centos5.2下面openvpn的安装

1.先到http://rpm.pbone.net下载2个安装必须的rpm包lzo-2.02- 3.el5.kb.i386.rpm和openvpn-2.1-0.20.rc4.el5.kb.i386.rpm
2.到下载OpenVPN客户端http://openvpn.se/下载windows下面的客户端
3.服务器段的安装
  rpm -ivh lzo-2.02-3.el5.kb.i386.rpm
  rpm -ivh openvpn-2.1-0.20.rc4.el5.kb.i386.rpm
4.为配置做准备，copy文件
   cp -r /usr/share/openvpn/easy-rsa/2.0/ /etc/openvpn/
   cp /usr/share/doc/openvpn-2.1/sample-config-files/server.conf /etc/openvpn/

5.
1,生成证书key
(1)初始化 PKI
[root@CentOS root]#cd /etc/openvpn/2.0
[root@CentOS 2.0]#vi vars
修改下面几项
export KEY_COUNTRY="CN"
export KEY_PROVINCE="SX"
export KEY_CITY="XA"
export KEY_ORG="VPN-TEST"
export KEY_EMAIL="ganxing888@qq.com"
根据自己的情况修改

6.
root@CentOS 2.0]#source ./vars
[root@CentOS 2.0]#./clean-all
[root@CentOS 2.0]#./build-ca

(2)建立 server key
 
[root@CentOS 2.0]# ./build-key-server server
(3)#生成客户端 key
[root@CentOS 2.0]#./build-key client1

7.
2,生成 Diffie Hellman 参数
 [root@CentOS 2.0]#./build-dh

3,将keys 下的所有文件打包下载到本地 ,其它客户机用。
4，创建服务端配置文件
将keys下的ca.crt   server.crt server.key   dh1024.pem拷贝到/etc/openvpn

8、
服务器配置文件/etc/openvpn/server.conf
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh1024.pem
server 10.0.200.0 255.255.255.0
client-to-client
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 4
push "dhcp-option DNS "10.0.200.1"
push "dhcp-option DNS "202.101.172.35"
push "dhcp-option DNS "61.134.1.4"

9、检查配置是否有误
启动OpenVPN服务器
[root@CentOS 2.0]# service openvpn restart
Shutting down openvpn:                     [  OK  ]
Starting openvpn:                          [  OK  ]

[root@CentOS 2.0]#ifconfig
tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00          inet addr:10.0.200.1  P-t-P:10.0.200.2  Mask:255.255.255.255          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1         
RX packets:0 errors:0 dropped:0 overruns:0 frame:0         
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0         
collisions:0 txqueuelen:100         
RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
则服务器端已经启动了

二、client端的配置
安装OpenVPN GUI For Windows，后，将在server上生成的keycopy到安装目录的config目录下面具体文件名为：ca.crt,ca.key,client.crt,client.csr,client.key,在copy一个client.ovpn,配置如下：

client
dev tun
proto udp
remote 122.224.x.x 1194
persist-key
persist-tun
ca ca.crt
cert gcg.crt
key gcg.key
ns-cert-type server
comp-lzo
verb 3
redirect-gateway def1

下面连接即可。