RSS   



  可打印版本 | 推薦給朋友 | 訂閱主題 | 收藏主題 | 純文字版  


 


 
主題: [分享]CENTOS安裝OPENVPN的方法   字型大小:||| 
MU
版主
等級: 30等級: 30等級: 30等級: 30等級: 30等級: 30等級: 30等級: 30
驢的傳人-驢騎士

今日心情

 . 積分: 765
 . 精華: 12
 . 文章: 5247
 . 收花: 3150 支
 . 送花: 1996 支
 . 比例: 0.63
 . 在線: 609 小時
 . 瀏覽: 6090 頁
 . 註冊: 7214
 . 失蹤: 51
 . 台中的阿土伯
#1 : 2009-2-24 12:17 PM     只看本作者 引言回覆

1. Download the required package files.

    wget http://openvpn.net/release/openvpn-2.0.9.tar.gz
    wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm

2. Install and build your download files

You may need the required repository before start your installation

    yum install rpm-build
    yum install autoconf.noarch
    yum install zlib-devel
    yum install pam-devel
    yum install openssl-devel

If you have the above dependencies installed, you can start your installation as follows:

    rpmbuild –rebuild lzo-1.08-4.rf.src.rpm
    rpm -Uvh /usr/src/redhat/RPMS/i386/lzo-*.rpm
    rpmbuild -tb openvpn-2.0.9.tar.gz
    rpm -Uvh /usr/src/redhat/RPMS/i386/openvpn-2.0.9-1.i386.rpm

3. Copy configuration files

    cp -r /usr/share/doc/openvpn-2.0.9/easy-rsa/ /etc/openvpn/
    cp /usr/share/doc/openvpn-2.0.9/sample-config-files/server.conf /etc/openvpn/

4. CA configuration

    cd /etc/openvpn/easy-rsa/
    pico vars (or use vi editor, I just like to use pico)

then scroll down to the bottom, edit as you like.

    export KEY_COUNTRY=AU
    export KEY_PROVINCE=VIC
    export KEY_CITY=MELBOURNE
    export KEY_ORG=”THROXVPN”
    export KEY_EMAIL=”name@email.com

    ./vars (note a space between . . )
    ./clean-all

5. Build CA

    ./build-ca

    Generating a 1024 bit RSA private key
    ………………………++++++
    …………………….++++++
    writing new private key to ‘ca.key’
    —–
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter ‘.’, the field will be left blank.
    —–
    Country Name (2 letter code) [AU]:
    State or Province Name (full name) [VIC]:
    Locality Name (eg, city) [MELBOURNE]:
    Organization Name (eg, company) [THROXVPN]:
    Organizational Unit Name (eg, section) []:Throx
    Common Name (eg, your name or your server’s hostname) []:throx.net
    Email Address [name@mail.com]:

Some information above already entered in step 4, hust hit enter and go to next line.

6. Building server key

    ./build-key-server ovpnsrv1

    Generating a 1024 bit RSA private key
    ………………………………….++++++
    …………………….++++++
    writing new private key to ‘ovpnsrv1.key’
    —–
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter ‘.’, the field will be left blank.
    —–
    Country Name (2 letter code) [AU]:
    State or Province Name (full name) [VIC]:
    Locality Name (eg, city) [MELBOURNE]:
    Organization Name (eg, company) [THROXVPN]:
    Organizational Unit Name (eg, section) []:Throx
    Common Name (eg, your name or your server’s hostname) []:throx.net
    Email Address [name@email.com]:

    Please enter the following ‘extra’ attributes
    to be sent with your certificate request
    A challenge password []:<enter your password here>
    An optional company name []:
    Using configuration from /etc/openvpn/easy-rsa/openssl.cnf
    Check that the request matches the signature
    Signature ok
    The Subject’s Distinguished Name is as follows
    countryName���������� RINTABLE:’AU’
    stateOrProvinceName�� RINTABLE:’VIC’
    localityName��������� RINTABLE:’MELBOURNE’
    organizationName����� RINTABLE:’THROXVPN’
    organizationalUnitNameRINTABLE:’Throx’
    commonName����������� RINTABLE:’throx.net’
    emailAddress��������� :IA5STRING:’name@email.com
    Certificate is to be certified until Apr 10 15:15:27 2018 GMT (3650 days)
    Sign the certificate? [y/n]:y

    1 out of 1 certificate requests certified, commit? [y/n]y
    Write out database with 1 new entries
    Data Base Updated

7. Building Diffie Hellman

    ./build-dh

    Generating DH parameters, 1024 bit long safe prime, generator 2
    This is going to take a long time

(Wait until it finished)

8. Copy key certificates to the required folder

    cp keys/ca.crt ../
    cp keys/dh1024.pem ../
    cp keys/ovpnsrv1.key ../
    cp keys/ovpnsrv1.crt ../

9. OpenVPN configuration

    cd ../
    pico server.conf
    dev tap
    ;dev tun
    ca ca.crt
    cert ovpnsrv1.crt
    key ovpnsrv1.key # This file should be kept secret

10. Startup the OpenVPN service (Finally, hold your breath)

    service openvpn restart
    chkconfig openvpn on

Windows Client Installation and Configuration

1. Download a copy of windows client

http://openvpn.net/release/openvpn-2.0.9-install.exe and install it.

2. Create CA in windows machine

Open windows cmd.exe command promp and change directory (cd) into c:\program files\openvpn\

    >copy vars.bat.sample vars.bat

    >edit vars.bat (scroll down to the bottom)

    set KEY_COUNTRY=AU
    set KEY_PROVINCE=VIC
    set KEY_CITY=MELBOURNE
    set KEY_ORG=THROXVPN
    set KEY_EMAIL=name@mail.com

note: the above information must be same as the details set in server previously.

3. Run the file vars.bat

    >vars

4. Build client’s key and certificate

    >copy openssl.cnf.sample openssl.cnf
    >md keys
    >build-key vpnhome

5. Copy vpnhome.csr to the server directory /etc/openvpn/easy-rsa/keys

    cd /etc/openvpn/easy-rsa/
    ./sign-req vpnhome
    Using configuration from /etc/openvpn/easy-rsa/openssl.cnf
    Check that the request matches the signature
    Signature ok
    The Subject’s Distinguished Name is as follows
    countryName���������� RINTABLE:’AU’
    stateOrProvinceName�� RINTABLE:’VIC’
    localityName��������� RINTABLE:’MELBOURNE’
    organizationName����� RINTABLE:’THROXVPN’
    organizationalUnitName:PRINTABLE:’Throx’
    commonName����������� :PRINTABLE:’throx.net’
    emailAddress��������� :IA5STRING:’name@mail.com
    Certificate is to be certified until Apr 10 16:04:33 2018 GMT (3650 days)
    Sign the certificate? [y/n]:y

    1 out of 1 certificate requests certified, commit? [y/n]y
    Write out database with 1 new entries
    Data Base Updated

6. Copy new signed certificate to your windows machine

Go to /etc/openvpn/easy-rsa/keys/ , you will see 2 new generated file - ca.crt and vpnhome.crt

Copy both of them to your Windows home machine c:/Program Files/OpenVPN/config

Also copy your windows generated vpnhome.key from C:\Program Files\OpenVPN\easy-rsa\keys to C:\Program Files\OpenVPN\config

7. Setting the client configuration for OpenVPN

Copy client.ovpn from C:\Program Files\OpenVPN\sample-config to C:\Program Files\OpenVPN\config

Edit it with the followings changes, similar to what you have done in the linux server

    dev tap
    ;dev tun
    dev-node OpenVPN_Tap
    remote <ipaddress> 1194� (example: remote 202.188.1.1 1194)
    ca ca.crt
    cert alanghome.crt
    key alanghome.key
    ns-cert-type server

8. Configure the network interface for OpenVPN
Select “Control Panel” -> “Network Connection” -> “TAP-Win32#(#)”
Right-Click to rename as ‘OpenVPN_Tap’

9. Startup the connection of client

Go to START>All Programs>OpenVPN>OpenVPN GUI , click it

In the task-bar, select “OpenVPN GUI” -> right-click “Connect”

Phew…. if everything set correctly, now you should be connected to your linux via OpenVPN.

Source: http://yumax1012.blogspot.com/20 ... n-on-centos-44.html



[如果你喜歡本文章,就按本文章之鮮花~送花給作者吧,你的支持就是別人的動力來源]
本文連接  
檢閱個人資料  發私人訊息  Blog  快速回覆 新增/修改 爬文標記

   

快速回覆
表情符號

更多 Smilies

字型大小 : |||      [完成後可按 Ctrl+Enter 發佈]        

溫馨提示:本區開放遊客瀏覽。
選項:
關閉 URL 識別    關閉 表情符號    關閉 Discuz! 代碼    使用個人簽名    接收新回覆信件通知
發表時自動複製內容   [立即複製] (IE only)


 



所在時區為 GMT+8, 現在時間是 2024-3-29 02:30 AM
清除 Cookies - 連絡我們 - TWed2k © 2001-2046 - 純文字版 - 說明
Discuz! 0.1 | Processed in 0.026709 second(s), 7 queries , Qzip disabled