Open vpn installation diagram detailed tutorial

OpvnVPN Chinese full name: virtual private network. It is a private private network technology that utilizes public network facilities. For some large enterprises, often in multiple regions, multiple branches, the connection between these institutions and the headquarters to share data requires the use of dedicated lines, if it is expensive to rent related services to the telecommunications sector.

openvpn is an open source VPN implementation based on the GPL protocol. Openvpn can use a key, certificate or account for authentication. We use the certificate to verify the identity of the case, openvpn uses the openssl library for encryption and certificate management. Open can use tcp and udp to establish a data connection. The software can run under linux, mac os and windos, which is a perfect solution for enterprise complex network environment.

Openvpn installation Old rules, check the dependencies before installation. The official website of centos provides the software required by YUM source, which is installed directly through yum. For the openvpn main package, we can go to the official download of openvpn (official website: www.openvpn.net) may not be able to directly access openvpn in China. The official website, we can download in other ways, such as: jump wall. In this case, the certificate is used for verification. The function of the easy-rsa package is to provide a series of scripts for generating related keys and files and installing the software. The scripts and directories need to be copied to the openvpn software path. [root@vpnserver ~]# yum -y install lzo lzo-devel openssl openssl-devel gcc pam-devel [root@vpnserver ~]# tar -xzf openvpn-2.3.1.tar.gz -c /usr/src [root @vpnserver ~]# ./configure - -prefix=/usr/local/openvpn [root@vpnserver ~]# make && make install [root@vpnserver ~]# rpm -r /usr/share/doc/easy -rsa//usr/local/openvpn/Modify the vars file, which saves the default information parameters required to generate the certificate, such as company name, email, etc. [root@vpnserver ~]# vim /usr/local/openvpn/easy-rsa/vars .............. export KEY_COUNTRY="CN" #国名export KEY_PROVINCE="guangdong" #省出口export KEY_CITY="meizhou" #城市export KET_ORG="aisky.cc" #Organization name export KEY_EMAIL="[email protected]" #邮箱export KEY_CN="vpnserver.aisky.cc" #备注Name export KEY_NAME="server" #备注 string export KEY_OU="BLOG" #部名称.................... [root@vpnserver ~]# source ./vars #Execute the script and read the information parameter of the message [root@vpnserver ~]# ./clean-all #Clear all existing certificates and keys [root@vpnserver ~]# ./build-ca #Create The new ca certificate............ This is used instead of the information output when creating the ca certificate. When creating the ca certificate, the country, region, etc. will be written, such as No need to modify simply press the Enter key on it. The build-key-server script is used to create a private file of the vpn. The script prompts whether to use ca to sign the key to generate the corresponding certificate. Use the vpnserver.key script to generate the private key file. vpnserver.csr generates the certificate request file vpnserver.crt. Generate a certificate file, in addition to the key required to create the server, you need to use the same command to generate keys and certificates for the client. [root@vpnserver ~]# ./build-key-server vpnserver .......... .......... [root@vpnserver ~]# ./build-dh #Create Diff Hellman parameters. We copy the created key and the data to the software root directory of openvpn, and copy the main configuration file template provided by the openvpn software to the /usr/local/openvpn directory, and modify the file name to server.conf [root@ Vpnserver ~]# cd /usr/local/openvpn/easy-ra-sa/keys [root@vpnserver ~]# cp ./{ca.crt,vpnserver.crt,vpnserver.key,dh****.pem} /usr/local/openvpn/[root@vpnserver ~]# cp /usr/src/openvpn-2.3.1/sample-config-file/server.conf /usr/local/openvpn [root@vpnserver ~]# vim /Usr/local/openvpn/server.conf ..... port 1194 #Set port proto udp #Set connection protocol dev tun #Create analog Layer 3 VPN ca /usr/local/openvpn/ca.crt #call ca certificate cert /Usr/local/openvpn/vonserver.crt #call the server certificate key /usr/local/openvpn/vpnserver.key #call the server private key file dh /usr/local/openvpn/dh****.pem #call DIFFIE HELLMAN file Server 10.8.0.0 255.255.255.0 #定客IP address acquisition scope ifconfig-pool-persist ipp.txt #Set client virtual IP record push "route 124.126.150.211 " #Set client related network segment push "dhcp-option DNS 202.106.0.20" #Set up the client After getting the DNS information modified configuration file, we use openvpn to start the server process -- config option to start the service with the specified configuration file -- daemon line selection represents the service as a daemon. Enable route forwarding [root@vpnserver ~]# /usr/local/openvpn/sbin/openvpn - -config /user/local/openvpn/server.conf --daemon [root@vpnserver ~]# vim /etc/sysctl. Conf net.ipv4.ip_forward=1 [root@vpnserver ~]# sysctl -p [root@vpnserver ~]# iptables -i input -p udp --dport 1194 -jACCEPT [root@vpnserver ~]# iptable -t nat - i POSTROUTING -s 192.168.0.0/24 -j snat --to--source 124.126.150.211 [root@vpnserver ~]# service iptable save The installation of this openvpn server has come to an end.