在VPS上搭建VPN

By kuco | Published: 2011/08/05

参考自

# http://os.51cto.com/art/201011/234004.htm
# http://www.vpsyou.com/centos5-5-install-openvpn/
# http://www.cat-home.org/?action=show&id=11

1, VPS(server) 上操作如下

mkdir -p /root/software/vpn
cd /root/software/vpn

# 下载软件包
wget http://www.oberhumer.com/opensource/lzo/download/lzo-2.05.tar.gz
wget http://swupdate.openvpn.net/community/releases/openvpn-2.2.1.tar.gz

# 解压及安装
tar zxvf lzo-2.05.tar.gz
cd /root/software/vpn/lzo-2.05
./configure
make
make install

tar zxvf openvpn-2.2.1.tar.gz
cd /root/software/vpn/openvpn-2.2.1
./configure
make
make install

# 服务器端设置
cp /root/software/vpn/openvpn-2.2.1/easy-rsa/2.0 -r /etc/openvpn
cd /etc/openvpn

vim vars

# 将 vars 内容修改为
export KEY_COUNTRY="CN"
export KEY_PROVINCE="SH"
export KEY_CITY="shanghai"
export KEY_ORG="studyday.net"
export KEY_EMAIL="kuco@studyday.net"
export KEY_EMAIL=kuco@studyday.net
export KEY_CN=kuco
export KEY_NAME=kuco
export KEY_OU=kuco
export PKCS11_MODULE_PATH=kuco
export PKCS11_PIN=20110804

source ./vars

./clean-all

./build-ca                  # 一路回车

./build-key-server server   # 一路回车,最后要按两次y

./build-key client          # 一路回车,最后要按两次y

./build-dh

cp /root/software/vpn/openvpn-2.2.1/sample-config-files/server.conf /etc/openvpn/

vim /etc/openvpn/server.conf

#将 server.conf 内容修改为
local 184.82.33.161
port 1194
proto udp

dev tun

ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh1024.pem

server 10.8.0.0 255.255.255.0

client-to-client
keepalive 10 120

comp-lzo

persist-key
persist-tun
status /etc/openvpn/keys/openvpn-status.log
verb 4

push "dhcp-option DNS 10.8.0.1"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4" 

ifconfig-pool-persist /etc/openvpn/keys/ipp.txt

# 修改iptables
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE
/etc/init.d/iptables save
/etc/init.d/iptables restart

# 启动VPN
/usr/local/sbin/openvpn --config /etc/openvpn/server.conf --daemon

2, Windows(client) 上操作如下

# 下载 OpenVPN 并安装

http://swupdate.openvpn.org/community/releases/openvpn-2.2.1-install.exe

# 假设安装路径为
D:\Program Files\OpenVPN

# 将 server 上生成的认证文件下载到 D:\Program Files\OpenVPN\config\ 目录下
/etc/openvpn/keys/ca.crt
/etc/openvpn/keys/client.crt
/etc/openvpn/keys/client.key

# 将 D:\Program Files\OpenVPN\sample-config\client.ovpn 复制到 D:\Program Files\OpenVPN\config\ 

# 修改 D:\Program Files\OpenVPN\config\client.ovpn

# 将 client.ovpn 内容修改为
client

dev tun
proto udp

remote 184.82.33.161 1194

persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
comp-lzo
verb 3

redirect-gateway def1
route-method exe
route-delay 2
This entry was posted in Linux, shell and tagged , . Bookmark the permalink. Trackbacks are closed, but you can post a comment.

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>