| Home | Mirror | Search |
安裝環境CentOS 6.x
過程 18.1. OpenVPN Server
# yum install openvpn
察看openvpn包中的檔案
# rpm -ql openvpn /etc/openvpn /etc/rc.d/init.d/openvpn /usr/lib64/openvpn /usr/lib64/openvpn/plugin /usr/lib64/openvpn/plugin/lib /usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so /usr/lib64/openvpn/plugin/lib/openvpn-down-root.so /usr/sbin/openvpn /usr/share/doc/openvpn-2.1.1 /usr/share/doc/openvpn-2.1.1/AUTHORS /usr/share/doc/openvpn-2.1.1/COPYING /usr/share/doc/openvpn-2.1.1/COPYRIGHT.GPL /usr/share/doc/openvpn-2.1.1/INSTALL /usr/share/doc/openvpn-2.1.1/PORTS /usr/share/doc/openvpn-2.1.1/README /usr/share/doc/openvpn-2.1.1/auth-pam.txt /usr/share/doc/openvpn-2.1.1/contrib /usr/share/doc/openvpn-2.1.1/contrib/README /usr/share/doc/openvpn-2.1.1/contrib/multilevel-init.patch /usr/share/doc/openvpn-2.1.1/contrib/openvpn-fwmarkroute-1.00 /usr/share/doc/openvpn-2.1.1/contrib/openvpn-fwmarkroute-1.00/README /usr/share/doc/openvpn-2.1.1/contrib/openvpn-fwmarkroute-1.00/fwmarkroute.down /usr/share/doc/openvpn-2.1.1/contrib/openvpn-fwmarkroute-1.00/fwmarkroute.up /usr/share/doc/openvpn-2.1.1/contrib/pull-resolv-conf /usr/share/doc/openvpn-2.1.1/contrib/pull-resolv-conf/client.down /usr/share/doc/openvpn-2.1.1/contrib/pull-resolv-conf/client.up /usr/share/doc/openvpn-2.1.1/down-root.txt /usr/share/doc/openvpn-2.1.1/sample-config-files /usr/share/doc/openvpn-2.1.1/sample-config-files/README /usr/share/doc/openvpn-2.1.1/sample-config-files/client.conf /usr/share/doc/openvpn-2.1.1/sample-config-files/firewall.sh /usr/share/doc/openvpn-2.1.1/sample-config-files/home.up /usr/share/doc/openvpn-2.1.1/sample-config-files/loopback-client /usr/share/doc/openvpn-2.1.1/sample-config-files/loopback-server /usr/share/doc/openvpn-2.1.1/sample-config-files/office.up /usr/share/doc/openvpn-2.1.1/sample-config-files/openvpn-shutdown.sh /usr/share/doc/openvpn-2.1.1/sample-config-files/openvpn-startup.sh /usr/share/doc/openvpn-2.1.1/sample-config-files/roadwarrior-client.conf /usr/share/doc/openvpn-2.1.1/sample-config-files/roadwarrior-server.conf /usr/share/doc/openvpn-2.1.1/sample-config-files/server.conf /usr/share/doc/openvpn-2.1.1/sample-config-files/static-home.conf /usr/share/doc/openvpn-2.1.1/sample-config-files/static-office.conf /usr/share/doc/openvpn-2.1.1/sample-config-files/tls-home.conf /usr/share/doc/openvpn-2.1.1/sample-config-files/tls-office.conf /usr/share/doc/openvpn-2.1.1/sample-config-files/xinetd-client-config /usr/share/doc/openvpn-2.1.1/sample-config-files/xinetd-server-config /usr/share/doc/openvpn-2.1.1/sample-keys /usr/share/doc/openvpn-2.1.1/sample-keys/README /usr/share/doc/openvpn-2.1.1/sample-keys/ca.crt /usr/share/doc/openvpn-2.1.1/sample-keys/ca.key /usr/share/doc/openvpn-2.1.1/sample-keys/client.crt /usr/share/doc/openvpn-2.1.1/sample-keys/client.key /usr/share/doc/openvpn-2.1.1/sample-keys/dh1024.pem /usr/share/doc/openvpn-2.1.1/sample-keys/pass.crt /usr/share/doc/openvpn-2.1.1/sample-keys/pass.key /usr/share/doc/openvpn-2.1.1/sample-keys/pkcs12.p12 /usr/share/doc/openvpn-2.1.1/sample-keys/server.crt /usr/share/doc/openvpn-2.1.1/sample-keys/server.key /usr/share/doc/openvpn-2.1.1/sample-scripts /usr/share/doc/openvpn-2.1.1/sample-scripts/auth-pam.pl /usr/share/doc/openvpn-2.1.1/sample-scripts/bridge-start /usr/share/doc/openvpn-2.1.1/sample-scripts/bridge-stop /usr/share/doc/openvpn-2.1.1/sample-scripts/bs /usr/share/doc/openvpn-2.1.1/sample-scripts/openvpn.init /usr/share/doc/openvpn-2.1.1/sample-scripts/openvpn.init.orig /usr/share/doc/openvpn-2.1.1/sample-scripts/ucn.pl /usr/share/doc/openvpn-2.1.1/sample-scripts/verify-cn /usr/share/man/man8/openvpn.8.gz /usr/share/openvpn /usr/share/openvpn/easy-rsa /usr/share/openvpn/easy-rsa/1.0 /usr/share/openvpn/easy-rsa/1.0/README /usr/share/openvpn/easy-rsa/1.0/build-ca /usr/share/openvpn/easy-rsa/1.0/build-dh /usr/share/openvpn/easy-rsa/1.0/build-inter /usr/share/openvpn/easy-rsa/1.0/build-key /usr/share/openvpn/easy-rsa/1.0/build-key-pass /usr/share/openvpn/easy-rsa/1.0/build-key-pkcs12 /usr/share/openvpn/easy-rsa/1.0/build-key-server /usr/share/openvpn/easy-rsa/1.0/build-req /usr/share/openvpn/easy-rsa/1.0/build-req-pass /usr/share/openvpn/easy-rsa/1.0/clean-all /usr/share/openvpn/easy-rsa/1.0/list-crl /usr/share/openvpn/easy-rsa/1.0/make-crl /usr/share/openvpn/easy-rsa/1.0/openssl.cnf /usr/share/openvpn/easy-rsa/1.0/revoke-crt /usr/share/openvpn/easy-rsa/1.0/revoke-full /usr/share/openvpn/easy-rsa/1.0/sign-req /usr/share/openvpn/easy-rsa/1.0/vars /usr/share/openvpn/easy-rsa/2.0 /usr/share/openvpn/easy-rsa/2.0/Makefile /usr/share/openvpn/easy-rsa/2.0/README /usr/share/openvpn/easy-rsa/2.0/build-ca /usr/share/openvpn/easy-rsa/2.0/build-dh /usr/share/openvpn/easy-rsa/2.0/build-inter /usr/share/openvpn/easy-rsa/2.0/build-key /usr/share/openvpn/easy-rsa/2.0/build-key-pass /usr/share/openvpn/easy-rsa/2.0/build-key-pkcs12 /usr/share/openvpn/easy-rsa/2.0/build-key-server /usr/share/openvpn/easy-rsa/2.0/build-req /usr/share/openvpn/easy-rsa/2.0/build-req-pass /usr/share/openvpn/easy-rsa/2.0/clean-all /usr/share/openvpn/easy-rsa/2.0/inherit-inter /usr/share/openvpn/easy-rsa/2.0/list-crl /usr/share/openvpn/easy-rsa/2.0/openssl-0.9.6.cnf /usr/share/openvpn/easy-rsa/2.0/openssl.cnf /usr/share/openvpn/easy-rsa/2.0/pkitool /usr/share/openvpn/easy-rsa/2.0/revoke-full /usr/share/openvpn/easy-rsa/2.0/sign-req /usr/share/openvpn/easy-rsa/2.0/vars /usr/share/openvpn/easy-rsa/2.0/whichopensslcnf /var/run/openvpn
key
# cd /usr/share/openvpn/easy-rsa/2.0/ vim vars export KEY_COUNTRY="CN" export KEY_PROVINCE="GD" export KEY_CITY="Shenzhen" export KEY_ORG="http://www.example.com" export KEY_EMAIL="neo.chen@example.com" # chmod +x * # cp openssl-1.0.0.cnf openssl.cnf # source ./vars ./clean-all ./build-ca ./build-key-server server ./build-key neo ./build-dh # cp keys/ca.key keys/ca.crt keys/dh1024.pem keys/server.key keys/server.crt /etc/openvpn/
server.conf
cp /usr/share/doc/openvpn-2.2.2/sample-config-files/server.conf /etc/openvpn/ vim /etc/openvpn/server.conf
# vim /etc/sysctl.conf # Controls IP packet forwarding net.ipv4.ip_forward = 1
使IP轉發生效
sysctl -w net.ipv4.ip_forward=1
# /etc/init.d/openvpn start Starting openvpn: [ OK ]