安裝 EasyESA
cd && wget https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.5/EasyRSA-nix-3.0.5.tgz tar xzf EasyRSA-nix-3.0.5.tgz cd ~/EasyRSA-3.0.5/ cp vars.example vars
步驟
1.
2.
安裝相關軟體
yum install epel-release yum install -y openvpn
複製預設設定
cp /usr/share/doc/openvpn-*/sample/sample-config-files/server.conf /etc/openvpn
3.
修改 /etc/openvpn/server.conf
以下幾個設定把前面的 ; 拿掉即可
push “redirect-gateway def1 bypass-dhcp” push “dhcp-option DNS 8.8.8.8” push “dhcp-option DNS 8.8.4.4” user nobody group nobody
4.
產生相關憑證
cd ~ /usr/share/easy-rsa/3/easyrsa init-pki /usr/share/easy-rsa/3/easyrsa build-ca nopass /usr/share/easy-rsa/3/easyrsa gen-dh /usr/share/easy-rsa/3/easyrsa build-server-full vpn-server nopass /usr/share/easy-rsa/3/easyrsa build-client-full vpn-client-01 nopass /usr/share/easy-rsa/3/easyrsa gen-crl openvpn --genkey --secret pki/ta.key
複製設定到 openvpn server
cp pki/ca.crt /etc/openvpn/ca.crt cp pki/dh.pem /etc/openvpn/dh.pem cp pki/issued/vpn-server.crt /etc/openvpn/server.crt cp pki/private/vpn-server.key /etc/openvpn/server.key cp pki/ta.key /etc/openvpn/ta.key cp pki/crl.pem /etc/openvpn/crl.pem
5.
修改 /etc/openvpn/server.conf
把這幾個設定檔案改掉
cert server.crt key server.key dh dh.pem auth SHA256
6.
啟用 OpenVPN 服務
systemctl -f enable openvpn@server.service systemctl start openvpn@server.service
檢視 log 檔
tail -f /var/log/openvpn.log
7.
防火牆設定
需要把 port 1194 (tcp/udp) 打開
Prev
避免 shell 指令被重複執行