>>>仅用作学习用途
1.准备好需要用到的工具
官网下载地址:
openvpn 客户端下载地址:
https://swupdate.openvpn.org/community/releases/openvpn-install-2.4.5-I601.exe
EasyRSA下载地址:
https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.8/EasyRSA-3.0.8.tgz
原文链接:【无标题】_easy-rsa下载_bbzzxx的博客-CSDN博客
2.实验环境
2台Centos7,1台win10
注:两台linux都要
SELINUX=disabled
systemctl disable firewalld.service
echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf
sysctl -p
重启
3.服务端
[root@localhost ~]# yum -y install epel-release.noarch //安装epel源
[root@localhost ~]# yum -y install openvpn*
Uploading EasyRSA-3.0.8.tgz to remote:/root/EasyRSA-3.0.8.tgz生成证书及密钥
[root@localhost ~]# tar -xf EasyRSA-3.0.8.tgz
[root@localhost ~]# cd EasyRSA-3.0.8/
[root@localhost EasyRSA-3.0.8]# ./easyrsa
[root@localhost EasyRSA-3.0.8]# ./easyrsa init-pki //生成存放目录
[root@localhost EasyRSA-3.0.8]# ./easyrsa build-ca nopass //生成ca证书和私钥且不加密
[root@localhost EasyRSA-3.0.8]# ./easyrsa gen-dh //生成交换密钥
[root@localhost EasyRSA-3.0.8]# ./easyrsa build-client-full client nopass //生成客户端证书和私钥
[root@localhost EasyRSA-3.0.8]# ./easyrsa build-server-full server nopass //生成服务端证书和私钥整理好文件
[root@localhost certs_by_serial]# ls
504BBD13D0F3E040E58E7FAC7594C40E.pem
EE21F697B376054590E029F7FA93FB89.pem
[root@localhost certs_by_serial]# vim 504BBD13D0F3E040E58E7FAC7594C40E.pem
[root@localhost certs_by_serial]# mv 504BBD13D0F3E040E58E7FAC7594C40E.pem client.crt
[root@localhost certs_by_serial]# mv EE21F697B376054590E029F7FA93FB89.pem server.crt
整理好后应包含以下文件
[root@localhost client]# tree
.
├── ca.crt
├── client.crt
├── client.key
└── dh.pem
0 directories, 4 files
[root@localhost server]# tree
.
├── ca.crt
├── dh.pem
├── server.crt
└── server.key
0 directories, 4 files
配置服务端配置文件
[root@localhost ~]# mv server/ /etc/openvpn/
[root@localhost openvpn]# cp -p /usr/share/doc/openvpn-2.4.12/sample/sample-config-files/server.conf ./
78 ca server/ca.crt
79 cert server/server.crt
80 key server/server.key
85 dh server/dh.pem
143 push "route 192.168.33.0 255.255.255.0"
245 tls-auth server/ta.key 0
253 cipher AES-256-GCM
[root@localhost server]# openvpn --genkey --secret ta.key
[root@localhost server]# cp ta.key /root/client/
[root@localhost server]# chmod 755 *
[root@localhost openvpn]# openvpn --daemon --config server.conf
[root@localhost openvpn]# netstat -tlunp | grep openvpn
udp 0 0 0.0.0.0:1194 0.0.0.0:* 17287/openvpn
这里检查是否启动成功,没有看到端口开启,应该是配置文件哪里有问题,要检查一下配置客户端配置文件
[root@localhost client]# cp -p /usr/share/doc/openvpn-2.4.12/sample/sample-config-files/client.conf ./client.ovpn
42 remote 172.16.0.200 1194
116 cipher AES-256-GCM
最后客户端应该有6个文件
[root@localhost client]# tree
.
├── ca.crt
├── client.crt
├── client.key
├── client.ovpn
├── dh.pem
└── ta.key
0 directories, 6 files
还要给它加权限
[root@localhost client]# chmod 755 *
将这个目录移动到客户端4.客户端
双击运行
将配置文件放在指定目录下
注:134那台主机我加了route add default gw 192.168.33.128、时间要同步
学习视频:
【Linux实战】快速构建企业级虚拟专用网络环境-Openvpn_哔哩哔哩_bilibili
参考博客: