linux下OPENVPN安装详解

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

# 建立 Diffie Hellman 参数
./build-dh
Generating DH parameters, 1024 bit long safe prime, generator 2
This is going to take a long time
.................................. ............................................
.. ............................................................................
................... .................................... ......................
....................... ...

# 安裝 server 所需的 CA 文件
cp keys/ca.crt ../
cp keys/dh1024.pem ../
cp keys/S1.key ../
cp keys/S1.crt ../

# 配置 server.conf(沒提及的請保持原樣)
cd ../
vi server.conf
dev tap
;dev tun
ca ca.crt
cert ovpnsrv1.crt
key ovpnsrv1.key # This file should be kept secret

# 启动openvpn server
//把/etc/openvpn/sample-scripts/openvpn.init 复制到/etc/init.d/openvpn
chmod 755 /etc/init.d/openvpn
service openvpn restart
chkconfig openvpn on

--------------------------
3.2 Client

# 下载并安装 openvpn (GUI 版本)
http://openvpn.se/files/install_packages/openvpn-2.1_beta7-gui-1.0.3-install.exe

# 设定环境
cmd.exe
cd "c:Program FilesOpenVPNeasy-rsa"
copy openssl.cnf.sample openssl.cnf
copy vars.bat.sample vars.bat
edit vars.bat
(內容与server 一至, 尤其 KEY_ORG 项目.)

# 建立 CA 环境（client）

vars

#为vpn clients 生成证书与密匙在server上操作

./build-key client1
./build-key client2
./build-key client3
Common Name 处分别填client1 client2 client3,别的同vpn server 设置

# 安裝 CA 文件 //在客户端操作
cd ..config
把服务器上的C1.crt和ca.crt 下载到本地的OpenVPN的config目录 //winscp

copy ..easy-rsakeysovpnclt1.key . //config目录

# 複制 sample 設定檔:
copy ..sample-configclient.ovpn . //config目录

# 配置 client 端設定檔
右下角(OpenVPN GUI)
右鍵--> Edit Config (沒提及的, 請保持原貌)
dev tap
;dev tun
remote 192.168.100.151 1194
ca C:\keys\ca.crt
cert C:\keys\C1.crt
key C:\keys\C1.key

# 設定 openvpn TAP 界面
控制台-->網路連線-->TAP-Win32#(#)
右鍵-->重新命名-->OpenVPN_Tap

# 啟動 openvpn client
右下角(OpenVPN GUI)
右鍵--> Connect

# 測試
ping 10.8.0.1

C:Program FilesOpenVPNeasy-rsa>ping 10.8.0.1

Pinging 10.8.0.1 with 32 bytes of data:

Reply from 10.8.0.1: bytes=32 time=1ms TTL=64
Reply from 10.8.0.1: bytes=32 time<1ms TTL=64
Reply from 10.8.0.1: bytes=32 time<1ms TTL=64
Reply from 10.8.0.1: bytes=32 time<1ms TTL=64

Ping statistics for 10.8.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms

C:Program FilesOpenVPNeasy-rsa>

四, 注意:

4.1 要允許多個 client 相互連線, 須在 server 端

凌众科技专业提供服务器租用、服务器托管、企业邮局、虚拟主机等服务，公司网站：http://www.lingzhong.cn 为了给广大客户了解更多的技术信息，本技术文章收集来源于网络,凌众科技尊重文章作者的版权，如果有涉及你的版权有必要删除你的文章，请和我们联系。以上信息与文章正文是不可分割的一部分,如果您要转载本文章,请保留以上信息，谢谢!