chmod 755 /.ovpn 文件可以直接导入 TunnelBlick.ovpn 中对应的 ca、cert、key 替换成标签,即可导入手机 Open VPNyum update -y yum install epel-release -y yum update -y yum install openvpn -y # 若提示 No package openvpn available,则执行下面命令,再执行 yum update -y # yum-config-manager --enable epel wget https://github.com/OpenVPN/easy-rsa-old/archive/2.3.3.tar.gz tar xfz 2.3.3.tar.gz mv easy-rsa-old-2.3.3/easy-rsa/2.0 /etc/openvpn/easy-rsa mkdir -p /etc/openvpn/easy-rsa/keys
cd /etc/openvpn/easy-rsa vi vars
export KEY_EMAIL="njuzp08@gmail.com" export KEY_EMAIL=njuzp08@gmail.com export KEY_CN=zhang.vpc.panezhang.cn export KEY_NAME=server export KEY_OU=panezhang
source vars ./clean-all ./build-ca # enter through ./build-key-server server # enter through ./build-dh # a litter long cd /etc/openvpn/easy-rsa/keys cp dh2048.pem ca.crt server.crt server.key /etc/openvpn
cd /etc/openvpn/easy-rsa ./build-key client cp /etc/openvpn/easy-rsa/openssl-1.0.0.cnf /etc/openvpn/easy-rsa/openssl.cnf
vi /etc/sysctl.conf
net.ipv4.ip_forward=1
sysctl -p iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -j MASQUERADE iptables-save > /etc/sysconfig/iptables
vi /etc/openvpn/server.conf
dev tun server 10.10.10.0 255.255.255.0 ifconfig-pool-persist ipp.txt ca ca.crt cert server.crt key server.key dh dh2048.pem push "route 10.10.10.0 255.255.255.0" push "redirect-gateway def1 bypass-dhcp" comp-lzo keepalive 10 60 ping-timer-rem persist-tun persist-key group nobody daemon
scp /etc/openvpn/easy-rsa/keys/ca.crt scp /etc/openvpn/easy-rsa/keys/client.crt scp /etc/openvpn/easy-rsa/keys/client.key
zhang.ovpn
client
remote {IP/DOMAIN} 1194
dev tun
comp-lzo
ca ca.crt
cert client.crt
key client.key
route-delay 2
route-method exe
redirect-gateway def1
dhcp-option DNS 8.8.8.8
dhcp-option DNS 8.8.4.4
dhcp-option DNS 4.2.2.1
dhcp-option DNS 4.2.2.2
verb 3
pcli-ovpn -f zhang.ovpn > zhang-full.ovpn
systemctl -f enable openvpn@server.service systemctl start openvpn@server.service systemctl status openvpn@server.service
systemctl start/stop/restart openvpn@server.service