在 CentOS7 安裝 OpenVPN Server | 老洪的 IT 學習系統

安裝 EasyESA

cd && wget https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.5/EasyRSA-nix-3.0.5.tgz
tar xzf EasyRSA-nix-3.0.5.tgz
cd ~/EasyRSA-3.0.5/
cp vars.example vars

安裝相關軟體

yum install epel-release
yum install -y openvpn

複製預設設定

cp /usr/share/doc/openvpn-*/sample/sample-config-files/server.conf /etc/openvpn

修改 /etc/openvpn/server.conf

以下幾個設定把前面的 ; 拿掉即可

push “redirect-gateway def1 bypass-dhcp”

push “dhcp-option DNS 8.8.8.8”
push “dhcp-option DNS 8.8.4.4”

user nobody
group nobody

產生相關憑證

cd ~ /usr/share/easy-rsa/3/easyrsa init-pki 
/usr/share/easy-rsa/3/easyrsa build-ca nopass 
/usr/share/easy-rsa/3/easyrsa gen-dh 
/usr/share/easy-rsa/3/easyrsa build-server-full vpn-server nopass 
/usr/share/easy-rsa/3/easyrsa build-client-full vpn-client-01 nopass 
/usr/share/easy-rsa/3/easyrsa gen-crl openvpn --genkey --secret pki/ta.key

複製設定到 openvpn server

cp pki/ca.crt /etc/openvpn/ca.crt
cp pki/dh.pem /etc/openvpn/dh.pem
cp pki/issued/vpn-server.crt /etc/openvpn/server.crt
cp pki/private/vpn-server.key /etc/openvpn/server.key
cp pki/ta.key /etc/openvpn/ta.key
cp pki/crl.pem /etc/openvpn/crl.pem

修改 /etc/openvpn/server.conf

把這幾個設定檔案改掉
```
cert server.crt
key server.key 

dh dh.pem
auth SHA256
```

啟用 OpenVPN 服務

systemctl -f enable openvpn@server.service
systemctl start openvpn@server.service

檢視 log 檔

tail -f /var/log/openvpn.log

防火牆設定

需要把 port 1194 (tcp/udp) 打開

圖片引用來源: https://knowledgebase.cradlepoint.com/articles/Support/NCOS-OpenVPN-Client-Server-Configuration

Facebook 討論區載入中...

步驟

註解