虚拟代理

CentOS搭建OpenVPN

  1. 安装epel源

    cd /root
    wget http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
    rpm -Uvh epel-release-6-8.noarch.rpm
    
  2. 安装easy-rsa

    cd /usr/local
    git clone https://github.com/OpenVPN/easy-rsa.git
    cp /usr/local/easy-rsa/easyrsa3/vars.example /usr/local/easy-rsa/easyrsa3/vars
    
  3. 配置easy-rsa

    vim /usr/local/easy-rsa/easyrsa3/vars
    
    set_var EASYRSA_REQ_COUNTRY     "CN"
    set_var EASYRSA_REQ_PROVINCE    "Hebei"
    set_var EASYRSA_REQ_CITY        "Cangzhou"
    set_var EASYRSA_REQ_ORG         "DoubaoHeihei"
    set_var EASYRSA_REQ_EMAIL       "67065435@qq.com"
    set_var EASYRSA_REQ_OU          "My OpenVPN"
    
    ESC
    :wq
    
  4. 创建easy-rsa服务端证书

    cd /usr/local/easy-rsa/easyrsa3
    
    /usr/local/easy-rsa/easyrsa3/easyrsa init-pki
    yes
    
    /usr/local/easy-rsa/easyrsa3/easyrsa build-ca
    **************
    **************
    DoubaoHeihei
    
    /usr/local/easy-rsa/easyrsa3/easyrsa gen-req server nopass
    DoubaoHeixiu
    
    /usr/local/easy-rsa/easyrsa3/easyrsa sign server server
    yes
    **************
    
    /usr/local/easy-rsa/easyrsa3/easyrsa gen-dh
    
  5. 创建easy-rsa客户端证书

    cp -r /usr/local/easy-rsa /usr/local/easy-clt
    cd /usr/local/easy-clt/easyrsa3
    
    /usr/local/easy-clt/easyrsa3/easyrsa init-pki
    yes
    
    /usr/local/easy-clt/easyrsa3/easyrsa gen-req DoubaoHeihei
    **************
    **************
    DoubaoHeihei
    
    cd /usr/local/easy-rsa/easyrsa3
    
    /usr/local/easy-rsa/easyrsa3/easyrsa import-req /usr/local/easy-clt/easyrsa3/pki/reqs/DoubaoHeihei.req DoubaoHeihei
    
    /usr/local/easy-rsa/easyrsa3/easyrsa sign client DoubaoHeihei
    yes
    **************
    
  6. 存储easy-rsa服务端证书

    mkdir /etc/openvpn
    cp /usr/local/easy-rsa/easyrsa3/pki/ca.crt /etc/openvpn
    cp /usr/local/easy-rsa/easyrsa3/pki/dh.pem /etc/openvpn
    cp /usr/local/easy-rsa/easyrsa3/pki/issued/server.crt /etc/openvpn
    cp /usr/local/easy-rsa/easyrsa3/pki/private/server.key /etc/openvpn
    
  7. 存储easy-rsa客户端证书

    mkdir /etc/openvpn/client
    cp /usr/local/easy-rsa/easyrsa3/pki/ca.crt /etc/openvpn/client
    cp /usr/local/easy-rsa/easyrsa3/pki/issued/DoubaoHeihei.crt /etc/openvpn/client
    cp /usr/local/easy-rsa/easyrsa3/pki/issued/DoubaoHeihei.key /etc/openvpn/client
    
  8. 安装openvpn

    yum install openvpn
    
  9. 配置OpenVPN

    useradd www
    mkdir /www
    mkdir /www/log
    chown -R www:www /www/log
    
    rpm -ql openvpn |grep server.conf
    # 会得到以下结果
    # /usr/share/doc/openvpn-2.4.9/sample/sample-config-files/roadwarrior-server.conf
    # /usr/share/doc/openvpn-2.4.9/sample/sample-config-files/server.conf
    # /usr/share/doc/openvpn-2.4.9/sample/sample-config-files/xinetd-server-config
    
    cp usr/share/doc/openvpn-2.4.9/sample/sample-config-files/server.conf /etc/openvpn
    
    vim /etc/openvpn/server.conf
    
    local                    0.0.0.0
    port                     8888
    
    proto                    tcp
    dev                      tun
    
    user                     www
    group                    www
    
    ca                       /etc/openvpn/ca.crt
    dh                       /etc/openvpn/dh.pem
    cert                     /etc/openvpn/server.crt
    key                      /etc/openvpn/server.key
    
    server                   10.8.0.0 255.255.255.0
    push                     "redirect-gateway def1 bypass-dhcp"
    push                     "dhcp-option DNS 119.29.29.29"
    
    ifconfig-pool-persist    ipp.txt
    keepalive                10 120
    max-clients              10
    verb                     3
    
    comp-lzo
    persist-key
    persist-tun
    client-to-client
    
    status                   /www/log/openstu.log
    log                      /www/log/openvpn.log
    
    ESC
    :wq
    
  10. 开启OpenVPN

    openvpn /etc/openvpn/server.conf
    
  11. 安装Windows客户端

  12. 添加客户端配置文件

  13. 启动客户端

Copyright © 豆包嘿嘿~ 2012-∞ 冀ICP备17033181号 all right reserved,powered by Gitbook修订: 2020-06-21 23:00:02

results matching ""

    No results matching ""