差别

这里会显示出您选择的修订版和当前版本之间的差别。

到此差别页面的链接

两侧同时换到之前的修订记录 前一修订版
后一修订版 		前一修订版
tech:op:openvpn [2018/07/09 19:12:26]
某喵 		tech:op:openvpn [2018/08/04 00:11:20] (当前版本)
某喵
行 1: 行 1:
-## Open VPN 服务器搭建+## Bandwagon ​Open VPN 服务器搭建 
 + 
 +### CentOS 6
  
 - 使用搬瓦工 KVM 自动安装(如果提示无法写入 task,需要手动 `chmod 755 /` - 使用搬瓦工 KVM 自动安装(如果提示无法写入 task,需要手动 `chmod 755 /`
 - 下载 Open VPN 配置文件,双击 `.ovpn` 文件可以直接导入 TunnelBlick - 下载 Open VPN 配置文件,双击 `.ovpn` 文件可以直接导入 TunnelBlick
 - 将 `.ovpn` 中对应的 ca、cert、key 替换成标签,即可导入手机 Open VPN - 将 `.ovpn` 中对应的 ca、cert、key 替换成标签,即可导入手机 Open VPN
 +
 +### CentOS 7
 +
 +#### 安装
 +
 +```
 +yum update -y
 +
 +yum install epel-release -y
 +yum update -y
 +
 +yum install openvpn -y
 +# 若提示 No package openvpn available,则执行下面命令,再执行 yum update -y
 +# yum-config-manager --enable epel
 +
 +wget https://​github.com/​OpenVPN/​easy-rsa-old/​archive/​2.3.3.tar.gz
 +tar xfz 2.3.3.tar.gz
 +mv easy-rsa-old-2.3.3/​easy-rsa/​2.0 /​etc/​openvpn/​easy-rsa
 +mkdir -p /​etc/​openvpn/​easy-rsa/​keys
 +```
 +
 +#### 生成 keys
 +
 +```
 +cd /​etc/​openvpn/​easy-rsa
 +vi vars
 +```
 +
 +```
 +export KEY_EMAIL="​njuzp08@gmail.com"​
 +export KEY_EMAIL=njuzp08@gmail.com
 +export KEY_CN=zhang.vpc.panezhang.cn
 +export KEY_NAME=server
 +export KEY_OU=panezhang
 +```
 +
 +```
 +source vars
 +./clean-all
 +./build-ca # enter through
 +./​build-key-server server # enter through
 +./build-dh # a litter long
 +cd /​etc/​openvpn/​easy-rsa/​keys
 +cp dh2048.pem ca.crt server.crt server.key /​etc/​openvpn
 +```
 +
 +```
 +cd /​etc/​openvpn/​easy-rsa
 +./build-key client
 +cp /​etc/​openvpn/​easy-rsa/​openssl-1.0.0.cnf /​etc/​openvpn/​easy-rsa/​openssl.cnf
 +```
 +
 +#### 配置
 +
 +```
 +vi /​etc/​sysctl.conf
 +```
 +
 +```
 +net.ipv4.ip_forward=1
 +```
 +
 +```
 +sysctl -p
 +iptables -t nat -A POSTROUTING -s 10.10.10.0/​24 ​ -j MASQUERADE
 +iptables-save > /​etc/​sysconfig/​iptables
 +```
 +
 +```
 +vi /​etc/​openvpn/​server.conf
 +```
 +
 +```
 +dev tun
 +server 10.10.10.0 255.255.255.0
 +ifconfig-pool-persist ipp.txt
 +ca ca.crt
 +cert server.crt
 +key server.key
 +dh dh2048.pem
 +push "route 10.10.10.0 255.255.255.0"​
 +push "​redirect-gateway def1 bypass-dhcp"​
 +comp-lzo
 +keepalive 10 60
 +ping-timer-rem
 +persist-tun
 +persist-key
 +group nobody
 +daemon
 +```
 +
 +```
 +scp /​etc/​openvpn/​easy-rsa/​keys/​ca.crt
 +scp /​etc/​openvpn/​easy-rsa/​keys/​client.crt
 +scp /​etc/​openvpn/​easy-rsa/​keys/​client.key
 +```
 +
 +zhang.ovpn
 +
 +```
 +client
 +remote {IP/DOMAIN} 1194
 +dev tun
 +comp-lzo
 +ca ca.crt
 +cert client.crt
 +key client.key
 +route-delay 2
 +route-method exe
 +redirect-gateway def1
 +dhcp-option DNS 8.8.8.8
 +dhcp-option DNS 8.8.4.4
 +dhcp-option DNS 4.2.2.1
 +dhcp-option DNS 4.2.2.2
 +verb 3
 +```
 +
 +```
 +pcli-ovpn -f zhang.ovpn > zhang-full.ovpn
 +```
 +
 +
 +```
 +systemctl -f enable openvpn@server.service
 +systemctl start openvpn@server.service
 +systemctl status openvpn@server.service
 +```
 +
 +#### 常用命令
 +
 +```
 +systemctl start/​stop/​restart openvpn@server.service
 +```
 +
 +### Ref
 +
 +- https://​www.digitalocean.com/​community/​tutorials/​how-to-set-up-and-configure-an-openvpn-server-on-centos-7
 +- https://​www.howtoing.com/​how-to-setup-and-configure-an-openvpn-server-on-centos-7