搭建OpenVPN
脚本:
#关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
sed -i s/SELINUX=enforcing/SELINUX=disabled/g /etc/selinux/config
#安装epel源
yum install epel-release -y
#安装openvpn easy-rsa
yum -y install openvpn easy-rsa
#创建服务端证书
mkdir -p /etc/openvpn/easy-rsa/
cp -r /usr/share/easy-rsa/3.0.7/ /etc/openvpn/easy-rsa
cd /etc/openvpn/easy-rsa/3.0.7/
find / -type f -name "vars.example" | xargs -i cp {} . && mv vars.example vars
./easyrsa init-pki
./easyrsa build-ca nopass
./easyrsa gen-req server nopass
./easyrsa sign server server
./easyrsa gen-dh
#整理证书
cd /etc/openvpn
cp easy-rsa/3.0.7/pki/dh.pem .
cp easy-rsa/3.0.7/pki/ca.crt .
cp easy-rsa/3.0.7/pki/issued/server.crt .
cp easy-rsa/3.0.7/pki/private/server.key .
#创建client证书
mkdir -p /etc/openvpn/client/easy-rsa/
cp -r /usr/share/easy-rsa/3.0.7/ /etc/openvpn/client/easy-rsa
cd /etc/openvpn/client/easy-rsa/3.0.7/
find / -type f -name "vars.example" | xargs -i cp {} . && mv vars.example vars
./easyrsa init-pki
./easyrsa gen-req client nopass
#签约客户端证书
cd /etc/openvpn/easy-rsa/3.0.7/
./easyrsa import-req /etc/openvpn/client/easy-rsa/3.0.7/pki/reqs/client.req client
./easyrsa sign client clientopenvpn server.conf配置:
port 1194
proto udp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/dh.pem
ifconfig-pool-persist /etc/openvpn/ipp.txt
server 10.8.0.0 255.255.255.0
push "route 10.8.0.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 114.114.114.114"
push "dhcp-option DNS 8.8.8.8"
client-to-client
keepalive 20 120
comp-lzo
user openvpn
group openvpn
persist-key
persist-tun
status openvpn-status.log
log-append openvpn.log
verb 1
mute 20启动服务:
#启动OpenVPN和端口转发
#启动OpenVPN
systemctl start openvpn@server
#安装iptables
yum -y install iptables iptables-services
#添加策略
vim /etc/sysconfig/iptables
..................
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
后添加:-A INPUT -p udp -m state --state NEW -m udp --dport 1194 -j ACCEPT
..................
#开启端口
systemctl restart iptables.service
iptables -F
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE
#开启转发
vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
sysctl -p
#开机启动
chmod +x /etc/rc.d/rc.local
vim /etc/rc.d/rc.local
# OpenVPN
systemctl restart openvpn@server
systemctl restart iptables.service
iptables -F
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE
sysctl -p至此服务端配置并启动完了
client配置:
client
remote xxx.xxx.xxx.xxx 1194
proto udp
dev tun
comp-lzo
route-delay 2
route-method exe
redirect-gateway def1
dhcp-option DNS 8.8.8.8
dhcp-option DNS 8.8.4.4
dhcp-option DNS 4.2.2.1
dhcp-option DNS 4.2.2.2
verb 3
......
......
......
android app下载: http://plaisthos.de/android/ics-openvpn-latest-stable.apk
导入client.ovpn配置即可
vps服务器我在这里申请的,1美元一个月 https://billing.virmach.com/ 太便宜了
参考:
https://segmentfault.com/p/1210000010330071/read
openvpn(centos7)部署 - 码农教程
版权声明:如无特殊标注,文章均为本站原创,转载时请以链接形式注明文章出处。
评论