openvpn安装
来源:互联网 发布:10nba总决赛数据 编辑:程序博客网 时间:2024/05/26 02:52
环境:
操作系统:CentOS 6.6
软件:lzo-2.0.6.tar.gz、openvpn-2.2.2.tar.gz
服务器IP:192.168.1.12
安装前的准备工作
1.关闭防火墙
[root@openvpn ~]# /etc/init.d/iptables stop#临时关闭iptables: Setting chains to policy ACCEPT: filter [ OK ]iptables: Flushing firewall rules: [ OK ]iptables: Unloading modules: [ OK ][root@openvpn ~]# chkconfig iptables off#永久关闭
2.关闭SELINUX
[root@openvpn ~]# setenforce 0#临时关闭[root@openvpn ~]# sed -i 's#SELINUX=enforcing#SELINUX=disabled#' /etc/selinux/config#永久关闭[root@openvpn ~]# getenforce#查看状态Permissive
3.同步时间(每5分钟自动与时间服务器同步)
[root@openvpn ~]# echo '*/5 * * * * /usr/sbin/ntpdate s2c.time.edu.cn >/dev/null 2>&1'>>/var/spool/cron/root[root@openvpn ~]# crontab -l*/5 * * * * /usr/sbin/ntpdate s2c.time.edu.cn >/dev/null 2>&1
4.安装依赖包
[root@openvpn ~]# yum install -y lrzsz openssl* gcc-c++
5.下载软件包(lzo-2.0.6.tar.gz、openvpn-2.2.2.tar.gz,从百度上搜索一下)并上传到服务器上
在服务器上创建软件目录,并将下载的软件上传到这里。
[root@openvpn ~]# mkdir /tools[root@openvpn ~]# cd /tools[root@openvpn tools]# rz
开始安装
1.安装lzo
[root@openvpn tools]# lltotal 1464-rw-r--r--. 1 root root 583045 Feb 15 2017 lzo-2.06.tar.gz-rw-r--r--. 1 root root 911158 Jul 21 2016 openvpn-2.2.2.tar.gz[root@openvpn tools]# tar zxf lzo-2.06.tar.gz [root@openvpn tools]# cd lzo-2.06[root@openvpn lzo-2.06]# ./configure [root@openvpn lzo-2.06]# make[root@openvpn lzo-2.06]# make install[root@openvpn lzo-2.06]# cd ..
2.安装openvpn
[root@openvpn tools]# tar zxf openvpn-2.2.2.tar.gz[root@openvpn tools]# cd openvpn-2.2.2[root@openvpn openvpn-2.2.2]# ./configure --with-lzo-headers=/usr/local/include --with-lzo-lib=/usr/local/lib[root@openvpn openvpn-2.2.2]# make[root@openvpn openvpn-2.2.2]# make install[root@openvpn openvpn-2.2.2]# which openvpn #查看OPENVPN目录/usr/local/sbin/openvpn
配置openvpn服务端
[root@openvpn openvpn-2.2.2]# cd /tools/openvpn-2.2.2/easy-rsa/2.0[root@openvpn 2.0]# vim vars #修改最后12行
#根据实际情况修改
export KEY_COUNTRY="CN"export KEY_PROVINCE="BJ"export KEY_CITY="Beijing"export KEY_ORG="test"export KEY_EMAIL="test@test.com"export KEY_EMAIL=mail@host.domainexport KEY_CN=changemeexport KEY_NAME=changemeexport KEY_OU=changemeexport PKCS11_MODULE_PATH=changemeexport PKCS11_PIN=1234
创建证书
[root@openvpn 2.0]# source varsNOTE: If you run ./clean-all, I will be doing a rm -rf on /tools/openvpn-2.2.2/easy-rsa/2.0/keys[root@openvpn 2.0]# ./clean-all
1.创建CA证书
[root@openvpn 2.0]# ./build-caGenerating a 1024 bit RSA private key..................++++++.....................................++++++writing new private key to 'ca.key'-----You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [CN]:State or Province Name (full name) [BJ]:Locality Name (eg, city) [Beijing]:Organization Name (eg, company) [test]:Organizational Unit Name (eg, section) [changeme]:Common Name (eg, your name or your server's hostname) [changeme]:Name [changeme]:Email Address [mail@host.domain]:
创建server端证书
[root@openvpn 2.0]# ./build-key-server testserver#testserver为证书名称,根据实际情况修改Generating a 1024 bit RSA private key....................++++++...................++++++writing new private key to 'testserver.key'-----You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [CN]:State or Province Name (full name) [BJ]:Locality Name (eg, city) [Beijing]:Organization Name (eg, company) [test]:Organizational Unit Name (eg, section) [changeme]:Common Name (eg, your name or your server's hostname) [testserver]:Name [changeme]:Email Address [mail@host.domain]:Please enter the following 'extra' attributesto be sent with your certificate requestA challenge password []:An optional company name []:Using configuration from /tools/openvpn-2.2.2/easy-rsa/2.0/openssl-1.0.0.cnfCheck that the request matches the signatureSignature okThe Subject's Distinguished Name is as followscountryName :PRINTABLE:'CN'stateOrProvinceName :PRINTABLE:'BJ'localityName :PRINTABLE:'Beijing'organizationName :PRINTABLE:'test'organizationalUnitName:PRINTABLE:'changeme'commonName :PRINTABLE:'testserver'name :PRINTABLE:'changeme'emailAddress :IA5STRING:'mail@host.domain'Certificate is to be certified until Oct 31 08:11:59 2027 GMT (3650 days)Sign the certificate? [y/n]:y1 out of 1 certificate requests certified, commit? [y/n]yWrite out database with 1 new entriesData Base Updated
创建客户端证书
[root@openvpn 2.0]# ./build-key testclient#不带密码Generating a 1024 bit RSA private key..++++++.............................++++++writing new private key to 'testclient.key'-----You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [CN]:State or Province Name (full name) [BJ]:Locality Name (eg, city) [Beijing]:Organization Name (eg, company) [test]:Organizational Unit Name (eg, section) [changeme]:Common Name (eg, your name or your server's hostname) [testclient]:Name [changeme]:Email Address [mail@host.domain]:Please enter the following 'extra' attributesto be sent with your certificate requestA challenge password []:An optional company name []:Using configuration from /tools/openvpn-2.2.2/easy-rsa/2.0/openssl-1.0.0.cnfCheck that the request matches the signatureSignature okThe Subject's Distinguished Name is as followscountryName :PRINTABLE:'CN'stateOrProvinceName :PRINTABLE:'BJ'localityName :PRINTABLE:'Beijing'organizationName :PRINTABLE:'test'organizationalUnitName:PRINTABLE:'changeme'commonName :PRINTABLE:'testclient'name :PRINTABLE:'changeme'emailAddress :IA5STRING:'mail@host.domain'Certificate is to be certified until Oct 31 08:16:56 2027 GMT (3650 days)Sign the certificate? [y/n]:y1 out of 1 certificate requests certified, commit? [y/n]yWrite out database with 1 new entriesData Base Updated
创建迪菲·赫尔曼密钥
[root@openvpn 2.0]# ./build-dhGenerating DH parameters, 1024 bit long safe prime, generator 2This is going to take a long time
拷贝key及配置文件
[root@openvpn 2.0]# mkdir -p /etc/openvpn[root@openvpn 2.0]# cd /tools/openvpn-2.2.2/easy-rsa/2.0[root@openvpn 2.0]# cp -ap keys /etc/openvpn[root@openvpn 2.0]# cd /tools/openvpn-2.2.2/sample-config-files/[root@openvpn sample-config-files]# cp client.conf server.conf /etc/openvpn
修改配置文件
[root@openvpn sample-config-files]# vim server.conf local 192.168.1.20#本机IPport 1194#使用的端口号proto udp#使用的协议dev tunca /etc/openvpn/keys/ca.crtcert /etc/openvpn/keys/server.crtdh /etc/openvpn/keys/dh1024.pemkey /etc/openvpn/keys/server.keyserver 10.8.0.0 255.255.255.0ifconfig-pool-persist ipp.txtpush "route 172.16.0.0 255.255.255.0"#连接VPN后需要访问的IP段,根据实际需求修改duplicate-cnclient-to-clientkeepalive 10 120comp-lzopersist-keypersist-tunstatus openvpn-status.loglog /var/log/openvpn.logverb 3
打开内核转发
[root@openvpn sample-config-files]# vim /etc/sysctl.confnet.ipv4.ip_forward = 1#0改为1[root@openvpn sample-config-files]# sysctl -pnet.ipv4.ip_forward = 1net.ipv4.conf.default.rp_filter = 1net.ipv4.conf.default.accept_source_route = 0kernel.sysrq = 0kernel.core_uses_pid = 1net.ipv4.tcp_syncookies = 1error: "net.bridge.bridge-nf-call-ip6tables" is an unknown keyerror: "net.bridge.bridge-nf-call-iptables" is an unknown keyerror: "net.bridge.bridge-nf-call-arptables" is an unknown keykernel.msgmnb = 65536kernel.msgmax = 65536kernel.shmmax = 68719476736kernel.shmall = 4294967296
后台启动OPENVPN
[root@openvpn sample-config-files]# /usr/local/sbin/openvpn --config /etc/openvpn/server.conf &
设置NAT转换
[root@openvpn sample-config-files]# /sbin/iptables -t nat -I POSTROUTING -s 10.8.0.0/255.255.255.0 -o eth0 -j MASQUERADE
客户端安装(windows)
下载OPENVPN软件,双击安装,一路下一步,直到完成。完成后,进入"X:\Program Files (x86)\OpenVPN\config “这个目录,将压缩包内的4个文件,放在config这个文件夹里。(X为安装的盘符)
右键点击屏幕右下角的图标,选择connect后,系统自动连接,完成后会出现提示,
此时VPN已连接完成。
注意:
1.下载的版本是32位的,如果是64位的,则证书文件放在X:\Program Files\OpenVPN\config这个文件内。(注意括号内的X86)
2.软件安装完成后,系统会自动多一个虚拟网卡,如果没有,请重新安装。
阅读全文
1 0
- OPENVPN安装
- Openvpn安装
- 安装openvpn
- openvpn安装
- CenOS 下安装OpenVPN
- debian6安装openvpn
- centos 安装openvpn
- openvpn安装配置
- ubuntu12.04安装openvpn
- UBUNTU 安装OPENVPN
- openvpn安装配置
- OpenVPN安装配置
- CentOS5.4安装OpenVPN
- openvpn 安装配置
- OPENVPN 安装教程
- ubuntu openvpn安装
- Fedora 安装 openvpn server
- Windows 安装openvpn
- Android Studio Gradle实践之多渠道自动化打包
- python基础(1)
- vue router 导航钩子(导航守卫)
- 学习笔记MFC_1
- 51nod 1600 Simple KMP 后缀自动机+树链剖分+线段树
- openvpn安装
- kafka版本不匹配问题
- ECMAScript 6 入门学习(5.数值的扩展)
- 基础算法之 选择排序
- [Err] 1093
- iOS备忘录之QQ、腾讯和微博开放平台创建应用需要的素材
- 网站统计
- Java线程(一):线程结构图及状态
- Android Render(二)WindowManagerImpl的addview跟viewGroup的addview有什么不同?