Linode VPS Centos 7 安装 OpenVPN

作者:四十码拖鞋  于 2015-6-2 22:31 发表于 最热闹的华人社交网络--贝壳村

通用分类:流水日记

关键词:vpn, 翻墙, vpn, vpn

主要参考这两篇文章
http://phpcampus.com/2014/08/set-up-openvpn-server-on-linode-vps-centos7/
http://phpcampus.com/2014/09/set-up-openvpn-over-stunnel/

检查 centos 版本
# cat /etc/redhat-release
CentOS Linux release 7.1.1503 (Core)

或者
# cat /etc/*release*
CentOS Linux release 7.1.1503 (Core)
Derived from Red Hat Enterprise Linux 7.1 (Source)
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"

CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"

CentOS Linux release 7.1.1503 (Core)
CentOS Linux release 7.1.1503 (Core)
cpe:/o:centos:centos:7


centos下,yum是十分方便的软件包安装工具。

检查是否已经安装有 OpenVPN
# yum info openvpn
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.linode.com
 * epel: mirror.sfo12.us.leaseweb.net
 * extras: mirrors.linode.com
 * updates: mirrors.linode.com
Installed Packages
Name        : openvpn
Arch        : x86_64
Version     : 2.3.6
Release     : 1.el7
Size        : 992 k
Repo        : installed
From repo   : epel
Summary     : A full-featured SSL VPN solution
URL         : http://openvpn.net/
License     : GPLv2
Description : OpenVPN is a robust and highly flexible tunneling application that uses all
            : of the encryption, authentication, and certification features of the
            : OpenSSL library to securely tunnel IP networks over a single UDP or TCP
            : port.  It can use the Marcus Franz Xaver Johannes Oberhumer's LZO library
            : for compression.

如果还没有安装,使用下面的命令
# yum install openvpn

需要独立安装 easy-rsa。

检查是否安装 easy-rsa
# yum info easy-rsa
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.linode.com
 * epel: mirror.sfo12.us.leaseweb.net
 * extras: mirrors.linode.com
 * updates: mirrors.linode.com
Installed Packages
Name        : easy-rsa
Arch        : noarch
Version     : 2.2.2
Release     : 1.el7
Size        : 73 k
Repo        : installed
From repo   : epel
Summary     : Simple shell based CA utility
URL         : https://github.com/OpenVPN/easy-rsa
License     : GPLv2
Description : This is a small RSA key management package, based on the openssl
            : command line tool, that can be found in the easy-rsa subdirectory
            : of the OpenVPN distribution. While this tool is primary concerned
            : with key management for the SSL VPN application space, it can also
            : be used for building web certificates.

如果没安装,使用下面的命令
# yum install easy-rsa

查看目录
# ls /usr/share/easy-rsa/
2.0

先拷贝生成证书用的工具
# cp -R /usr/share/easy-rsa/2.0 /etc/openvpn/easy-rsa

# cd /etc/openvpn/easy-rsa
进入目录

# vi vars
来修改一下环境变量(不一定要修改)
export KEY_COUNTRY="CN"
export KEY_PROVINCE="BJ"
export KEY_CITY="Beijing"
export KEY_ORG="FUCKGFW"
export KEY_EMAIL="fuckgfw@myhost.mydomain"
export KEY_OU="AlwaysFuckGFW"


使环境变量生效
#  source ./vars

当前目录下生成一个keys的文件夹
# ./clean-all

创建证书自颁发机构
# ./build-ca server

生成服务器证书
# ./build-key-server server

生成客户端证书
# ./build-key client

证书所在目录
# ls keys/

生成Diffie Hellman密钥
# ./build-dh

到目录
# cd /etc/openvpn

如果没有 server.conf 文件,需要创建一个
# ls server.conf

或者复制一个
cp /usr/share/doc/openvpn-2.3.6/sample/sample-config-files/server.conf /etc/openvpn/

server端配置文件
# vi server.conf

复制防火墙配置文件
# cp /lib/firewalld/services/openvpn.xml /etc/firewalld/services/openvpn.xml


修改防火墙配置文件
# vi /etc/firewalld/services/openvpn.xml

开启防火墙
# systemctl start firewalld

查看防火墙状态
# systemctl status firewalld

让防火墙开机自启
# systemctl enable firewalld

让防火墙允许openvpn通过
# firewall-cmd --add-service=openvpn --permanent

确认一下是不是tcp 8443 端口开启了
# iptables -n -L

如果没有的话
# firewall-cmd --reload

再确认一下是不是tcp 8443 端口开启了
# iptables -n -L

防火墙开启 MASQUERADE
# firewall-cmd --add-masquerade --permanent

重新加载
# firewall-cmd --reload

设置包转发
# vi /etc/sysctl.conf
# sysctl -p

复制openssl文件
# cp /etc/openvpn/easy-rsa/openssl-1.0.0.cnf /etc/openvpn/easy-rsa/openssl.cnf

加入开机启动
systemctl -f enable openvpn@server.service

启动openvpn
systemctl start openvpn@server.service

查看状态
systemctl status openvpn@server.service


高兴

感动

同情

搞笑

难过

拍砖

支持

鲜花

评论 (0 个评论)

facelist doodle 涂鸦板

您需要登录后才可以评论 登录 | 注册

关于本站 | 隐私政策 | 免责条款 | 版权声明 | 联络我们 | 刊登广告 | 转手机版 | APP下载

Copyright © 2001-2013 海外华人中文门户:倍可亲 (http://www.backchina.com) All Rights Reserved.

程序系统基于 Discuz! X3.1 商业版 优化 Discuz! © 2001-2013 Comsenz Inc. 更新:GMT+8, 2020-8-16 02:36

倍可亲服务器位于美国圣何塞、西雅图和达拉斯顶级数据中心,为更好服务全球网友特统一使用京港台时间

返回顶部