差别
这里会显示出您选择的修订版和当前版本之间的差别。
| 后一修订版 | 前一修订版 | ||
|
tech:op:openvpn [2018/07/09 17:49:05] 某喵 创建 |
tech:op:openvpn [2018/08/04 00:11:20] (当前版本) 某喵 |
||
|---|---|---|---|
| 行 1: | 行 1: | ||
| - | ## Open VPN 服务器搭建 | + | ## Bandwagon Open VPN 服务器搭建 |
| + | |||
| + | ### CentOS 6 | ||
| + | |||
| + | - 使用搬瓦工 KVM 自动安装(如果提示无法写入 task,需要手动 `chmod 755 /` | ||
| + | - 下载 Open VPN 配置文件,双击 `.ovpn` 文件可以直接导入 TunnelBlick | ||
| + | - 将 `.ovpn` 中对应的 ca、cert、key 替换成标签,即可导入手机 Open VPN | ||
| + | |||
| + | ### CentOS 7 | ||
| + | |||
| + | #### 安装 | ||
| + | |||
| + | ``` | ||
| + | yum update -y | ||
| + | |||
| + | yum install epel-release -y | ||
| + | yum update -y | ||
| + | |||
| + | yum install openvpn -y | ||
| + | # 若提示 No package openvpn available,则执行下面命令,再执行 yum update -y | ||
| + | # yum-config-manager --enable epel | ||
| + | |||
| + | wget https://github.com/OpenVPN/easy-rsa-old/archive/2.3.3.tar.gz | ||
| + | tar xfz 2.3.3.tar.gz | ||
| + | mv easy-rsa-old-2.3.3/easy-rsa/2.0 /etc/openvpn/easy-rsa | ||
| + | mkdir -p /etc/openvpn/easy-rsa/keys | ||
| + | ``` | ||
| + | |||
| + | #### 生成 keys | ||
| + | |||
| + | ``` | ||
| + | cd /etc/openvpn/easy-rsa | ||
| + | vi vars | ||
| + | ``` | ||
| + | |||
| + | ``` | ||
| + | export KEY_EMAIL="njuzp08@gmail.com" | ||
| + | export KEY_EMAIL=njuzp08@gmail.com | ||
| + | export KEY_CN=zhang.vpc.panezhang.cn | ||
| + | export KEY_NAME=server | ||
| + | export KEY_OU=panezhang | ||
| + | ``` | ||
| + | |||
| + | ``` | ||
| + | source vars | ||
| + | ./clean-all | ||
| + | ./build-ca # enter through | ||
| + | ./build-key-server server # enter through | ||
| + | ./build-dh # a litter long | ||
| + | cd /etc/openvpn/easy-rsa/keys | ||
| + | cp dh2048.pem ca.crt server.crt server.key /etc/openvpn | ||
| + | ``` | ||
| + | |||
| + | ``` | ||
| + | cd /etc/openvpn/easy-rsa | ||
| + | ./build-key client | ||
| + | cp /etc/openvpn/easy-rsa/openssl-1.0.0.cnf /etc/openvpn/easy-rsa/openssl.cnf | ||
| + | ``` | ||
| + | |||
| + | #### 配置 | ||
| + | |||
| + | ``` | ||
| + | vi /etc/sysctl.conf | ||
| + | ``` | ||
| + | |||
| + | ``` | ||
| + | net.ipv4.ip_forward=1 | ||
| + | ``` | ||
| + | |||
| + | ``` | ||
| + | sysctl -p | ||
| + | iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -j MASQUERADE | ||
| + | iptables-save > /etc/sysconfig/iptables | ||
| + | ``` | ||
| + | |||
| + | ``` | ||
| + | vi /etc/openvpn/server.conf | ||
| + | ``` | ||
| + | |||
| + | ``` | ||
| + | dev tun | ||
| + | server 10.10.10.0 255.255.255.0 | ||
| + | ifconfig-pool-persist ipp.txt | ||
| + | ca ca.crt | ||
| + | cert server.crt | ||
| + | key server.key | ||
| + | dh dh2048.pem | ||
| + | push "route 10.10.10.0 255.255.255.0" | ||
| + | push "redirect-gateway def1 bypass-dhcp" | ||
| + | comp-lzo | ||
| + | keepalive 10 60 | ||
| + | ping-timer-rem | ||
| + | persist-tun | ||
| + | persist-key | ||
| + | group nobody | ||
| + | daemon | ||
| + | ``` | ||
| + | |||
| + | ``` | ||
| + | scp /etc/openvpn/easy-rsa/keys/ca.crt | ||
| + | scp /etc/openvpn/easy-rsa/keys/client.crt | ||
| + | scp /etc/openvpn/easy-rsa/keys/client.key | ||
| + | ``` | ||
| + | |||
| + | zhang.ovpn | ||
| + | |||
| + | ``` | ||
| + | client | ||
| + | remote {IP/DOMAIN} 1194 | ||
| + | dev tun | ||
| + | comp-lzo | ||
| + | ca ca.crt | ||
| + | cert client.crt | ||
| + | key client.key | ||
| + | route-delay 2 | ||
| + | route-method exe | ||
| + | redirect-gateway def1 | ||
| + | dhcp-option DNS 8.8.8.8 | ||
| + | dhcp-option DNS 8.8.4.4 | ||
| + | dhcp-option DNS 4.2.2.1 | ||
| + | dhcp-option DNS 4.2.2.2 | ||
| + | verb 3 | ||
| + | ``` | ||
| + | |||
| + | ``` | ||
| + | pcli-ovpn -f zhang.ovpn > zhang-full.ovpn | ||
| + | ``` | ||
| + | |||
| + | |||
| + | ``` | ||
| + | systemctl -f enable openvpn@server.service | ||
| + | systemctl start openvpn@server.service | ||
| + | systemctl status openvpn@server.service | ||
| + | ``` | ||
| + | |||
| + | #### 常用命令 | ||
| + | |||
| + | ``` | ||
| + | systemctl start/stop/restart openvpn@server.service | ||
| + | ``` | ||
| + | |||
| + | ### Ref | ||
| + | |||
| + | - https://www.digitalocean.com/community/tutorials/how-to-set-up-and-configure-an-openvpn-server-on-centos-7 | ||
| + | - https://www.howtoing.com/how-to-setup-and-configure-an-openvpn-server-on-centos-7 | ||