转自:http://www.myzhenai.com.cn/post/2015.html
pptp一键安装包网上有很多,但是openvpn的一键安装包却很少,这个是我自己写的一个一键安装脚本,利用yum进行安装的,所以安装的版本还算不低.默认会自动识别i386或是x86_64。同时支持centos5x和centos6x.不过好像centos7x还不能够兼容openvpn,起码我在源库里并没有看到有openvpn这个安装包.虽然说是一键安装的脚本,但是在生成key和dh文件的时候还是需要一路回车并留意输入"y"回车. 因为在这几步这里我折腾了很久也不能实现自动交互,所以也只能是麻烦用户们在这里手动一下.安装完成后需要reboot重启服务器,如果出现无法连接的故障,请检查你服务端时间和本地时间.
复制内容到剪贴板
代码:
#wget http://www.myzhenai.com.cn/openvpn.sh
#sh openvpn.sh
#reboot然后将/home/vpn.tar.gz这个文件下载到本地,这个就是客户端配置文件.复制内容到剪贴板
代码:
# !/bin/bash
#***************************************************************************************************************************************************#
# CenTos6 OpenVpn VPN Install Script #
# Author: RucLinux #
# Web: http://www.myzhenai.com.cn http://www.myzhenai.com http://www.haikou-china.com http://jiayu.mybabya.com #
yum install redhat-lsb -y
el=`rpm -qa |grep epel` && yum -q remove $el -y
version=`lsb_release -a|grep -e Release|awk -F ":" '{ print $2 }'|awk -F "." '{ print $1 }'`
rm -rf *.rpm
if [ $version == "6" ];then
if [ $(getconf WORD_BIT) = '32' ];then
wget http://apt.sw.be/redhat/el6/en/i386/rpmforge/RPMS/rpmforge-release-0.5.3-1.el6.rf.i686.rpm
rpm -ivh rpmforge-release-0.5.3-1.el6.rf.i686.rpm
else
wget http://apt.sw.be/redhat/el6/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
rpm -ivh rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
fi
fi
if [ $version == "5" ];then
if [ $(getconf WORD_BIT) = '32' ];then
wget http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.5.3-1.el5.rf.i386.rpm
rpm -ivh rpmforge-release-0.5.3-1.el5.rf.i386.rpm
else
wget http://apt.sw.be/redhat/el5/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.3-1.el5.rf.x86_64.rpm
rpm -ivh rpmforge-release-0.5.3-1.el5.rf.x86_64.rpm
fi
fi
if [ $version == "7" ];then
wget http://apt.sw.be/redhat/el7/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm
rpm -ivh rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm
fi
yum remove openvpn -y
rm -rf /etc/openvpn/*
rm -rf /home/vpn
rm -rf /home/vpn.tar.gz
yum update -y
yum install gcc gcc-c++ lrzsz lzo openssl openssl-devel iptables pkcs11-helper pkcs11-helper-devel openssh-clients openvpn -y
easy=`find / -name easy-rsa` && cp -R $easy /etc/openvpn/
#if ! [ -d "$easy"];then
#yum install easy-rsa -y
#cp -R $easy /etc/openvpn/
#else
#cp -R $easy /etc/openvpn/
#fi
cd /etc/openvpn/easy-rsa/2.0/
chmod +rwx *
./vars
sed -i 's/export KEY_COUNTRY="US"/export KEY_COUNTRY="CN"/g' vars
sed -i 's/export KEY_PROVINCE="CA"/export KEY_PROVINCE="HN"/g' vars
sed -i 's/export KEY_CITY="SanFrancisco"/export KEY_CITY="HAIKOU"/g' vars
sed -i 's/export KEY_ORG="Fort-Funston"/export KEY_ORG="OpenVPN"/g' vars
sed -i 's/export KEY_EMAIL="me@myhost.mydomain"/export KEY_EMAIL="root@foxmail.com"/g' vars
sed -i 's/export KEY_EMAIL=mail@host.domain/export KEY_EMAIL=root@foxmail.com/g' vars
server=`find / -name sample-config-files` && cp $server/server.conf /etc/openvpn/
sed -i 's/;push "route 192.168.10.0 255.255.255.0"/push "route 192.168.10.0 255.255.255.0"/g' /etc/openvpn/server.conf
sed -i 's/;push "dhcp-option DNS 208.67.222.222"/push "dhcp-option DNS 8.8.8.8"/g' /etc/openvpn/server.conf
sed -i 's/;push "dhcp-option DNS 208.67.220.220"/push "dhcp-option DNS 8.8.4.4"/g' /etc/openvpn/server.conf
sed -i 's/;client-to-client/client-to-client/g' /etc/openvpn/server.conf
sed -i 's/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g' /etc/sysctl.conf
. ./vars
./clean-all
#echo -e "\n\n\n\n\n\n\n\n" | ./build-ca
#echo -e "\n\n\n\n\n\n\n\n\n\n" | ./build-key-server server && echo -e "\n\n\n\n\n\n\n\n\n\n" | ./build-key client-name
./build-ca
./build-key-server server
./build-key client-name
./build-dh
openssl rsa -in keys/client-name.key -out keys/client-name.pem
chmod +x keys/*
mkdir /home/vpn
size=`grep 'export KEY_SIZE=1024' $easy/2.0/vars`
if [[ $size == "export KEY_SIZE=1024" ]];then
cp keys/{ca.crt,ca.key,client-name.crt,client-name.csr,client-name.key,server.crt,server.key,dh1024.pem,client-name.pem} /etc/openvpn/
cp keys/{ca.crt,ca.key,client-name.crt,client-name.csr,client-name.key,server.crt,server.key,dh1024.pem,client-name.pem} /home/vpn/
else
cp keys/{ca.crt,ca.key,client-name.crt,client-name.csr,client-name.key,server.crt,server.key,dh2048.pem,client-name.pem} /etc/openvpn/
cp keys/{ca.crt,ca.key,client-name.crt,client-name.csr,client-name.key,server.crt,server.key,dh2048.pem,client-name.pem} /home/vpn/
fi
cd /home/
tar -zcvf vpn.tar.gz vpn/*
cd /
ip=`ifconfig -a|grep inet|grep -v 127.0.0.1|grep -v inet6|awk '{print $2}'|tr -d "addr:"`
iptables -F
service iptables save
service iptables restart
iptables -A INPUT -p tcp --dport 1194 -j ACCEPT
iptables -A INPUT -p udp --dport 1194 -j ACCEPT
iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -p tcp --dport 47 -j ACCEPT
iptables -A INPUT -p tcp --dport 2009 -j ACCEPT
iptables -A INPUT -p udp --dport 2009 -j ACCEPT
iptables -A INPUT -p gre -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -j SNAT --to-source $ip
iptables -t nat -A POSTROUTING -s 10.8.0.20/24 -j SNAT --to-source $ip
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source $ip
iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -j SNAT --to-source $ip
service iptables save
service iptables restart
#con=`grep '/usr/sbin/openvpn –config /etc/openvpn/server.conf &'` /etc/rc.local
#if [[ $con != "/usr/sbin/openvpn –config /etc/openvpn/server.conf &" ]];then
echo '/usr/sbin/openvpn –config /etc/openvpn/server.conf &' >> /etc/rc.local
#fi
#openvpn --config /etc/openvpn/server.conf &
chkconfig openvpn on
chkconfig iptables on
service openvpn start
echo '*********************************************************';
echo '**** ****';
echo '**** End script installation ****';
echo '**** Please download your configuration file ****';
echo '**** /home/vpn.tar.gz to the local client ****';
echo '**** http://www.myzhenai.com.cn ****';
配置参照: http://www.softown.cn/post/140.html
配置参照: http://www.softown.cn/post/140.html
配置参照: http://www.softown.cn/post/140.html
0 0
