CentOS6.4_x86_64 编译安装 Openvpn

安装需求库

yum install -y openssl openssl-devel lzo lzo-devel pam pam-devel automake pkgconfig

下载源码,编译安装Openvpn

wget -c http://swupdate.openvpn.org/community/releases/openvpn-2.3.0.tar.gz
tar zxvf openvpn-2.3.0.tar.gz
cd openvpn-2.3.0
./configure
make
make install
mkdir –p /etc/openvpn
cp -Rf sample  /etc/openvpn/
cd ..

单独下载easy-rsa,制作ca证书,服务端证书,客户端证书

#openvpn-2.3.0.tar.gz 该版本源码不包含easy-rsa,所以需要单独下载安装 easy-rsa
wget -c https://github.com/OpenVPN/easy-rsa/archive/master.zip
unzip master
mv easy-rsa-master easy-rsa
cp -Rf  easy-rsa /etc/openvpn
cd /etc/openvpn/easy-rsa/easy-rsa/2.0
 
vim vars
#调到最后找到一下代码
export KEY_COUNTRY="CN"
export KEY_PROVINCE="JS"
export KEY_CITY="SZ"
export KEY_ORG="wwek"
export KEY_EMAIL="i@iamle.com"
export KEY_OU="wwek qz"
#x!保存退出


 
ln -s openssl-1.0.0.cnf openssl.cnf
chmod +x vars
source ./vars
./clean-all
#制作ca证书
./build-ca
#制作服务端证书
./build-key-server server
#制作客户端证书
./build-key client1
 
./build-dh
 
#打包keys
tar zcvf keys.tar.gz keys/
#终端发送到客户端备用
sz keys.tar.gz
#keys中的文件说明

Filename

Needed By

Purpose

Secret

ca.crt

server + all clients

Root CA certificate

NO

ca.key

key signing machine only

Root CA key

YES

dh{n}.pem

server only

Diffie Hellman parameters

NO

server.crt

server only

Server Certificate

NO

server.key

server only

Server Key

YES

client1.crt

client1 only

Client1 Certificate

NO

client1.key

client1 only

Client1 Key

YES

配置OpenVPN

cd /etc/openvpn/sample/sample-config-files/

cp server.conf ../../

#配置server.conf,具体参数不再累述

​

vi ../../server.conf

#复制keys

cd /etc/openvpn/easy-rsa/easy-rsa/2.0/keys

cp -Rf ca.crt server.crt server.key dh2048.pem /etc/openvpn/

 # 编辑/etc/sysctl.conf,找到net.ipv4.ip_forward = 0改成net.ipv4.ip_forward = 1保存。然后执行:
sysctl –p

#设置nat转发.注意最后192.168.122.180改成你的服务器的IP地址。
iptables -t nat -A POSTROUTING -s 10.8.8.0/24 -j SNAT --to-source 192.168.122.180
/etc/init.d/iptables save
/etc/init.d/iptables restart

启动OpenVPN

openvpn --cd /etc/openvpn --daemon --config /etc/openvpn/server.conf

打赏

2 评论

  1. 好容易做到最后一步openvpn –cd /etc/openvpn –daemon –config /etc/openvpn/server.conf 但报错提示:Options error: I’m trying to parse “-cd” as an –option parameter but I don’t see a leading ‘–‘Use –help for more information.

发表评论

电子邮件地址不会被公开。 必填项已用*标注