Home | 简体中文 | 繁体中文 | 杂文 | Search | ITEYE 博客 | OSChina 博客 | Facebook | Linkedin | 作品与服务 | Email

第 17 章 openvpn - secure IP tunnel daemon.

安装环境CentOS 6.x

过程 17.1. OpenVPN Server

  1. # yum install openvpn easy-rsa
    			

    察看openvpn包中的文件

    # rpm -ql openvpn
    /etc/openvpn
    /etc/rc.d/init.d/openvpn
    /usr/lib64/openvpn
    /usr/lib64/openvpn/plugin
    /usr/lib64/openvpn/plugin/lib
    /usr/lib64/openvpn/plugin/lib/openvpn-auth-pam.so
    /usr/lib64/openvpn/plugin/lib/openvpn-down-root.so
    /usr/lib64/openvpn/plugins
    /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so
    /usr/lib64/openvpn/plugins/openvpn-plugin-down-root.so
    /usr/sbin/openvpn
    /usr/share/doc/openvpn-2.3.2
    /usr/share/doc/openvpn-2.3.2/AUTHORS
    /usr/share/doc/openvpn-2.3.2/COPYING
    /usr/share/doc/openvpn-2.3.2/COPYRIGHT.GPL
    /usr/share/doc/openvpn-2.3.2/INSTALL
    /usr/share/doc/openvpn-2.3.2/PORTS
    /usr/share/doc/openvpn-2.3.2/README
    /usr/share/doc/openvpn-2.3.2/README.auth-pam
    /usr/share/doc/openvpn-2.3.2/README.down-root
    /usr/share/doc/openvpn-2.3.2/contrib
    /usr/share/doc/openvpn-2.3.2/contrib/OCSP_check
    /usr/share/doc/openvpn-2.3.2/contrib/OCSP_check/OCSP_check.sh
    /usr/share/doc/openvpn-2.3.2/contrib/README
    /usr/share/doc/openvpn-2.3.2/contrib/multilevel-init.patch
    /usr/share/doc/openvpn-2.3.2/contrib/openvpn-fwmarkroute-1.00
    /usr/share/doc/openvpn-2.3.2/contrib/openvpn-fwmarkroute-1.00/README
    /usr/share/doc/openvpn-2.3.2/contrib/openvpn-fwmarkroute-1.00/fwmarkroute.down
    /usr/share/doc/openvpn-2.3.2/contrib/openvpn-fwmarkroute-1.00/fwmarkroute.up
    /usr/share/doc/openvpn-2.3.2/contrib/pull-resolv-conf
    /usr/share/doc/openvpn-2.3.2/contrib/pull-resolv-conf/client.down
    /usr/share/doc/openvpn-2.3.2/contrib/pull-resolv-conf/client.up
    /usr/share/doc/openvpn-2.3.2/sample
    /usr/share/doc/openvpn-2.3.2/sample/Makefile
    /usr/share/doc/openvpn-2.3.2/sample/Makefile.am
    /usr/share/doc/openvpn-2.3.2/sample/Makefile.in
    /usr/share/doc/openvpn-2.3.2/sample/sample-config-files
    /usr/share/doc/openvpn-2.3.2/sample/sample-config-files/README
    /usr/share/doc/openvpn-2.3.2/sample/sample-config-files/client.conf
    /usr/share/doc/openvpn-2.3.2/sample/sample-config-files/firewall.sh
    /usr/share/doc/openvpn-2.3.2/sample/sample-config-files/home.up
    /usr/share/doc/openvpn-2.3.2/sample/sample-config-files/loopback-client
    /usr/share/doc/openvpn-2.3.2/sample/sample-config-files/loopback-server
    /usr/share/doc/openvpn-2.3.2/sample/sample-config-files/office.up
    /usr/share/doc/openvpn-2.3.2/sample/sample-config-files/openvpn-shutdown.sh
    /usr/share/doc/openvpn-2.3.2/sample/sample-config-files/openvpn-startup.sh
    /usr/share/doc/openvpn-2.3.2/sample/sample-config-files/roadwarrior-client.conf
    /usr/share/doc/openvpn-2.3.2/sample/sample-config-files/roadwarrior-server.conf
    /usr/share/doc/openvpn-2.3.2/sample/sample-config-files/server.conf
    /usr/share/doc/openvpn-2.3.2/sample/sample-config-files/static-home.conf
    /usr/share/doc/openvpn-2.3.2/sample/sample-config-files/static-office.conf
    /usr/share/doc/openvpn-2.3.2/sample/sample-config-files/tls-home.conf
    /usr/share/doc/openvpn-2.3.2/sample/sample-config-files/tls-office.conf
    /usr/share/doc/openvpn-2.3.2/sample/sample-config-files/xinetd-client-config
    /usr/share/doc/openvpn-2.3.2/sample/sample-config-files/xinetd-server-config
    /usr/share/doc/openvpn-2.3.2/sample/sample-keys
    /usr/share/doc/openvpn-2.3.2/sample/sample-keys/README
    /usr/share/doc/openvpn-2.3.2/sample/sample-keys/ca.crt
    /usr/share/doc/openvpn-2.3.2/sample/sample-keys/ca.key
    /usr/share/doc/openvpn-2.3.2/sample/sample-keys/client.crt
    /usr/share/doc/openvpn-2.3.2/sample/sample-keys/client.key
    /usr/share/doc/openvpn-2.3.2/sample/sample-keys/dh1024.pem
    /usr/share/doc/openvpn-2.3.2/sample/sample-keys/pass.crt
    /usr/share/doc/openvpn-2.3.2/sample/sample-keys/pass.key
    /usr/share/doc/openvpn-2.3.2/sample/sample-keys/pkcs12.p12
    /usr/share/doc/openvpn-2.3.2/sample/sample-keys/server.crt
    /usr/share/doc/openvpn-2.3.2/sample/sample-keys/server.key
    /usr/share/doc/openvpn-2.3.2/sample/sample-plugins
    /usr/share/doc/openvpn-2.3.2/sample/sample-plugins/defer
    /usr/share/doc/openvpn-2.3.2/sample/sample-plugins/defer/README
    /usr/share/doc/openvpn-2.3.2/sample/sample-plugins/defer/build
    /usr/share/doc/openvpn-2.3.2/sample/sample-plugins/defer/simple.c
    /usr/share/doc/openvpn-2.3.2/sample/sample-plugins/defer/simple.def
    /usr/share/doc/openvpn-2.3.2/sample/sample-plugins/defer/winbuild
    /usr/share/doc/openvpn-2.3.2/sample/sample-plugins/log
    /usr/share/doc/openvpn-2.3.2/sample/sample-plugins/log/build
    /usr/share/doc/openvpn-2.3.2/sample/sample-plugins/log/log.c
    /usr/share/doc/openvpn-2.3.2/sample/sample-plugins/log/log_v3.c
    /usr/share/doc/openvpn-2.3.2/sample/sample-plugins/log/winbuild
    /usr/share/doc/openvpn-2.3.2/sample/sample-plugins/simple
    /usr/share/doc/openvpn-2.3.2/sample/sample-plugins/simple/README
    /usr/share/doc/openvpn-2.3.2/sample/sample-plugins/simple/build
    /usr/share/doc/openvpn-2.3.2/sample/sample-plugins/simple/simple.c
    /usr/share/doc/openvpn-2.3.2/sample/sample-plugins/simple/simple.def
    /usr/share/doc/openvpn-2.3.2/sample/sample-plugins/simple/winbuild
    /usr/share/doc/openvpn-2.3.2/sample/sample-scripts
    /usr/share/doc/openvpn-2.3.2/sample/sample-scripts/auth-pam.pl
    /usr/share/doc/openvpn-2.3.2/sample/sample-scripts/bridge-start
    /usr/share/doc/openvpn-2.3.2/sample/sample-scripts/bridge-stop
    /usr/share/doc/openvpn-2.3.2/sample/sample-scripts/ucn.pl
    /usr/share/doc/openvpn-2.3.2/sample/sample-scripts/verify-cn
    /usr/share/doc/openvpn-2.3.2/sample/sample-windows
    /usr/share/doc/openvpn-2.3.2/sample/sample-windows/sample.ovpn
    /usr/share/man/man8/openvpn.8.gz
    /usr/share/openvpn
    /var/run/openvpn
    
    # rpm -ql easy-rsa
    /usr/share/doc/easy-rsa-2.2.0
    /usr/share/doc/easy-rsa-2.2.0/COPYING
    /usr/share/doc/easy-rsa-2.2.0/COPYRIGHT.GPL
    /usr/share/doc/easy-rsa-2.2.0/doc
    /usr/share/doc/easy-rsa-2.2.0/doc/Makefile.am
    /usr/share/doc/easy-rsa-2.2.0/doc/README-1.0
    /usr/share/doc/easy-rsa-2.2.0/doc/README-2.0
    /usr/share/easy-rsa
    /usr/share/easy-rsa/2.0
    /usr/share/easy-rsa/2.0/build-ca
    /usr/share/easy-rsa/2.0/build-dh
    /usr/share/easy-rsa/2.0/build-inter
    /usr/share/easy-rsa/2.0/build-key
    /usr/share/easy-rsa/2.0/build-key-pass
    /usr/share/easy-rsa/2.0/build-key-pkcs12
    /usr/share/easy-rsa/2.0/build-key-server
    /usr/share/easy-rsa/2.0/build-req
    /usr/share/easy-rsa/2.0/build-req-pass
    /usr/share/easy-rsa/2.0/clean-all
    /usr/share/easy-rsa/2.0/inherit-inter
    /usr/share/easy-rsa/2.0/list-crl
    /usr/share/easy-rsa/2.0/openssl-0.9.6.cnf
    /usr/share/easy-rsa/2.0/openssl-0.9.8.cnf
    /usr/share/easy-rsa/2.0/openssl-1.0.0.cnf
    /usr/share/easy-rsa/2.0/pkitool
    /usr/share/easy-rsa/2.0/revoke-full
    /usr/share/easy-rsa/2.0/sign-req
    /usr/share/easy-rsa/2.0/vars
    /usr/share/easy-rsa/2.0/whichopensslcnf
    			
  2. key
    # cd /usr/share/openvpn/easy-rsa/2.0/
    
    vim vars
    export KEY_COUNTRY="CN"
    export KEY_PROVINCE="GD"
    export KEY_CITY="Shenzhen"
    export KEY_ORG="http://www.example.com"
    export KEY_EMAIL="neo.chen@example.com"
    
    # chmod +x *
    # cp openssl-1.0.0.cnf openssl.cnf
    
    # source ./vars
    ./clean-all
    ./build-ca
    ./build-key-server server
    ./build-dh
    ./build-key neo
    
    # cp keys/ca.key keys/ca.crt keys/dh1024.pem keys/server.key keys/server.crt /etc/openvpn/
    			
  3. server.conf

    cp keys/ca.key keys/ca.crt keys/dh1024.pem keys/server.key keys/server.crt /etc/openvpn/
    vim /etc/openvpn/server.conf
    			
  4. 启用IP转发

    # vim /etc/sysctl.conf
    # Controls IP packet forwarding
    net.ipv4.ip_forward = 1
    			

    net.ipv4.ip_forward = 1 使IP转发生效

    sysctl -w net.ipv4.ip_forward=1
    			
  5. # /etc/init.d/openvpn start
    Starting openvpn:                                          [  OK  ]
    			
comments powered by Disqus