OPENVPN 安装教程
来源:互联网 发布:公司怎么封端口 编辑:程序博客网 时间:2024/05/18 07:20
1.openvpn 服务端
检查 tun 设备是否可用
$ cat /dev/net/tun cat: /dev/net/tun: File descriptor in bad state
安装
$ yum install -y openssl$ yum install -y openvpn$ yum install -y easy-rsa
生成证书
$ cd /usr/share/easy-rsa/2.0$ touch chenliujin$ vim chenliujinexport D=`pwd`export KEY_CONFIG=$D/openssl.cnfexport KEY_DIR=$D/keysexport KEY_SIZE=1024export KEY_COUNTRY=CNexport KEY_PROVINCE=GDexport KEY_CITY=SZexport KEY_ORG="chenliujin.com"export KEY_EMAIL="liujin.chen@qq.com"export OPENSSL=/usr/bin/openssl$ source chenliujin$ rpm -q opensslopenssl-1.0.0-20.el6.x86_64$ cp openssl-1.0.0.cnf openssl.cnf$ ./clean-all$ ./build-ca......Country Name (2 letter code) [CN]:回车State or Province Name (full name) [GD]:回车Locality Name (eg, city) [SZ]:回车Organization Name (eg, company) [chenliujin.com]:回车Organizational Unit Name (eg, section) []:chenliujinCommon Name (eg, your name or your server's hostname) [chenliujin.com CA]:chenliujin.comName []:chenliujinEmail Address [liujin.chen@qq.com]:回车
生成 server key
$ ./build-key-server server ......Country Name (2 letter code) [CN]:回车State or Province Name (full name) [GD]:回车Locality Name (eg, city) [SZ]:回车Organization Name (eg, company) [chenliujin.com]:回车Organizational Unit Name (eg, section) []:chenliujinCommon Name (eg, your name or your server's hostname) [server]:chenliujin.comName []:chenliujinEmail Address [liujin.chen@qq.com]:回车......A challenge password []:123456An optional company name []:chenliujin.com......Sign the certificate? [y/n]:y......1 out of 1 certificate requests certified, commit? [y/n]y
生成 Diffie Hellman 参数
$ ./build-dh
生成客户端 key
$ ./build-key *.209.114.115 ......Country Name (2 letter code) [CN]:State or Province Name (full name) [GD]:Locality Name (eg, city) [SZ]:Organization Name (eg, company) [chenliujin.com]:Organizational Unit Name (eg, section) []:chenliujinCommon Name (eg, your name or your server's hostname) [114115]:Name []:chenliujinEmail Address [liujin.chen@qq.com]:......A challenge password []:123456An optional company name []:chenliujin.com......Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y
配置
$ cd /etc/openvpn$ touch server.conf$ vim server.conf port 1194proto udpdev tunca /usr/share/easy-rsa/2.0/keys/ca.crtcert /usr/share/easy-rsa/2.0/keys/server.crtkey /usr/share/easy-rsa/2.0/keys/server.keydh /usr/share/easy-rsa/2.0/keys/dh1024.pem server 10.10.20.0 255.255.255.0 client-to-clientkeepalive 10 120 comp-lzo persist-keypersist-tunstatus /usr/share/easy-rsa/2.0/keys/openvpn-status.logverb 4 push "dhcp-option DNS 10.10.20.1"push "dhcp-option DNS 8.8.8.8"push "dhcp-option DNS 8.8.4.4"
启动服务
$ mkdir -p /var/log/openvpn$ openvpn --config /etc/openvpn/server.conf >> /var/log/openvpn/server.log 2>&1 &
自动启动
$ vim /etc/rc.local openvpn --config /etc/openvpn/server.conf >> /var/log/openvpn/server.log 2>&1 &
校验
$ netstat -an | grep 1194
防火墙
$ iptables -A INPUT -p udp -m state --state NEW -m udp --dport 1194 -j ACCEPT
共享上网
* 启用NAT映射
$ iptables -t nat -A POSTROUTING -s 10.10.20.0/255.255.255.0 -o eth0 -j MASQUERADE$ iptables -t nat -L -n --line-numbers
* 开启数据转发
$ sysctl -w net.ipv4.ip_forward=1
* Notice
上面的设置会引起 Nginx 502 Bad Gateway 错误,upstream prematurely closed connection while reading response header from upstream, upstream: "fastcgi://127.0.0.1:9000", 问题暂未解决,慎重设置。
取消 NAT 映射
$ iptables -t nat -D POSTROUTING -s 10.10.20.0/255.255.255.0 -o eth0 -j MASQUERADE$ iptables -t nat -L -n --line-numbers
2.openvpn 客户端
* Win7
安装
请参考:http://wenku.baidu.com/view/b43f4fe8172ded630b1cb6f9.html
http://code.google.com/p/vpntech/downloads/detail?name=openvpn-2.1.1-gui-1.0.3-install-cn-64bit.zip&can=2&q=
配置
* CentOS
安装
$ yum install -y openvpn
配置
$ vim /etc/openvpn/*.239.114.115/*.239.114.115.ovpn client dev tunproto udp remote *.239.114.115 1194persist-keypersist-tunca /etc/openvpn/*.239.114.115/ca.crtcert /etc/openvpn/*.239.114.115/*.239.114.115.crtkey /etc/openvpn/*.239.114.115/*.239.114.115.keyns-cert-type servercomp-lzoverb 3 redirect-gateway def1route-method exeroute-delay 2 mssfix 1300tun-mtu-extra 32 $ cd /etc/openvpn/*.239.114.115$ rsync root@*.239.114.115:/usr/share/easy-rsa/2.0/keys/ca.crt ./$ rsync root@*.239.114.115:/usr/share/easy-rsa/2.0/keys/*.239.114.115.crt ./$ rsync root@*.239.114.115:/usr/share/easy-rsa/2.0/keys/*.239.114.115.key ./
启动
$ 8
开机启动
openvpn 非常智能,在连接异常中断、无法连接服务器、断网的情况下,它会自动重连。
$ mkdir -p /var/log/openvpn$ vim /etc/rc.local nohup openvpn /etc/openvpn/*.239.114.115/*.239.114.115.ovpn >> /var/log/openvpn/client.log 2>&1 &
不能访问外网 => 不是在客户端配置,要在服务端配置
$ vim /etc/sysctl.conf net.ipv4.ip_forward = 1 $ iptables -t nat -A POSTROUTING -j MASQUERADE$ iptables -t nat -D POSTROUTING -j MASQUERADE #删除$ iptables -t nat -L -n --line-numbers
测试
Server
$ ifconfig -a tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.10.20.1 P-t-P:10.10.20.2 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:6307 errors:0 dropped:0 overruns:0 frame:0 TX packets:174 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:463880 (453.0 KiB) TX bytes:15622 (15.2 KiB)
Client
$ ifconfig -a tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.10.20.6 P-t-P:10.10.20.5 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) $ ping 10.10.20.1$ ssh 10.10.20.1$ traceroute *.239.114.115$ traceroute 10.10.20.1
3.参考文献
- OpenVPN安装与配置实践: http://heylinux.com/archives/555.html
- centos 5 yum 安装 openvpn 一对多客户端: http://blog.chinaunix.net/uid-22646981-id-3028863.html
- 搭建OpenVPN Server路由模式、证书认证:http://kerry.blog.51cto.com/172631/315437
- OpenVPN的高级路由技术-内部路由:http://www.oschina.net/question/234345_47442
- 巧用route解决使用vpn的小烦恼 :http://blog.csdn.net/iiprogram/article/details/2220492
- OPENVPN 安装教程
- OpenVPN安装、配置教程
- Centos7(Linux)版OpenVPN安装、配置教程
- Windows版OpenVPN安装、配置教程
- Centos7(Linux)版OpenVPN安装、配置教程
- Linux版OpenVPN安装、配置教程
- 安卓手机安装openVpn详细教程
- Windows版OpenVPN安装、配置教程
- Windows版OpenVPN安装、配置教程
- OPENVPN安装
- Openvpn安装
- 安装openvpn
- openvpn安装
- OpenVPN安装配置教程(基于Ubuntu10.6和VPS)
- Ubuntu16.04 x64服务器安装配置OpenVPN教程
- CenOS 下安装OpenVPN
- debian6安装openvpn
- centos 安装openvpn
- zoj 3420 纯bfs
- 智慧格言
- 学生管理系统(五)
- Iptables详解
- 各种分享特效
- OPENVPN 安装教程
- 2个有序数组合并后的中位数
- windows phone7 学习笔记10——生命周期/墓碑化
- 菜单
- ArrayList、Vector、LinkedList的区别及其优缺点?
- 三大排序算法实现(冒泡,选择,快排)
- QString和QByteArray
- not a valid path to 3.11.0-12-generic header
- Unix下时间相关函数