一、安装:
tar zxvf lzo-2.06.tar.gz cd lzo-2.06./configure makemake installcd ..tar zxvf openvpn-2.3.2.tar.gz ./configure --enable-password-savemakemake installcd ..
下载https://github.com/OpenVPN/easy-rsa 下载一个zip包(新版中已经不包含这个包)
unzip easy-rsa-master.zipcd easy-rsa-mastermkdir /etc/openvpncp -r easy-rsa /etc/openvpn/cp sample/sample-config-files/server.conf /etc/openvpn/cd /etc/openvpn/easy-rsa/2.0/ln -s openssl-1.0.0.cnf openssl.cnf
二、配置:将vars的下面这段默认值:
export KEY_COUNTRY="CN"export KEY_PROVINCE="Js"export KEY_CITY="suzhou"export KEY_ORG="szl"export KEY_EMAIL="jack@kuutown.com"export KEY_OU="IT"
source ./vars./clean-all #清除原有不需要的证书./build-ca #生成证书,初始化参数,vars已经改好,一路回车就好./build-key-server server #指定服务端的证书名为it_server#初始化参数一路按回车默认即可,下面几项需要手动填写A challenge password []:071103 #输入一个密码An optional company name []:然后是输入两次Y回车
生成client证书,如果需要多cilent则分别执行几次,其不同的名字以便区分。./build-key bob #这里指定客户端的证书名子是bobA challenge password []:LVS@071103 #输入同上面一致的密码An optional company name []:然后是输入两次Y回车
ll keystotal 72-rw-r--r-- 1 root root 3974 Aug 7 10:42 01.pem-rw-r--r-- 1 root root 3849 Aug 7 10:43 02.pem-rw-r--r-- 1 root root 3849 Aug 7 10:43 bob.crt-rw-r--r-- 1 root root 729 Aug 7 10:43 bob.csr-rw------- 1 root root 916 Aug 7 10:43 bob.key-rw-r--r-- 1 root root 1298 Aug 7 10:41 ca.crt-rw------- 1 root root 916 Aug 7 10:41 ca.key-rw-r--r-- 1 root root 245 Aug 7 10:43 dh1024.pem-rw-r--r-- 1 root root 231 Aug 7 10:43 index.txt-rw-r--r-- 1 root root 21 Aug 7 10:43 index.txt.attr-rw-r--r-- 1 root root 21 Aug 7 10:42 index.txt.attr.old-rw-r--r-- 1 root root 117 Aug 7 10:42 index.txt.old-rw-r--r-- 1 root root 3 Aug 7 10:43 serial-rw-r--r-- 1 root root 3 Aug 7 10:42 serial.old-rw-r--r-- 1 root root 3974 Aug 7 10:42 server.crt-rw-r--r-- 1 root root 733 Aug 7 10:42 server.csr-rw------- 1 root root 916 Aug 7 10:42 server.key-rw------- 1 root root 636 Aug 7 10:44 ta.key
打包下载:
# tar czvf keys.tar.gz keys/# sz keys.tar.gz# cp -r keys /etc/openvpn/# cd /etc/openvpn/# cat server.confport 1194proto udpdev tunserver 10.8.0.0 255.255.255.0push "route 192.168.10.0 255.255.255.0"push "dhcp-option DNS 60.191.244.2"push "dhcp-option DNS 61.153.35.48"ifconfig-pool-persist /etc/openvpn/ipp.txtca /etc/openvpn/keys/ca.crtcert /etc/openvpn/keys/server.crtkey /etc/openvpn/keys/server.keydh /etc/openvpn/keys/dh2048.pemtls-auth /etc/openvpn/keys/ta.key 0keepalive 10 120comp-lzostatus /etc/openvpn/openvpn-status.loglog /etc/openvpn/openvpn.loglog-append /etc/openvpn/openvpn.logverb 4persist-keypersist-tun# echo "/usr/local/openvpn/sbin/openvpn --config /etc/openvpn/server.conf > /dev/null 2>&1 &" >> /etc/rc.local# /usr/local/openvpn/sbin/openvpn --config /etc/openvpn/server.conf &
刚刚我们已经用sz将keys.tar.gz下载到本地现在来设置客户端,我用的是windows7 64bit的系统,因此我们要下载一个openvpn gui for windows.从google下载Win7 64bit可用的OpenVPN GUI客户端.地址:https://code.google.com/p/vpntech/downloads/detail?name=openvpn-2.1.1-gui-1.0.3-install-cn-64bit.zip&can=2&q=安装好后,将证书(bob.crtbob.csrbob.keyca.crtta.key)拷入OpenVPNconfig目录下创建配置文件:client.ovpn内容如下:
clientdev tunproto udpremote 192.168.2.208 1194persist-keypersist-tunca ca.crtcert bob.crtkey bob.keyns-cert-type servercomp-lzoverb 4;redirect-gateway def1tls-auth ta.key 1
easy-rsa-old-masterblog里面用到的easy-rsa
openssl安装配置,首发于运维者。
梦想,并不奢侈,只要勇敢地迈出第一步。
