Centos安装配置openvpn服务端代码
代码
[root@vpnserver ~]# ntpdate time.nist.gov
[root@vpnserver ~]# mkdir /byrd/tools -p
[root@vpnserver ~]# mkdir /byrd/service
[root@vpnserver ~]# cd /byrd/tools/
[root@vpnserver tools]# wget http://www.oberhumer.com/opensource/lzo/download/lzo-2.06.tar.gz #lzo压缩模块
[root@vpnserver tools]# tar zxf lzo-2.06.tar.gz
[root@vpnserver tools]# cd lzo-2.06
[root@vpnserver lzo-2.06]# ./configure
[root@vpnserver lzo-2.06]# make && make install
[root@vpnserver lzo-2.06]# echo $?
0
[root@vpnserver lzo-2.06]# cd ..
[root@vpnserver tools]# wget http://swupdate.openvpn.org/community/releases/openvpn-2.2.2.tar.gz
[root@vpnserver tools]# tar zxf openvpn-2.2.2.tar.gz
[root@vpnserver tools]# cd openvpn-2.2.2
[root@vpnserver openvpn-2.2.2]# ./configure --with-lzo-headers=/usr/local/include --with-lzo-lib=/usr/local/lib
[root@vpnserver openvpn-2.2.2]# make && make install
[root@vpnserver openvpn-2.2.2]# echo $?
0[root@vpnserver openvpn-2.2.2]# rpm -qa openssl*
openssl-1.0.1e-42.el6_7.4.x86_64
openssl-devel-1.0.1e-42.el6_7.4.x86_64
[root@vpnserver openvpn-2.2.2]# cd easy-rsa/2.0/
[root@vpnserver 2.0]# ll
total 128
-rwxrwxr-x. 1 500 500 119 Nov 25 2011 build-ca
-rwxrwxr-x. 1 500 500 352 Nov 25 2011 build-dh
-rwxrwxr-x. 1 500 500 188 Nov 25 2011 build-inter
-rwxrwxr-x. 1 500 500 163 Nov 25 2011 build-key
-rwxrwxr-x. 1 500 500 157 Nov 25 2011 build-key-pass
-rwxrwxr-x. 1 500 500 249 Nov 25 2011 build-key-pkcs12
-rwxrwxr-x. 1 500 500 268 Nov 25 2011 build-key-server
-rwxrwxr-x. 1 500 500 213 Nov 25 2011 build-req
-rwxrwxr-x. 1 500 500 158 Nov 25 2011 build-req-pass
-rwxrwxr-x. 1 500 500 428 Nov 25 2011 clean-all
-rwxrwxr-x. 1 500 500 1457 Nov 25 2011 inherit-inter
-rwxrwxr-x. 1 500 500 295 Nov 25 2011 list-crl
-rw-rw-r--. 1 500 500 413 Nov 25 2011 Makefile
-rwxrwxr-x. 1 500 500 7768 Oct 21 2010 openssl-0.9.6.cnf
-rwxrwxr-x. 1 500 500 8325 Nov 25 2011 openssl-0.9.8.cnf
-rwxrwxr-x. 1 500 500 8222 Nov 25 2011 openssl-1.0.0.cnf
-rwxrwxr-x. 1 500 500 12675 Nov 25 2011 pkitool
-rw-rw-r--. 1 500 500 9299 Nov 25 2011 README
-rwxrwxr-x. 1 500 500 918 Nov 25 2011 revoke-full
-rwxrwxr-x. 1 500 500 178 Nov 25 2011 sign-req
-rwxrwxr-x. 1 500 500 1841 Nov 25 2011 vars
-rwxrwxr-x. 1 500 500 714 Nov 25 2011 whichopensslcnf
[root@vpnserver 2.0]# cp vars vars.bk
[root@vpnserver 2.0]# tail -12 vars
# Don't leave any of these fields blank.
export KEY_COUNTRY="CN"
export KEY_PROVINCE="Zhejiang"
export KEY_CITY="Hangzhou"
export KEY_ORG="t4x.org"
export KEY_EMAIL="root@t4x.org"
export KEY_EMAIL=root@t4x.org
export KEY_CN=www.t4x.org
export KEY_NAME=Byrd
export KEY_OU=Byrd
export PKCS11_MODULE_PATH=changeme
export PKCS11_PIN=1234
[root@vpnserver 2.0]# source vars
NOTE: If you run ./clean-all, I will be doing a rm -rf on /byrd/tools/openvpn-2.2.2/easy-rsa/2.0/keys
[root@vpnserver 2.0]# ./clean-all
[root@vpnserver 2.0]# ll /byrd/tools/openvpn-2.2.2/easy-rsa/2.0/keys
total 4
-rw-r--r--. 1 root root 0 Mar 9 13:00 index.txt
-rw-r--r--. 1 root root 3 Mar 9 13:00 serial
[root@vpnserver 2.0]# ./build-ca
Country Name (2 letter code) [CN]:
State or Province Name (full name) [Zhejiang]:
Locality Name (eg, city) [Hangzhou]:
Organization Name (eg, company) [t4x.org]:
Organizational Unit Name (eg, section) [Byrd]:
Common Name (eg, your name or your server's hostname) [www.t4x.org]:hz.t4x.org
Name [Byrd]:
Email Address [root@t4x.org]:
[root@vpnserver 2.0]# ll /byrd/tools/openvpn-2.2.2/easy-rsa/2.0/keys
total 12
-rw-r--r--. 1 root root 1330 Mar 9 13:04 ca.crt
-rw-------. 1 root root 916 Mar 9 13:04 ca.key
-rw-r--r--. 1 root root 0 Mar 9 13:03 index.txt
-rw-r--r--. 1 root root 3 Mar 9 13:03 serial
[root@vpnserver 2.0]# ./build-key-server server
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'CN'
stateOrProvinceName :PRINTABLE:'Zhejiang'
localityName :PRINTABLE:'Hangzhou'
organizationName :PRINTABLE:'t4x.org'
organizationalUnitName:PRINTABLE:'Byrd'
commonName :PRINTABLE:'server'
name :PRINTABLE:'Byrd'
emailAddress :IA5STRING:'root@t4x.org'
[root@vpnserver 2.0]# ./build-key t4x
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'CN'
stateOrProvinceName :PRINTABLE:'Zhejiang'
localityName :PRINTABLE:'Hangzhou'
organizationName :PRINTABLE:'t4x.org'
organizationalUnitName:PRINTABLE:'Byrd'
commonName :PRINTABLE:'t4x'
name :PRINTABLE:'Byrd'
emailAddress :IA5STRING:'root@t4x.org'
[root@vpnserver 2.0]# ll /byrd/tools/openvpn-2.2.2/easy-rsa/2.0/keys
total 64
-rw-r--r--. 1 root root 3893 Mar 9 13:25 t4x.crt
-rw-r--r--. 1 root root 765 Mar 9 13:25 t4x.csr
-rw-------. 1 root root 916 Mar 9 13:25 t4x.key
[root@vpnserver 2.0]# ./build-dh #生成交换密钥协议文件
[root@vpnserver 2.0]# ll /byrd/tools/openvpn-2.2.2/easy-rsa/2.0/keys/dh1024.pem
-rw-r--r--. 1 root root 245 Mar 9 13:33 /byrd/tools/openvpn-2.2.2/easy-rsa/2.0/keys/dh1024.pem
[root@vpnserver 2.0]# openvpn --genkey --secret keys/ta.key
[root@vpnserver 2.0]# mkdir /etc/openvpn
[root@vpnserver 2.0]# cp -ap keys /etc/openvpn/
[root@vpnserver 2.0]# ##############cp ../../sample-config-files/client.conf /etc/openvpn/
[root@vpnserver 2.0]# cp ../../sample-config-files/server.conf /etc/openvpn/
[root@vpnserver 2.0]# ll /etc/openvpn/
total 16
drwx------ 2 root root 4096 Mar 9 04:53 keys
-rw-r--r-- 1 root root 10288 Mar 9 04:54 server.conf
[root@vpnserver 2.0]# cd /etc/openvpn/
[root@vpnserver openvpn]# cp server.conf server.conf.bk
[root@vpnserver openvpn]# grep -vE ";|#|^$" server.conf #egrep -v ";|#|^$" server.conf
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
dh dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
[root@hk openvpn]# cp /byrd/tools/openvpn-2.2.2/sample-scripts/openvpn.init /etc/init.d/openvpn
configure: error: OpenSSL Crypto headers not found.
[root@vpnserver openvpn-2.2.2]# yum install openssl-devel
configure: error: libpam required but missing
[root@vpnserver openvpn-2.2.2]# yum install pam-devel