http://os.51cto.com/art/201011/234004.htm
http://firefly222.blog.51cto.com/899793/617616
http://www.linuxidc.com/Linux/2011-06/37431.htm
http://www.21andy.com/blog/20100327/1794.html
http://www.hostloc.com/thread-16580-1-1.html
http://www.linuxidc.com/Linux/2011-06/37431p2.htm
http://www.hostloc.com/thread-16580-1-1.html
http://hiroada.iteye.com/blog/1205628
http://alsww.blog.51cto.com/2001924/487565
http://www.linuxfly.org/post/86/
在VPS中安装openvpn 有些曲折,pptp又需要内核之类的,所以最终选择OPENVPN
如果是实体机,可以参考旧文
debian6安装openvpn
debian6 安装pptp vpn
1,安装
wget http://openvpn.net/release/openvpn-2.1_rc22.tar.gz
2,生成KEY
# cp /opt/openvpn-2.1_rc22/easy-rsa/2.0 -r /etc/openvpn# cd /etc/openvpn/2.0
# vim vars
# source ./vars
# ./clean-all
# ./build-ca
# ./build-server-key server-name
# ./build-key client-name1
# ./build-key client-name2
# ./build-dh
3,设置
cp /opt/openvpn-2.1_rc22/sample-config-files/server.conf /etc/openvpn/
vi /etc/openvpn/server.conf
port 443
proto tcp
dev tun
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1"
#让所有客户端都增加到192.168.4.0/24的路由
push "route 10.8.0.0 255.255.255.0 10.8.0.1"
push "dhcp-option DNS 10.8.0.1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
#下面是定义服务器读取特殊客户端配置文件的目录为ccd;
client-config-dir ccd
#允许客户端子网互通
client-to-client
route 10.8.0.0 255.255.255.0
#服务器增加到192.168.4.0/24的路由
keepalive 10 120
comp-lzo
persist-key
persist-tun
verb 3
status openvpn-status.log
log /var/log/openvpn.log
客户端分开设置
创建 /etc/openvpn/ccd 目录,
在目录里面创建CN的名字的文件名,如上,应该为 client1 client2 等样子的文件,内容如下
linux:
ifconfig-push 10.10.10.5 10.10.10.6
win:
ifconfig-push 10.8.0.30 10.8.0.29
28/30
=28+4
其中28,31保留
只用29,30
如:
ccd/clinet3
ifconfig-push 10.8.0.20 10.8.0.19
4,按配置启动服务
# /usr/local/sbin/openvpn --config /etc/openvpn/server.conf &
ps,这一点很容易被忽略
5,设置客户端
client1.ovpn
client
dev tun
proto tcp
remote 1.2.3.4 443
push "ifconfig 10.8.1.6 10.8.1.1"
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
comp-lzo
verb 3
6,设置NAT
# echo 1 > /proc/sys/net/ipv4/ip_forward
#为了使CentOS重启后仍然开启路由转发功能我们需要再执行下列命令
# sysctl -w net.ipv4.ip_forward=1
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 1.2.3.4
iptables-save > /etc/iptables.up.rules
/sbin/iptables-restore < /etc/iptables.up.rules
service iptables save
分享到:
相关推荐
centos配置openmeetings
CentOS7安装指南
CentOS安装MySQL5.7,带部分截图
centos7.0安装mysql centos7.0安装mysql centos7.0安装mysql
在centos下安装oracle11g 使用yum源进行搭建 包括配置监听
CentOS 7 安装 MySQL
FastDFS一键安装脚本centOS6.x 一键搭建单机版fastDFS - 1.FastDFS_v5.08.tar.gz - 2.fastdfs-nginx-module_v1.16.tar.gz - 3.libfastcommon-master.zip - 4.nginx-1.8.0.tar.gz
基于centos环境的freeswitch服务安装,可视对讲功能,亲测可以使用;sipp性能测试打180QPS;
Centos安装中文语言包安装
centos7亲测安装成功,摘自网上一个帖子,忘了出处,若有人知道望告知,添加链接,谢谢!
系列文档之05-CentOS 安装Weblogic10
centos7离线安装bison
CentOS7安装Git
centos配置openmeetings[归类].pdf
centos安装教程,由图解,比较详细
CentOS安装.docx
Centos5.5下Qt的安装配置
在Centos7安装golang教程
Centos7下安装MongoDB
centos7安装详细教程centos7安装详细教程centos7安装详细教程centos7安装详细教程centos7安装详细教程centos7安装详细教程centos7安装详细教程centos7安装详细教程centos7安装详细教程centos7安装详细教程centos7...