首页 / 操作系统 / Linux / OpenVPN On CentOS 5 配置

服务器端1.下载openvpn源[root@localhost opt]#wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.i386.rpm2.安装openvpn[root@localhost opt]#sed --in-place "s/\（.*enabled.*=\）.*/1 0/" /etc/yum.repos.d/rpmforge.repo[root@localhost opt]#yum --enablerepo rpmforge install  openvpn[root@localhost opt]#mkdir -p /etc/openvpn/easy-rsa[root@localhost opt]#cd /etc/openvpn/easy-rsa[root@localhost easy-rsa]#cp -Rv /usr/share/doc/openvpn-2.2.0/easy-rsa/2.0/* ./[root@localhost easy-rsa]#chmod u+x clean-all build-ca whichopensslcnf build-dh build-key pkitool build-key-server3.拷贝配置文件[root@localhost easy-rsa]#cd ..[root@localhost openvpn]#cp /usr/share/doc/openvpn-2.2.0/sample-config-files/server.conf  ./[root@localhost easy-rsa]#cd /etc/easy-rsa
[root@localhost easy-rsa]#vim vars修该为自己的信息export KEY_COUNTRY="CN"
export KEY_PROVINCE="CHINA"
export KEY_CITY="BEIJING"
export KEY_ORG="CSDN"
export KEY_EMAIL="www.linuxidc.com@www.linuxidc.net" [root@localhost easy-rsa]#. ./vars  #使其生效[root@localhost easy-rsa]# ./clean-all   #初始化[root@localhost easy-rsa]# ./build-ca   #创建根证书
Generating a 1024 bit RSA private key
......++++++
.................++++++
writing new private key to "ca.key"
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ".", the field will be left blank.
-----
Country Name （2 letter code） [CN]:
State or Province Name （full name） [CHINA]:
Locality Name （eg, city） [BEIJING]:
Organization Name （eg, company） [CSDN]:
Organizational Unit Name （eg, section） []:
Common Name （eg, your name or your server"s hostname） [CSDN CA]:
Name []:
Email Address [gaoming@dev.csdn.net]:[root@localhost easy-rsa]# ./build-key-server server   #创建服务器证书
Generating a 1024 bit RSA private key
................................................++++++
.............++++++
writing new private key to "server.key"
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ".", the field will be left blank.
-----
Country Name （2 letter code） [CN]:
State or Province Name （full name） [CHINA]:
Locality Name （eg, city） [BEIJING]:
Organization Name （eg, company） [CSDN]:
Organizational Unit Name （eg, section） []:
Common Name （eg, your name or your server"s hostname） [server]:server
Name []:
Email Address [gaoming@dev.csdn.net]:Please enter the following "extra" attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject"s Distinguished Name is as follows
countryName           :PRINTABLE:"CN"
stateOrProvinceName   :PRINTABLE:"CHINA"
localityName          :PRINTABLE:"BEIJING"
organizationName      :PRINTABLE:"CSDN"
commonName            :PRINTABLE:"server"
emailAddress          :IA5STRING:"gaoming@dev.csdn.net"
Certificate is to be certified until Mar 10 02:45:38 2022 GMT （3650 days）
Sign the certificate？ [y/n]:y
1 out of 1 certificate requests certified, commit？ [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@localhost easy-rsa]# ./build-key client   #创建客户端证书
Generating a 1024 bit RSA private key
......................++++++
........................................................++++++
writing new private key to "client.key"
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ".", the field will be left blank.
-----
Country Name （2 letter code） [CN]:
State or Province Name （full name） [CHINA]:
Locality Name （eg, city） [BEIJING]:
Organization Name （eg, company） [CSDN]:
Organizational Unit Name （eg, section） []:
Common Name （eg, your name or your server"s hostname） [client]:
Name []:
Email Address [gaoming@dev.csdn.net]:Please enter the following "extra" attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject"s Distinguished Name is as follows
countryName           :PRINTABLE:"CN"
stateOrProvinceName   :PRINTABLE:"CHINA"
localityName          :PRINTABLE:"BEIJING"
organizationName      :PRINTABLE:"CSDN"
commonName            :PRINTABLE:"client"
emailAddress          :IA5STRING:"gaoming@dev.csdn.net"
Certificate is to be certified until Mar 10 02:46:46 2022 GMT （3650 days）
Sign the certificate？ [y/n]:y
1 out of 1 certificate requests certified, commit？ [y/n]y
Write out database with 1 new entries
Data Base Updated
[root@localhost easy-rsa]# ./build-dh      #生成Diffie Hellman文件
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
...................+.................................................................................................................................................+...................................................+.............................................+...................................+...................................................................................................................................+................................+...................................................................+........+..............................................................................+........................................+...........................................................................+...+................+.........+......................+........................................................................................+.............................+...............................+..+.......................+.................+............................+......................+....+............................................+...................+.......................................................................+........+.......................................................................................................................+...................................................................................................+........................+..................................+.................................................................+.................................+...+.........................................................................+.....................+.......................+........+.............................+.............+......................+....+.....++*++*++*
4.配置文件[root@localhost openvpn]#vim server.conflocal 117.79.92.146
port 1194
proto udp
dev tap
ca ./easy-rsa/keys/ca.crt
cert ./easy-rsa/keys/server.crt
dh ./easy-rsa/keys/dh1024.pem
server 10.8.0.0 255.255.255.0push "route 192.168.1.0 255.255.255.0"
ifconfig-pool-persist ipp.txt
client-to-client
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
log         openvpn.log
verb 35.启动openvpn [root@localhost openvpn]#/etc/init.d/openvpn startStarting openvpn:                                          [  OK  ]
[root@localhost openvpn]# ifconfig                #多出的虚拟网卡
tap0      Link encap:Ethernet  HWaddr 66:78:46:2C:A8:8B
          inet addr:10.8.0.1  Bcast:10.8.0.255  Mask:255.255.255.0
          inet6 addr: fe80::6478:46ff:fe2c:a88b/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:27 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 （0.0 b）  TX bytes:5728 （5.5 KiB）
客户端安装方法和服务器一样，不同的是不用拷贝easy-rsa目录，拷贝配置文件的时候选择client.conf，把服务器的ca.crt,client.crt.client.key 拷贝到客户端启动服务即可注意事项：生成证书时一定要同步好时间，如果服务器端用nobody运行，别忘记赋予权限CentOS 5.6下Python 2.4.3升级到2.7.2Fedora 16下PHP 5.4编译安装笔记相关资讯      openvpn 

如何使用OpenVPN和PrivacyIDEA搭建  （01月18日） OpenVPN异地机房互连以及负载均衡  （07/23/2015 13:19:11） 单独一台机器测试OpenVPN加密隧道  （01/12/2015 07:11:41）

在 Ubuntu 15.04 上安装配置   （08/03/2015 11:08:56） CentOS6.5 Linux基于AD域账号联动  （06/20/2015 07:47:40） Android上的OpenVPN-TAP模式/策略  （12/21/2014 12:50:48）

本文评论 查看全部评论 （0）

表情： 姓名： 匿名字数 <div id="footbar"> 版权所有©石家庄振强科技有限公司2024 <a href="https://beian.miit.gov.cn" target="_blank">冀ICP备08103738号-5</a> <a href="/storage/sitemap.xml">网站地图</a> </div> </div> <script type="text/javascript" src="//cpro.baidustatic.com/cpro/ui/cm.js"></script> <script> var _mtj = _mtj || []; (function () { var mtj = document.createElement("script"); mtj.src = "https://node12.aizhantj.com:21233/tjjs/?k=p2tceukth5c"; var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(mtj, s); })(); </script> </body> </html>