• 使用搬瓦工 KVM 自动安装（如果提示无法写入 task，需要手动 chmod 755 /
• 下载 Open VPN 配置文件，双击 .ovpn 文件可以直接导入 TunnelBlick
• 将 .ovpn 中对应的 ca、cert、key 替换成标签，即可导入手机 Open VPN

yum update -y

yum install epel-release -y
yum update -y

yum install openvpn -y
# 若提示 No package openvpn available，则执行下面命令，再执行 yum update -y
# yum-config-manager --enable epel

wget https://github.com/OpenVPN/easy-rsa-old/archive/2.3.3.tar.gz
tar xfz 2.3.3.tar.gz
mv easy-rsa-old-2.3.3/easy-rsa/2.0 /etc/openvpn/easy-rsa
mkdir -p /etc/openvpn/easy-rsa/keys

cd /etc/openvpn/easy-rsa
vi vars

export KEY_EMAIL="njuzp08@gmail.com"
export KEY_EMAIL=njuzp08@gmail.com
export KEY_CN=zhang.vpc.panezhang.cn
export KEY_NAME=server
export KEY_OU=panezhang

source vars
./clean-all
./build-ca # enter through
./build-key-server server # enter through
./build-dh # a litter long
cd /etc/openvpn/easy-rsa/keys
cp dh2048.pem ca.crt server.crt server.key /etc/openvpn

cd /etc/openvpn/easy-rsa
./build-key client
cp /etc/openvpn/easy-rsa/openssl-1.0.0.cnf /etc/openvpn/easy-rsa/openssl.cnf

vi /etc/sysctl.conf

net.ipv4.ip_forward=1

sysctl -p
iptables -t nat -A POSTROUTING -s 10.10.10.0/24  -j MASQUERADE
iptables-save > /etc/sysconfig/iptables

vi /etc/openvpn/server.conf

dev tun
server 10.10.10.0 255.255.255.0
ifconfig-pool-persist ipp.txt
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
push "route 10.10.10.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"
comp-lzo
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
group nobody
daemon

scp /etc/openvpn/easy-rsa/keys/ca.crt
scp /etc/openvpn/easy-rsa/keys/client.crt
scp /etc/openvpn/easy-rsa/keys/client.key

zhang.ovpn

client
remote {IP/DOMAIN} 1194
dev tun
comp-lzo
ca ca.crt
cert client.crt
key client.key
route-delay 2
route-method exe
redirect-gateway def1
dhcp-option DNS 8.8.8.8
dhcp-option DNS 8.8.4.4
dhcp-option DNS 4.2.2.1
dhcp-option DNS 4.2.2.2
verb 3

pcli-ovpn -f zhang.ovpn > zhang-full.ovpn

systemctl -f enable openvpn@server.service
systemctl start openvpn@server.service
systemctl status openvpn@server.service

systemctl start/stop/restart openvpn@server.service

• https://www.digitalocean.com/community/tutorials/how-to-set-up-and-configure-an-openvpn-server-on-centos-7
• https://www.howtoing.com/how-to-setup-and-configure-an-openvpn-server-on-centos-7