源码编译搭建Key形式openvpn v2.1.3
来源:互联网 发布:nba2k球星数据 编辑:程序博客网 时间:2024/05/18 23:27
1. 编译并安装openvpn
下载源码
wget http://openvpn.net/release/openvpn-2.1.3.tar.gz
wget http://www.oberhumer.com/opensource/lzo/download/lzo-2.06.tar.gz
解压源码及补丁
tar -zxvf [openvpn-2.1.3.tar.gz路径]
tar -zxvf [lzo-2.06.tar.gz路径]
编译lzo
cd /opt/lzo-2.06/
./configure && make && make install
编译ipv6 openvpn
./configure --build=i386-redhat-linux-gnu --host=i386-redhat-linux-gnu --target=i686-redhat-linux-gnu --program-prefix= --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib --libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/var/lib --mandir=/usr/share/man --infodir=/usr/share/info --enable-password-save --enable-iproute2 --with-ifconfig-path=/sbin/ifconfig --with-iproute-path=/sbin/ip --with-route-path=/sbin/route
make && make install
安装openssl
yum install -y openssl
2. 生成Key文件
下载easy-rsa
cd /opt
yum install git
git clone git://github.com/OpenVPN/easy-rsa.git
cd easy-rsa/easy-rsa/2.0
修改配置文件
vi vars
export KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="SanFrancisco"
export KEY_ORG="Fort-Funston"
export KEY_EMAIL="me@myhost.mydomain"
export KEY_EMAIL=mail@host.domain
生成Key文件
. vars
./clean-all
./build-ca
若出现
No /usr/share/openvpn/easy-rsa/2.0/openssl.cnf file could be found
Further invocations will fail
则执行
cp openssl-1.0.0.cnf openssl.cnf
./bulid-key-server XXXXXX[假定server,可修改]
./build-key XXXXXX[假定client,可修改]
./build-dh
拷贝Key文件
cd keys
cp ca.crt server.crt server.key dh2048.pem /etc/openvpn
3. server配置文件,在/etc/openvpn目录下创建server.conf,并写入如下内容,此处原始官方参考server配置文件/usr/share/doc/openvpn-2.3.0/sample-config-files/server.conf
cp /usr/share/doc/openvpn-2.2.1/sample-config-files/server.conf /etc/openvpn
vi /etc/openvpnserver.conf
# Which local IP address should OpenVPN
# listen on? (optional)
;local a.b.c.d
port 1194
;proto tcp
proto udp
;dev tap
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key # This file should be kept secret
dh /etc/openvpn/dh2048.pem
server 10.8.1.0 255.255.255.0
ifconfig-pool-persist /var/log/ipp.txt
push "route 10.8.1.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
client-to-client
duplicate-cn
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status /var/log/openvpn-status.log
log-append /var/log/openvpn.log #此处注释掉可以直接在控制台下查看错误
verb 3
mute 20
4. 开启端口转发
vi /etc/sysctl.conf
net.ipv4.ip_forward = 1
sysctl -p
5. iptables设置
iptables -t nat -A POSTROUTING -s 10.8.1.0/24 -o eth0 -j MASQUERADE
iptables -A INPUT -p udp --dport 1194 -j ACCEPT
/etc/init.d/iptables save
service iptables restart
6. 测试启动,键入命令,若看到Initialization Sequence Completed,表明成功。
openvpn --config /etc/openvpn/server.conf
7. client配置文件,在openvpn安装目录config文件夹下创建client.ovpn,并写入如下内容,此处原始官方文件C:\Program Files\OpenVPN\sample-config\client.conf,同时需要将easy-rsa/easy-rsa/2.0/keys/文件夹下client.crt client.key ca.crt文件下载到config文件夹下。
client
;dev tap
dev tun
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node OpenVPN
;proto tcp
proto udp
remote server-ip 1194
;remote my-server-2 1194
resolv-retry infinite
nobind
# Downgrade privileges after initialization (non-Windows only)
;user nobody
;group nobody
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
comp-lzo
verb 3
mute 20
然后进行连接测试,可以参考服务器端和客户端调试信息,具体请百度。
8. 若测试成功,后续步骤
8.1 openvpn加入后台
openvpn --daemon --config /etc/openvpn/server.conf
8.2 添加开机自启动,修改/etc/rc.d/rc.local文件,添加如下
openvpn --daemon --config /etc/openvpn/server.conf
9. 添加新openvpn用户
cd easy-rsa/easy-rsa/2.0
./build-ca
./build-key XXXXXX
同样将XXXXXX.crt XXXXXX.key ca.crt以及client.ovpn文件拷贝到config文件夹下。
下载源码
wget http://openvpn.net/release/openvpn-2.1.3.tar.gz
wget http://www.oberhumer.com/opensource/lzo/download/lzo-2.06.tar.gz
解压源码及补丁
tar -zxvf [openvpn-2.1.3.tar.gz路径]
tar -zxvf [lzo-2.06.tar.gz路径]
编译lzo
cd /opt/lzo-2.06/
./configure && make && make install
编译ipv6 openvpn
./configure --build=i386-redhat-linux-gnu --host=i386-redhat-linux-gnu --target=i686-redhat-linux-gnu --program-prefix= --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib --libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/var/lib --mandir=/usr/share/man --infodir=/usr/share/info --enable-password-save --enable-iproute2 --with-ifconfig-path=/sbin/ifconfig --with-iproute-path=/sbin/ip --with-route-path=/sbin/route
make && make install
安装openssl
yum install -y openssl
2. 生成Key文件
下载easy-rsa
cd /opt
yum install git
git clone git://github.com/OpenVPN/easy-rsa.git
cd easy-rsa/easy-rsa/2.0
修改配置文件
vi vars
export KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="SanFrancisco"
export KEY_ORG="Fort-Funston"
export KEY_EMAIL="me@myhost.mydomain"
export KEY_EMAIL=mail@host.domain
生成Key文件
. vars
./clean-all
./build-ca
若出现
No /usr/share/openvpn/easy-rsa/2.0/openssl.cnf file could be found
Further invocations will fail
则执行
cp openssl-1.0.0.cnf openssl.cnf
./bulid-key-server XXXXXX[假定server,可修改]
./build-key XXXXXX[假定client,可修改]
./build-dh
拷贝Key文件
cd keys
cp ca.crt server.crt server.key dh2048.pem /etc/openvpn
3. server配置文件,在/etc/openvpn目录下创建server.conf,并写入如下内容,此处原始官方参考server配置文件/usr/share/doc/openvpn-2.3.0/sample-config-files/server.conf
cp /usr/share/doc/openvpn-2.2.1/sample-config-files/server.conf /etc/openvpn
vi /etc/openvpnserver.conf
# Which local IP address should OpenVPN
# listen on? (optional)
;local a.b.c.d
port 1194
;proto tcp
proto udp
;dev tap
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key # This file should be kept secret
dh /etc/openvpn/dh2048.pem
server 10.8.1.0 255.255.255.0
ifconfig-pool-persist /var/log/ipp.txt
push "route 10.8.1.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
client-to-client
duplicate-cn
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status /var/log/openvpn-status.log
log-append /var/log/openvpn.log #此处注释掉可以直接在控制台下查看错误
verb 3
mute 20
4. 开启端口转发
vi /etc/sysctl.conf
net.ipv4.ip_forward = 1
sysctl -p
5. iptables设置
iptables -t nat -A POSTROUTING -s 10.8.1.0/24 -o eth0 -j MASQUERADE
iptables -A INPUT -p udp --dport 1194 -j ACCEPT
/etc/init.d/iptables save
service iptables restart
6. 测试启动,键入命令,若看到Initialization Sequence Completed,表明成功。
openvpn --config /etc/openvpn/server.conf
7. client配置文件,在openvpn安装目录config文件夹下创建client.ovpn,并写入如下内容,此处原始官方文件C:\Program Files\OpenVPN\sample-config\client.conf,同时需要将easy-rsa/easy-rsa/2.0/keys/文件夹下client.crt client.key ca.crt文件下载到config文件夹下。
client
;dev tap
dev tun
# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel
# if you have more than one. On XP SP2,
# you may need to disable the firewall
# for the TAP adapter.
;dev-node OpenVPN
;proto tcp
proto udp
remote server-ip 1194
;remote my-server-2 1194
resolv-retry infinite
nobind
# Downgrade privileges after initialization (non-Windows only)
;user nobody
;group nobody
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
comp-lzo
verb 3
mute 20
然后进行连接测试,可以参考服务器端和客户端调试信息,具体请百度。
8. 若测试成功,后续步骤
8.1 openvpn加入后台
openvpn --daemon --config /etc/openvpn/server.conf
8.2 添加开机自启动,修改/etc/rc.d/rc.local文件,添加如下
openvpn --daemon --config /etc/openvpn/server.conf
9. 添加新openvpn用户
cd easy-rsa/easy-rsa/2.0
./build-ca
./build-key XXXXXX
同样将XXXXXX.crt XXXXXX.key ca.crt以及client.ovpn文件拷贝到config文件夹下。
- 源码编译搭建Key形式openvpn v2.1.3
- 源码编译搭建Key形式支持ipv6的openvpn v2.1.3
- yum搭建Key形式openvpn v2.3.2
- yum搭建Key形式openvpn
- openvpn v2.1.3添加用户名密码形式
- windows下openvpn源码编译
- CYGWIN环境搭建及openvpn编译
- ICS-OpenVPN源码编译Android客户端
- Hadoop v2(Yarn)源码编译
- OpenVPN 源码编译 在 Linux 平台,Android IOS 源码编译
- 源码编译形式安装mysql
- openvpn 搭建
- 搭建openvpn
- 搭建OpenVPN
- OpenVPN 服务器搭建详解
- openvpn搭建完全指南
- ubuntu10.04搭建openvpn
- WINxp Openvpn搭建
- vim 技巧
- 调节小根堆算法
- 1046
- A3、限制函数内部循环使用局部变量的数目,最多不超过12个
- Ubuntu下搭建嵌入式nfs
- 源码编译搭建Key形式openvpn v2.1.3
- Eclipse下运行Hadoop (测试WordCount) upon Ubuntu12.04 + JDK1.7.0
- 源码编译搭建Key形式支持ipv6的openvpn v2.1.3
- mysql“Access denied for user 'root'@'localhost'”问题的解决
- yum搭建Key形式openvpn v2.3.2
- openvpn v2.3.2添加ipv6支持
- 专题2-4逻辑运算符使用分析
- VS2005下wxWidgets-2.8.x环境的搭建
- windows无法完成格式化