- 畢節四兄妹的加拿大生活(一) [2015/06]
- Mac OS 常用文本編輯器 TextWrangler [2015/04]
- 解讀「中國駐加拿大使館發表2015年元旦獻辭」 [2015/01]
- 回國之前先翻牆 [2015/04]
- 如何從電腦中刪除「Conduit Search」病毒 [2015/06]
- Linode VPS Centos 7 安裝 OpenVPN [2015/06]
- @pearlher 評畢節四兄妹事件 [2015/06]
- 漫談各種酒店Wi-Fi政策 [2015/01]
- 加拿大首都渥太華槍殺士兵案主角 [2015/04]
- 外國給美國退休人士提供折扣、減稅和更多優待 [2015/01]
- 完全將谷歌(Google)從 Firefox 去掉 [2015/04]
- MacBook Air與X1 Carbon,有線和無線滑鼠 [2015/01]
- Peter [2015/04]
主要參考這兩篇文章
http://phpcampus.com/2014/08/set-up-openvpn-server-on-linode-vps-centos7/
http://phpcampus.com/2014/09/set-up-openvpn-over-stunnel/
檢查 centos 版本
# cat /etc/redhat-release
CentOS Linux release 7.1.1503 (Core)
或者
# cat /etc/*release*
CentOS Linux release 7.1.1503 (Core)
Derived from Red Hat Enterprise Linux 7.1 (Source)
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"
CentOS Linux release 7.1.1503 (Core)
CentOS Linux release 7.1.1503 (Core)
cpe:/o:centos:centos:7
centos下,yum是十分方便的軟體包安裝工具。
檢查是否已經安裝有 OpenVPN
# yum info openvpn
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.linode.com
* epel: mirror.sfo12.us.leaseweb.net
* extras: mirrors.linode.com
* updates: mirrors.linode.com
Installed Packages
Name : openvpn
Arch : x86_64
Version : 2.3.6
Release : 1.el7
Size : 992 k
Repo : installed
From repo : epel
Summary : A full-featured SSL VPN solution
URL : http://openvpn.net/
License : GPLv2
Description : OpenVPN is a robust and highly flexible tunneling application that uses all
: of the encryption, authentication, and certification features of the
: OpenSSL library to securely tunnel IP networks over a single UDP or TCP
: port. It can use the Marcus Franz Xaver Johannes Oberhumer's LZO library
: for compression.
如果還沒有安裝,使用下面的命令
# yum install openvpn
需要獨立安裝 easy-rsa。
檢查是否安裝 easy-rsa
# yum info easy-rsa
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.linode.com
* epel: mirror.sfo12.us.leaseweb.net
* extras: mirrors.linode.com
* updates: mirrors.linode.com
Installed Packages
Name : easy-rsa
Arch : noarch
Version : 2.2.2
Release : 1.el7
Size : 73 k
Repo : installed
From repo : epel
Summary : Simple shell based CA utility
URL : https://github.com/OpenVPN/easy-rsa
License : GPLv2
Description : This is a small RSA key management package, based on the openssl
: command line tool, that can be found in the easy-rsa subdirectory
: of the OpenVPN distribution. While this tool is primary concerned
: with key management for the SSL VPN application space, it can also
: be used for building web certificates.
如果沒安裝,使用下面的命令
# yum install easy-rsa
查看目錄
# ls /usr/share/easy-rsa/
2.0
先拷貝生成證書用的工具
# cp -R /usr/share/easy-rsa/2.0 /etc/openvpn/easy-rsa
# cd /etc/openvpn/easy-rsa
進入目錄
# vi vars
來修改一下環境變數(不一定要修改)
export KEY_COUNTRY="CN"
export KEY_PROVINCE="BJ"
export KEY_CITY="Beijing"
export KEY_ORG="FUCKGFW"
export KEY_EMAIL="fuckgfw@myhost.mydomain"
export KEY_OU="AlwaysFuckGFW"
使環境變數生效
# source ./vars
當前目錄下生成一個keys的文件夾
# ./clean-all
創建證書自頒發機構
# ./build-ca server
生成伺服器證書
# ./build-key-server server
生成客戶端證書
# ./build-key client
證書所在目錄
# ls keys/
生成Diffie Hellman密鑰
# ./build-dh
到目錄
# cd /etc/openvpn
如果沒有 server.conf 文件,需要創建一個
# ls server.conf
或者複製一個
cp /usr/share/doc/openvpn-2.3.6/sample/sample-config-files/server.conf /etc/openvpn/
server端配置文件
# vi server.conf
複製防火牆配置文件
# cp /lib/firewalld/services/openvpn.xml /etc/firewalld/services/openvpn.xml
修改防火牆配置文件
# vi /etc/firewalld/services/openvpn.xml
開啟防火牆
# systemctl start firewalld
查看防火牆狀態
# systemctl status firewalld
讓防火牆開機自啟
# systemctl enable firewalld
讓防火牆允許openvpn通過
# firewall-cmd --add-service=openvpn --permanent
確認一下是不是tcp 8443 埠開啟了
# iptables -n -L
如果沒有的話
# firewall-cmd --reload
再確認一下是不是tcp 8443 埠開啟了
# iptables -n -L
防火牆開啟 MASQUERADE
# firewall-cmd --add-masquerade --permanent
重新載入
# firewall-cmd --reload
設置包轉發
# vi /etc/sysctl.conf
# sysctl -p
複製openssl文件
# cp /etc/openvpn/easy-rsa/openssl-1.0.0.cnf /etc/openvpn/easy-rsa/openssl.cnf
加入開機啟動
systemctl -f enable openvpn@server.service
啟動openvpn
systemctl start openvpn@server.service
查看狀態
systemctl status openvpn@server.service
http://phpcampus.com/2014/08/set-up-openvpn-server-on-linode-vps-centos7/
http://phpcampus.com/2014/09/set-up-openvpn-over-stunnel/
檢查 centos 版本
# cat /etc/redhat-release
CentOS Linux release 7.1.1503 (Core)
或者
# cat /etc/*release*
CentOS Linux release 7.1.1503 (Core)
Derived from Red Hat Enterprise Linux 7.1 (Source)
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"
CentOS Linux release 7.1.1503 (Core)
CentOS Linux release 7.1.1503 (Core)
cpe:/o:centos:centos:7
centos下,yum是十分方便的軟體包安裝工具。
檢查是否已經安裝有 OpenVPN
# yum info openvpn
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.linode.com
* epel: mirror.sfo12.us.leaseweb.net
* extras: mirrors.linode.com
* updates: mirrors.linode.com
Installed Packages
Name : openvpn
Arch : x86_64
Version : 2.3.6
Release : 1.el7
Size : 992 k
Repo : installed
From repo : epel
Summary : A full-featured SSL VPN solution
URL : http://openvpn.net/
License : GPLv2
Description : OpenVPN is a robust and highly flexible tunneling application that uses all
: of the encryption, authentication, and certification features of the
: OpenSSL library to securely tunnel IP networks over a single UDP or TCP
: port. It can use the Marcus Franz Xaver Johannes Oberhumer's LZO library
: for compression.
如果還沒有安裝,使用下面的命令
# yum install openvpn
需要獨立安裝 easy-rsa。
檢查是否安裝 easy-rsa
# yum info easy-rsa
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.linode.com
* epel: mirror.sfo12.us.leaseweb.net
* extras: mirrors.linode.com
* updates: mirrors.linode.com
Installed Packages
Name : easy-rsa
Arch : noarch
Version : 2.2.2
Release : 1.el7
Size : 73 k
Repo : installed
From repo : epel
Summary : Simple shell based CA utility
URL : https://github.com/OpenVPN/easy-rsa
License : GPLv2
Description : This is a small RSA key management package, based on the openssl
: command line tool, that can be found in the easy-rsa subdirectory
: of the OpenVPN distribution. While this tool is primary concerned
: with key management for the SSL VPN application space, it can also
: be used for building web certificates.
如果沒安裝,使用下面的命令
# yum install easy-rsa
查看目錄
# ls /usr/share/easy-rsa/
2.0
先拷貝生成證書用的工具
# cp -R /usr/share/easy-rsa/2.0 /etc/openvpn/easy-rsa
# cd /etc/openvpn/easy-rsa
進入目錄
# vi vars
來修改一下環境變數(不一定要修改)
export KEY_COUNTRY="CN"
export KEY_PROVINCE="BJ"
export KEY_CITY="Beijing"
export KEY_ORG="FUCKGFW"
export KEY_EMAIL="fuckgfw@myhost.mydomain"
export KEY_OU="AlwaysFuckGFW"
使環境變數生效
# source ./vars
當前目錄下生成一個keys的文件夾
# ./clean-all
創建證書自頒發機構
# ./build-ca server
生成伺服器證書
# ./build-key-server server
生成客戶端證書
# ./build-key client
證書所在目錄
# ls keys/
生成Diffie Hellman密鑰
# ./build-dh
到目錄
# cd /etc/openvpn
如果沒有 server.conf 文件,需要創建一個
# ls server.conf
或者複製一個
cp /usr/share/doc/openvpn-2.3.6/sample/sample-config-files/server.conf /etc/openvpn/
server端配置文件
# vi server.conf
複製防火牆配置文件
# cp /lib/firewalld/services/openvpn.xml /etc/firewalld/services/openvpn.xml
修改防火牆配置文件
# vi /etc/firewalld/services/openvpn.xml
開啟防火牆
# systemctl start firewalld
查看防火牆狀態
# systemctl status firewalld
讓防火牆開機自啟
# systemctl enable firewalld
讓防火牆允許openvpn通過
# firewall-cmd --add-service=openvpn --permanent
確認一下是不是tcp 8443 埠開啟了
# iptables -n -L
如果沒有的話
# firewall-cmd --reload
再確認一下是不是tcp 8443 埠開啟了
# iptables -n -L
防火牆開啟 MASQUERADE
# firewall-cmd --add-masquerade --permanent
重新載入
# firewall-cmd --reload
設置包轉發
# vi /etc/sysctl.conf
# sysctl -p
複製openssl文件
# cp /etc/openvpn/easy-rsa/openssl-1.0.0.cnf /etc/openvpn/easy-rsa/openssl.cnf
加入開機啟動
systemctl -f enable openvpn@server.service
啟動openvpn
systemctl start openvpn@server.service
查看狀態
systemctl status openvpn@server.service
- [04/22]2014秋分谷歌塗鴉
- [04/22]6號高速公路 - 安大略省布魯斯半島
- [04/22]127號高速公路和60號高速公路 - 安大略省阿岡昆公園
- [04/22]400號高速和11號公路 - 安大略省馬斯科卡
- [04/22]Mac OS 常用文本編輯器 TextWrangler
- [06/02] Linode VPS Centos 7 安裝 OpenVPN
- [06/16]畢節四兄妹的加拿大生活(一)
- [06/16]@pearlher 評畢節四兄妹事件
- [06/16]如何從電腦中刪除「Conduit Search」病毒
- 查看:[四十碼拖鞋的.最新博文]
- 查看:[大家的.最新博文]
- 查看:[大家的.流水日記]
評論 (0 個評論)
四十碼拖鞋最受歡迎的博文
其它[流水日記]博文更多