目錄
請參考下面安裝
http://netkiller.github.io/linux/network/vpn/index.html#openvpn
http://netkiller.github.io/centos/network/openvpn.html
啟用IP轉發
# vim /etc/sysctl.conf # Controls IP packet forwarding net.ipv4.ip_forward = 1
net.ipv4.ip_forward = 1 使IP轉發生效
sysctl -w net.ipv4.ip_forward=1
安裝openvpn按順序運行即可
yum install openvpn easy-rsa -y chkconfig openvpn on cp /usr/share/doc/openvpn-2.3.2/sample/sample-config-files/server.conf /etc/openvpn/ cd /usr/share/easy-rsa/2.0 cat >> vars <<EOF # Add by BG7NYT export KEY_COUNTRY="CN" export KEY_PROVINCE="GD" export KEY_CITY="Shenzhen" export KEY_ORG="Personal Amateur Radiostations of P.R.China" export KEY_EMAIL="bg7nyt@163.com" export KEY_CN=http://netkiller.github.io export KEY_NAME=BG7NYT export KEY_OU=Mototrbo EOF source ./vars ./clean-all ./build-ca ./build-key-server server ./build-dh ./build-key node1 ./build-key node2 cp keys/ca.key keys/ca.crt keys/dh1024.pem keys/server.key keys/server.crt /etc/openvpn/ service openvpn start iptables -A INPUT -p udp --dport 1194 -j ACCEPT
啟用IP轉發
# vim /etc/sysctl.conf # Controls IP packet forwarding net.ipv4.ip_forward = 1
net.ipv4.ip_forward = 1 使IP轉發生效
sysctl -w net.ipv4.ip_forward=1
安裝openvpn客戶端
yum install openvpn -y chkconfig openvpn on cp /usr/share/doc/openvpn-2.3.2/sample/sample-config-files/client.conf /etc/openvpn/
將build-key生成的節點證書複製到節點伺服器/etc/openvpn/目錄中
cp keys/ca.crt keys/node1.key keys/node1.crt /etc/openvpn/
啟動openvpn客戶端
service openvpn start
3台linux伺服器運行openvpn服務後可以看到一個tun0網絡適配器,我們相互ping對方的tun0上的IP地址即可,正常應該全部都通,不通請查看防火牆配置。
伺服器tun0狀態
# ifconfig tun0
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:4 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:240 (240.0 b) TX bytes:0 (0.0 b)
節點1的 tun0
# ifconfig tun0
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.10 P-t-P:10.8.0.9 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:22 errors:0 dropped:0 overruns:0 frame:0
TX packets:25 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:2257 (2.2 KiB) TX bytes:3757 (3.6 KiB)
伺服器到節點
# ping 10.8.0.6 -c3 PING 10.8.0.6 (10.8.0.6) 56(84) bytes of data. 64 bytes from 10.8.0.6: icmp_seq=1 ttl=128 time=20.9 ms 64 bytes from 10.8.0.6: icmp_seq=2 ttl=128 time=20.1 ms 64 bytes from 10.8.0.6: icmp_seq=3 ttl=128 time=20.1 ms --- 10.8.0.6 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2001ms rtt min/avg/max/mdev = 20.118/20.414/20.939/0.389 ms # ping 10.8.0.10 -c3 PING 10.8.0.10 (10.8.0.10) 56(84) bytes of data. 64 bytes from 10.8.0.10: icmp_seq=1 ttl=64 time=14.4 ms 64 bytes from 10.8.0.10: icmp_seq=2 ttl=64 time=17.0 ms 64 bytes from 10.8.0.10: icmp_seq=3 ttl=64 time=14.0 ms --- 10.8.0.10 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2000ms rtt min/avg/max/mdev = 14.068/15.170/17.005/1.313 ms
節點到伺服器
# ping 10.8.0.1 -c3 PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data. 64 bytes from 10.8.0.1: icmp_seq=1 ttl=64 time=14.0 ms 64 bytes from 10.8.0.1: icmp_seq=2 ttl=64 time=14.0 ms 64 bytes from 10.8.0.1: icmp_seq=3 ttl=64 time=15.8 ms --- 10.8.0.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2018ms rtt min/avg/max/mdev = 14.006/14.618/15.831/0.857 ms
節點到節點
# ping 10.8.0.6 -c3 PING 10.8.0.6 (10.8.0.6) 56(84) bytes of data. 64 bytes from 10.8.0.6: icmp_seq=1 ttl=128 time=34.1 ms 64 bytes from 10.8.0.6: icmp_seq=2 ttl=128 time=36.6 ms 64 bytes from 10.8.0.6: icmp_seq=3 ttl=128 time=33.0 ms --- 10.8.0.6 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2036ms rtt min/avg/max/mdev = 33.047/34.605/36.654/1.520 ms