歡迎您光臨本站 註冊首頁

OpenVPN On CentOS5 配置

←手機掃碼閱讀     火星人 @ 2014-03-03 , reply:0

OpenVPN On CentOS5 配置


OpenVPN On CentOS5 配置



伺服器端

1.下載openvpn源#wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.i386.rpm2.安裝openvpn
#sed --in-place "s/\\(.*enabled.*=\\).*/\1 0/" /etc/yum.repos.d/rpmforge.repo

#yum --enablerepo rpmforge install  openvpn

#mkdir -p /etc/openvpn/easy-rsa

#cd /etc/openvpn/easy-rsa

#cp -Rv /usr/share/doc/openvpn-2.2.0/easy-rsa/2.0/* ./

#chmod u+x clean-all build-ca whichopensslcnf build-dh build-key pkitool build-key-server
3.拷貝配置文件#cd ..

#cp /usr/share/doc/openvpn-2.2.0/sample-config-files/server.conf  ./

#cd /etc/easy-rsa
#vim vars

修該為自己的信息

export KEY_COUNTRY="CN"
export KEY_PROVINCE="CHINA"
export KEY_CITY="BEIJING"
export KEY_ORG="CSDN"
export KEY_EMAIL="gaoming@dev.csdn.net"

#. ./vars  #使其生效

# ./clean-all   #初始化

# ./build-ca   #創建根證書
Generating a 1024 bit RSA private key
......++++++
.................++++++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) :
State or Province Name (full name) :
Locality Name (eg, city) :
Organization Name (eg, company) :
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) :
Name []:
Email Address :

# ./build-key-server server   #創建伺服器證書
Generating a 1024 bit RSA private key
................................................++++++
.............++++++
writing new private key to 'server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) :
State or Province Name (full name) :
Locality Name (eg, city) :
Organization Name (eg, company) :
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) :server
Name []:
Email Address :

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'CN'
stateOrProvinceName   :PRINTABLE:'CHINA'
localityName          :PRINTABLE:'BEIJING'
organizationName      :PRINTABLE:'CSDN'
commonName            :PRINTABLE:'server'
emailAddress          :IA5STRING:'gaoming@dev.csdn.net'
Certificate is to be certified until Mar 10 02:45:38 2022 GMT (3650 days)
Sign the certificate? :y


1 out of 1 certificate requests certified, commit? y
Write out database with 1 new entries
Data Base Updated


# ./build-key client   #創建客戶端證書
Generating a 1024 bit RSA private key
......................++++++
........................................................++++++
writing new private key to 'client.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) :
State or Province Name (full name) :
Locality Name (eg, city) :
Organization Name (eg, company) :
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) :
Name []:
Email Address :

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'CN'
stateOrProvinceName   :PRINTABLE:'CHINA'
localityName          :PRINTABLE:'BEIJING'
organizationName      :PRINTABLE:'CSDN'
commonName            :PRINTABLE:'client'
emailAddress          :IA5STRING:'gaoming@dev.csdn.net'
Certificate is to be certified until Mar 10 02:46:46 2022 GMT (3650 days)
Sign the certificate? :y


1 out of 1 certificate requests certified, commit? y
Write out database with 1 new entries
Data Base Updated


# ./build-dh      #生成Diffie Hellman文件
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
...................+.................................................................................................................................................+...................................................+.............................................+...................................+...................................................................................................................................+................................+...................................................................+........+..............................................................................+........................................+...........................................................................+...+................+.........+......................+........................................................................................+.............................+...............................+..+.......................+.................+............................+......................+....+............................................+...................+.......................................................................+........+.......................................................................................................................+...................................................................................................+........................+..................................+.................................................................+.................................+...+.........................................................................+.....................+.......................+........+.............................+.............+......................+....+.....++*++*++*4.配置文件
#vim server.conf

local 117.79.92.146
port 1194
proto udp
dev tap
ca ./easy-rsa/keys/ca.crt
cert ./easy-rsa/keys/server.crt
dh ./easy-rsa/keys/dh1024.pem
server 10.8.0.0 255.255.255.0

push "route 192.168.1.0 255.255.255.0"
ifconfig-pool-persist ipp.txt
client-to-client
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
log         openvpn.log
verb 3
5.啟動openvpn#/etc/init.d/openvpn start

Starting openvpn:                                          [  OK  ]
# ifconfig                #多出的虛擬網卡
tap0      Link encap:Ethernet  HWaddr 66:78:46:2C:A8:8B
           inet addr:10.8.0.1  Bcast:10.8.0.255  Mask:255.255.255.0
           inet6 addr: fe80::6478:46ff:fe2c:a88b/64 Scope:Link
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
           TX packets:27 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:100
           RX bytes:0 (0.0 b)  TX bytes:5728 (5.5 KiB)
客戶端安裝方法和伺服器一樣,不同的是不用拷貝easy-rsa目錄,拷貝配置文件的時候選擇client.conf,把伺服器的ca.crt,client.crt.client.key 拷貝到客戶端

啟動服務即可

注意事項:生成證書時一定要同步好時間,如果伺服器端用nobody運行,別忘記賦予許可權
《解決方案》

謝謝分享

[火星人 ] OpenVPN On CentOS5 配置已經有741次圍觀

http://coctec.com/docs/service/show-post-885.html