倍可親

Linode VPS Centos 7 安裝 OpenVPN

作者:四十碼拖鞋  於 2015-6-2 22:31 發表於 最熱鬧的華人社交網路--貝殼村

通用分類:流水日記

關鍵詞:vpn, 翻牆, vpn, vpn

主要參考這兩篇文章
http://phpcampus.com/2014/08/set-up-openvpn-server-on-linode-vps-centos7/
http://phpcampus.com/2014/09/set-up-openvpn-over-stunnel/

檢查 centos 版本
# cat /etc/redhat-release
CentOS Linux release 7.1.1503 (Core)

或者
# cat /etc/*release*
CentOS Linux release 7.1.1503 (Core)
Derived from Red Hat Enterprise Linux 7.1 (Source)
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"

CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"

CentOS Linux release 7.1.1503 (Core)
CentOS Linux release 7.1.1503 (Core)
cpe:/o:centos:centos:7


centos下,yum是十分方便的軟體包安裝工具。

檢查是否已經安裝有 OpenVPN
# yum info openvpn
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.linode.com
 * epel: mirror.sfo12.us.leaseweb.net
 * extras: mirrors.linode.com
 * updates: mirrors.linode.com
Installed Packages
Name        : openvpn
Arch        : x86_64
Version     : 2.3.6
Release     : 1.el7
Size        : 992 k
Repo        : installed
From repo   : epel
Summary     : A full-featured SSL VPN solution
URL         : http://openvpn.net/
License     : GPLv2
Description : OpenVPN is a robust and highly flexible tunneling application that uses all
            : of the encryption, authentication, and certification features of the
            : OpenSSL library to securely tunnel IP networks over a single UDP or TCP
            : port.  It can use the Marcus Franz Xaver Johannes Oberhumer's LZO library
            : for compression.

如果還沒有安裝,使用下面的命令
# yum install openvpn

需要獨立安裝 easy-rsa。

檢查是否安裝 easy-rsa
# yum info easy-rsa
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.linode.com
 * epel: mirror.sfo12.us.leaseweb.net
 * extras: mirrors.linode.com
 * updates: mirrors.linode.com
Installed Packages
Name        : easy-rsa
Arch        : noarch
Version     : 2.2.2
Release     : 1.el7
Size        : 73 k
Repo        : installed
From repo   : epel
Summary     : Simple shell based CA utility
URL         : https://github.com/OpenVPN/easy-rsa
License     : GPLv2
Description : This is a small RSA key management package, based on the openssl
            : command line tool, that can be found in the easy-rsa subdirectory
            : of the OpenVPN distribution. While this tool is primary concerned
            : with key management for the SSL VPN application space, it can also
            : be used for building web certificates.

如果沒安裝,使用下面的命令
# yum install easy-rsa

查看目錄
# ls /usr/share/easy-rsa/
2.0

先拷貝生成證書用的工具
# cp -R /usr/share/easy-rsa/2.0 /etc/openvpn/easy-rsa

# cd /etc/openvpn/easy-rsa
進入目錄

# vi vars
來修改一下環境變數(不一定要修改)
export KEY_COUNTRY="CN"
export KEY_PROVINCE="BJ"
export KEY_CITY="Beijing"
export KEY_ORG="FUCKGFW"
export KEY_EMAIL="fuckgfw@myhost.mydomain"
export KEY_OU="AlwaysFuckGFW"


使環境變數生效
#  source ./vars

當前目錄下生成一個keys的文件夾
# ./clean-all

創建證書自頒發機構
# ./build-ca server

生成伺服器證書
# ./build-key-server server

生成客戶端證書
# ./build-key client

證書所在目錄
# ls keys/

生成Diffie Hellman密鑰
# ./build-dh

到目錄
# cd /etc/openvpn

如果沒有 server.conf 文件,需要創建一個
# ls server.conf

或者複製一個
cp /usr/share/doc/openvpn-2.3.6/sample/sample-config-files/server.conf /etc/openvpn/

server端配置文件
# vi server.conf

複製防火牆配置文件
# cp /lib/firewalld/services/openvpn.xml /etc/firewalld/services/openvpn.xml


修改防火牆配置文件
# vi /etc/firewalld/services/openvpn.xml

開啟防火牆
# systemctl start firewalld

查看防火牆狀態
# systemctl status firewalld

讓防火牆開機自啟
# systemctl enable firewalld

讓防火牆允許openvpn通過
# firewall-cmd --add-service=openvpn --permanent

確認一下是不是tcp 8443 埠開啟了
# iptables -n -L

如果沒有的話
# firewall-cmd --reload

再確認一下是不是tcp 8443 埠開啟了
# iptables -n -L

防火牆開啟 MASQUERADE
# firewall-cmd --add-masquerade --permanent

重新載入
# firewall-cmd --reload

設置包轉發
# vi /etc/sysctl.conf
# sysctl -p

複製openssl文件
# cp /etc/openvpn/easy-rsa/openssl-1.0.0.cnf /etc/openvpn/easy-rsa/openssl.cnf

加入開機啟動
systemctl -f enable openvpn@server.service

啟動openvpn
systemctl start openvpn@server.service

查看狀態
systemctl status openvpn@server.service


高興

感動

同情

搞笑

難過

拍磚

支持

鮮花

評論 (0 個評論)

facelist doodle 塗鴉板

您需要登錄后才可以評論 登錄 | 註冊

關於本站 | 隱私權政策 | 免責條款 | 版權聲明 | 聯絡我們

Copyright © 2001-2013 海外華人中文門戶:倍可親 (http://big5.backchina.com) All Rights Reserved.

程序系統基於 Discuz! X3.1 商業版 優化 Discuz! © 2001-2013 Comsenz Inc.

本站時間採用京港台時間 GMT+8, 2019-11-15 10:16

返回頂部