config openvpn

certificate as follows: Ll keys/ We can see that three files, ilanni. csr, ilanni. crt, and ilanni. key, have been generated. Here, we use the ilanni. crt and ilanni. key Files. In this way, the Client certificate is created. 4. Configure the Server After all the certificates are created, we now start to configure the Server. Server configuration file, which can be copied from the openvpn built-in template. As follows: Cp/usr/share/doc/

routing mode. Ifconfig-pool-persist ipp.txt Define the relationship between the client and the virtual IP address. Especially when openvpn is restarted, the client connected again will still be assigned and the previous IP address will be disconnected. Server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100 Defines the IP address segment allocated to the client when openvpn uses the tap Bridge Mode.

openssl-devel lzo-devel pampam-devel automake pkgconfig 3. install openvpn: # Wget-chttp: // swupdate.openvpn.org/community/releases/openvpn-2.3.0.tar.gz # Tar zxvf openvpn-2.3.0.tar.gz # Cd openvpn-2.3.0 #./Configure -- prefix =/usr/local/openvpn # Make make install # M

@ss-usa-odo01 ~]# cp/usr/share/doc/openvpn-2.3.11/sample/sample-config-files/server.conf/etc/openvpn/ [Root@ss-usa-odo01 ~]# Mkdir/etc/openvpn/easy-rsa [Root@ss-usa-odo01 ~]#/bin/cp-rf/usr/share/easy-rsa/2.0/*/etc/openvpn/easy-rsa [Root@ss-usa-odo01 ~]# Cd/etc/

NO Hz. key Hangzhou only hz Key YES According to the table above, copy all the files to the host that requires these files. 4.5.2 OpenVPN Server Configuration When openvpn is installed, the/opt/openvpn directory contains only the sbin and man folders. For convenience, we can create other folders under this directory. Code: Directory Name The main program

/openvpn/ (7) copy the client key and certificate to the client directory. [Root @ vpn ~] # Cp/usr/local/share/doc/openvpn/easy-rsa/easyrsa3/pki/ca. crt/root/client/ [Root @ vpn ~] # Cp/usr/local/share/doc/openvpn/easy-rsa/easyrsa3/pki/issued/qiangsh. crt/root/client/[Root @ vpn ~] # Cp/root/client/easy-rsa/easyrsa3/pki/private/qiangsh. key/root/client/ (8) Write

attention to the file permissions to prevent theft.Key/etc/openvpn/keys/server. key # This file shocould be kept secret# Diffie-Hellman file generated by builddhDh/etc/openvpn/keys/dh1024.pem# Configure the network used by the VPN. Openvpn will automatically provide the DHCP service based on this network segment, but it cannot repeat with the LAN end of any part

/openvpn/directory and execute the command: Cp/etc/openvpn/easy-rsa/easyrsa3/pki/ca. crt/etc/openvpnCp/etc/openvpn/easy-rsa/easyrsa3/pki/private/server. key/etc/openvpnCp/etc/openvpn/easy-rsa/easyrsa3/pki/issued/server. crt/etc/openvpnCp/etc/openvpn/easy-rsa/easyrsa3/pki/d

client2, as an example.[Root @ openvpn-server 2.0] #./build-key client1 [Root @ openvpn-server 2.0] #./build-key client2 # Same as above[Root @ openvpn-server 2.0] # ls-lsart keys Modify the configuration file/etc/server. conf of the openvpn server[Root @ openvpn-server

uses two users, client1 and client2, as an example.[Root @ openvpn-server 2.0] #./build-key client1 [Root @ openvpn-server 2.0] #./build-key client2 # Same as above[Root @ openvpn-server 2.0] # ls-lsart keys Modify the configuration file/etc/server. conf of the openvpn server[Root @

........... +... + ......................... + ......... + ........................ + ......................... + .......... + .................... + ........................ + ........................... + .................................. + ....................................... ......... + ............. + ............................ + ............ ..................... + .. + ............ + ....................................... ......................... + ......................... + ...

10.8.0.0 255.255.255.0 Ifconfig-pool-persist ipp.txt Push "redirect-gateway def1" Plugin/etc/openvpn/openvpn-auth-passwd.so openvpn Client-to-client Client-cert-not-required Keepalive 10 120 Tls-auth/etc/openvpn/easy-rsa/keys/ta. key 0 Comp-lzo User nobody Group nobody Persist-key Persist-tun Status

certified until Mar 08:22:00 2016 GMT (3650 days)Sign the certificate? [Y/n]:y 1 out of 1 certificate requests certified, commit? [Y/n]yWrite out database with 1 new entriesData Base Updated Generate additional client certificates in turn/keyCode:./build-key Client2./build-key Client3 Note When entering Common name (eg, your name or your server ' s hostname) []: The name of each certificate entry must be different. Generates Diffie Hellman parameters. Code:./BUILD-DH Package all files under th

certificate request A challenge password []: An optional company name []:4. 3. Copy the certificate to the corresponding location # Cd, usr, local, openvpn, easy-rsa, 2.0, and keys # Cp-f dh2048.pem ca. crt server. crt server. key/usr/local/openvpn/keys # (server side) # Cp-f ca. crt client. crt client. key/usr/local/openvpn/keys # (client)V. Configuration File

....... + ....................................... .................... + ............................... + .. + .. + ................................ + ....................................... ........................................ ............ + .................... + ....................................... ........................ + .................. + ...................................... + ................... + ....................... + ...... ++ *4. create a server configuration file# Mk

'/^ SELINUX =/c \ SELINUX = disabled'/etc/selinux/config# Install openssl and lzo. lzo is used to compress communication data and speed up transmission.Yum-y install openssl-develYum-y install lzo# Install the epel SourceRpm-ivh http://mirrors.sohu.com/Fedora-epel/6/x86_64/epel-release-6-8.noarch.rpmSed-I's/^ secure list = https/secure list = http/'/etc/yum. repos. d/epel. repo 2. install and configure OpenVPN