CentOS 7.X 下安装OpenVPN Server

一、更新CentOS7.X的RPM包

yum update

二、安装EPEL Repo

yum install epel-release

三、安装OpenVPN

yum install openvpn easy-rsa


四、生成证书

mkdir -p /etc/openvpn/easy-rsa/keys
cp -rf /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa
cd /etc/openvpn/easy-rsa
source ./vars
./clean-all

五、生成CA,,Common Name 处填server,其他默认。

./build-ca

六、生成VPN server的证书和密钥,Common Name 处填server,其他默认。”Sign the certificate?
[y/n]” 和”1 out of 1 certificate requests certified, commit? [y/n]”两处选y。

./build-key-server server

七、生成diffie hellman 参数

./build-dh

八、分配客户端的固定IP,注意:client1是之前build client key的common name

mkdir -p /etc/openvpn/config/ccd
cd /etc/openvpn/config/ccd
vi client1

将下面的内容复制到client1中,本例中,指定链接上来的client1的IP固定分配为10.11.0.118

ifconfig-push 10.11.0.118 255.255.255.0

九、配置vpn server的配置文件

vi /etc/openvpn/server.conf

填入如下内容

local  192.168.0.20
port 8888    
proto tcp-server  
dev tap    
server 10.11.0.0 255.255.255.0    
ca /etc/openvpn/easy-rsa/keys/ca.crt    
cert /etc/openvpn/easy-rsa/keys/server.crt    
key /etc/openvpn/easy-rsa/keys/server.key    
dh /etc/openvpn/easy-rsa/keys/dh2048.pem 
client-config-dir /etc/openvpn/config/ccd 
persist-key    
;persist-tun    
keepalive 10 60    
reneg-sec 0    
comp-lzo    
tun-mtu 1468    
tun-mtu-extra 32    
mssfix 1400    
push persist-key  
;push persist-tun    
;push redirect-gateway def1   
;push dhcp-option DNS 8.8.8.8    
;push dhcp-option DNS 8.8.4.4
status /var/log/openvpn-status.log    
log /var/log/openvpn.log
verb 3

十、启动和设置开机自启动

systemctl start openvpn@server.service

Leave a Reply