大佬教程收集整理的这篇文章主要介绍了CentOS 6.8 上OpenVPN部署和使用,大佬教程大佬觉得挺不错的,现在分享给大家,也给大家做个参考。
OpenVPN生产环境中实战部署及客户端使用@H_696_19@
1、环境需求@H_696_19@
设备@H_696_19@ |
IP@H_696_19@ |
个人PC,VPN客户端@H_696_19@ |
|
OpenVPN Server@H_696_19@ |
|
局域网服务器@H_696_19@ |
|
实现需求@H_696_19@ |
在远端通过VPN客户端对VPN Server后端多个servers直接访问,管理维护@H_696_19@ |
2、查看系统环境@H_696_19@
[root@Y-solin~]#cat/etc/redhat-release CentOSrelease6.9(Final) [root@Y-solin~]#uname-r 2.6.32-696.1.1.el6.x86_64 [root@Y-solin~]#uname-m x86_64
s.width=650;" src="http://img.code.cc/vcimg/static/loading.png" src="http://s3.51cto.com/wyfs02/M02/92/CD/wKioL1kDC3uzoddSAAAyH8BOKuk815.jpg">@H_696_19@@H_696_19@@H_696_19@
4、配置VPN服务器时间同步@H_696_19@
(1)安装ntp@H_696_19@
[root@Y-solin~]#yuminstallntp
s.width=650;" src="http://img.code.cc/vcimg/static/loading.png" src="http://s3.51cto.com/wyfs02/M02/92/CE/wKiom1kDC3vC-2E4AABebsUWfV8945.jpg">@H_696_19@@H_696_19@@H_696_19@
(2)手动同步时间@H_696_19@
[root@Y-solin~]#/usr/sbin/ntPDAtepool.ntp.org 27Apr10:03:51ntPDAte[2387]:steptimeserver85.199.214.101offset7.719699sec
s.width=650;" src="http://img.code.cc/vcimg/static/loading.png" src="http://s3.51cto.com/wyfs02/M00/92/CE/wKiom1kDC3uAOKKOAAApi1qjMr4233.jpg">@H_696_19@@H_696_19@@H_696_19@
(3)加入定时任务@H_696_19@
[root@Y-solin~]#echo'#timesync'>>/var/spool/cron/root [root@Y-solin~]#echo'*/5****/usr/sbin/ntpdatetiR_580_11845@e.windows.com>/dev/null2>&1'>>/var/spool/cron/root [root@Y-solin~]#crontab-l #timesync */5****/usr/sbin/ntpdatetiR_580_11845@e.windows.com>/dev/null2>&1
s.width=650;" src="http://img.code.cc/vcimg/static/loading.png" src="http://s3.51cto.com/wyfs02/M00/92/CD/wKioL1kDC3ziBzTiAAAxozIfk60572.jpg">@H_696_19@@H_696_19@@H_696_19@
1、建立OpenVPN软件目录@H_696_19@
[root@Y-solin~]#mkdir-p/home/solin/opt/openvpm [root@Y-solin~]#cd/home/solin/opt/openvpm
2、下载所需要的包@H_696_19@
(1)下载依赖包@H_696_19@
选择下载的版本:http://www.oberhumer.com/opensource/lzo/download/@H_696_19@
我这里选择了lzo-2.06:http://www.oberhumer.com/opensource/lzo/download/lzo-2.06.tar.gz@H_696_19@
[root@Y-solinopenvpm]#wget http://www.oberhumer.com/opensource/lzo/download/lzo-2.06.tar.gz
s.width=650;" src="http://img.code.cc/vcimg/static/loading.png" src="http://s3.51cto.com/wyfs02/M01/92/CE/wKiom1kDC3zSb0iTAACKxpeWNBM998.jpg">@H_696_19@@H_696_19@@H_696_19@
(2)下载OpenVPN@H_696_19@
选择下载版本:https://build.openvpn.net/downloads/releases/@H_696_19@
openvpn-2.4.0:https://build.openvpn.net/downloads/releases/openvpn-2.4.0.tar.gz@H_696_19@
这里选择了@H_696_19@
[root@Y-solinopenvpm]#wgetftp://ftp-osl.osuosl.org/.1/vectorlinux/VL64-7.0/source/sourceVL/openvpn/2.2.2/src/openvpn-2.2.2.tar.gz
s.width=650;" src="http://img.code.cc/vcimg/static/loading.png" src="http://s3.51cto.com/wyfs02/M02/92/CD/wKioL1kDC3yiDdRiAABYa4Hrzqk050.jpg">@H_696_19@@H_696_19@@H_696_19@
3、安装@H_696_19@
(1)编译安装vpn依赖@H_696_19@
[root@Y-solinopenvpm]#tarzxflzo-2.06.tar.gz [root@Y-solinopenvpm]#cdlzo-2.06 [root@Y-solinlzo-2.06]#./configure configure:ConfiguringLZO2.06 … [root@Y-solinlzo-2.06]#make makeall-am make[1]:Enteringdirectory`/home/solin/opt/openvpm/lzo-2.06' … [root@Y-solinlzo-2.06]#makeinstall make[1]:Enteringdirectory`/home/solin/opt/openvpm/lzo-2.06' test-z"/usr/local/lib"||/bin/mkdir-p"/usr/local/lib" …
s.width=650;" src="http://img.code.cc/vcimg/static/loading.png" src="http://s3.51cto.com/wyfs02/M01/92/CD/wKioL1kDC3zhb5PwAACXZ-xiugo836.jpg">@H_696_19@@H_696_19@@H_696_19@
(2)编译安装VPN@H_696_19@
[root@Y-solinopenvpm]#tarzxvfopenvpn-2.2.2.tar.gz [root@Y-solinopenvpm]#cdopenvpn-2.2.2 [root@Y-solinopenvpn-2.2.2]#./configure--with-lzo-headers=/usr/local/ssl/include--with-lzo-lib=/usr/local/ssl/lib checkingbuildsystemtype...x86_64-unkNown-linux-gnu checkinghostsystemtype...x86_64-unkNown-linux-gnu … [root@Y-solinopenvpn-2.2.2]#echo$? 0 [root@Y-solinopenvpn-2.2.2]#make makeall-recursive make[1]:Enteringdirectory`/home/solin/opt/openvpm/openvpn-2.2.2' … [root@Y-solinopenvpn-2.2.2]#echo$? 0 [root@Y-solinopenvpn-2.2.2]#makeinstall Makinginstallinimages make[1]:Enteringdirectory`/home/solin/opt/openvpm/openvpn-2.2.2/images' make[2]:Enteringdirectory`/home/solin/opt/openvpm/openvpn-2.2.2/images' … [root@Y-solinopenvpn-2.2.2]#echo$? 0 [root@Y-solinopenvpm]#ll/usr/local/sbin/openvpn -rwxr-xr-x.1rootroot45711864月2714:40/usr/local/sbin/openvpn
s.width=650;" src="http://img.code.cc/vcimg/static/loading.png" src="http://s3.51cto.com/wyfs02/M00/92/CE/wKiom1kDC33zpKgAAACvTNpFh9c059.jpg">@H_696_19@@H_696_19@@H_696_19@
1、初始化配置@H_696_19@
[root@Y-solinopenvpn-2.2.2]#cdeasy-rsa/2.0/ [root@Y-solin2.0]#tail-6vars exportKEY_EMAIL=mail@host.domain exportKEY_CN=changeme exportKEY_NAME=changeme exportKEY_OU=changeme exportPKCS11_MODULE_PATH=changeme exportPKCS11_PIN=1234 [root@Y-solin2.0]#pwd /home/solin/opt/openvpm/openvpn-2.2.2/easy-rsa/2.0 [root@Y-solin2.0]#cpvarsvars.solin.170427 [root@Y-solin2.0]#vivars 修改如下 #exportKEY_COUNTRY="US" exportKEY_COUNTRY="CN" #exportKEY_province="CA" exportKEY_province="SH" #exportKEY_CITY="SanFrancisco" exportKEY_CITY="ShangHai" #exportKEY_ORG="Fort-Funston" exportKEY_ORG="Y-solin" #exportKEY_EMAIL="me@myhost.mydomain" exportKEY_EMAIL="yalsnlin@sina.com" exportKEY_EMAIL=mail@host.domain exportKEY_CN=changeme #exportKEY_NAME=changeme exportKEY_NAME=Y-solin #exportKEY_OU=changeme exportKEY_OU=BDCOM exportPKCS11_MODULE_PATH=changeme exportPKCS11_PIN=1234 [root@Y-solin2.0]#.vars NOTE:Ifyourun./clean-all,Iwillbedoingarm-rfon/home/solin/opt/openvpm/openvpn-2.2.2/easy-rsa/2.0/keys [root@Y-solin2.0]#./clean-all#清空所有CA
s.width=650;" src="http://img.code.cc/vcimg/static/loading.png" src="http://s3.51cto.com/wyfs02/M00/92/CD/wKioL1kDC32TnwWAAAAwUVoPyCA716.jpg">@H_696_19@@H_696_19@@H_696_19@
[root@Y-solin2.0]#./build-ca Generatinga1024bitRSAprivatekey .++++++ .++++++ wriTingnewprivatekeyto'ca.key' ----- Youareabouttobeaskedtoenterinformationthatwillbeincorporated intoyourcertificaterequest. whatyouareabouttoenteriswhatiscalledaDisTinguishedNameoraDN. Therearequiteafewfieldsbutyoucanleavesomeblank ForsomefieldstherewillbeaDefaultValue,Ifyouenter'.',thefieldwillbeleftblank. ----- CountryName(2lettercodE)[CN]: StateorprovinceName(fullName)[SH]: LocalityName(eg,city)[ShangHai]: OrganizationName(eg,company)[Y-solin]: OrganizationalUnitName(eg,section)[BDCOM]: CommonName(eg,yournameoryourserver'shostName)[changeme]:Y-solin Name[Y-solin]: EmailAddress[mail@host.domain]:yalsnlin@sina.com 查看创建的CA证书 [root@Y-solin2.0]#ls-lkeys/ 总用量12 -rw-r--r--.1rootroot13304月2715:58ca.crt -rw-------.1rootroot9124月2715:58ca.key -rw-r--r--.1rootroot04月2715:51index.txt -rw-r--r--.1rootroot34月2715:51serial
s.width=650;" src="http://img.code.cc/vcimg/static/loading.png" src="http://s3.51cto.com/wyfs02/M02/92/CE/wKiom1kDC32wE72dAADHqyKoGGY266.jpg">@H_696_19@@H_696_19@@H_696_19@
@H_696_19@
[root@Y-solin2.0]#./build-key-serverserver Generatinga1024bitRSAprivatekey ....................++++++ ...........++++++ wriTingnewprivatekeyto'server.key' ----- Youareabouttobeaskedtoenterinformationthatwillbeincorporated intoyourcertificaterequest. whatyouareabouttoenteriswhatiscalledaDisTinguishedNameoraDN. Therearequiteafewfieldsbutyoucanleavesomeblank ForsomefieldstherewillbeaDefaultValue,yournameoryourserver'shostName)[server]: Name[Y-solin]: EmailAddress[mail@host.domain]:yalsnlin@sina.com Pleaseenterthefollowing'extra'attributes tobesentwithyourcertificaterequest Ach@R_489_8710@gepassword[]:bdyun Anoptionalcompanyname[]:BDCOM Usingconfigurationfrom/home/solin/opt/openvpm/openvpn-2.2.2/easy-rsa/2.0/openssl-1.0.0.cnf checkthattherequestmatchesthesignature Signatureok TheSubject'sDisTinguishedNameisasfollows countryName:PRINTABLE:'CN' stateOrprovinceName:PRINTABLE:'SH' localityName:PRINTABLE:'ShangHai' organizationName:PRINTABLE:'Y-solin' organizationalUnitName:PRINTABLE:'BDCOM' commonName:PRINTABLE:'server' name:PRINTABLE:'Y-solin' emailAddress:IA5StriNG:'yalsnlin@sina.com' CertificateistobecertifieduntilApr2508:13:482027GMT(3650days) Signthecertificate?[y/n]:y 1outof1certificaterequestscertified,commit?[y/n]y Writeoutdatabasewith1newentries DataBaseupdated
s.width=650;" src="http://img.code.cc/vcimg/static/loading.png" width="650" style="padding:0px;margin:0px;vertical-align:top;border:none;" src="http://s3.51cto.com/wyfs02/M00/92/CE/wKioL1kDDuHQlI36AACuwRRJoeY531.jpg">@H_696_19@@H_696_19@@H_696_19@
[root@Y-solin2.0]#ls-lrtkeys/ 总用量40 -rw-r--r--.1rootroot34月2715:51serial.old -rw-r--r--.1rootroot04月2715:51index.txt.old -rw-------.1rootroot9124月2715:58ca.key -rw-r--r--.1rootroot13304月2715:58ca.crt -rw-------.1rootroot9164月2716:13server.key -rw-r--r--.1rootroot7734月2716:13server.csr -rw-r--r--.1rootroot40294月2716:14server.crt -rw-r--r--.1rootroot34月2716:14serial -rw-r--r--.1rootroot214月2716:14index.txt.attr -rw-r--r--.1rootroot1244月2716:14index.txt -rw-r--r--.1rootroot40294月2716:1401.pem
s.width=650;" src="http://img.code.cc/vcimg/static/loading.png" style="padding:0px;margin:0px;vertical-align:top;border:none;" src="http://s3.51cto.com/wyfs02/M00/92/CE/wKioL1kDDuHzmITxAACHufHfxi4505.jpg">@H_696_19@@H_696_19@@H_696_19@
[root@Y-solin2.0]#./build-keysolin Generatinga1024bitRSAprivatekey .++++++ ........................................++++++ wriTingnewprivatekeyto'solin.key' ----- Youareabouttobeaskedtoenterinformationthatwillbeincorporated intoyourcertificaterequest. whatyouareabouttoenteriswhatiscalledaDisTinguishedNameoraDN. Therearequiteafewfieldsbutyoucanleavesomeblank ForsomefieldstherewillbeaDefaultValue,yournameoryourserver'shostName)[solin]: Name[Y-solin]: EmailAddress[mail@host.domain]:yalsnlin@sina.com Pleaseenterthefollowing'extra'attributes tobesentwithyourcertificaterequest Ach@R_489_8710@gepassword[]:bdyun Anoptionalcompanyname[]:BDCOM Usingconfigurationfrom/home/solin/opt/openvpm/openvpn-2.2.2/easy-rsa/2.0/openssl-1.0.0.cnf checkthattherequestmatchesthesignature Signatureok TheSubject'sDisTinguishedNameisasfollows countryName:PRINTABLE:'CN' stateOrprovinceName:PRINTABLE:'SH' localityName:PRINTABLE:'ShangHai' organizationName:PRINTABLE:'Y-solin' organizationalUnitName:PRINTABLE:'BDCOM' commonName:PRINTABLE:'solin' name:PRINTABLE:'Y-solin' emailAddress:IA5StriNG:'yalsnlin@sina.com' CertificateistobecertifieduntilApr2508:30:572027GMT(3650days) Signthecertificate?[y/n]:y 1outof1certificaterequestscertified,commit?[y/n]y Writeoutdatabasewith1newentries DataBaseupdated [root@Y-solin2.0]#ls-lrtkeys/ 总用量64 -rw-------.1rootroot9124月2715:58ca.key -rw-r--r--.1rootroot13304月2715:58ca.crt -rw-------.1rootroot9164月2716:13server.key -rw-r--r--.1rootroot7734月2716:13server.csr -rw-r--r--.1rootroot40294月2716:14server.crt -rw-r--r--.1rootroot34月2716:14serial.old -rw-r--r--.1rootroot1244月2716:14index.txt.old -rw-r--r--.1rootroot214月2716:14index.txt.attr.old -rw-r--r--.1rootroot40294月2716:1401.pem -rw-------.1rootroot9204月2716:30solin.key -rw-r--r--.1rootroot7694月2716:30solin.csr -rw-r--r--.1rootroot39074月2716:31solin.crt -rw-r--r--.1rootroot34月2716:31serial -rw-r--r--.1rootroot214月2716:31index.txt.attr -rw-r--r--.1rootroot2474月2716:31index.txt -rw-r--r--.1rootroot39074月2716:3102.pem
s.width=650;" src="http://img.code.cc/vcimg/static/loading.png" style="padding:0px;margin:0px;vertical-align:top;border:none;" src="http://s3.51cto.com/wyfs02/M00/92/CE/wKioL1kDEIahloaQAADZF-vNJI4212.jpg">@H_696_19@@H_696_19@@H_696_19@
[root@Y-solin2.0]#./build-key-passxiaodangjia Generatinga1024bitRSAprivatekey ...........++++++ .........++++++ wriTingnewprivatekeyto'xiaodangjia.key' EnterPEMpassphrase: Verifying-EnterPEMpassphrase: ----- Youareabouttobeaskedtoenterinformationthatwillbeincorporated intoyourcertificaterequest. whatyouareabouttoenteriswhatiscalledaDisTinguishedNameoraDN. Therearequiteafewfieldsbutyoucanleavesomeblank ForsomefieldstherewillbeaDefaultValue,yournameoryourserver'shostName)[xiaodangjia]: Name[Y-solin]: EmailAddress[mail@host.domain]:yalsnlin@sina.com Pleaseenterthefollowing'extra'attributes tobesentwithyourcertificaterequest Ach@R_489_8710@gepassword[]:bdyun Anoptionalcompanyname[]:BDCOM Usingconfigurationfrom/home/solin/opt/openvpm/openvpn-2.2.2/easy-rsa/2.0/openssl-1.0.0.cnf checkthattherequestmatchesthesignature Signatureok TheSubject'sDisTinguishedNameisasfollows countryName:PRINTABLE:'CN' stateOrprovinceName:PRINTABLE:'SH' localityName:PRINTABLE:'ShangHai' organizationName:PRINTABLE:'Y-solin' organizationalUnitName:PRINTABLE:'BDCOM' commonName:PRINTABLE:'xiaodangjia' name:PRINTABLE:'Y-solin' emailAddress:IA5StriNG:'yalsnlin@sina.com' CertificateistobecertifieduntilApr2608:26:542027GMT(3650days) Signthecertificate?[y/n]:y 1outof1certificaterequestscertified,255);text-align:justify;">
生成generate diffie Hellman parameter@H_502_9@
生成传输进行秘钥交换时用到的交换秘钥协议文件@H_696_19@
[root@Y-solin2.0]#./build-dh GeneratingDHparameters,1024bitlongsafeprime,generator2 Thisisgoing@R_77_10586@kealongtime ......
s.width=650;" src="http://img.code.cc/vcimg/static/loading.png" width="650" style="padding:0px;margin:0px;vertical-align:top;border:none;" src="http://s3.51cto.com/wyfs02/M02/92/D0/wKiom1kDENeR3_XGAACsGiTPmw0970.jpg">@H_696_19@@H_696_19@@H_696_19@
[root@Y-solin2.0]#pwd /home/solin/opt/openvpm/openvpn-2.2.2/easy-rsa/2.0 [root@Y-solin2.0]#llkeys/ 总用量84 -rw-r--r--.1rootroot40294月2716:1401.pem -rw-r--r--.1rootroot39074月2716:3102.pem -rw-r--r--.1rootroot39214月2716:3603.pem -rw-r--r--.1rootroot13304月2715:58ca.crt -rw-------.1rootroot9124月2715:58ca.key -rw-r--r--.1rootroot2454月2716:44dh1024.pem -rw-r--r--.1rootroot3764月2716:36index.txt -rw-r--r--.1rootroot214月2716:36index.txt.attr -rw-r--r--.1rootroot214月2716:31index.txt.attr.old -rw-r--r--.1rootroot2474月2716:31index.txt.old -rw-r--r--.1rootroot34月2716:36serial -rw-r--r--.1rootroot34月2716:31serial.old -rw-r--r--.1rootroot40294月2716:14server.crt -rw-r--r--.1rootroot7734月2716:13server.csr -rw-------.1rootroot9164月2716:13server.key -rw-r--r--.1rootroot39074月2716:31solin.crt -rw-r--r--.1rootroot7694月2716:30solin.csr -rw-------.1rootroot9204月2716:30solin.key -rw-r--r--.1rootroot39214月2716:36xiaodangjia.crt -rw-r--r--.1rootroot7774月2716:36xiaodangjia.csr -rw-------.1rootroot9164月2716:36xiaodangjia.key
s.width=650;" src="http://img.code.cc/vcimg/static/loading.png" style="padding:0px;margin:0px;vertical-align:top;border:none;" src="http://s3.51cto.com/wyfs02/M01/92/CE/wKioL1kDENfAbkLHAAENnGVqMje815.jpg">@H_696_19@@H_696_19@@H_696_19@
配置服务端VPN配置文件server.conf(服务端模板配置文件)@H_502_9@
1、把所有的keys和配置文件拷贝到/etc/openvpn目录下@H_696_19@
[root@Y-solin2.0]#mkdir-p/etc/openvpn [root@Y-solin2.0]#cp-a/home/solin/opt/openvpm/openvpn-2.2.2/easy-rsa/2.0/keys/etc/openvpn/ [root@Y-solin2.0]#cp-a/home/solin/opt/openvpm/openvpn-2.2.2/sample-config-files/*.conf/etc/openvpn/
s.width=650;" src="http://img.code.cc/vcimg/static/loading.png" width="650" style="padding:0px;margin:0px;vertical-align:top;border:none;" src="http://s3.51cto.com/wyfs02/M02/92/CE/wKioL1kDESmDxmONAAC-s794gKw084.jpg">@H_696_19@@H_696_19@@H_696_19@
2、进入/etc/openvpn目录@H_696_19@
[root@Y-solin2.0]#cd/etc/openvpn/ [root@Y-solinopenvpn]#ll 总用量36 -rw-rw-r--.1500500342610月212010client.conf drwx------.2rootroot40964月2716:44keys -rw-rw-r--.15005001028810月212010server.conf -rw-rw-r--.1500500174210月212010static-home.conf -rw-rw-r--.1500500168810月212010static-office.conf -rw-rw-r--.1500500193710月212010tls-home.conf -rw-rw-r--.1500500194810月212010tls-office.conf [root@Y-solinopenvpn]#cpserver.confserver.conf.solin.170427[root@Y-solinopenvpn]#pwd /etc/openvpn [root@Y-solinopenvpn]#egrep-v"^#|^$^|;"server.conf port1194 protoudp devtun caca.crt certserver.crt keyserver.key#Thisfileshouldbekeptsecret dhdh1024.pem server10.8.0.0255.255.255.0 ifconfig-pool-persistipp.txt keepalive10120 comp-lzo persist-key persist-tun statusopenvpn-status.log verb3[root@Y-solinopenvpn]#egrep-v"^#|^$|^;"server.conf>solin-vpn.conf [root@Y-solinopenvpn]#catsolin-vpn.conf port1194 protoudp devtun caca.crt certserver.crt keyserver.key#Thisfileshouldbekeptsecret dhdh1024.pem server10.8.0.0255.255.255.0 ifconfig-pool-persistipp.txt keepalive10120 comp-lzo persist-key persist-tun statusopenvpn-status.log verb3
s.width=650;" src="http://img.code.cc/vcimg/static/loading.png" width="650" style="padding:0px;margin:0px;vertical-align:top;border:none;" src="http://s3.51cto.com/wyfs02/M02/92/CE/wKioL1kDESqwLpa9AABh4VY7WTU092.jpg">@H_696_19@@H_696_19@
@H_696_19@[root@Y-solinopenvpn]#visolin-vpn.conf 修改如下 local192.168.119.96 port52115 prototcp devtun ca/etc/openvpn/keys/ca.crt key/etc/openvpn/keys/server.key cert/etc/openvpn/keys/server.crt dh/etc/openvpn/keys/dh1024.pem server10.8.0.0255.255.255.0 ifconfig-pool-persistipp.txt keepalive10120 comp-lzo persist-key persist-tun statusopenvpn-status.log verb3 push"route192.168.239.0255.255.255.0" client-to-client log/var/log/openvpn.log
s.width=650;" src="http://img.code.cc/vcimg/static/loading.png" style="padding:0px;margin:0px;vertical-align:top;border:none;" src="http://s3.51cto.com/wyfs02/M00/92/D0/wKiom1kDESqjaq1iAAB1EwPcHAk859.jpg">@H_696_19@@H_696_19@@H_696_19@
启动服务端的VPN服务@H_502_9@
0、取消防火墙对VPN(1194,52115)的拦截@H_696_19@
[root@Y-solinopenvpn]#vi/etc/sysctl.conf 修改 … net.ipv4.ip_forWARD=1 …
s.width=650;" src="http://img.code.cc/vcimg/static/loading.png" style="padding:0px;margin:0px;vertical-align:top;border:none;" src="http://s3.51cto.com/wyfs02/M00/92/D0/wKiom1kDESrQMoqhAAFmsd1RBOU708.png">@H_696_19@@H_696_19@@H_696_19@
(2)配置生效@H_696_19@
[root@Y-solinopenvpn]#sysctl-p net.ipv4.ip_forWARD=1 net.ipv4.conf.default.rp_filter=1 net.ipv4.conf.default.accept_source_route=0 kernel.sysrq=0 kernel.core_uses_pid=1 net.ipv4.tcp_syncookies=1 kernel.msgmnb=65536 kernel.msgmax=65536 kernel.shmmax=68719476736 kernel.shmall=4294967296
s.width=650;" src="http://img.code.cc/vcimg/static/loading.png" style="padding:0px;margin:0px;vertical-align:top;border:none;" src="http://s3.51cto.com/wyfs02/M00/92/CE/wKioL1kDESuAnYqoAABime-1xhg363.jpg">@H_696_19@@H_696_19@@H_696_19@
2、启动OpenVPN服务@H_696_19@
[root@Y-solinopenvpn]#/usr/local/sbin/openvpn--config/etc/openvpn/solin-vpn.conf& [1]484353、检查VPN服务端口@H_696_19@
[root@Y-solinopenvpn]#netstat-lntup|grep52115 tcp00192.168.119.96:521150.0.0.0:*LISTEN50918/openvpn [root@Y-solinopenvpn]#ps-ef|grepvpn root509182392009:22pts/100:00:00/usr/local/sbin/openvpn--config/etc/openvpn/solin-vpn.conf root509322392009:23pts/100:00:00grepvpn
s.width=650;" src="http://img.code.cc/vcimg/static/loading.png" width="650" style="padding:0px;margin:0px;vertical-align:top;border:none;" src="http://s3.51cto.com/wyfs02/M01/92/D0/wKiom1kDESviI2-HAABEshcINJo704.jpg">@H_696_19@@H_696_19@@H_696_19@
4、设置开机自启动(两种方式)@H_696_19@
[root@Y-solinopenvpn]#echo"#starupopenvpnbysolinat170427">>/etc/rc.local [root@Y-solinopenvpn]#echo"/usr/local/sbin/openvpn--config/etc/openvpn/solin-vpn.conf&">>/etc/rc.local [root@Y-solinopenvpn]#tail-2/etc/rc.local #starupopenvpnbysolinat170427 /usr/local/sbin/openvpn--config/etc/openvpn/solin-vpn.conf&方式二:加入init.d目录下@H_696_19@
注:solin-vpn.conf必须修改为server.conf才可实现@H_696_19@
[root@Y-solinopenvpn]#cp/home/solin/opt/openvpm/openvpn-2.2.2/sample-scripts/openvpn.init/etc/init.d/openvpn [root@Y-solinopenvpn]#chmod755/etc/init.d/openvpn [root@Y-solinopenvpn]#chkconfigopenvpnon [root@Y-solinopenvpn]#chkconfig--listopenvpn openvpn0:关闭1:关闭2:启用3:启用4:启用5:启用6:关闭
s.width=650;" src="http://img.code.cc/vcimg/static/loading.png" width="650" style="padding:0px;margin:0px;vertical-align:top;border:none;" src="http://s3.51cto.com/wyfs02/M00/92/D0/wKiom1kDEXyTgAnnAABMAeiabes223.jpg">@H_696_19@@H_696_19@@H_696_19@
到这里服务端完全配置完毕!@H_696_19@
安装WindowsVPN客户端配置VPN连接@H_502_9@
1、下载安装客户端@H_696_19@
官网下载:https://openvpn.net/index.PHP/download/58-open-source/downloads.html@H_696_19@
下载与OpenVPN服务端版本一致的Windows客户端,如果版本不一致可能会导致连接失败。@H_696_19@
我这里下载好了@H_696_19@
s.width=650;" src="http://img.code.cc/vcimg/static/loading.png" style="padding:0px;margin:0px;vertical-align:top;border:none;" src="http://s3.51cto.com/wyfs02/M00/92/D0/wKiom1kDEX3QvltnAACFapXkbdU359.png">@H_696_19@@H_696_19@@H_696_19@
2、openvpn-2.2.2Windows客户端安装@H_696_19@
(1)双加开始安装@H_696_19@
s.width=650;" src="http://img.code.cc/vcimg/static/loading.png" style="padding:0px;margin:0px;vertical-align:top;border:none;" src="http://s3.51cto.com/wyfs02/M00/92/CE/wKioL1kDEX2yEyGhAABxmykvvVY792.jpg">@H_696_19@@H_696_19@@H_696_19@
s.width=650;" src="http://img.code.cc/vcimg/static/loading.png" style="padding:0px;margin:0px;vertical-align:top;border:none;" src="http://s3.51cto.com/wyfs02/M00/92/CE/wKioL1kDEX2iu7kkAABmc90u8_0870.jpg">@H_696_19@@H_696_19@@H_696_19@
3、客户端配置@H_696_19@
(1)备份client.conf配置文件@H_696_19@
[root@Y-solinopenvpn]#pwd /etc/openvpn [root@Y-solinopenvpn]#ll 总用量56 -rw-rw-r--.1500500342610月212010client.conf -rw-------.1rootroot04月2814:13ipp.txt drwx------.2rootroot40964月2809:09keys -rw-------.1rootroot2324月2814:13openvpn-status.log -rw-rw-r--.15005001028810月212010server.conf -rw-r--r--.1rootroot102884月2717:15server.conf.solin.170427 -rw-r--r--.1rootroot4034月2809:20solin-vpn.conf -rw-rw-r--.1500500174210月212010static-home.conf -rw-rw-r--.1500500168810月212010static-office.conf -rw-rw-r--.1500500193710月212010tls-home.conf -rw-rw-r--.1500500194810月212010tls-office.conf [root@Y-solinopenvpn]#cpclient.confclient.conf.solin.17.04.28[root@Y-solinopenvpn]#egrep-v"^#|^;|^$"client.conf client devtun protoudp remotemy-server-11194 resolv-retryinfinite nobind persist-key persist-tun caca.crt certclient.crt keyclient.key ns-cert-typeserver comp-lzo verb3[root@Y-solinopenvpn]#egrep-v"^#|^;|^$"client.conf>client-solin.conf [root@Y-solinopenvpn]#catclient-solin.conf client devtun protoudp remotemy-server-11194 resolv-retryinfinite nobind persist-key persist-tun caca.crt certclient.crt keyclient.key ns-cert-typeserver comp-lzo verb3(4)生产环境下配置@H_696_19@
[root@Y-solinopenvpn]#viclient-solin.conf [root@Y-solinopenvpn]#catclient-solin.conf client devtun #protoudp prototcp #remotemy-server-11194 remote192.168.119.9652115 resolv-retryinfinite nobind persist-key persist-tun caca.crt #certclient.crt certsolin.crt #keyclient.key keysolin.key ns-cert-typeserver comp-lzo verb3
s.width=650;" src="http://img.code.cc/vcimg/static/loading.png" style="padding:0px;margin:0px;vertical-align:top;border:none;" src="http://s3.51cto.com/wyfs02/M01/92/D0/wKiom1kDEX7ANjmQAABkq9Eu3TA899.jpg">@H_696_19@@H_696_19@@H_696_19@
4、从服务器导出修改好的配置文件和证书文件@H_696_19@
在OpenVPN安装目录(我的OpenVPN安装目录:D:\Tools\OpenVPN\config)的config文件夹下,新建client-solin文件夹,把配置好的配置文件和证书文件放在该目录中@H_696_19@
[root@Y-solinopenvpn]#szclient-solin.confkeys/ca.crtkeys/solin.*keys/xiaodangjia.*
s.width=650;" src="http://img.code.cc/vcimg/static/loading.png" width="650" style="padding:0px;margin:0px;vertical-align:top;border:none;" src="http://s3.51cto.com/wyfs02/M01/92/D0/wKiom1kDEX6D_o2AAABdmPlRCQY395.jpg">@H_696_19@@H_696_19@@H_696_19@
5、修改配置文件client-solin.conf和证书文件client-solin.ovpn@H_696_19@
s.width=650;" src="http://img.code.cc/vcimg/static/loading.png" width="650" style="padding:0px;margin:0px;vertical-align:top;border:none;" src="http://s3.51cto.com/wyfs02/M01/92/CE/wKioL1kDEX7Q3X5BAABW8ZIxuBw305.jpg">@H_696_19@@H_696_19@@H_696_19@
@H_696_19@6、同样的方式导出xiaodangjia配置文件和认证文件@H_696_19@
(1)在我的安装目录D:\Tools\OpenVPN\config下,创建client-xiaodangjia文件夹,导入配置文件和认证文件@H_696_19@
s.width=650;" src="http://img.code.cc/vcimg/static/loading.png" style="padding:0px;margin:0px;vertical-align:top;border:none;" src="http://s3.51cto.com/wyfs02/M00/92/D0/wKiom1kDEX-xkyQfAACLFE2NnyY144.png">@H_696_19@@H_696_19@@H_696_19@
(2)连接拨号client-xiaodangjia,需要输入密码,连接成功@H_696_19@
s.width=650;" src="http://img.code.cc/vcimg/static/loading.png" style="padding:0px;margin:0px;vertical-align:top;border:none;" src="http://s3.51cto.com/wyfs02/M02/92/D0/wKiom1kDEX_RSejBAAA9Z8oGl4w780.jpg">@H_696_19@@H_696_19@@H_696_19@
7、连接拨号@H_696_19@
(1)双加打开VPN
s.width=650;" src="http://img.code.cc/vcimg/static/loading.png" style="padding:0px;margin:0px;vertical-align:top;border:none;" src="http://s3.51cto.com/wyfs02/M01/92/CE/wKioL1kDEX7AdHWXAAAdw0DOtjQ242.png">@H_696_19@@H_696_19@(2)拨号连接
s.width=650;" src="http://img.code.cc/vcimg/static/loading.png" style="padding:0px;margin:0px;vertical-align:top;border:none;" src="http://s3.51cto.com/wyfs02/M02/92/D0/wKiom1kDEX6Q_3ORAAAE022qbKY973.png">@H_696_19@@H_696_19@(3)连接成功显示绿色
s.width=650;" src="http://img.code.cc/vcimg/static/loading.png" style="padding:0px;margin:0px;vertical-align:top;border:none;" src="http://s3.51cto.com/wyfs02/M02/92/CE/wKioL1kDEX_ipOBfAAAC5OF0lbg586.png">@H_696_19@@H_696_19@@H_696_19@
以上是大佬教程为你收集整理的CentOS 6.8 上OpenVPN部署和使用全部内容,希望文章能够帮你解决CentOS 6.8 上OpenVPN部署和使用所遇到的程序开发问题。
如果觉得大佬教程网站内容还不错,欢迎将大佬教程推荐给程序员好友。
本图文内容来源于网友网络收集整理提供,作为学习参考使用,版权属于原作者。
如您有任何意见或建议可联系处理。小编QQ:384754419,请注明来意。