CentOS 下openvpn 的搭建,centosopenvpn
OpenVPN是一款基於隧道加密的VPN軟體,下面介紹一下它在CentOS 6.5下的安裝方法:
setenforce 0yum install -y openssl openssl-devel lzorpm -ivh http://mirrors.sohu.com/fedora-epel/6/x86_64/epel-release-6-8.noarch.rpmcd /etc/yum.repos.d/cp epel.repo epel.repo.baksed -i 's/^mirrorlist=https/mirrorlist=http/' /etc/yum.repos.d/epel.repoyum install openvpn easy-rsacd /usr/share/easy-rsa/2.0/vim vars 修改省市,單位等相關資訊source vars./clean-all./build-ca./build-key-server server./build-key client1./build-dh 產生 dm2048 資訊openvpn --genkey --secret keys/ta.key 產生 ta,key 防止DDos UDP洪水等攻擊mkdir -p /etc/openvpn/keyscd /etc/openvpn/keys/cp /usr/share/easy-rsa/2.0/keys/{ca.crt,server.{crt,key},dh2048.pem,ta.key} ./
port 1194proto tcpdev tunca /etc/openvpn/keys/ca.crtcert /etc/openvpn/keys/server.crtkey /etc/openvpn/keys/server.keydh keys/dh2048.pemserver 10.8.0.0 255.255.255.0ifconfig-pool-persist ipp.txtpush "route 10.10.20.0 255.255.255.0"push "route 10.10.30.0 255.255.255.0"client-to-clientduplicate-cnkeepalive 10 120tls-auth keys/ta.key 0comp-lzopersist-keypersist-tunstatus openvpn-status.loglog-append openvpn.logverb 5開啟 iptables 轉寄功能
sed -i '/net.ipv4.ip_forward/s/0/1/' /etc/sysctl.conf
修改防火牆配置:vim /etc/sysconfig/iptables
# Generated by iptables-save v1.4.7 on Thu May 28 15:13:30 2015*nat:PREROUTING ACCEPT [0:0]:POSTROUTING ACCEPT [0:0]:OUTPUT ACCEPT [0:0]-A POSTROUTING -s 10.8.0.0/24 -o em2 -j MASQUERADE COMMIT# Completed on Thu May 28 15:13:30 2015# Generated by iptables-save v1.4.7 on Thu May 28 15:13:30 2015*filter:INPUT ACCEPT [0:0]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [1265:195030]-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 1194 -j ACCEPT -A INPUT -s 10.8.0.0/24 -j ACCEPT -A FORWARD -i tun+ -j ACCEPT#-A INPUT -j REJECT --reject-with icmp-host-prohibited#-A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT
用戶端的 client.ovpn 配置如下:
client dev tun proto tcpremote internet 1194 resolv-retry infinitenobindpersist-key persist-tun ca ca.crtcert client1.crtkey client1.keyns-cert-type server tls-auth ta.key 1comp-lzo verb 3
OpenVPN 2.3.3 Windows 32位 安裝檔案:
http://swupdate.openvpn.org/community/releases/openvpn-install-2.3.3-I002-i686.exe
OpenVPN 2.3.3 Windows 64位 安裝檔案:
http://swupdate.openvpn.org/community/releases/openvpn-install-2.3.3-I002-x86_64.exe
將OpenVPN伺服器上的client.ovpn、ca.crt、client1.crt、client1.key、ta.key上傳到Windows用戶端安裝目錄下的config檔案夾(C:\Program Files\OpenVPN\config)
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
