '"
Export KEY_CONFIG = "$ D/openssl. cnf"
Export KEY_DIR = "$ D/keys"
Export KEY_COUNTRY = "CN"
Export KEY_PROVINCE = "SH"
Export KEY_CITY = "PD"
Export KEY_ORG = "test"
Export KEY_EMAIL = "xx@xx.com"
# Source vars
The difference between source and shell commands is that source will execute the specified command in the current shell.
After the execution is complete, check the Environment variables to ensure the assignment is successful.
During the first installation, you can run./clean-all to clear all generated certificate keys.
Generate a server certificate:
#./Build-ca
Enter the required information as prompted.
2.Generate key
Generate a server key:
#./Build-key-server-name
Enter the required information as prompted.
Generate client key:
#./Build-key client-name
The Common Name (client name) of each client must be different. In the same way, other client keys can be generated.
3.Generate the Diffie Hellman parameter
#./Build-dh
4.Package and download all files in keys to your local device.
5.Create and configure server configuration files
/Etc/openvpn/server. conf
Dev tun
Ifconfig 10.8.0.1 10.8.0.2
Ca xx/ca. crt # point to the generated server certificate
Cert xx/server. crt # point to the generated server certificate
Key xx/server. key # points to the generated server key
Dh xx/dh1024.pem # point to the file in the corresponding directory
User nobody; lower execution permission
Group nobody
Port 3389; change the port
Comp-lzo; enable compression acceleration
; No-log; disable log
Verb 0
Status/dev/null
Log/dev/null
Log-append/dev/null 6.Enable the routing function of the Linux server and configure iptables
Add in/etc/sysctl. conf
Net. ipv4.ip _ forward = 1
# Sysctl-p
# Iptables-t nat-a postrouting-o eth0-s 10.8.0.0/24-j MASQUERADE
#/Etc/init. d/iptables save
7.Add boot start
Edit/etc/rc. local and add the command line:
Use nohup to run in the background
Nohup openvpn {path to server. conf}>/dev/null 2> & 1 &
3. . Install the client
It is much easier to install the client. you can download the client installation directly on the OpenVPN official website.
After the installation is complete, configure the client configuration file in the/config folder:
Dev tun
Remote {ip} {port}
# Specify the certificate and client key (generated on the server in step 2)
Ca "xxx \ sample-config \ key \ ca. crt"
Cert "xxx \ sample-config \ key \ client. crt"
Key "xxx \ sample-config \ key \ client. key" Thu . FAQ
Some problems may occur during installation, configuration, and usage. The following are some of my problems and solutions:
1.In the Win8 system, install and use the client program.
Go to http://openvpn.net/index.php/open-source/downloads.htmlto download the latest client program. Install and configure the client configuration file, and start the client with the administrator privilege.
2.OpenVPN dial-up networking, unable to access the Internet.
First, check whether route forwarding is enabled on the server.
Whether there is an acl policy blocking. check iptables.
Check the Client routing policy. The client routing policy must be configured according to the following rules:
Static route vpn server address 255.255.255.255.255 client gateway address has the highest priority
Default route 0.0.0.0 0.0.0.0 vpn gateway priority followed
Default route 0.0.0.0 0.0.0.0 client gateway priority again
Reference:
Http://net.chinaunix.net/8/2008/10/10/1285095.shtml
Http://www.vpntutorials.com/tutorials/openvpn-client-setup-tutorial-for-windows-8/
Http://www.2cto.com/ OS /201312/268608.html
Https://www.virtacoresupport.com/index.php? _ M = knowledgebase & _ a = viewarticle & kbarticleid = 80