CentOS安装openvpn

参考：

http://www.opstool.com/article/176

版本号：

openvpn：2.3.11
easy-rsa：2.0

配置源：

针对CentOS 5：
rpm -ivh http://apt.sw.be/redhat/el5/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpm
针对CentOS 6：
rpm -ivh http://apt.sw.be/redhat/el6/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm

安装openvpn和easy-rsa：

yum install -y openvpn && yum install -y easy-rsa

配置key：

进入目录/usr/share/easy-rsa/2.0
打开文件vars然后加入下面几行(根据实际情况给环境变量赋值)
export KEY_COUNTRY=”CN”
export KEY_PROVINCE=”CA”
export KEY_CITY=”HZ”
export KEY_ORG=”MY_ORG”
export KEY_EMAIL="yetyongjin#163.com
然后执行：
source ./vars
./clean-all
./build-ca server
./build-key-server server
./build-key client
./build-dh

配置文件/etc/openvpn/server.conf

内容如下：

port        4803
proto       udp
dev         tun
ca          /usr/share/easy-rsa/2.0/keys/ca.crt
cert        /usr/share/easy-rsa/2.0/keys/server.crt
key         /usr/share/easy-rsa/2.0/keys/server.key
dh          /usr/share/easy-rsa/2.0/keys/dh2048.pem
server      10.8.0.0 255.255.255.0
push        "redirect-gateway def1 bypass-dhcp"
push        "dhcp-option DNS 8.8.8.8"
log         /var/log/openvpn.log
keepalive   10 120
verb        3
client-to-client
comp-lzo
persist-key
persist-tun

启动openvpn：

chkconfig openvpn on
立即启动openvpn服务

/etc/init.d/openvpn start

注意事项：

openvpn是udp协议的，开启防火墙时要选择udp协议。