• 欢迎访问运维搬运工网站,推荐使用最新版火狐浏览器和Chrome浏览器访问本网站。
  • 本站一年会员:100元 ,两年会员:180元 ,永久会员:380元
  • 这世界就是,一些人总在昼夜不停地运转,而另外一些人,起床就发现世界已经变了。
  • 本博客推广的是知识付费,用赞助的方式实现博客维护,不以赚钱为目的的博客

CentOS7.2安装OpenVPN

系统环境

[root@1 ~]# uname -a
Linux 1.vip 3.10.0-327.el7.x86_64 #1 SMP Thu Nov 19 22:10:57 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

[root@1 ~]# cat /etc/redhat-release
CentOS Linux release 7.2.1511 (Core)

关闭防火墙

[root@1 ~]# systemctl stop firewalld.service
[root@1 ~]# systemctl disable firewalld.service

selinux

[mem]

[root@1 ~]# cat /etc/sysconfig/selinux

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected. 
# mls - Multi Level Security protection.
SELINUXTYPE=targeted

 阿里云同步

[root@iZ2zed8n679qgb97fx8kdfZ ~]# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
--2017-09-01 10:54:57-- http://mirrors.aliyun.com/repo/Centos-7.repo
Resolving mirrors.aliyun.com (mirrors.aliyun.com)... 115.28.122.210, 112.124.140.210
Connecting to mirrors.aliyun.com (mirrors.aliyun.com)|115.28.122.210|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2573 (2.5K) [application/octet-stream]
Saving to: ‘/etc/yum.repos.d/CentOS-Base.repo’

100%[====================================================================================================>] 2,573 --.-K/s in 0s

2017-09-01 10:54:57 (256 MB/s) - ‘/etc/yum.repos.d/CentOS-Base.repo’ saved [2573/2573]

安装 epel源

[root@iZ2zed8n679qgb97fx8kdfZ ~]# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
--2017-09-01 10:56:02-- http://mirrors.aliyun.com/repo/epel-7.repo
Resolving mirrors.aliyun.com (mirrors.aliyun.com)... 112.124.140.210, 115.28.122.210
Connecting to mirrors.aliyun.com (mirrors.aliyun.com)|112.124.140.210|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1084 (1.1K) [application/octet-stream]
Saving to: ‘/etc/yum.repos.d/epel.repo’

100%[====================================================================================================>] 1,084 --.-K/s in 0s

2017-09-01 10:56:03 (183 MB/s) - ‘/etc/yum.repos.d/epel.repo’ saved [1084/1084]

安装 vpn依赖

[root@iZ2zed8n679qgb97fx8kdfZ ~]# yum install openssl openssl-devel gcc gcc-c++  pam pam-devel easy-rsa -y

下载和安装openvpn

https://swupdate.openvpn.org/community/releases/openvpn-2.4.3.tar.gz

使用rpmbuild将源码包编译成rpm包来进行安装

[root@192 ~]# yum install -y rpm-build lzo-devel

[root@192 ~]# ll
总用量 1396
-rw-------. 1 root root 1567 6月 20 10:09 anaconda-ks.cfg
-rw-r--r--. 1 root root 1422692 7月 4 22:55 openvpn-2.4.3.tar.gz
drwxr-xr-x. 2 root root 6 6月 21 13:48 software
[root@192 ~]# rpmbuild -tb openvpn-2.4.3.tar.gz 
[root@192 ~]# rpm -ivh /root/rpmbuild/RPMS/x86_64/openvpn-2.4.3-1.x86_64.rpm 
准备中... ################################# [100%]
正在升级/安装...
1:openvpn-2.4.3-1 ################################# [100%]
Restarting openvpn (via systemctl): [ 确定 ]

下载和安装easy-rsa

[root@192 ~]# wget https://github.com/OpenVPN/easy-rsa/archive/release/2.x.zip
[root@192 ~]# unzip 2.x.zip 
[root@192 ~]# cp -r /root/easy-rsa-release-2.x/easy-rsa/2.0/* /etc/openvpn/

复制openvpn配置文件

[root@iZ2zed8n679qgb97fx8kdfZ ~]# cp /usr/share/doc/openvpn-2.4.3/sample/sample-config-files/server.conf /etc/openvpn/

查看openvpn组件

[root@iZ2zed8n679qgb97fx8kdfZ ~]# ll /etc/openvpn/
total 132
-rwxr-xr-x 1 root root 119 Sep 1 11:04 build-ca
-rwxr-xr-x 1 root root 352 Sep 1 11:04 build-dh
-rwxr-xr-x 1 root root 188 Sep 1 11:04 build-inter
-rwxr-xr-x 1 root root 163 Sep 1 11:04 build-key
-rwxr-xr-x 1 root root 157 Sep 1 11:04 build-key-pass
-rwxr-xr-x 1 root root 249 Sep 1 11:04 build-key-pkcs12
-rwxr-xr-x 1 root root 268 Sep 1 11:04 build-key-server
-rwxr-xr-x 1 root root 213 Sep 1 11:04 build-req
-rwxr-xr-x 1 root root 158 Sep 1 11:04 build-req-pass
-rwxr-xr-x 1 root root 449 Sep 1 11:04 clean-all
drwxr-x--- 2 root root 4096 Jun 21 18:23 client
-rwxr-xr-x 1 root root 1471 Sep 1 11:04 inherit-inter
-rwxr-xr-x 1 root root 302 Sep 1 11:04 list-crl
-rw-r--r-- 1 root root 7791 Sep 1 11:04 openssl-0.9.6.cnf
-rw-r--r-- 1 root root 8348 Sep 1 11:04 openssl-0.9.8.cnf
-rw-r--r-- 1 root root 8245 Sep 1 11:04 openssl-1.0.0.cnf
-rwxr-xr-x 1 root root 12966 Sep 1 11:04 pkitool
-rwxr-xr-x 1 root root 928 Sep 1 11:04 revoke-full
drwxr-x--- 2 root root 4096 Jun 21 18:23 server
-rw-r--r-- 1 root root 10782 Sep 1 11:04 server.conf
-rwxr-xr-x 1 root root 178 Sep 1 11:04 sign-req
-rw-r--r-- 1 root root 2077 Sep 1 11:04 vars
-rwxr-xr-x 1 root root 740 Sep 1 11:04 whichopensslcnf

 配置pki

[root@iZ2zed8n679qgb97fx8kdfZ ~]# cd /etc/openvpn/
[root@iZ2zed8n679qgb97fx8kdfZ openvpn]# vim vars

 61 # These are the default values for fields
 62 # which will be placed in the certificate.
 63 # Don't leave any of these fields blank.
 64 export KEY_COUNTRY="CN"
 65 export KEY_PROVINCE="BJ"
 66 export KEY_CITY="BJ"
 67 export KEY_ORG="IT"
 68 export KEY_EMAIL="guozhenshijia@foxmail.com"
 69 export KEY_OU="azhen"

修改vars文件可执行并调用

[root@iZ2zed8n679qgb97fx8kdfZ openvpn]# chmod +x vars

查看配置文件

[root@iZ2zed8n679qgb97fx8kdfZ openvpn]# cat vars
# easy-rsa parameter settings

# NOTE: If you installed from an RPM,
# don't edit this file in place in
# /usr/share/openvpn/easy-rsa --
# instead, you should copy the whole
# easy-rsa directory to another location
# (such as /etc/openvpn) so that your
# edits will not be wiped out by a future
# OpenVPN package upgrade.

# This variable should point to
# the top level of the easy-rsa
# tree.
export EASY_RSA="`pwd`"

#
# This variable should point to
# the requested executables
#
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"



# This variable should point to
# the openssl.cnf file included
# with easy-rsa.
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`

# Edit this variable to point to
# your soon-to-be-created key
# directory.
#
# WARNING: clean-all will do
# a rm -rf on this directory
# so make sure you define
# it correctly!
export KEY_DIR="$EASY_RSA/keys"

# Issue rm -rf warning
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR

# PKCS11 fixes
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"

# Increase this to 2048 if you
# are paranoid. This will slow
# down TLS negotiation performance
# as well as the one-time DH parms
# generation process.
export KEY_SIZE=2048

# In how many days should the root CA key expire?
export CA_EXPIRE=3650

# In how many days should certificates expire?
export KEY_EXPIRE=3650

# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
export KEY_COUNTRY="CN"
export KEY_PROVINCE="BJ"
export KEY_CITY="BJ"
export KEY_ORG="IT"
export KEY_EMAIL="guozhenshijia@foxmail.com"
export KEY_OU="azhen"

# X509 Subject Field
export KEY_NAME="EasyRSA"

# PKCS11 Smart Card
# export PKCS11_MODULE_PATH="/usr/lib/changeme.so"
# export PKCS11_PIN=1234

# If you'd like to sign all keys with the same Common Name, uncomment the KEY_CN export below
# You will also need to make sure your OpenVPN server config has the duplicate-cn option set
# export KEY_CN="CommonName"
[root@iZ2zed8n679qgb97fx8kdfZ openvpn]#

 产生ca证书

[root@iZ2zed8n679qgb97fx8kdfZ openvpn]# source ./vars
NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/keys

#NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/keys

#注也就是如果执行./clean-all就会清空/etc/openvpn/keys下所有文件

开始配置证书

清空原有证书

[root@iZ2zed8n679qgb97fx8kdfZ openvpn]# ./clean-all

注下面这个命令在第一次安装时可以运行以后在添加完客户端后慎用因为这个命令会清除所有已经生成的证书密钥和上面的提示对应

 生成服务器端和客户端ca证书(一路回车)

[root@iZ2zed8n679qgb97fx8kdfZ openvpn]# ./build-ca
Generating a 2048 bit RSA private key
..............................+++
.................................................................................+++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CN]:
State or Province Name (full name) [BJ]:
Locality Name (eg, city) [BJ]:
Organization Name (eg, company) [IT]:
Organizational Unit Name (eg, section) [azhen]:
Common Name (eg, your name or your server's hostname) [IT CA]:
Name [EasyRSA]:
Email Address [guozhenshijia@foxmail.com]:

生成服务器端密钥证书, 名字可以随便起但要记住后面要用到(一路回车 两个y)

[root@iZ2zed8n679qgb97fx8kdfZ openvpn]# ./build-key-server server 
Generating a 2048 bit RSA private key
...............+++
......................................................................................................................................................................................................+++
writing new private key to 'server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CN]:
State or Province Name (full name) [BJ]:
Locality Name (eg, city) [BJ]:
Organization Name (eg, company) [IT]:
Organizational Unit Name (eg, section) [azhen]:
Common Name (eg, your name or your server's hostname) [server]:
Name [EasyRSA]:
Email Address [guozhenshijia@foxmail.com]:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /etc/openvpn/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'CN'
stateOrProvinceName :PRINTABLE:'BJ'
localityName :PRINTABLE:'BJ'
organizationName :PRINTABLE:'IT'
organizationalUnitName:PRINTABLE:'azhen'
commonName :PRINTABLE:'server'
name :PRINTABLE:'EasyRSA'
emailAddress :IA5STRING:'guozhenshijia@foxmail.com'
Certificate is to be certified until Aug 30 03:15:47 2027 GMT (3650 days)
Sign the certificate? [y/n]:y



1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

注生成客户端证书

名字任意建议写成你要发给的人的姓名方便管理这里与生成服务端证书配置类似中间一步提示输入服务端密码也可以不设置密码其他按照缺省提示一路回车即可。

如果想生成客户端使用密码方式证书登陆请使用其实不使用密码方式的也可以到时候在客户端登陆vpn后进行更改也是一样的。

./build-key-pass client-pass ###不用操作(重置)

[root@iZ2zed8n679qgb97fx8kdfZ openvpn]# ./build-key client
Generating a 2048 bit RSA private key
.................................................................+++
.......+++
writing new private key to 'client.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CN]:
State or Province Name (full name) [BJ]:
Locality Name (eg, city) [BJ]:
Organization Name (eg, company) [IT]:
Organizational Unit Name (eg, section) [azhen]:
Common Name (eg, your name or your server's hostname) [client]:
Name [EasyRSA]:
Email Address [guozhenshijia@foxmail.com]:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /etc/openvpn/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'CN'
stateOrProvinceName :PRINTABLE:'BJ'
localityName :PRINTABLE:'BJ'
organizationName :PRINTABLE:'IT'
organizationalUnitName:PRINTABLE:'azhen'
commonName :PRINTABLE:'client'
name :PRINTABLE:'EasyRSA'
emailAddress :IA5STRING:'guozhenshijia@foxmail.com'
Certificate is to be certified until Aug 30 03:17:40 2027 GMT (3650 days)
Sign the certificate? [y/n]:y



1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

 生成DH验证文件

[root@iZ2zed8n679qgb97fx8kdfZ openvpn]# ./build-dh

注生成diffie hellman参数用于增强openvpn安全性生成需要漫长等待让服务器飞一会。

生成ta.key文件(防DDos攻击、UDP淹没等恶意攻击)

[root@iZ2zed8n679qgb97fx8kdfZ openvpn]# openvpn --genkey --secret keys/ta.key

 修改配置文件

openvpn服务配置文件注可按照默认模板配置本例为自定义配置文件

备份配置文件

[root@iZ2zed8n679qgb97fx8kdfZ openvpn]# cp /etc/openvpn/server.conf{,.bak}

模版导入

[root@iZ2zed8n679qgb97fx8kdfZ openvpn]#

cat > /etc/openvpn/server.conf<< EOF
local 10.170.246.61
port 1194
proto udp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh2048.pem
server 10.8.0.0 255.255.255.0
push "route 10.170.246.0 255.255.255.0"
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log
verb 3
client-to-client
duplicate-cn
log /var/log/openvpn.log
EOF

####openvpn配置文件内容注释如下

;local a.b.c.d

#设置监听IP默认是监听所有IP (10.170.246.61本机地址)

port 11940

#设置监听端口必须要对应的在防火墙里面打开

proto tcp

#设置用TCP还是UDP协议

dev tun

#设置创建tun的路由IP通道还是创建tap的以太网通道由于路由IP容易控制所以推荐使用tunnel

certificate(cert), and private key (key)

#ca文件是服务端和客户端都必须使用的但不需要ca.key

#服务端和客户端指定各自的.crt和.key

请注意路径,可以使用以配置文件开始为根的相对路径,// 也可以使用绝对路径// 请小心存放.key密钥文件

ca keys/ca.crt

cert keys/server.crt

key keys/server.key

#指定Diffie hellman parameters.默认是2048如果生成ca的时候修改过dh参数“export KEY_SIZE”则改为对应的数字

dh keys/dh2048.pem

#配置VPN使用的网段OpenVPN会自动提供基于该网段的DHCP服务但不能和任何一方的局域网段重复保证唯一server 10.18.18.0 255.255.255.0

#维持一个客户端和virtual IP的对应表以方便客户端重新连接可以获得同样的IP

ifconfig-pool-persist ipp.txt

#设置服务端检测的间隔和超时时间 每 10 秒 ping 一次如果 120 秒没有回应则认为对方已经 down

keepalive 10 120

#使用lzo压缩的通讯,服务端和客户端都必须配置

comp-lzo

#重启时仍保留一些状态

persist-keypersist-tun

#输出短日志,每分钟刷新一次,以显示当前的客户端

status openvpn-status.log

#缺省日志会记录在系统日志中但也可以导向到其他地方/建议调试的使用先不要设置,调试完成后再定义

log         /var/log/openvpn/openvpn.log

log-append  /var/log/openvpn/openvpn.log

#这里主要填写openvpn所在局域网的网段我的openvpn所在的局域网是10.170.246.0

push “route 10.170.246.0 255.255.255.0”

#默认客户端之间是不能直接通讯的除非把下面的语句注释掉

client-to-client

#持久化选项可以尽量避免访问在重启时由于用户权限降低而无法访问的某些资源//

#指定日志文件的记录详细级别可选0-9等级越高日志内容越详细

verb 3

#常用于测试开启的话一个证书可以多个客户端连接

duplicate-cn

创建openvpn日志目录

[root@iZ2zed8n679qgb97fx8kdfZ openvpn]# mkdir -p /var/log/openvpn/

启动openvpn服务

[root@192 openvpn]# /etc/init.d/openvpn restart 
Restarting openvpn (via systemctl): [ 确定 ]
[root@192 openvpn]# lsof -i:1194 
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
openvpn 20686 root 6u IPv4 1583421 0t0 UDP :openvpn

检查是不是多了一个ip网段

[root@iZ2zed8n679qgb97fx8kdfZ openvpn]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
 inet 127.0.0.1/8 scope host lo
 valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
 link/ether 00:16:3e:2e:ad:e5 brd ff:ff:ff:ff:ff:ff
 inet 10.170.246.61/21 brd 10.170.247.255 scope global eth0
 valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
 link/ether 00:16:3e:03:c6:fd brd ff:ff:ff:ff:ff:ff
 inet 123.56.140.21/22 brd 123.56.143.255 scope global eth1
 valid_lft forever preferred_lft forever
4: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100
 link/none 
 inet 10.8.0.1 peer 10.8.0.2/32 scope global tun0
 valid_lft forever preferred_lft forever

设置开机启动

[root@iZ2zed8n679qgb97fx8kdfZ openvpn]# systemctl enable openvpn@server.service
Created symlink from /etc/systemd/system/multi-user.target.wants/openvpn@server.service to /usr/lib/systemd/system/openvpn@.service.

开启路由转发

[root@iZ2zed8n679qgb97fx8kdfZ openvpn]# echo "net.ipv4.ip_forward = 1" >>/etc/sysctl.conf
[root@iZ2zed8n679qgb97fx8kdfZ openvpn]# sysctl -p
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
vm.swappiness = 0
net.ipv4.neigh.default.gc_stale_time = 120
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_announce = 2
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.tcp_synack_retries = 2
net.ipv4.ip_forward = 1

设置防火墙

#设置iptables这一条至关重要通过配置nat将vpn网段IP转发到server内网,10.8.0.0/24是vpn网段

[root@iZ2zed8n679qgb97fx8kdfZ openvpn]# iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE
[root@iZ2zed8n679qgb97fx8kdfZ openvpn]# iptables -A INPUT -p TCP --dport 11940 -j ACCEPT
[root@iZ2zed8n679qgb97fx8kdfZ openvpn]# iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT 
[root@iZ2zed8n679qgb97fx8kdfZ openvpn]# iptables-save
# Generated by iptables-save v1.4.21 on Fri Sep 1 11:33:53 2017
*filter
:INPUT ACCEPT [1:60]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [8:666]
-A INPUT -p tcp -m tcp --dport 11940 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Fri Sep 1 11:33:53 2017
# Generated by iptables-save v1.4.21 on Fri Sep 1 11:33:53 2017
*nat
:PREROUTING ACCEPT [2:120]
:INPUT ACCEPT [2:120]
:OUTPUT ACCEPT [2:878]
:POSTROUTING ACCEPT [2:878]
-A POSTROUTING -s 10.8.0.0/24 -j MASQUERADE
COMMIT
# Completed on Fri Sep 1 11:33:53 2017

windows客户端

将服务器端生成的ca.crt client.crt client.key 下载到本地。放入 config/client目录

进入客户端OpenVPN目录将sample-config下的client.ovpn文件复制到config/client目录client目录自己新建个即可方便识别

[root@iZ2zed8n679qgb97fx8kdfZ keys]# pwd
/etc/openvpn/keys
[root@iZ2zed8n679qgb97fx8kdfZ keys]# sz ca.crt client.crt client.key 
rz
Starting zmodem transfer. Press Ctrl+C to cancel.
Transferring ca.crt...
 100% 1 KB 1 KB/sec 00:00:01 0 Errors 
Transferring client.crt...
 100% 5 KB 5 KB/sec 00:00:01 0 Errors 
Transferring client.key...
 100% 1 KB 1 KB/sec 00:00:01 0 Errors

[root@iZ2zed8n679qgb97fx8kdfZ keys]# sz ta.key 
rz
Starting zmodem transfer. Press Ctrl+C to cancel.
Transferring ta.key...
 100% 636 bytes 636 bytes/sec 00:00:01 0 Errors

安装客户端,客户端版本必须和服务端版本一致

C:\Program Files\OpenVPN\config

把下载的文件放到config下面

client配置文件参考

2017090114055313

启动客户端

点击桌面的下图

CentOS7.2安装OpenVPNCentOS7.2安装OpenVPNCentOS7.2安装OpenVPNCentOS7.2安装OpenVPN到此结束

[/mem]


运维搬运工 , 版权所有丨如未注明 , 均为原创丨本网站采用BY-NC-SA协议进行授权
转载请注明原文链接:CentOS7.2安装OpenVPN
喜欢 (0)
[扫描二维码]
分享 (0)
大自然搬运工
关于作者:
不是路不平,而是你不行。到底行不行,看你停不停。只要你不停,早晚都能行。
发表我的评论
取消评论
表情 贴图 加粗 删除线 居中 斜体 签到

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址