1.下载
wget http://www.oberhumer.com/opensource/lzo/download/lzo-2.06.tar.gz wget https://nodeload.github.com/OpenVPN/openvpn/zip/release/2.3 wget http://swupdate.openvpn.org/community/releases/openvpn-2.3.0.tar.gz2.安装LZO
tar -xvzf lzo-2.06.tar.gz cd lzo-2.06 ./configure –prefix=/usr/local/lzo-2.06 make && make install3.安装openvpn
tar zxvf openvpn-2.3.0.tar.gz cd openvpn-2.3.0 ./configure –prefix=/usr/local/openvpn-2.3.0 –with-lzo-headers=/usr/local/lzo/include/lzo-2.06 –with-lzo-lib=/usr/local/lzo-2.06/lib –with-ssl-headers=/usr/include/openssl/ –with-ssl-lib=/usr/lib/openssl/如果有错误 openvpn error: lzo enabled but missing 可以尝试下面
ldconfig CFLAGS=”-I/usr/local/include” LDFLAGS=”-L/usr/local/lib” ./configure –prefix=/usr/local/openvpn-2.3.0 make && make install安装后提示
(1) make device node: mknod /dev/net/tun c 10 200 (2a) add to /etc/modules.conf: alias char-major-10-200 tun (2b) load driver: modprobe tun (3) enable routing: echo 1 > /proc/sys/net/ipv4/ip_forward4.创建tun
mknod /dev/net/tun c 10 2005.复制服务端样例配置文件
mkdir /etc/openvpn cp sample/sample-config-files/server.conf /etc/openvpn/6.下载easy-rsa
wget https://nodeload.github.com/OpenVPN/easy-rsa/zip/master unzip master cd easy-rsa-master cp -R easy-rsa/ /etc/openvpn/7.创建证书 cd /etc/openvpn/easy-rsa/2.0/ 这下面的文件做简单介绍: vars 脚本,是用来创建环境变量,设置所需要的变量的脚本 clean-all 脚本,是创建生成CA证书及密钥 文件所需要的文件和目录 build-ca 脚本,生成CA证书(交互) build-dh 脚本,生成Diffie-Hellman文件(交互) build-key-server 脚本,生成服务器端密钥(交互) build-key 脚本,生成客户端密钥(交互) pkitool 脚本,直接使用vars的环境变量设置直接生成证书(非交互)
a.初始化keys文件
. ./vars (注意有两个点,两个点之间有空格) ./clean-all ./build-ca (一路按回车就可以)b.生成Diffie-Hellman文件
./build-dhc.生成VPN server ca证书
./build-key-server server然后把刚生成的CA证书和密钥copy到/etc/openvpn/下
cd keys cp ca.crt ca.key server.crt server.key dh2048.pem /etc/openvpn/d.生成客户端CA证书及密钥
./build-key client打包客户端证书 供客户端使用
tar zcvf userkeys.tar.gz ca.crt ca.key client.crt client.key client.csr8.编辑配置文件 vi /etc/openvpn/openvpn.conf
port 8099 proto udp dev tun ca /etc/openvpn/ca.crt cert /etc/openvpn/server.crt key /etc/openvpn/server.key # This file should be kept secret dh /etc/openvpn/dh2048.pem server 172.16.1.0 255.255.255.0 ifconfig-pool-persist ipp.txt push “dhcp-option DNS 8.8.8.8” client-to-client duplicate-cn keepalive 10 120 comp-lzo user nobody group nobody persist-key persist-tun status /var/log/openvpn-status.log log /var/log/openvpn.log log-append /var/log/openvpn.log verb 39.启动和查看openvpn
ln -s /usr/local/openvpn-2.3.0 /usr/local/openvpn /usr/local/openvpn/sbin/openvpn –daemon –config /etc/openvpn/openvpn.conf netstat -tunlp10.开启iptables
iptables -t nat -A POSTROUTING -o eth0 -s 172.16.2.0/24 -j SNAT –to-source 100.100.100.100 iptables -A INPUT -p udp -m state –state NEW -m udp –dport 8099 -j ACCEPT iptables -A INPUT -p tcp -m state –state NEW -m tcp –dport 8099 -j ACCEPT iptables -t nat -A POSTROUTING -o eth0 -s 172.16.1.0/24 -j SNAT –to-source 100.100.100.100100.100.100.100为vpn服务器外网卡eth0的IP地址,这是保证客户端能翻墙上网。也可以这样设置
iptables -t nat -A POSTROUTING -o eth0 -s 172.16.2.0/24 -j MASQUERADE这应该是一种比较通用方法,适合ADSL拨号的动态公网地址
11. 客户端安装和配置 我的客户端是windowsXP系统的。从openvpn官网下载最新的客户端,然后安装,过程一直下一步就OK了。 完成之后我们需要把VPN-server服务器上的/etc/openvpn/keys/ 目录下的ca.crt、client.crt、client.key三个文件复制到“C:\Program Files\openvpn\config\keys”文件夹内。 然后连接
http://swupdate.openvpn.org/community/releases/openvpn-install-2.3.0-I004-i686.exe
ps:openvpn需安装客户端,多用户也不能同时连接.
参考: http://lxsym.blog.51cto.com/1364623/772075 http://blog.jiechic.com/archives/budgetvm-install-openvpn-vpn-vps-server http://www.itdhz.com/post-287.html http://www.kdolphin.com/1120 http://blog.creke.net/748.html http://luxiaok.blog.51cto.com/2177896/1078375 http://docs.linuxtone.org/ebooks/VPN/openvpn%E9%9B%86%E5%90%88.pdf
No Responses (yet)
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.