[转]CentOS安装配置OpenVPN

原文地址:CentOS安装配置OpenVPN并结合freeradius验证

配置OpenVPN服务器端

wget http://dl.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
rpm -Uvh epel-release-5-4.noarch.rpm
yum install openvpn
cp -R /usr/share/openvpn/easy-rsa /etc/openvpn/
cd /etc/openvpn/easy-rsa/2.0
vim vars

2014-06-29补充:如果找不到easy-rs的文件夹,需要安装easy-rsa的包

yum install easy-rsa

根据自己实际情况修改下面的信息:
export KEY_COUNTRY=”CN”
export KEY_PROVINCE=”TJ”
export KEY_CITY=”TJ”
export KEY_ORG=”liukangxu.info”
export KEY_EMAIL=”admin@liukangxu.info”

source ./vars
./clean-all #全部回车
./build-ca server #前面全回车,最后两步y
./build-key-server server #前面全回车,最后两步y
./build-key vpn1 #vpn1是客户端名称
./build-dh #生成Diffie Hellman参数

编辑/etc/openvpn/server.conf放入下面的内容:
port 443
proto tcp
dev tun
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
server 192.168.20.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 120
comp-lzo
persist-key
persist-tun

启用ip包转发
sed -i "s/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g" /etc/sysctl.conf
sysctl -p

然后配置iptables规则,很重要,不然会导致连接后无法访问外网
iptables -t nat -A POSTROUTING -s 192.168.20.0/24 -j SNAT --to-source your_server_ipaddress
/etc/init.d/iptables save
/etc/init.d/iptables restart

最后启动openvpn以及加入开机启动
service openvpn start
chkconfig openvpn on

配置OpenVPN客户端

下载OpenVPN的windows客户端:http://swupdate.openvpn.org/community/releases/openvpn-2.2.1-install.exe

下载安装完成以后,把OpenVPN服务器/etc/openvpn/easy-rsa/2.0/keys目录下的vpn1.crt、vpn1.csr、vpn1.key、ca.crt、ca.key五个文件复制到OpenVPN客户端安装目录下的config目录下

然后再config目录下新建vpn1.ovpn文件,编辑内容如下:
client
dev tun
proto tcp
remote OpenVPN服务器ip 443
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert vpn1.crt
key vpn1.key
ns-cert-type server
comp-lzo
verb 3

至此全部操作完成,打开OpenVPN客户端连接试试看吧!

Comments are closed.