1.使用yum安装ocserv
CentOS 6/7可以直接通过EPEL库yum安装ocserv
#安装EPEL库 yum install -y epel-release yum install -y ocserv
2.编辑配置文件
默认安装位置:/etc/ocserv/ocserv.conf
#加密方式 auth = "plain[/etc/ocserv/ocpasswd]" #所使用的TCP和UDP端口 tcp-port = 23345 udp-port = 23345 #进程名,保持默认即可 run-as-user = ocserv run-as-group = ocserv socket-file = ocserv.sock #默认储存目录,保持默认即可 chroot-dir = /var/lib/ocserv max-clients = 16 max-same-clients = 2 keepalive = 32400 dpd = 90 mobile-dpd = 90 switch-to-tcp-timeout = 25 try-mtu-discovery = true #服务器证书,可保持默认 server-cert = /etc/ssl/certs/server-cert.pem server-key = /etc/ssl/private/server-key.pem #保持默认即可 cert-user-oid = 0.9.2342.19200300.100.1.1 tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-VERS-SSL3.0" auth-timeout = 240 min-reauth-time = 300 max-ban-score = 50 ban-reset-time = 300 cookie-timeout = 86400 persistent-cookies = true deny-roaming = false rekey-time = 172800 rekey-method = ssl use-occtl = true pid-file = /var/run/ocserv.pid device = vpns predictable-ips = false #客户端使用的局域网网段,后续需要编辑iptables转发流量 ipv4-network = 10.12.0.0 ipv4-netmask = 255.255.255.0 #也可以使用以下形式 #ipv4-network = 10.12.0.0/24 #优先使用的dns dns = 1.1.1.1 dns = 8.8.8.8 ping-leases = false output-buffer = 23000 #兼容cisco anyconnect客户端 cisco-client-compat = true dtls-legacy = true
多余的部分可以注释掉
3.创建用户名密码
#username处填写用户名
ocpasswd -c /etc/ocserv/ocpasswd username
按提示输入密码即可
4.配置iptables,转发流量
参考文档:
1.CentOS YUM 安装ocservhttps://www.8win.net/2018/02/223.html