Home | 簡體中文 | 繁體中文 | 雜文 | Search | ITEYE 博客 | OSChina 博客 | Facebook | Linkedin | Email

1.2. VPN伺服器

請參考下面安裝

http://netkiller.github.io/linux/network/vpn/index.html#openvpn

http://netkiller.github.io/centos/network/openvpn.html

1.2.1. 伺服器端

啟用IP轉發

# vim /etc/sysctl.conf
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
		

net.ipv4.ip_forward = 1 使IP轉發生效

sysctl -w net.ipv4.ip_forward=1
		

安裝openvpn按順序運行即可

		
yum install openvpn easy-rsa -y
chkconfig openvpn on

cp /usr/share/doc/openvpn-2.3.2/sample/sample-config-files/server.conf /etc/openvpn/
cd /usr/share/easy-rsa/2.0

cat >> vars <<EOF
# Add by BG7NYT
export KEY_COUNTRY="CN"
export KEY_PROVINCE="GD"
export KEY_CITY="Shenzhen"
export KEY_ORG="Personal Amateur Radiostations of P.R.China"
export KEY_EMAIL="bg7nyt@163.com"
export KEY_CN=http://netkiller.github.io
export KEY_NAME=BG7NYT
export KEY_OU=Mototrbo
EOF

source ./vars
./clean-all
./build-ca
./build-key-server server
./build-dh
./build-key node1
./build-key node2

cp keys/ca.key keys/ca.crt keys/dh1024.pem keys/server.key keys/server.crt /etc/openvpn/

service openvpn start

iptables -A INPUT -p udp --dport 1194 -j ACCEPT
		
		

1.2.2. 中繼節點端

啟用IP轉發

# vim /etc/sysctl.conf
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
		

net.ipv4.ip_forward = 1 使IP轉發生效

sysctl -w net.ipv4.ip_forward=1
		

安裝openvpn客戶端

		
yum install openvpn -y
chkconfig openvpn on
cp /usr/share/doc/openvpn-2.3.2/sample/sample-config-files/client.conf /etc/openvpn/
		
		

將build-key生成的節點證書複製到節點伺服器/etc/openvpn/目錄中

cp keys/ca.crt keys/node1.key keys/node1.crt /etc/openvpn/
		

啟動openvpn客戶端

service openvpn start
		

1.2.3. 測試vpn是否可用

3台linux伺服器運行openvpn服務後可以看到一個tun0網絡適配器,我們相互ping對方的tun0上的IP地址即可,正常應該全部都通,不通請查看防火牆配置。

伺服器tun0狀態

# ifconfig tun0
tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:4 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:240 (240.0 b)  TX bytes:0 (0.0 b)
		

節點1的 tun0

# ifconfig tun0
tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.8.0.10  P-t-P:10.8.0.9  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:22 errors:0 dropped:0 overruns:0 frame:0
          TX packets:25 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:2257 (2.2 KiB)  TX bytes:3757 (3.6 KiB)
		

伺服器到節點

# ping 10.8.0.6 -c3
PING 10.8.0.6 (10.8.0.6) 56(84) bytes of data.
64 bytes from 10.8.0.6: icmp_seq=1 ttl=128 time=20.9 ms
64 bytes from 10.8.0.6: icmp_seq=2 ttl=128 time=20.1 ms
64 bytes from 10.8.0.6: icmp_seq=3 ttl=128 time=20.1 ms

--- 10.8.0.6 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 20.118/20.414/20.939/0.389 ms


# ping 10.8.0.10 -c3
PING 10.8.0.10 (10.8.0.10) 56(84) bytes of data.
64 bytes from 10.8.0.10: icmp_seq=1 ttl=64 time=14.4 ms
64 bytes from 10.8.0.10: icmp_seq=2 ttl=64 time=17.0 ms
64 bytes from 10.8.0.10: icmp_seq=3 ttl=64 time=14.0 ms

--- 10.8.0.10 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 14.068/15.170/17.005/1.313 ms

		

節點到伺服器

# ping 10.8.0.1 -c3
PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data.
64 bytes from 10.8.0.1: icmp_seq=1 ttl=64 time=14.0 ms
64 bytes from 10.8.0.1: icmp_seq=2 ttl=64 time=14.0 ms
64 bytes from 10.8.0.1: icmp_seq=3 ttl=64 time=15.8 ms

--- 10.8.0.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2018ms
rtt min/avg/max/mdev = 14.006/14.618/15.831/0.857 ms
		

節點到節點

# ping 10.8.0.6 -c3
PING 10.8.0.6 (10.8.0.6) 56(84) bytes of data.
64 bytes from 10.8.0.6: icmp_seq=1 ttl=128 time=34.1 ms
64 bytes from 10.8.0.6: icmp_seq=2 ttl=128 time=36.6 ms
64 bytes from 10.8.0.6: icmp_seq=3 ttl=128 time=33.0 ms

--- 10.8.0.6 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2036ms
rtt min/avg/max/mdev = 33.047/34.605/36.654/1.520 ms
		
comments powered by Disqus