OpenVPN的安装与配置(高安全级别的)

考虑到Ubuntu的一些底层的包和CentOS不一样,我决定重新查找CentOS上OpenVPN的安装方法。

安装OpenVPN

  1. 安装前的准备工作,我执行了如下指令(因为我的机器之前编译过别的东西,所以没有完全按照教程来)

yum install -y lz4-devel lzo-devel pam-devel openssl-devel systemd-devel sqlite-devel

  1. 下载OpenVPN并解压(我是去官网找的下载链接)

wget https://swupdate.openvpn.org/community/releases/openvpn-2.5.2.tar.gz
tar -zxvf openvpn-2.5.2.tar.gz
cd openvpn-2.5.2

  1. 编译安装(github上给的教程很简单,这个地方反倒有点复杂,我没有对比,不知道差别):

cd openvpn-2.5.2
autoreconf -i -v -f
./configure --prefix=/usr/local/openvpn --enable-lzo --enable-lz4 --enable-crypto --enable-server --enable-plugins --enable-port-share --enable-iproute2 --enable-pf --enable-plugin-auth-pam --enable-pam-dlopen --enable-systemd
make && make install
ln -s /usr/local/openvpn/sbin/openvpn /usr/local/sbin/openvpn

  1. 修改配置文件,并配置系统服务,并设置开机启动

vim /usr/local/openvpn/lib/systemd/system/openvpn-server@.service

### 找到 ExecStart 这行,改为如下
ExecStart=/usr/local/openvpn/sbin/openvpn --config server.conf


cp -a /usr/local/openvpn/lib/systemd/system/openvpn-server@.service /usr/lib/systemd/system/openvpn.service
systemctl enable openvpn.service

  1. 配置OpenVPN
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

tee /etc/openvpn/server/server.conf <<-'EOF'
local 0.0.0.0
port 1194
proto tcp
dev tun
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/server.crt
key /etc/openvpn/server/server.key
dh /etc/openvpn/server/dh.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 172.16.10.0 255.255.255.0"
;client-to-client
;duplicate-cn
keepalive 10 120
tls-auth /etc/openvpn/server/ta.key 0
cipher AES-256-CBC
compress lz4-v2
push "compress lz4-v2"
;comp-lzo
max-clients 1000
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
log  /var/log/openvpn.log
verb 3
;explicit-exit-notify 1
EOF

sed -i ‘/net.ipv4.ip_forward/s/0/1/’ /etc/sysctl.conf
sed -i ‘/net.ipv4.ip_forward/s/#//’ /etc/sysctl.conf
sysctl -p

配置Window客户端

  1. 官网下载

https://openvpn.net/community-downloads/

ping不通:

  1. 关闭防火墙
  2. 设置端口转发
  3. 关闭Selinux
  4. 额,我的机器上不是eth0
  5. 断开链接了!!!

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eno1 -j MASQUERADE
iptables-save > /etc/sysconfig/iptables

grep ‘net.ipv4.ip_forward = 1’ /etc/sysctl.conf || echo ‘net.ipv4.ip_forward = 1’ » /etc/sysctl.conf
sysctl -p

一直无法链接,需要关闭防火墙(有点矛盾)

虚拟机未开!!!

http://www.r9it.com/20190420/install-openvpn.html#%E5%AE%89%E8%A3%85-openvpn

firewall-cmd –zone=public –add-port=1194/tcp –permanent

参考资料

  1. 在Linux CentOS 7搭建OpenVPN服务与管理