Skip to content


centos5.8 LINUX 安装openvpn

1.下载

  1. wget http://www.oberhumer.com/opensource/lzo/download/lzo-2.06.tar.gz
  2. wget https://nodeload.github.com/OpenVPN/openvpn/zip/release/2.3
  3. wget http://swupdate.openvpn.org/community/releases/openvpn-2.3.0.tar.gz

2.安装LZO

  1. tar -xvzf lzo-2.06.tar.gz
  2. cd lzo-2.06
  3. ./configure --prefix=/usr/local/lzo-2.06
  4. make && make install

3.安装openvpn

  1. tar zxvf openvpn-2.3.0.tar.gz
  2. cd  openvpn-2.3.0
  3. ./configure --prefix=/usr/local/openvpn-2.3.0 --with-lzo-headers=/usr/local/lzo/include/lzo-2.06 --with-lzo-lib=/usr/local/lzo-2.06/lib --with-ssl-headers=/usr/include/openssl/ --with-ssl-lib=/usr/lib/openssl/

如果有错误
openvpn error: lzo enabled but missing
可以尝试下面

  1. ldconfig
  2. CFLAGS="-I/usr/local/include" LDFLAGS="-L/usr/local/lib"
  3. ./configure --prefix=/usr/local/openvpn-2.3.0
  4.  
  5. make && make install

安装后提示

  1. (1)  make device node:         mknod /dev/net/tun c 10 200
  2.   (2a) add to /etc/modules.conf: alias char-major-10-200 tun
  3.   (2b) load driver:              modprobe tun
  4.   (3)  enable routing:           echo 1 > /proc/sys/net/ipv4/ip_forward

4.创建tun

  1. mknod /dev/net/tun c 10 200

5.复制服务端样例配置文件

  1. mkdir /etc/openvpn
  2. cp sample/sample-config-files/server.conf /etc/openvpn/

6.下载easy-rsa

  1. wget  https://nodeload.github.com/OpenVPN/easy-rsa/zip/master
  2. unzip master
  3. cd easy-rsa-master
  4. cp -R easy-rsa/ /etc/openvpn/

7.创建证书
cd /etc/openvpn/easy-rsa/2.0/
这下面的文件做简单介绍:
vars 脚本,是用来创建环境变量,设置所需要的变量的脚本
clean-all 脚本,是创建生成CA证书及密钥 文件所需要的文件和目录
build-ca 脚本,生成CA证书(交互)
build-dh 脚本,生成Diffie-Hellman文件(交互)
build-key-server 脚本,生成服务器端密钥(交互)
build-key 脚本,生成客户端密钥(交互)
pkitool 脚本,直接使用vars的环境变量设置直接生成证书(非交互)

a.初始化keys文件

  1. . ./vars (注意有两个点,两个点之间有空格)
  2. ./clean-all
  3. ./build-ca   (一路按回车就可以)

b.生成Diffie-Hellman文件

  1. ./build-dh

c.生成VPN server ca证书

  1. ./build-key-server server

然后把刚生成的CA证书和密钥copy到/etc/openvpn/下

  1. cd keys
  2. cp ca.crt ca.key server.crt server.key dh2048.pem /etc/openvpn/

d.生成客户端CA证书及密钥

  1. ./build-key client

打包客户端证书 供客户端使用

  1. tar zcvf userkeys.tar.gz ca.crt ca.key client.crt client.key client.csr

8.编辑配置文件
vi /etc/openvpn/openvpn.conf

  1. port 8099
  2. proto udp
  3. dev tun
  4. ca /etc/openvpn/ca.crt
  5. cert /etc/openvpn/server.crt
  6. key /etc/openvpn/server.key  # This file should be kept secret
  7. dh /etc/openvpn/dh2048.pem
  8. server 172.16.1.0 255.255.255.0
  9. ifconfig-pool-persist ipp.txt
  10. push "dhcp-option DNS 8.8.8.8"
  11. client-to-client
  12. duplicate-cn
  13. keepalive 10 120
  14. comp-lzo
  15. user nobody
  16. group nobody
  17. persist-key
  18. persist-tun
  19. status /var/log/openvpn-status.log
  20. log         /var/log/openvpn.log
  21. log-append  /var/log/openvpn.log
  22. verb 3

9.启动和查看openvpn

  1. ln -s /usr/local/openvpn-2.3.0 /usr/local/openvpn
  2. /usr/local/openvpn/sbin/openvpn --daemon --config /etc/openvpn/openvpn.conf
  3. netstat -tunlp

10.开启iptables

  1. iptables -t nat -A POSTROUTING -o eth0 -s 172.16.2.0/24  -j SNAT --to-source 100.100.100.100
  2. iptables -A INPUT -p udp -m state --state NEW -m udp --dport 8099 -j ACCEPT
  3. iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 8099 -j ACCEPT
  4. iptables -t nat -A POSTROUTING -o eth0 -s 172.16.1.0/24  -j SNAT --to-source 100.100.100.100

100.100.100.100为vpn服务器外网卡eth0的IP地址,这是保证客户端能翻墙上网。也可以这样设置

  1. iptables -t nat -A POSTROUTING -o eth0 -s 172.16.2.0/24 -j MASQUERADE

这应该是一种比较通用方法,适合ADSL拨号的动态公网地址

11.
客户端安装和配置
我的客户端是windowsXP系统的。从openvpn官网下载最新的客户端,然后安装,过程一直下一步就OK了。
完成之后我们需要把VPN-server服务器上的/etc/openvpn/keys/ 目录下的ca.crt、client.crt、client.key三个文件复制到“C:\Program Files\openvpn\config\keys”文件夹内。
然后连接

http://swupdate.openvpn.org/community/releases/openvpn-install-2.3.0-I004-i686.exe

ps:openvpn需安装客户端,多用户也不能同时连接.

参考:
http://lxsym.blog.51cto.com/1364623/772075
http://blog.jiechic.com/archives/budgetvm-install-openvpn-vpn-vps-server
http://www.itdhz.com/post-287.html
http://www.kdolphin.com/1120
http://blog.creke.net/748.html
http://luxiaok.blog.51cto.com/2177896/1078375
http://docs.linuxtone.org/ebooks/VPN/openvpn%E9%9B%86%E5%90%88.pdf

Posted in VPN.

Tagged with , .


No Responses (yet)

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.



Some HTML is OK

or, reply to this post via trackback.