Firstly
Installing OpenVPN
Only for VPS based-on OpenVZ virtualization (other skip this): please enable TUN/TAP options in your VPS control panel (e.g: SolusVM)
Install by yum “yum install openvpn”
If we got the problem with “No package openvpn available”
Download rpmforge for your system from http://pkgs.repoforge.org/rpmforge-release/
Install rpmforge by rpm command
After instlall rpmforge, now we can use yum to install openvpn
Now you need to change some files, copy directories, and generate the SSL keys for your server. Execute the following commands:
You’ll also need to enable IP forwarding in the file /etc/sysctl.conf. Open it and edit “net.ipv4.ip_forward” line to 1:
yum install gcc make rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel -yNow download LZO RPM and Configure RPMForge Repo. Use wget command:
wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpmThen build the rpm package using this command:
rpmbuild --rebuild lzo-1.08-4.rf.src.rpm rpm -Uvh lzo-*.rpm rpm -Uvh rpmforge-release*
Installing OpenVPN
Only for VPS based-on OpenVZ virtualization (other skip this): please enable TUN/TAP options in your VPS control panel (e.g: SolusVM)
Install by yum “yum install openvpn”
If we got the problem with “No package openvpn available”
Download rpmforge for your system from http://pkgs.repoforge.org/rpmforge-release/
rpm -ivh rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
After instlall rpmforge, now we can use yum to install openvpn
yum install openvpn
Now you need to change some files, copy directories, and generate the SSL keys for your server. Execute the following commands:
cp -R /usr/share/doc/openvpn-2.2.2/easy-rsa/ /etc/openvpn/ nano /etc/openvpn/easy-rsa/2.0/varsedit this line
export KEY_CONFIG='$EASY_RSA/whichopensslcnf $EASY_RSA'replace it with
export KEY_CONFIG=/etc/openvpn/easy-rsa/2.0/openssl-1.0.0.cnfonce done hit Control+O to save then Control+X to exit. Create the certificate using these commands:
cd /etc/openvpn/easy-rsa/2.0 chmod 755 * source ./vars ./vars ./clean-all ./build-ca Common Name: your server hostname ./build-key-server server ./build-dh
nano -w /etc/openvpn/server.conf //put here your settings
port 1194 #- port proto udp #- protocol dev tun tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 reneg-sec 0 ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt cert /etc/openvpn/easy-rsa/2.0/keys/server.crt key /etc/openvpn/easy-rsa/2.0/keys/server.key dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so /etc/pam.d/login #- Comment this line if you are using FreeRADIUS #plugin /etc/openvpn/radiusplugin.so /etc/openvpn/radiusplugin.cnf #- Uncomment this line if you are using FreeRADIUS client-cert-not-required username-as-common-name server 10.8.0.0 255.255.255.0 push "redirect-gateway def1" push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 8.8.4.4" keepalive 5 30 comp-lzo persist-key persist-tun status 1194.log verb 3
service openvpn start chkconfig openvpn on //add autostart echo openvpn /etc/openvpn/server.conf >> /etc/rc.d/rc.local
nano /etc/sysctl.conf //set net.ipv4.ip_forward = 1 sysctl -pCreate new Linux username which can also be used to login to the VPN:
useradd username -s /bin/false passwd username
Now route some iptables.
Xen and KVM users use:
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADEspecial for OpenVZ use these two instead:
iptables -t nat -A POSTROUTING -o venet0 -j SNAT --to-source 123.123.123.123 iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 123.123.123.123Do not forget to replace 123.123.123.123 with your server IP.
Save rules
service iptables saveClient .ovpn config file
client dev tun proto udp remote-cert-tls server #server certificate verification by client(build-key-server) remote 123.123.123.123 1194 # - Your server IP and OpenVPN Port resolv-retry infinite nobind tun-mtu 1500 tun-mtu-extra 32 mssfix 1450 persist-key persist-tun ca ca.crt auth-user-pass comp-lzo reneg-sec 0 verb 3
sudo openvpn --config ~/path/to/client.ovpn
Комментариев нет:
Отправить комментарий