详解Centos6.5 Openvpn的安装与配置

  yum -y install openssl-devel openssl  yum -y install gcc gcc-c++

  cd /apps  #安装目录  wget ftp://www.wudonghang.com/soft/openvpn-2.1_rc15.tar.gz #下载lzo  tar zxvf lzo-2.04.tar.gz  #解压  cd lzo-2.04  ./configure ; make ; make install  #编译与安装 

  cd /apps  wget http://openvpn.net/release/openvpn-2.1_rc15.tar.gz  tar zxvf openvpn-2.1_rc15.tar.gz  cd openvpn-2.1_rc15  ./configure ; make ; make install

  cp -r /apps/openvpn-2.1_rc15/ /etc/openvpn #用easy-rsa生成服务器证书客户端证书 

  cd /etc/openvpn/easy-rsa/2.0  ./vars  source vars 

  ./clean-all  ./build-ca 

  ./build-key-server server

  ./build-dh 

代码如下:

cp keys/{ca.crt,ca.key,server.crt,server.key,dh1024.pem} /etc/openvpn/

  ./build-key client1 #与server key 设置一致

  ./build-key client2  ./build-key client3

  vi /etc/openvpn/easy-rsa/2.0/keys/client1.ovpn

  client  remote 192.168.80.129 1194  dev tun #说明连接方式是点对点的连接，如要以以太网的方式则可以将tun修改为tap  proto tcp  resolv-retry infinite  nobind  persist-key  persist-tun  ca ca.crt  cert client1.crt  key client1.key  ns-cert-type server  comp-lzo  route-delay 2  route-method exe  verb 3

  tar czf keys.tgz ca.crt ca.key client1.crt client1.csr client1.key client1.ovpn  mv keys.tgz /root 

  port 1194  proto tcp  dev tun #说明连接方式是点对点的连接，如要以以太网的方式则可以将tun修改为tap  ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt  cert /etc/openvpn/easy-rsa/2.0/keys/server.crt  key /etc/openvpn/easy-rsa/2.0/keys/server.key  dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem  server 10.8.0.0 255.255.255.0  ifconfig-pool-persist ipp.txt  push "redirect-gateway"  push "route 172.18.2.0 255.255.255.0" #路由转发到内网网段  push "dhcp-option DNS 172.18.2.1"  push "dhcp-option DNS 8.8.8.8"  keepalive 10 120  comp-lzo  persist-key  persist-tun  client-to-client #如果不加则各个客户端之间将无法连接 

  echo 1 > /proc/sys/net/ipv4/ip_forward  iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE  iptables-save > /etc/sysconfig/iptables  sed -i 's/eth0/venet0/g' /etc/sysconfig/iptables # dirty vz fix for iptables-save  echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf

代码如下:

iptables -t nat -A POSTROUTING -s 10.8.0.0/255.255.255.0 -d 172.18.2.0/255.255.255.0 -j SNAT Cto-source 172.18.2.30

  /usr/local/sbin/openvpn --config /etc/openvpn/server.conf

代码如下:

echo “/usr/local/sbin/openvpn --config /etc/openvpn/server.conf ” >> /etc/rc.local

  cp /apps/openvpn-2.1_rc15/sample-scripts/openvpn.init /etc/init.d/openvpn  chmod 700 /etc/init.d/openvpn  chkconfig --add openvpn  chkconfig --level 345 openvpn on 

  service openvpn start

  lsof -i:1194

  client-to-client  client-config-dir ccd  route 192.168.1.0 255.255.255.0

  iroute 192.168.1.0 255.255.255.0

  push "route 192.168.1.0 255.255.255.0"

代码如下:

iptables -t nat -A POSTROUTING -s 10.8.0.0/255.255.255.0 -d 192.168.1.0/255.255.255.0 -j SNAT C-to-source 172.9.2.100

  #!/bin/bash  # Quick and dirty OpenVPN install script  # Tested on Centos 5.x 32bit, openvz minimal CentOS OS templates  # Please submit feedback and questions at support@vpsnoc.com     # John Malkowski vpsnoc.com 01/04/2010     ip=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-venet0:0 | awk -F= '{print $2}'`     wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.i386.rpm  rpm -iv rpmforge-release-0.3.6-1.el5.rf.i386.rpm  rm -rf rpmforge-release-0.3.6-1.el5.rf.i386.rpm     yum -y install openvpn openssl openssl-devel  cd /etc/openvpn/  cp -R /usr/share/doc/openvpn-2.2.0/easy-rsa/ /etc/openvpn/  cd /etc/openvpn/easy-rsa/2.0/  chmod +rwx *  ./vars  ./clean-all  source ./vars     echo -e "nnnnnnn" | ./build-ca  clear  echo "####################################"  echo "Feel free to accept default values"  echo "Wouldn't recommend setting a password here"  echo "Then you'd have to type in the password each time openVPN starts/restarts"  echo "####################################"  ./build-key-server server  ./build-dh  cp keys/{ca.crt,ca.key,server.crt,server.key,dh1024.pem} /etc/openvpn/     clear  echo "####################################"  echo "Feel free to accept default values"  echo "This is your client key, you may set a password here but it's not required"  echo "####################################"  ./build-key client1  cd keys/     client="  client  remote $ip 1194  dev tun  comp-lzo  ca ca.crt  cert client1.crt  key client1.key  route-delay 2  route-method exe  redirect-gateway def1  dhcp-option DNS 10.8.0.1  verb 3"     echo "$client" > $HOSTNAME.ovpn     tar czf keys.tgz ca.crt ca.key client1.crt client1.csr client1.key $HOSTNAME.ovpn  mv keys.tgz /root     opvpn='  dev tun  server 10.8.0.0 255.255.255.0  ifconfig-pool-persist ipp.txt  ca ca.crt  cert server.crt  key server.key  dh dh1024.pem  push "route 10.8.0.0 255.255.255.0"  push "redirect-gateway"  comp-lzo  keepalive 10 60  ping-timer-rem  persist-tun  persist-key  group nobody  daemon'     echo "$opvpn" > /etc/openvpn/openvpn.conf     echo 1 > /proc/sys/net/ipv4/ip_forward  iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE  iptables-save > /etc/sysconfig/iptables  sed -i 's/eth0/venet0/g' /etc/sysconfig/iptables # dirty vz fix for iptables-save  echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf     /etc/init.d/openvpn start  clear     echo "OpenVPN has been installed  Download /root/keys.tgz using winscp or other sftp/scp client such as filezilla  Create a directory named vpn at C:Program FilesOpenVPNconfig and untar the content of keys.tgz there  Start openvpn-gui, right click the tray icon go to vpn and click connect  For support/bug reports email us at support@vpsnoc.com"