| 知乎专栏 |
目录
请参考下面安装
http://netkiller.github.io/linux/network/vpn/index.html#openvpn
http://netkiller.github.io/centos/network/openvpn.html
启用IP转发
# vim /etc/sysctl.conf # Controls IP packet forwarding net.ipv4.ip_forward = 1
net.ipv4.ip_forward = 1 使IP转发生效
sysctl -w net.ipv4.ip_forward=1
安装openvpn按顺序运行即可
yum install openvpn easy-rsa -y chkconfig openvpn on cp /usr/share/doc/openvpn-2.3.2/sample/sample-config-files/server.conf /etc/openvpn/ cd /usr/share/easy-rsa/2.0 cat >> vars <<EOF # Add by BG7NYT export KEY_COUNTRY="CN" export KEY_PROVINCE="GD" export KEY_CITY="Shenzhen" export KEY_ORG="Personal Amateur Radiostations of P.R.China" export KEY_EMAIL="bg7nyt@163.com" export KEY_CN=http://netkiller.github.io export KEY_NAME=BG7NYT export KEY_OU=Mototrbo EOF source ./vars ./clean-all ./build-ca ./build-key-server server ./build-dh ./build-key node1 ./build-key node2 cp keys/ca.key keys/ca.crt keys/dh1024.pem keys/server.key keys/server.crt /etc/openvpn/ service openvpn start iptables -A INPUT -p udp --dport 1194 -j ACCEPT
启用IP转发
# vim /etc/sysctl.conf # Controls IP packet forwarding net.ipv4.ip_forward = 1
net.ipv4.ip_forward = 1 使IP转发生效
sysctl -w net.ipv4.ip_forward=1
安装openvpn客户端
yum install openvpn -y chkconfig openvpn on cp /usr/share/doc/openvpn-2.3.2/sample/sample-config-files/client.conf /etc/openvpn/
将build-key生成的节点证书复制到节点服务器/etc/openvpn/目录中
cp keys/ca.crt keys/node1.key keys/node1.crt /etc/openvpn/
启动openvpn客户端
service openvpn start
3台linux服务器运行openvpn服务后可以看到一个tun0网络适配器,我们相互ping对方的tun0上的IP地址即可,正常应该全部都通,不通请查看防火墙配置。
服务器tun0状态
# ifconfig tun0
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:4 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:240 (240.0 b) TX bytes:0 (0.0 b)
节点1的 tun0
# ifconfig tun0
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.10 P-t-P:10.8.0.9 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:22 errors:0 dropped:0 overruns:0 frame:0
TX packets:25 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:2257 (2.2 KiB) TX bytes:3757 (3.6 KiB)
服务器到节点
# ping 10.8.0.6 -c3 PING 10.8.0.6 (10.8.0.6) 56(84) bytes of data. 64 bytes from 10.8.0.6: icmp_seq=1 ttl=128 time=20.9 ms 64 bytes from 10.8.0.6: icmp_seq=2 ttl=128 time=20.1 ms 64 bytes from 10.8.0.6: icmp_seq=3 ttl=128 time=20.1 ms --- 10.8.0.6 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2001ms rtt min/avg/max/mdev = 20.118/20.414/20.939/0.389 ms # ping 10.8.0.10 -c3 PING 10.8.0.10 (10.8.0.10) 56(84) bytes of data. 64 bytes from 10.8.0.10: icmp_seq=1 ttl=64 time=14.4 ms 64 bytes from 10.8.0.10: icmp_seq=2 ttl=64 time=17.0 ms 64 bytes from 10.8.0.10: icmp_seq=3 ttl=64 time=14.0 ms --- 10.8.0.10 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2000ms rtt min/avg/max/mdev = 14.068/15.170/17.005/1.313 ms
节点到服务器
# ping 10.8.0.1 -c3 PING 10.8.0.1 (10.8.0.1) 56(84) bytes of data. 64 bytes from 10.8.0.1: icmp_seq=1 ttl=64 time=14.0 ms 64 bytes from 10.8.0.1: icmp_seq=2 ttl=64 time=14.0 ms 64 bytes from 10.8.0.1: icmp_seq=3 ttl=64 time=15.8 ms --- 10.8.0.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2018ms rtt min/avg/max/mdev = 14.006/14.618/15.831/0.857 ms
节点到节点
# ping 10.8.0.6 -c3 PING 10.8.0.6 (10.8.0.6) 56(84) bytes of data. 64 bytes from 10.8.0.6: icmp_seq=1 ttl=128 time=34.1 ms 64 bytes from 10.8.0.6: icmp_seq=2 ttl=128 time=36.6 ms 64 bytes from 10.8.0.6: icmp_seq=3 ttl=128 time=33.0 ms --- 10.8.0.6 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2036ms rtt min/avg/max/mdev = 33.047/34.605/36.654/1.520 ms