CentOS 7 安装 OpenVPN

   Linux  CentOS    VPN  Firewall  OpenVPN

更新系统环境

1
yum update -y

安装 OpenVPN 及相关插件

1
yum install -y easy-rsa openssh-server lzo openssl openssl-devel openvpn NetworkManager-openvpn openvpn-auth-ldap openvpn

修改OpenVPN服务器配置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
cat >/etc/openvpn/server.conf <<END
port 1194
proto udp
dev tun
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
comp-lzo
max-clients 100
user nobody
group nobody
persist-key
persist-tun
status /var/log/openvpn-status.log
log-append /var/log/openvpn.log
verb 3
END

生成CA证书

1
2
3
4
5
6
7
8
cp -R /usr/share/easy-rsa/ /etc/openvpn
cd /etc/openvpn/easy-rsa/2.0/
source ./vars
./clean-all
./build-ca #各种回车,最后两个y
./build-key-server server
./build-dh
./build-key client #客户端

配置IP转发

1
2
echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf 
sysctl -p

配置防火墙

1
2
3
4
5
6
7
firewall-cmd --permanent --zone=public --add-masquerade
firewall-cmd --permanent --zone=public --add-rich-rule='rule family=ipv4 source address=10.8.0.0/24 masquerade'
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --permanent --add-service=openvpn
firewall-cmd --permanent --add-port=1194/tcp
firewall-cmd --reload

启动服务

1
2
systemctl start openvpn@server
systemctl enable openvpn@server

客户端使用 ca.crt、client.crt、client.key、创建client.ovpn

1
2
3
4
5
6
7
8
9
10
11
12
13
14
client
dev tun
proto tcp #这里用tcp还是udp,根据先前server.conf中的要一致。
remote xxx.xxx.xxx.xxx 1194 # xxx.xxx.xxx.xxx是vpn所在服务器的ip地址
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
verb 3
ca ca.crt
cert client.crt
key client.key
redirect-gateway def1
  1. 更新系统环境
  2. 安装 OpenVPN 及相关插件
  3. 修改OpenVPN服务器配置
  4. 生成CA证书
  5. 配置IP转发
  6. 配置防火墙
  7. 启动服务
  8. 客户端使用 ca.crt、client.crt、client.key、创建client.ovpn
CentOS 7 搭建 PPTP 协议 VPN
AngularJs 插件集