差别
这里会显示出您选择的修订版和当前版本之间的差别。
| 两侧同时换到之前的修订记录 前一修订版 后一修订版 | 前一修订版 | ||
|
tech:op:openvpn [2018/07/15 17:04:31] 某喵 |
tech:op:openvpn [2018/08/04 00:11:20] (当前版本) 某喵 |
||
|---|---|---|---|
| 行 18: | 行 18: | ||
| yum install openvpn -y | yum install openvpn -y | ||
| + | # 若提示 No package openvpn available,则执行下面命令,再执行 yum update -y | ||
| + | # yum-config-manager --enable epel | ||
| wget https://github.com/OpenVPN/easy-rsa-old/archive/2.3.3.tar.gz | wget https://github.com/OpenVPN/easy-rsa-old/archive/2.3.3.tar.gz | ||
| - | tar xfz 2.3.3.tag.gz | + | tar xfz 2.3.3.tar.gz |
| - | mv 2.3.3/easy-rsa/2.0 /etc/openvpn/easy-rsa | + | mv easy-rsa-old-2.3.3/easy-rsa/2.0 /etc/openvpn/easy-rsa |
| mkdir -p /etc/openvpn/easy-rsa/keys | mkdir -p /etc/openvpn/easy-rsa/keys | ||
| ``` | ``` | ||
| #### 生成 keys | #### 生成 keys | ||
| + | |||
| + | ``` | ||
| + | cd /etc/openvpn/easy-rsa | ||
| + | vi vars | ||
| + | ``` | ||
| + | |||
| + | ``` | ||
| + | export KEY_EMAIL="njuzp08@gmail.com" | ||
| + | export KEY_EMAIL=njuzp08@gmail.com | ||
| + | export KEY_CN=zhang.vpc.panezhang.cn | ||
| + | export KEY_NAME=server | ||
| + | export KEY_OU=panezhang | ||
| + | ``` | ||
| + | |||
| + | ``` | ||
| + | source vars | ||
| + | ./clean-all | ||
| + | ./build-ca # enter through | ||
| + | ./build-key-server server # enter through | ||
| + | ./build-dh # a litter long | ||
| + | cd /etc/openvpn/easy-rsa/keys | ||
| + | cp dh2048.pem ca.crt server.crt server.key /etc/openvpn | ||
| + | ``` | ||
| + | |||
| + | ``` | ||
| + | cd /etc/openvpn/easy-rsa | ||
| + | ./build-key client | ||
| + | cp /etc/openvpn/easy-rsa/openssl-1.0.0.cnf /etc/openvpn/easy-rsa/openssl.cnf | ||
| + | ``` | ||
| #### 配置 | #### 配置 | ||
| - | server.conf | + | ``` |
| + | vi /etc/sysctl.conf | ||
| + | ``` | ||
| + | |||
| + | ``` | ||
| + | net.ipv4.ip_forward=1 | ||
| + | ``` | ||
| + | |||
| + | ``` | ||
| + | sysctl -p | ||
| + | iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -j MASQUERADE | ||
| + | iptables-save > /etc/sysconfig/iptables | ||
| + | ``` | ||
| + | |||
| + | ``` | ||
| + | vi /etc/openvpn/server.conf | ||
| + | ``` | ||
| ``` | ``` | ||
| dev tun | dev tun | ||
| 行 49: | 行 97: | ||
| ``` | ``` | ||
| - | cliet.ovpn | + | ``` |
| + | scp /etc/openvpn/easy-rsa/keys/ca.crt | ||
| + | scp /etc/openvpn/easy-rsa/keys/client.crt | ||
| + | scp /etc/openvpn/easy-rsa/keys/client.key | ||
| + | ``` | ||
| + | |||
| + | zhang.ovpn | ||
| ``` | ``` | ||
| client | client | ||
| 行 68: | 行 123: | ||
| ``` | ``` | ||
| - | net.ipv4.ip_forward=1 的注释去掉然后sysctl -p | + | ``` |
| + | pcli-ovpn -f zhang.ovpn > zhang-full.ovpn | ||
| + | ``` | ||
| + | |||
| + | |||
| + | ``` | ||
| + | systemctl -f enable openvpn@server.service | ||
| + | systemctl start openvpn@server.service | ||
| + | systemctl status openvpn@server.service | ||
| + | ``` | ||
| #### 常用命令 | #### 常用命令 | ||
| 行 78: | 行 143: | ||
| - https://www.digitalocean.com/community/tutorials/how-to-set-up-and-configure-an-openvpn-server-on-centos-7 | - https://www.digitalocean.com/community/tutorials/how-to-set-up-and-configure-an-openvpn-server-on-centos-7 | ||
| + | - https://www.howtoing.com/how-to-setup-and-configure-an-openvpn-server-on-centos-7 | ||