首先声明下环境,服务器是suse,我用的是自带的openvpn-2.0.9-143.31.x86_64.rpm
/media/SLES-11-SP2-DVD-x86_6407551/suse/x86_64 # ls -l|grep openvpn
-r--r--r-- 3 root root 72511 Apr 1 2011 NetworkManager-openvpn-0.7.1-3.5.1.x86_64.rpm
-r--r--r-- 3 root root 46793 Apr 1 2011 NetworkManager-openvpn-gnome-0.7.1-3.5.1.x86_64.rpm
-r--r--r-- 3 root root 39165 May 12 2010 NetworkManager-openvpn-kde4-0.9.svn1043876-1.1.97.x86_64.rpm
-r--r--r-- 3 root root 339065 Feb 26 2009 openvpn-2.0.9-143.31.x86_64.rpm
-r--r--r-- 3 root root 10665 Feb 26 2009 openvpn-auth-pam-plugin-2.0.9-143.31.x86_64.rpm
如果没有安装光盘的话就下载安装openvpn,有的话就直接rpm -Uvh openvpn-[version].rpm安装
下载链接:http://openvpn.net/index.php/open-source/downloads.html,
目前的版本是2.3.1:下载地址:http://swupdate.openvpn.org/community/releases/openvpn-2.3.1.tar.gz
tar xfz openvpn-[version].tar.gz
./configure
make
make install
susu默认安装在/usr/share/openvpn,如果各位不知道安装地址的话可以用命令whereis openvpn 查找openvpn安装路径。
安装完毕之后开始配置:
需要生成您自己的证书(ca)和openvpn服务器及客户端的证书和密钥
cd /usr/share/openvpn/easy-rsa文件夹
首先编辑vars文件
export D=`pwd`
export KEY_CONFIG=$D/openssl.cnf
export KEY_DIR=$D/keys
export KEY_SIZE=1024
export KEY_COUNTRY=CN #国家
export KEY_PROVINCE=JS #省份
export KEY_CITY=NJ #城市
export KEY_ORG="eric.com.openvpn" #组织
export KEY_EMAIL="ducaijun@gmail.com" #邮箱
初始换PKI并生成主证书颁发机构(CA)证书和密钥
linux-root:/usr/share/openvpn/easy-rsa # . ./vars
NOTE: when you run ./clean-all, I will be doing a rm -rf on /usr/share/openvpn/easy-rsa/keys #提示用户下一步会清空掉keys中的文件
linux-root:/usr/share/openvpn/easy-rsa # ./clean-all
linux-root:/usr/share/openvpn/easy-rsa # ./build-ca
其中./build-ca之后会提示用户输入
linux-root:/usr/share/openvpn/easy-rsa # ./build-ca
Generating a 1024 bit RSA private key
......++++++
.........++++++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CN]:
State or Province Name (full name) [JS]:
Locality Name (eg, city) [NJ]:
Organization Name (eg, company) [eric.com.openvpn]:
Organizational Unit Name (eg, section) []:it #自己输入
Common Name (eg, your name or your server's hostname) []:www.ducaijun.com #自己输入
Email Address [ducaijun@gmail.com]:
a.生成服务器证书和密钥
具体命令如下:
linux-root:/usr/share/openvpn/easy-rsa # ./build-key-server server
Generating a 1024 bit RSA private key
..........................++++++
.............................................++++++
writing new private key to 'server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CN]:
State or Province Name (full name) [JS]:
Locality Name (eg, city) [NJ]:
Organization Name (eg, company) [eric.com.openvpn]:
Organizational Unit Name (eg, section) []:it
Common Name (eg, your name or your server's hostname) []:server
Email Address [ducaijun@gmail.com]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /usr/share/openvpn/easy-rsa/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'CN'
stateOrProvinceName :PRINTABLE:'JS'
localityName :PRINTABLE:'NJ'
organizationName :PRINTABLE:'eric.com.openvpn'
organizationalUnitName:PRINTABLE:'it'
commonName :PRINTABLE:'server'
emailAddress :IA5STRING:'ducaijun@gmail.com'
Certificate is to be certified until Apr 12 06:22:09 2023 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
其中CommonName 时请输入"server"
b.生成客户端证书和密钥
./build-key client1
./build-key client2
./build-key client3
同样其他默认输入就可以,但是Common Name时每个用户请输入不同的,如 "client1", "client2", 或"client3"等
生成的Diffie Hellman参数
./build-dh
具体命令如下:
linux-root:/usr/share/openvpn/easy-rsa # ./build-dh
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
.......................+......+..................+..........................................................................................+..........+...+..............+.....+..................................................+...........................................................+..................................................+....................................................................................+...................................................+.............................................................................................................................................................................................................................+...............+.....................................+.............................................................+..............................................................+...............+.......................................................................................................................................................................+...........................+.....................+................................................................+.....+...........................................+.....................................................................................................................+...................................+.....................+................+.....+..................................+.......+..................................................................................................................................+......................................................................................................+..........................+........................................................................+.+...........................................................................+......................................................................................................+.............................................................................+.............................................+.............................+.........+.................................+......................................+........+..........................................+..+..........................................................................................................................................+................+........................................................................................................................................+...........................................................+................+....+....................................+.......+...........................+..........................+.....................................+...............................................................+...........................................................................................................+..........................+.........................+.............................................+.......................................................+....+......+.......+..................+..............+........................................+.................+..+...................+..........+..........+.....................+............................................................................................+...........................................................................................................................................................................................................................................................+..........................................................................................+.........+.......................+.+....................................................................+.........................................................................+..........+......+.................+......................................................................................................................................................................................................+............+.............+...........................+........................................................................+...+..................................................+....................+.............+............................+.................................................+...........................................................................+......................+.............................................................................................+..............................+................................................................+.......................................................................+..................................+...............................................+....+.....................+...................................................................+....................+.....................................+.................+......................................+.......................................................................+...................................................................................................+......................................+.............................................................................................................................................................+............................................................+...+.......+......................................................................+...........................................+..................+..............+...........................................+....+.......................................+...........................................................+........................+..............................................................................+...........................................+........................................................+.......................................+.......................................................+.....+........................................................................................................+..............+............+.........................+.......................................................................++*++*++*
这里需要稍等一会啊,如果vars里面的KEY_SIZE=1024的值更大时花的时间会更多,完成后会生成dh1024.pem文件
查看一下keys文件列表及用处:
Filename Needed By Purpose Secret
ca.crt server + all clients Root CA certificate NO
ca.key key signing machine only Root CA key YES
dh{n}.pem server only Diffie Hellman parameters NO
server.crt server only Server Certificate NO
server.key server only Server Key YES
client1.crt client1 only Client1 Certificate NO
client1.key client1 only Client1 Key YES
client2.crt client2 only Client2 Certificate NO
client2.key client2 only Client2 Key YES
client3.crt client3 only Client3 Certificate NO
client3.key client3 only Client3 Key YES
创建服务器和客户端的配置文件
最好使用OpenVPN的示例配置文件作为自己的配置的一个基础。 这些文件也可以在下面的文件夹下:
如果你安装一个RPM或DEB包,sample-config-files在目录/usr/share/doc/packages/openvpn或/usr/share/doc/openvpn
在Windows操作系统sample-config-files在开始菜单- >所有程序- > OpenVPN- > OpenVPN Sample Configuration Files
需要注意的是,在Linux,BSD,或unix-like的操作系统,示例配置文件被命名为server.conf和client.conf 在Windows被命名为server.ovpn的client.ovpn
命令运行如下:
linux-root:/etc/openvpn # cp /usr/share/doc/packages/openvpn/sample-config-files/server.conf /etc/openvpn/
把ca.crt、dh{n}.pem、server.crt和server.key移到server.conf配置制定路径,默认与server.conf同级
linux-root:/usr/share/openvpn/easy-rsa/keys # cp ca.crt /etc/openvpn/
linux-root:/usr/share/openvpn/easy-rsa/keys # cp server.crt /etc/openvpn/
linux-root:/usr/share/openvpn/easy-rsa/keys # cp server.key /etc/openvpn/
linux-root:/usr/share/openvpn/easy-rsa/keys # cp dh1024.pem /etc/openvpn/
编辑server.conf文件
如无特殊要求则全部安装默认即可,端口是1194、协议是udp、路由模式,分配的ip是10.8.0.0网段,
因为装openvpn的linux网段是192.168.1.0,把server.conf的124行;push "route 192.168.10.0 255.255.255.0"改为push "route 192.168.10.0 255.255.255.0",注意需要去掉全面的“;”
push "route 192.168.10.0 255.255.255.0" #124行
push "dhcp-option DNS 10.8.0.1" #187行
push "dhcp-option WINS 10.8.0.1" #188行
log /etc/openvpn/openvpn.log #276行
log-append /etc/openvpn/openvpn.log #277行
然后安装openvpn-client,下载地址是http://swupdate.openvpn.net/downloads/openvpn-client.msi,win7默认安装在C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client
然后把/usr/share/doc/packages/openvpn/sample-config-files/client.conf下载到本地,修改后缀名为.ovpn,然后把修改后的client.ovpn和用户证书文件还有ca文件一起拷贝到C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\etc\profile文件夹下,以client1为例子:
需要编辑client.ovpn文件,更改第89及90行,修改为cert client1.crt 和key client1.key 即可.
在C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\etc\profile文件夹下的文件列表如下:
ca.crt
client.ovpn
client1.crt
client1.key
然后启动OpenVPN Client客户端,点击添加连接配置,选择本地文件导入,然后导入刚刚创建的client.opvn文件.
默认名称点击save,然后界面上会出现一个Client1选项,点击即可登录
登录成功后,ping一下10.8.0.1如果能通表示openvpn搭建完毕,最好看看能不能ping通192.168.1.0网段,为了的是验证server.conf配置124行push "route 192.168.10.0 255.255.255.0"是否有效。
至此,整个OpenVPN的安装过程就已经完成了。
相关推荐
基于openvpn的web管理系统,前后端分离设计。
openvpn的几种组网方式
openvpn 2.5.10版本,通过三板斧即可安装,证书生成需要的easy-rsa3.1.5版本也在压缩包里面。
openvpn 服务端需要的文件,通过helm 3 部署
SoftEther V-HUB的默认侦听...如果你的系统已经被占用,或者你有其他原因不想使用这两个默认端口,特别是 Apache之类的Web Server已经使用了443端口作HTTPS用的情况下,SoftEther会显示如下的信息表示侦听443端口失败
同时,Linux系统下不同的用户和用户组对文件和目录的权限也有所不同,这一点在设置服务运行的用户时显得尤为关键。 另外,文档提到在Linux系统中,文件名对大小写是敏感的,这一点与Windows系统不同,在编写脚本或...
Linux内核移植是指将Linux内核移植到目标平台上,包括解压缩Linux内核源代码、应用补丁文件、配置Makefile、修改内核以支持目标平台等步骤。 移植后的运行结果: 移植后的运行结果证明了Linux内核可以成功移植到...
linux企业实战运维入门到高级系列 ubuntu Centos ...自动化运维 安装kickstart文件(半自动化) ANSIBLE部署 企业级OpenVPN 安装OpenVPN 该笔记由刘森飚整理,版权归原作者所有 仅用于学习交流分享,如有争议请联系下架
网络服务器搭建、配置与管理——Linux(RHEL8CentOS8)(微课版)(第4版)_PPT课件.zip
- Linux:在Linux环境下,网络配置通常通过编辑网络接口配置文件(如/etc/sysconfig/network-scripts/ifcfg-eth0)来完成,或者使用命令行工具如`ifconfig`或`ip`命令。 3. **硬件问题**:描述中提到更换网卡后...
有包含OpenSSL linux相似的环境都行(Cygwin也行的哦!), 如果这个shell不满足你的需求可以试着改下code. 对了,忘了告诉大家了,你当前的目录里面一定要有个cert.cnf配置文件,自己手动生成的CA证书和CA key.
由于本例使用的是CentOS系统,为了保证成功率,我们将采用字符界面下的图形工具进行配置。您可以运行`setup`工具来进行以下配置: - 在认证配置选项中选择: - "use winbind" - "use kerberos" - "use winbind ...
和官网下载的不同,也是通过厂商其他渠道获得。官网提供的下载至少目前,2024年9月,同样版本下载下来不可用,会提示无法硬件特征码。这个版本下载后,如果运行没反应,可在命令行运行,如果报错libgconf的话,可以...
windows
softether-vpnserver-linux
综上所述,Linux交叉编译器3.4.5是为非x86架构设备构建软件的关键工具,其安装和使用涉及到配置、编译和环境设置等多个环节,对嵌入式开发至关重要。在实际操作中,开发者需要熟悉这些步骤,并根据具体项目需求进行...
1. **服务模块软件包**:这类软件通常包括各种网络服务的配置和管理工具,如DNS(域名系统)、DHCP(动态主机配置协议)、FTP(文件传输协议)服务器等。它们负责网络中的命名解析、IP地址分配以及文件共享等功能。...
如果配置和计划的正确,基于Linux的服务器能够成为许多小办公室和部门路由器的真正的竞争者。GB级的服务器处理器、大量的内存和高速硬盘可以用 很便宜的价格买到。基于Linux的路由器在执行某些常见的任务时的性能...
服务器
网络操作系统管理与配置课件--RAS远程访问服务器配置