Home | Mirror | Search

第 18 章 openvpn - secure IP tunnel daemon.

安裝環境CentOS 6.x

過程 18.1. OpenVPN Server

  1. # yum install openvpn
    			

    察看openvpn包中的檔案

    # rpm -ql openvpn
    /etc/openvpn
    /etc/rc.d/init.d/openvpn
    /usr/lib64/openvpn
    /usr/lib64/openvpn/plugin
    /usr/lib64/openvpn/plugin/lib
    /usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so
    /usr/lib64/openvpn/plugin/lib/openvpn-down-root.so
    /usr/sbin/openvpn
    /usr/share/doc/openvpn-2.1.1
    /usr/share/doc/openvpn-2.1.1/AUTHORS
    /usr/share/doc/openvpn-2.1.1/COPYING
    /usr/share/doc/openvpn-2.1.1/COPYRIGHT.GPL
    /usr/share/doc/openvpn-2.1.1/INSTALL
    /usr/share/doc/openvpn-2.1.1/PORTS
    /usr/share/doc/openvpn-2.1.1/README
    /usr/share/doc/openvpn-2.1.1/auth-pam.txt
    /usr/share/doc/openvpn-2.1.1/contrib
    /usr/share/doc/openvpn-2.1.1/contrib/README
    /usr/share/doc/openvpn-2.1.1/contrib/multilevel-init.patch
    /usr/share/doc/openvpn-2.1.1/contrib/openvpn-fwmarkroute-1.00
    /usr/share/doc/openvpn-2.1.1/contrib/openvpn-fwmarkroute-1.00/README
    /usr/share/doc/openvpn-2.1.1/contrib/openvpn-fwmarkroute-1.00/fwmarkroute.down
    /usr/share/doc/openvpn-2.1.1/contrib/openvpn-fwmarkroute-1.00/fwmarkroute.up
    /usr/share/doc/openvpn-2.1.1/contrib/pull-resolv-conf
    /usr/share/doc/openvpn-2.1.1/contrib/pull-resolv-conf/client.down
    /usr/share/doc/openvpn-2.1.1/contrib/pull-resolv-conf/client.up
    /usr/share/doc/openvpn-2.1.1/down-root.txt
    /usr/share/doc/openvpn-2.1.1/sample-config-files
    /usr/share/doc/openvpn-2.1.1/sample-config-files/README
    /usr/share/doc/openvpn-2.1.1/sample-config-files/client.conf
    /usr/share/doc/openvpn-2.1.1/sample-config-files/firewall.sh
    /usr/share/doc/openvpn-2.1.1/sample-config-files/home.up
    /usr/share/doc/openvpn-2.1.1/sample-config-files/loopback-client
    /usr/share/doc/openvpn-2.1.1/sample-config-files/loopback-server
    /usr/share/doc/openvpn-2.1.1/sample-config-files/office.up
    /usr/share/doc/openvpn-2.1.1/sample-config-files/openvpn-shutdown.sh
    /usr/share/doc/openvpn-2.1.1/sample-config-files/openvpn-startup.sh
    /usr/share/doc/openvpn-2.1.1/sample-config-files/roadwarrior-client.conf
    /usr/share/doc/openvpn-2.1.1/sample-config-files/roadwarrior-server.conf
    /usr/share/doc/openvpn-2.1.1/sample-config-files/server.conf
    /usr/share/doc/openvpn-2.1.1/sample-config-files/static-home.conf
    /usr/share/doc/openvpn-2.1.1/sample-config-files/static-office.conf
    /usr/share/doc/openvpn-2.1.1/sample-config-files/tls-home.conf
    /usr/share/doc/openvpn-2.1.1/sample-config-files/tls-office.conf
    /usr/share/doc/openvpn-2.1.1/sample-config-files/xinetd-client-config
    /usr/share/doc/openvpn-2.1.1/sample-config-files/xinetd-server-config
    /usr/share/doc/openvpn-2.1.1/sample-keys
    /usr/share/doc/openvpn-2.1.1/sample-keys/README
    /usr/share/doc/openvpn-2.1.1/sample-keys/ca.crt
    /usr/share/doc/openvpn-2.1.1/sample-keys/ca.key
    /usr/share/doc/openvpn-2.1.1/sample-keys/client.crt
    /usr/share/doc/openvpn-2.1.1/sample-keys/client.key
    /usr/share/doc/openvpn-2.1.1/sample-keys/dh1024.pem
    /usr/share/doc/openvpn-2.1.1/sample-keys/pass.crt
    /usr/share/doc/openvpn-2.1.1/sample-keys/pass.key
    /usr/share/doc/openvpn-2.1.1/sample-keys/pkcs12.p12
    /usr/share/doc/openvpn-2.1.1/sample-keys/server.crt
    /usr/share/doc/openvpn-2.1.1/sample-keys/server.key
    /usr/share/doc/openvpn-2.1.1/sample-scripts
    /usr/share/doc/openvpn-2.1.1/sample-scripts/auth-pam.pl
    /usr/share/doc/openvpn-2.1.1/sample-scripts/bridge-start
    /usr/share/doc/openvpn-2.1.1/sample-scripts/bridge-stop
    /usr/share/doc/openvpn-2.1.1/sample-scripts/bs
    /usr/share/doc/openvpn-2.1.1/sample-scripts/openvpn.init
    /usr/share/doc/openvpn-2.1.1/sample-scripts/openvpn.init.orig
    /usr/share/doc/openvpn-2.1.1/sample-scripts/ucn.pl
    /usr/share/doc/openvpn-2.1.1/sample-scripts/verify-cn
    /usr/share/man/man8/openvpn.8.gz
    /usr/share/openvpn
    /usr/share/openvpn/easy-rsa
    /usr/share/openvpn/easy-rsa/1.0
    /usr/share/openvpn/easy-rsa/1.0/README
    /usr/share/openvpn/easy-rsa/1.0/build-ca
    /usr/share/openvpn/easy-rsa/1.0/build-dh
    /usr/share/openvpn/easy-rsa/1.0/build-inter
    /usr/share/openvpn/easy-rsa/1.0/build-key
    /usr/share/openvpn/easy-rsa/1.0/build-key-pass
    /usr/share/openvpn/easy-rsa/1.0/build-key-pkcs12
    /usr/share/openvpn/easy-rsa/1.0/build-key-server
    /usr/share/openvpn/easy-rsa/1.0/build-req
    /usr/share/openvpn/easy-rsa/1.0/build-req-pass
    /usr/share/openvpn/easy-rsa/1.0/clean-all
    /usr/share/openvpn/easy-rsa/1.0/list-crl
    /usr/share/openvpn/easy-rsa/1.0/make-crl
    /usr/share/openvpn/easy-rsa/1.0/openssl.cnf
    /usr/share/openvpn/easy-rsa/1.0/revoke-crt
    /usr/share/openvpn/easy-rsa/1.0/revoke-full
    /usr/share/openvpn/easy-rsa/1.0/sign-req
    /usr/share/openvpn/easy-rsa/1.0/vars
    /usr/share/openvpn/easy-rsa/2.0
    /usr/share/openvpn/easy-rsa/2.0/Makefile
    /usr/share/openvpn/easy-rsa/2.0/README
    /usr/share/openvpn/easy-rsa/2.0/build-ca
    /usr/share/openvpn/easy-rsa/2.0/build-dh
    /usr/share/openvpn/easy-rsa/2.0/build-inter
    /usr/share/openvpn/easy-rsa/2.0/build-key
    /usr/share/openvpn/easy-rsa/2.0/build-key-pass
    /usr/share/openvpn/easy-rsa/2.0/build-key-pkcs12
    /usr/share/openvpn/easy-rsa/2.0/build-key-server
    /usr/share/openvpn/easy-rsa/2.0/build-req
    /usr/share/openvpn/easy-rsa/2.0/build-req-pass
    /usr/share/openvpn/easy-rsa/2.0/clean-all
    /usr/share/openvpn/easy-rsa/2.0/inherit-inter
    /usr/share/openvpn/easy-rsa/2.0/list-crl
    /usr/share/openvpn/easy-rsa/2.0/openssl-0.9.6.cnf
    /usr/share/openvpn/easy-rsa/2.0/openssl.cnf
    /usr/share/openvpn/easy-rsa/2.0/pkitool
    /usr/share/openvpn/easy-rsa/2.0/revoke-full
    /usr/share/openvpn/easy-rsa/2.0/sign-req
    /usr/share/openvpn/easy-rsa/2.0/vars
    /usr/share/openvpn/easy-rsa/2.0/whichopensslcnf
    /var/run/openvpn
    			
  2. key
    # cd /usr/share/openvpn/easy-rsa/2.0/
    
    vim vars
    export KEY_COUNTRY="CN"
    export KEY_PROVINCE="GD"
    export KEY_CITY="Shenzhen"
    export KEY_ORG="http://www.example.com"
    export KEY_EMAIL="neo.chen@example.com"
    
    # chmod +x *
    # cp openssl-1.0.0.cnf openssl.cnf
    
    # source ./vars
    ./clean-all
    ./build-ca
    ./build-key-server server
    ./build-key neo
    ./build-dh
    
    # cp keys/ca.key keys/ca.crt keys/dh1024.pem keys/server.key keys/server.crt /etc/openvpn/
    			
  3. server.conf

    cp /usr/share/doc/openvpn-2.2.2/sample-config-files/server.conf /etc/openvpn/
    vim /etc/openvpn/server.conf
    			
  4. # vim /etc/sysctl.conf
    # Controls IP packet forwarding
    net.ipv4.ip_forward = 1
    			

    使IP轉發生效

    sysctl -w net.ipv4.ip_forward=1
    			
  5. # /etc/init.d/openvpn start
    Starting openvpn:                                          [  OK  ]
    			
comments powered by Disqus