在CentOS 6 64bit上创建Openvpn Server

升级服务:

yum update -y

Step 1:

cat /dev/net/tun

返回:

cat: /dev/net/tun: File descriptor in bad state

就OK,否则联系服务商开启tun/tap

Step 2:

yum install gcc make rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel iptables -y
wget http://jaist.dl.sourceforge.net/project/ds5752/yu/lzo-1.08-4.rf.src.rpm
rpmbuild --rebuild lzo-1.08-4.rf.src.rpm
wget http://jaist.dl.sourceforge.net/project/ds5752/yu/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
rpm -Uvh lzo-*.rpm
rpm -Uvh rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
yum install openvpn

Step 3:

cp -r /usr/share/doc/openvpn-2.2.2/easy-rsa/ /etc/openvpn/
cp -irv /etc/openvpn/easy-rsa/2.0/openssl-1.0.0.cnf /etc/openvpn/easy-rsa/2.0/openssl.cnf
cd /etc/openvpn/easy-rsa/2.0
chmod 755 *
source ./vars
./vars
./clean-all

Step 4:

./build-ca
./build-key-server server
./build-dh

Step 5:

cd /etc/openvpn
vi server.conf

输入如下代码:

local x.x.x.x #换成你的服务器ip
port 443 #换成你需要的端口
proto udp
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login
client-cert-not-required
username-as-common-name
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 5 30
comp-lzo
persist-key
persist-tun
status server-tcp.log
verb 3

Step 6:

openvpn /etc/openvpn/server.conf
chkconfig openvpn on
chkconfig iptables on
vi /etc/sysctl.conf

执行第一行后,按ctrl+c退出,修改如下两行:

net.ipv4.ip_forward = 0 #把0改成1
net.ipv4.tcp_syncookies = 1 #前面加上#注销

执行:

sysctl -p

Step 7:

iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to x.x.x.x  #改成你服务器ip
service iptables save

Step 8:

echo openvpn /etc/openvpn/server.conf >> /etc/rc.d/rc.local
openvpn /etc/openvpn/server.conf
reboot

执行第二行后,按ctrl+c退出

Step9:添加删除用户及密码

useradd openvpn -s /bin/false
passwd openvpn
userdel openvpn

Step10:创建客户端client.ovpn

client
dev tun
proto udp
remote x.x.x.x 443 #改成你的服务器ip与端口
resolv-retry infinite
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ca ca.crt
auth-user-pass
comp-lzo
verb 3

从/etc/openvpn/easy-rsa/2.0/keys下载文件到本地,下载openvpn-2.1.1-install软件



【上一篇】 【下一篇】

Posted in 教程 ,软件 | Tags: , ,

0 条评论

添加评论

[ Ctrl + Enter ]


Title - Artist
0:00