差别
这里会显示出您选择的修订版和当前版本之间的差别。
| 两侧同时换到之前的修订记录 前一修订版 后一修订版 | 前一修订版 | ||
|
tech:op:openvpn [2018/07/15 17:10:36] 某喵 |
tech:op:openvpn [2018/08/04 00:11:20] (当前版本) 某喵 |
||
|---|---|---|---|
| 行 18: | 行 18: | ||
| yum install openvpn -y | yum install openvpn -y | ||
| + | # 若提示 No package openvpn available,则执行下面命令,再执行 yum update -y | ||
| + | # yum-config-manager --enable epel | ||
| wget https://github.com/OpenVPN/easy-rsa-old/archive/2.3.3.tar.gz | wget https://github.com/OpenVPN/easy-rsa-old/archive/2.3.3.tar.gz | ||
| 行 43: | 行 45: | ||
| source vars | source vars | ||
| ./clean-all | ./clean-all | ||
| - | ./build-ca | + | ./build-ca # enter through |
| - | ./build-key-server server | + | ./build-key-server server # enter through |
| - | ./build-dh | + | ./build-dh # a litter long |
| cd /etc/openvpn/easy-rsa/keys | cd /etc/openvpn/easy-rsa/keys | ||
| cp dh2048.pem ca.crt server.crt server.key /etc/openvpn | cp dh2048.pem ca.crt server.crt server.key /etc/openvpn | ||
| + | ``` | ||
| + | |||
| + | ``` | ||
| + | cd /etc/openvpn/easy-rsa | ||
| + | ./build-key client | ||
| + | cp /etc/openvpn/easy-rsa/openssl-1.0.0.cnf /etc/openvpn/easy-rsa/openssl.cnf | ||
| ``` | ``` | ||
| #### 配置 | #### 配置 | ||
| - | server.conf | + | ``` |
| + | vi /etc/sysctl.conf | ||
| + | ``` | ||
| + | |||
| + | ``` | ||
| + | net.ipv4.ip_forward=1 | ||
| + | ``` | ||
| + | |||
| + | ``` | ||
| + | sysctl -p | ||
| + | iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -j MASQUERADE | ||
| + | iptables-save > /etc/sysconfig/iptables | ||
| + | ``` | ||
| + | |||
| + | ``` | ||
| + | vi /etc/openvpn/server.conf | ||
| + | ``` | ||
| ``` | ``` | ||
| dev tun | dev tun | ||
| 行 72: | 行 97: | ||
| ``` | ``` | ||
| - | cliet.ovpn | + | ``` |
| + | scp /etc/openvpn/easy-rsa/keys/ca.crt | ||
| + | scp /etc/openvpn/easy-rsa/keys/client.crt | ||
| + | scp /etc/openvpn/easy-rsa/keys/client.key | ||
| + | ``` | ||
| + | |||
| + | zhang.ovpn | ||
| ``` | ``` | ||
| client | client | ||
| 行 91: | 行 123: | ||
| ``` | ``` | ||
| - | net.ipv4.ip_forward=1 的注释去掉然后sysctl -p | + | ``` |
| + | pcli-ovpn -f zhang.ovpn > zhang-full.ovpn | ||
| + | ``` | ||
| + | |||
| + | |||
| + | ``` | ||
| + | systemctl -f enable openvpn@server.service | ||
| + | systemctl start openvpn@server.service | ||
| + | systemctl status openvpn@server.service | ||
| + | ``` | ||
| #### 常用命令 | #### 常用命令 | ||
| 行 101: | 行 143: | ||
| - https://www.digitalocean.com/community/tutorials/how-to-set-up-and-configure-an-openvpn-server-on-centos-7 | - https://www.digitalocean.com/community/tutorials/how-to-set-up-and-configure-an-openvpn-server-on-centos-7 | ||
| + | - https://www.howtoing.com/how-to-setup-and-configure-an-openvpn-server-on-centos-7 | ||