openvpn安装步骤

1、openvpn安装
yum install gcc gcc-c++
yum install openssl*
echo "1" >/proc/sys/net/ipv4/ip_forward

http://www.oberhumer.com/opensource/lzo/download/
lzo-2.06.tar.gz
./configure
make
make install


openvpn-2.2.2.tar.gz
./configure --with-lzo-headers=/usr/local/include --with-lzo-lib=/usr/local/lib
make
make install


2、生成证书


# mkdir -p /etc/openvpn

# cd /root/openvpn-2.2.2/easy-rsa/2.0

# openssl version

OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008

# cp  openssl-0.9.8.cnf openssl.cnf

修改 vars相关参数
# source ./vars
./build-ca
./build-key-server server
./build-key-pass client
./build-dh


# cp -ap keys /etc/openvpn/


3、服务端配置 /etc/openvpn/server.conf
local 192.168.100.10
port 1194
proto tcp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh1024.pem
server 192.168.3.0 255.255.255.0
push "route 192.168.2.0 255.255.255.0"
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
client-to-client
;duplicate-cn
log /var/log/openvpn.log


4、启动服务
cp /root/openvpn-2.2.2/sample-scripts/openvpn.init /etc/init.d/openvpn
chkconfig --add openvpn
service openvpn start


5、客户端配置 client.ovpn
client
dev tun
proto tcp
remote 192.168.100.10 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
comp-lzo
verb 3

拷贝ca.crt client.crt client.key  client.ovpn 到 安装目录的config目录

linux客户端也是使用此配置文件，启动方法 openvpn --config client.conf 

6、收回某一个用户

cd /root/openvpn-2.2.2/easy-rsa/2.0

./revoke-full client

cp keys/crl.pem /etc/openvpn/keys

编辑server.conf增加

crl-verify /etc/openvpn/keys/crl.pem

7、实现两个不同地区网络互联
在server.conf增加以下内容
client-config-dir /usr/local/vpn/ccd
route 192.168.4.0 255.255.255.0 （客户端内网络段）
新建目录和以用户命名文件
mkdir -p /usr/local/vpn/ccd
vi client
iroute 192.168.4.0 255.255.255.0