{"id":279,"date":"2022-04-21T16:06:13","date_gmt":"2022-04-21T08:06:13","guid":{"rendered":"https:\/\/www.mikusss.com\/?p=279"},"modified":"2022-04-21T16:07:45","modified_gmt":"2022-04-21T08:07:45","slug":"centos-7-%e6%90%ad%e5%bb%baopenvpn%e6%9c%8d%e5%8a%a1%e5%99%a8","status":"publish","type":"post","link":"https:\/\/www.mikusss.com\/?p=279","title":{"rendered":"CentOS 7 \u642d\u5efaOpenVPN\u670d\u52a1\u5668"},"content":{"rendered":"\n<ul class=\"wp-block-list\"><li>\u539f\u6587\u94fe\u63a5: https:\/\/i4t.com\/4481.html<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">\u7cfb\u7edf\u73af\u5883<\/h2>\n\n\n\n<pre class=\"wp-block-preformatted\">[root@vpn ~]# cat \/etc\/redhat-release \nCentOS Linux release 7.7.1908 (Core)\n[root@vpn ~]# uname -r\n3.10.0-1062.9.1.el7.x86_64<\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">\u4f7f\u7528<code>easy-rsa<\/code>\u5236\u4f5copenVPN\u8bc1\u4e66<\/h2>\n\n\n\n<p>\u4e0b\u8f7d\u5e76\u89e3\u538b<code>easy-rsa<\/code>\u8f6f\u4ef6\u5305<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>mkdir \/data\/tools -p \nwget -P \/data\/tools https:\/\/hakureireimu.oss-cn-beijing.aliyuncs.com\/easy-rsa.zip\nunzip -d \/usr\/local \/data\/tools\/easy-rsa.zip  <\/code><\/pre>\n\n\n\n<p>\u5728\u5f00\u59cb\u5236\u4f5cCA\u8bc1\u4e66\u4e4b\u524d\uff0c\u6211\u4eec\u8fd8\u9700\u8981\u7f16\u8f91vars\u6587\u4ef6\uff0c\u4fee\u6539\u5982\u4e0b\u76f8\u5173\u9009\u9879<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cd \/usr\/local\/easy-rsa-old-master\/easy-rsa\/2.0\/\n \nvim vars\nexport KEY_COUNTRY=\"cn\"\nexport KEY_PROVINCE=\"BJ\"\nexport KEY_CITY=\"BJ\"\nexport KEY_ORG=\"HakureiReimu\"\nexport KEY_EMAIL=\"1127540125@qq.com\"\nexport KEY_CN=abc\nexport KEY_NAME=abc\nexport KEY_OU=abc\n \n#\u884c\u6570\u5927\u7ea667\u884c\u5f00\u59cb,\u4e3b\u8981\u662f\u4fee\u6539\u9ed8\u8ba4\u7684\u6ce8\u518c\u4fe1\u606f\uff0c\u6bd4\u5982\u6ce8\u518c\u516c\u53f8\u3001\u516c\u53f8\u540d\u79f0\u3001\u90e8\u95e8\u3001\u56fd\u5bb6\u57ce\u5e02\u7b49\n\u6ce8\u610f\uff1a\u4ee5\u4e0a\u5185\u5bb9\uff0c\u6211\u4eec\u4e5f\u53ef\u4ee5\u4f7f\u7528\u7cfb\u7edf\u9ed8\u8ba4\u7684\uff0c\u4e5f\u5c31\u662f\u8bf4\u4e0d\u8fdb\u884c\u4fee\u6539\u4e5f\u662f\u53ef\u4ee5\u4f7f\u7528\u7684<\/code><\/pre>\n\n\n\n<p>\u7136\u540e\u4f7f\u7528\u4f7f\u73af\u5883\u53d8\u91cf\u751f\u6548<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>#\u521d\u59cb\u5316\u73af\u5883\u8fb9\u770b\nsource vars\n.\/clean-all\n \n#\u6ce8\u610f\uff1a\u6267\u884cclean-all\u547d\u4ee4\u4f1a\u5728\u5f53\u524d\u76ee\u5f55\u4e0b\u521b\u5efa\u4e00\u4e2a\u540d\u8bcd\u4e3akeys\u7684\u76ee\u5f55<\/code><\/pre>\n\n\n\n<p>\u63a5\u4e0b\u6765\u5f00\u59cb\u6b63\u5f0f\u5236\u4f5cCA\u8bc1\u4e66\uff0c\u547d\u4ee4\u5982\u4e0b<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>.\/build-ca\n \n# \u751f\u6210\u6839\u8bc1\u4e66ca.crt\u548c\u6839\u5bc6\u94a5ca.key\n#\u56e0\u4e3a\u5728vars\u4e2d\u586b\u5199\u4e86\u8bc1\u4e66\u7684\u57fa\u672c\u4fe1\u606f\uff0c\u6240\u4ee5\u8fd9\u91cc\u4e00\u8def\u56de\u8f66\u5373\u53ef<\/code><\/pre>\n\n\n\n<p>\u8fd9\u65f6\u6211\u4eec\u53ef\u4ee5\u67e5\u770bkeys\u76ee\u5f55\uff0c\u5df2\u7ecf\u5e2e\u6211\u4eec\u751f\u6210ca.crt\u548cca.key\u4e24\u4e2a\u6587\u4ef6\uff0c\u5176\u4e2dca.crt\u5c31\u662f\u6211\u4eec\u7684\u8bc1\u4e66\u6587\u4ef6<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;root@abc01 2.0]# ls keys\nca.crt  ca.key  index.txt  serial<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">\u5236\u4f5cServer\u7aef\u8bc1\u4e66<\/h2>\n\n\n\n<pre class=\"wp-block-code\"><code>#\u4e00\u76f4\u56de\u8f66\uff0c2\u4e2aY\n \n&#91;root@abc01 2.0]# .\/build-key-server server\n....\nAn optional company name &#91;]:\nUsing configuration from \/usr\/local\/easy-rsa-old-master\/easy-rsa\/2.0\/openssl-1.0.0.cnf\nCheck that the request matches the signature\nSignature ok\nThe Subject's Distinguished Name is as follows\ncountryName           :PRINTABLE:'cn'\nstateOrProvinceName   :PRINTABLE:'BJ'\nlocalityName          :PRINTABLE:'BJ'\norganizationName      :PRINTABLE:'abcdocker'\norganizationalUnitName:PRINTABLE:'abc'\ncommonName            :PRINTABLE:'abc'\nname                  :PRINTABLE:'abc'\nemailAddress          :IA5STRING:'1127540125@qq.com'\nCertificate is to be certified until Jan 31 14:01:35 2030 GMT (3650 days)\nSign the certificate? &#91;y\/n]:y\n \n \n1 out of 1 certificate requests certified, commit? &#91;y\/n]y\nWrite out database with 1 new entries\nData Base Updated\n \n#\u8fd9\u91cc\u7684server\u5c31\u662f\u6211\u4eecserver\u7aef\u7684\u8bc1\u4e66 <\/code><\/pre>\n\n\n\n<p>\u67e5\u770b\u65b0\u751f\u6210\u7684\u8bc1\u4e66<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;root@abc01 2.0]# ls keys\n01.pem   abc.key  index.txt       serial\nserver.crt  ca.crt   index.txt.attr  serial.old\nserver.csr  ca.key   index.txt.old<\/code><\/pre>\n\n\n\n<p>\u8fd9\u91cc\u6211\u4eec\u5df2\u7ecf\u751f\u6210\u4e86server.crt\u3001server.key\u3001server.csr\u4e09\u4e2a\u6587\u4ef6\uff0c\u5176\u4e2dserver.crt\u548cserver.key\u4e24\u4e2a\u6587\u4ef6\u662f\u6211\u4eec\u9700\u8981\u4f7f\u7528\u7684<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">\u5236\u4f5cClient\u7aef\u8bc1\u4e66<\/h2>\n\n\n\n<p>\u8fd9\u91cc\u6211\u4eec\u521b\u5efa2\u4e2a\u7528\u6237\uff0c\u5206\u522b\u4e3aclient1\u548cclient2<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>#\u6bcf\u4e00\u4e2a\u767b\u9646\u7684VPN\u5ba2\u6237\u7aef\u9700\u8981\u6709\u4e00\u4e2a\u8bc1\u4e66\uff0c\u6bcf\u4e2a\u8bc1\u4e66\u5728\u540c\u4e00\u65f6\u523b\u53ea\u80fd\u4f9b\u4e00\u4e2a\u5ba2\u6237\u7aef\u8fde\u63a5\uff0c\u4e0b\u9762\u5efa\u7acb2\u4efd\n#\u4e3a\u5ba2\u6237\u7aef\u751f\u6210\u8bc1\u4e66\u548c\u5bc6\u94a5\uff08\u4e00\u8def\u6309\u56de\u8f66\uff0c\u76f4\u5230\u63d0\u793a\u9700\u8981\u8f93\u5165y\/n\u65f6\uff0c\u8f93\u5165y\u518d\u6309\u56de\u8f66\uff0c\u4e00\u5171\u4e24\u6b21\uff09\n.\/build-key client1\n.\/build-key client2<\/code><\/pre>\n\n\n\n<p>\u6bcf\u4e00\u4e2a\u767b\u9646\u7684VPN\u5ba2\u6237\u7aef\u9700\u8981\u6709\u4e00\u4e2a\u8bc1\u4e66\uff0c\u6bcf\u4e2a\u8bc1\u4e66\u5728\u540c\u4e00\u65f6\u523b\u53ea\u53ef\u4ee5\u4e00\u4e2a\u5ba2\u6237\u7aef\u8fde\u63a5(\u53ef\u4ee5\u4fee\u6539\u914d\u7f6e\u6587\u4ef6)<\/p>\n\n\n\n<p>\u73b0\u5728\u4e3a\u670d\u52a1\u5668\u751f\u6210\u52a0\u5bc6\u4ea4\u6362\u65f6\u7684Diffie-Hellman\u6587\u4ef6<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>.\/build-dh\n# \u521b\u5efa\u8fea\u83f2\u00b7\u8d6b\u5c14\u66fc\u5bc6\u94a5\uff0c\u4f1a\u751f\u6210dh2048.pem\u6587\u4ef6\uff08\u751f\u6210\u8fc7\u7a0b\u6bd4\u8f83\u6162\uff0c\u5728\u6b64\u671f\u95f4\u4e0d\u8981\u53bb\u4e2d\u65ad\u5b83\uff09<\/code><\/pre>\n\n\n\n<p>\u8bc1\u4e66\u751f\u6210\u5b8c\u6bd5<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;root@abc01 2.0]# ll keys\ntotal 84\n-rw-r--r-- 1 root root 7997 Feb  3 09:01 01.pem\n-rw-r--r-- 1 root root 7880 Feb  3 09:09 02.pem\n-rw-r--r-- 1 root root 7997 Feb  3 09:01 client2.crt\n-rw-r--r-- 1 root root 1765 Feb  3 09:01 client2.csr\n-rw------- 1 root root 3272 Feb  3 09:01 client2.key\n-rw-r--r-- 1 root root 2293 Feb  3 09:01 ca.crt\n-rw------- 1 root root 3272 Feb  3 09:01 ca.key\n-rw-r--r-- 1 root root  424 Feb  3 09:06 dh2048.pem\n-rw-r--r-- 1 root root  211 Feb  3 09:09 index.txt\n-rw-r--r-- 1 root root   21 Feb  3 09:09 index.txt.attr\n-rw-r--r-- 1 root root   21 Feb  3 09:01 index.txt.attr.old\n-rw-r--r-- 1 root root  105 Feb  3 09:01 index.txt.old\n-rw-r--r-- 1 root root    3 Feb  3 09:09 serial\n-rw-r--r-- 1 root root    3 Feb  3 09:01 serial.old\n-rw-r--r-- 1 root root 7880 Feb  3 09:09 client1.crt\n-rw-r--r-- 1 root root 1765 Feb  3 09:09 client1.csr\n-rw------- 1 root root 3272 Feb  3 09:09 client1.key<\/code><\/pre>\n\n\n\n<p>\u5176\u4e2d\u5305\u542b\u4e86\u4e00\u4e2a client2 \u7528\u6237\u548c client1\u7528\u6237\u7684\u8bc1\u4e66(\u5176\u4e2d\u53ea\u6709<em>.crt\u548c<\/em>.key\u6587\u4ef6\u662f\u6211\u4eec\u9700\u8981\u4f7f\u7528\u7684)<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">\u5b89\u88c5OpenVPN<\/h2>\n\n\n\n<p>\u5b89\u88c5vpn\u7684\u65b9\u6cd5\u67092\u79cd\uff0c\u4e00\u79cd\u662f\u4f7f\u7528yum\u5b89\u88c5\uff0c\u53e6\u5916\u4e00\u79cd\u662f\u7f16\u8bd1\u5b89\u88c5\u3002<strong>\u8fd9\u4e24\u4e2a\u6211\u4eec\u9009\u62e9\u4e00\u4e2a\u5c31\u53ef\u4ee5<\/strong><\/p>\n\n\n\n<p><strong>\u7f16\u8bd1\u5b89\u88c5<\/strong>(\u9700\u8981\u5b89\u88c5gcc )<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>#\u5b89\u88c5\u4f9d\u8d56\u5305\nyum install -y gcc\ncurl -o \/etc\/yum.repos.d\/CentOS-Base.repo http:\/\/mirrors.aliyun.com\/repo\/Centos-7.repo\nwget -O \/etc\/yum.repos.d\/epel.repo http:\/\/mirrors.aliyun.com\/repo\/epel-7.repo\nyum makecache\nyum install -y lzo lzo-devel openssl openssl-devel pam pam-devel net-tools git lz4-devel\n \n \n#\u4e0b\u8f7dopenVPN\u8f6f\u4ef6\u5305\nwget -P \/data\/tools http:\/\/down.i4t.com\/openvpn-2.4.7.tar.gz\ncd \/data\/tools\n \n#\u5b89\u88c5openVPN\ntar zxf openvpn-2.4.7.tar.gz\ncd openvpn-2.4.7\n.\/configure --prefix=\/usr\/local\/openvpn-2.4.7\nmake\nmake install\n \n# \u521b\u5efa\u8f6f\u8fde\u63a5\nln -s \/usr\/local\/openvpn-2.4.7 \/usr\/local\/openvpn<\/code><\/pre>\n\n\n\n<p><strong>yum\u5b89\u88c5<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>curl -o \/etc\/yum.repos.d\/epel.repo http:\/\/mirrors.aliyun.com\/repo\/epel-7.repo\nyum clean all &amp;&amp; yum makecache<\/code><\/pre>\n\n\n\n<p>yum \u5b89\u88c5openVPN<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>yum install -y openvpn<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">\u914d\u7f6eOpenVPN\u670d\u52a1\u7aef<\/h2>\n\n\n\n<p>\u6211\u4eec\u9700\u8981\u521b\u5efaopenVPN\u6587\u4ef6\u76ee\u5f55\u548c\u8bc1\u4e66\u76ee\u5f55<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># openVPN\u914d\u7f6e\u6587\u4ef6\u76ee\u5f55\uff0cyum\u5b89\u88c5\u9ed8\u8ba4\u5b58\u5728\nmkdir \/etc\/openvpn\n \n#openvpn\u8bc1\u4e66\u76ee\u5f55\nmkdir \/etc\/openvpn\/keys<\/code><\/pre>\n\n\n\n<p>\u751f\u6210<code>tls-auth key<\/code>\u5e76\u5c06\u5176\u62f7\u8d1d\u5230\u8bc1\u4e66\u76ee\u5f55\u4e2d\uff08\u9632DDos\u653b\u51fb\u3001UDP\u6df9\u6ca1\u7b49\u6076\u610f\u653b\u51fb\uff09<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>#\u7f16\u8bd1\u5b89\u88c5\u6267\u884c\u6b64\u53e5\n\/usr\/local\/openvpn\/sbin\/openvpn --genkey --secret ta.key\n \n# yum\u5b89\u88c5\u6267\u884c\u6b64\u53e5\nopenvpn --genkey --secret ta.key\n \n#\u5c06\u672c\u5730\u7684ta.key\u79fb\u52a8\u5230openVPN\u8bc1\u4e66\u76ee\u5f55\nmv .\/ta.key \/etc\/openvpn\/keys\/<\/code><\/pre>\n\n\n\n<p>\u5c06\u6211\u4eec\u4e0a\u9762\u751f\u6210\u7684<code>CA<\/code>\u8bc1\u4e66\u548c\u670d\u52a1\u7aef\u8bc1\u4e66\u62f7\u8d1d\u5230\u8bc1\u4e66\u76ee\u5f55\u4e2d<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>$ cp \/usr\/local\/easy-rsa-old-master\/easy-rsa\/2.0\/keys\/{server.crt,server.key,ca.crt,dh2048.pem} \/etc\/openvpn\/keys\/\n \n&#91;root@k8s-01 ~]# ll \/etc\/openvpn\/keys\/\ntotal 24\n-rw-r--r-- 1 root root 2342 Feb  3 12:48 ca.crt\n-rw-r--r-- 1 root root  424 Feb  3 12:48 dh2048.pem\n-rw-r--r-- 1 root root 8089 Feb  3 12:48 server.crt\n-rw------- 1 root root 3272 Feb  3 12:48 server.key\n-rw------- 1 root root  636 Feb  3 12:47 ta.key\n \n \n#abc\u548ctest\u4e3a\u6211\u4eecclient\u7aef\u7528\u6237\u7684\u8bc1\u4e66<\/code><\/pre>\n\n\n\n<p>\u62f7\u8d1dOpenVPN\u914d\u7f6e\u6587\u4ef6<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># \u7f16\u8bd1\u5b89\u88c5\ncp \/data\/tools\/openvpn-2.4.7\/sample\/sample-config-files\/server.conf \/etc\/openvpn\/\n \n# yum\u5b89\u88c5\ncp \/usr\/share\/doc\/openvpn-2.4.7\/sample\/sample-config-files\/server.conf \/etc\/openvpn\/  (\u7248\u672c\u4e0d\u4e00\u81f4\u9700\u8981\u4fee\u6539\u8def\u5f84\u540d\u79f0)<\/code><\/pre>\n\n\n\n<p><strong>\u63a5\u4e0b\u6765\u6211\u4eec\u6765\u914d\u7f6e\u670d\u52a1\u7aef\u7684\u914d\u7f6e\u6587\u4ef6<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>$ cat \/etc\/openvpn\/server.conf \nport 1194       #openVPN\u7aef\u53e3\nproto tcp       #tcp\u8fde\u63a5\ndev tun         #\u751f\u6210tun0\u865a\u62df\u7f51\u5361\n \nca keys\/ca.crt      #\u76f8\u5173\u8bc1\u4e66\u914d\u7f6e\u8def\u5f84(\u53ef\u4ee5\u4fee\u6539\u4e3a\u5168\u8def\u5f84\/etc\/openvpn\/keys)\ncert keys\/server.crt\nkey keys\/server.key  # This file should be kept secret\ndh keys\/dh2048.pem\n \nserver 10.4.82.0 255.255.255.0   #\u9ed8\u8ba4\u865a\u62df\u5c40\u57df\u7f51\u7f51\u6bb5\uff0c\u4e0d\u8981\u548c\u5b9e\u9645\u7684\u5c40\u57df\u7f51\u51b2\u7a81\u5c31\u53ef\u4ee5\nifconfig-pool-persist ipp.txt     \n \npush \"route 10.4.82.0 255.255.255.0\"    #\u53ef\u4ee5\u901a\u8fc7iptables\u8fdb\u884c\u8def\u7531\u7684\u8f6c\u53d1\nclient-to-client                 #\u5982\u679c\u5ba2\u6237\u7aef\u90fd\u662f\u7528\u4e00\u4e2a\u8bc1\u4e66\u548c\u5bc6\u94a5\u8fde\u63a5VPN\uff0c\u9700\u8981\u6253\u5f00\u8fd9\u4e2a\u9009\u9879\nduplicate-cn\nkeepalive 10 120\ntls-auth keys\/ta.key 0 # This file is secret\ncomp-lzo\n \npersist-key\npersist-tun\n \nstatus openvpn-status.log   #\u72b6\u6001\u65e5\u5fd7\u8def\u5f84\nlog-append  openvpn.log     #\u8fd0\u884c\u65e5\u5fd7\nverb 3                      #\u8c03\u8bd5\u4fe1\u606f\u7ea7\u522b\n \n \n \n#\u5982\u679c\u9700\u8981\u63a5\u5165ldap\uff0c\u9700\u8981\u5728server.conf\u4e0b\u6dfb\u52a0\u5982\u4e0b2\u884c    \n#\u5982\u679c\u670d\u52a1\u6ca1\u8d77\u6765\u67e5\u770bopenvpn.log\u6587\u4ef6  lacp\u672a\u63a5\u5165\u7684\u8bdd\u670d\u52a1\u65e0\u6cd5\u542f\u52a8  \u5efa\u8bae\u53ef\u4ee5\u4e0d\u914d\u7f6e\u8fd9\u4e00\u884c\nplugin \/usr\/lib64\/openvpn\/plugin\/lib\/openvpn-auth-ldap.so \"\/etc\/openvpn\/auth\/ldap.conf cn=%u\"\nclient-cert-not-required\n \n#\u5982\u4f55\u73af\u5883\u548c\u6211\u76f8\u540c\uff0c\u53ef\u4ee5\u76f4\u63a5cp\u6211\u7684\u914d\u7f6e\u6587\u4ef6<\/code><\/pre>\n\n\n\n<p>\u5f00\u542f\u5185\u6838\u8def\u7531\u8f6c\u53d1\u529f\u80fd<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"net.ipv4.ip_forward = 1\" &gt;&gt;\/etc\/sysctl.conf\nsysctl -p<\/code><\/pre>\n\n\n\n<p>\u5982\u679c\u6709iptables\u53ef\u4ee5\u5f00\u542fiptables\u7b56\u7565<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>iptables -P FORWARD ACCEPT\niptables -I INPUT -p tcp --dport 1194 -m comment --comment \"openvpn\" -j ACCEPT\niptables -t nat -A POSTROUTING -s 10.4.82.0\/24 -j MASQUERADE<\/code><\/pre>\n\n\n\n<p>\u542f\u52a8openvpn\u670d\u52a1<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>$ cd \/etc\/openvpn\/\n#\u7f16\u8bd1\u5b89\u88c5\n$ \/usr\/local\/openvpn\/sbin\/openvpn --daemon --config \/etc\/openvpn\/server.conf\n#yum\u5b89\u88c5\nopenvpn --daemon --config \/etc\/openvpn\/server.conf<\/code><\/pre>\n\n\n\n<p>\u68c0\u67e5\u670d\u52a1<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>$ netstat -lntup|grep 1194\ntcp        0      0 0.0.0.0:1194            0.0.0.0:*               LISTEN      48091\/openvpn  <\/code><\/pre>\n\n\n\n<p>\u8bbe\u7f6e\u5f00\u673a\u542f\u52a8<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>echo \"\/usr\/local\/openvpn\/sbin\/openvpn --daemon --config \/etc\/openvpn\/server.conf &gt; \/dev\/null 2&gt;&amp;1 &amp;\" &gt;&gt; \/etc\/rc.local<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">\u5ba2\u6237\u7aef\u8fde\u63a5\u6d4b\u8bd5<\/h2>\n\n\n\n<p>\u65e0\u8bba\u6211\u4eec\u662f\u5728Windows\u8fd8\u662fLinux OS\u4e0aClient\u7aef\u7684\u914d\u7f6e\uff0c\u90fd\u9700\u8981\u5c06Client\u8bc1\u4e66\u3001CA\u8bc1\u4e66\u4ee5\u53caClient\u914d\u7f6e\u6587\u4ef6\u4e0b\u8f7d\u4e0b\u6765<\/p>\n\n\n\n<p><strong>\u73b0\u5728\u6211\u4eec\u9700\u8981\u5148\u914d\u7f6e\u4e00\u4e0bclient.conf<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cp \/data\/tools\/openvpn-2.4.7\/sample\/sample-config-files\/client.conf \/root\/\n \n#\u4fee\u6539\u5982\u4e0b\uff0c\u5e76\u5c06client.conf\u4fee\u6539\u4e3aclient.ovpn\n$ cat \/root\/client.conf\nclient\ndev tun\nproto tcp\nremote 192.168.0.10 1194    #openvpn\u670d\u52a1\u5668\u7684\u5916\u7f51IP\u548c\u7aef\u53e3(\u53ef\u4ee5\u5199\u591a\u4e2a\u505a\u5230\u9ad8\u53ef\u7528)\nresolv-retry infinite\nnobind\npersist-key\npersist-tun\nca ca.crt\ncert client1.crt         #\u7528\u6237\u7684\u8bc1\u4e66\nkey client1.key\n \ntls-auth ta.key 1\ncipher AES-256-CBC\ncomp-lzo\nverb 3\n \n \n#\u6bd4\u8f83\u91cd\u70b9\u7684\u5c31\u662f\u4fee\u6539remote \u5730\u5740\uff0c\u8fd9\u91cc\u7684\u5730\u5740\u4e3aserver\ncert key\uff0c\u6211\u4eec\u8fd9\u91cc\u4f7f\u7528\u7528\u6237\u7684\u8bc1\u4e66\uff0c\u6240\u4ee5\u8bc1\u4e66\u4e5f\u5e94\u5f53\u4fee\u6539\u4e3aclient1.crt\u548cclient1.key\ntls-auth \u56e0\u4e3a\u4f7f\u7528\u52a0\u5bc6\u534f\u8bae\uff0c\u6240\u4ee5ta.key\u4e5f\u9700\u8981\u4e0b\u8f7d\u4e0b\u6765<\/code><\/pre>\n\n\n\n<p>\u4fee\u6539\u540e\u7f00\u5e76\u5bfc\u51fa<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;root@vpn ~]# mv client.conf client.ovpn\n&#91;root@vpn ~]# sz client.ovpn \n \n#\u540c\u65f6\u8fd8\u9700\u8981\u5bfc\u51fa\u51e0\u4e2a\u8bc1\u4e66\nmv client.conf client.ovpn\nsz \/root\/client.ovpn\nsz \/etc\/openvpn\/keys\/ca.crt \nsz \/etc\/openvpn\/keys\/ta.key \nsz \/usr\/local\/easy-rsa-old-master\/easy-rsa\/2.0\/keys\/client1.crt \nsz \/usr\/local\/easy-rsa-old-master\/easy-rsa\/2.0\/keys\/client1.key <\/code><\/pre>\n\n\n\n<p><strong>\u6dfb\u52a0\u7528\u6237<\/strong><\/p>\n\n\n\n<p>\u4ee5\u540e\u6211\u4eec\u5982\u679c\u60f3\u6dfb\u52a0\u7528\u6237\u53ea\u9700\u8981\u5230<code>cd \/usr\/local\/easy-rsa-old-master\/easy-rsa\/2.0<\/code>\u76ee\u5f55\u4e0b\u6267\u884c<code>.\/build-key \u7528\u6237\u540d<\/code>\uff0c\u5728\u5c06keys\u76ee\u5f55\u4e0b\u751f\u6210\u7684\u7528\u6237\u540d.crt\u548ckey\u5bfc\u51fa\uff0c\u4fee\u6539\u4e00\u4e0bclient.ovpn\u7684\u7528\u6237key\u540d\u79f0\u5373\u53ef<\/p>\n\n\n\n<p><strong>Windows<\/strong><\/p>\n\n\n\n<p>\u5ba2\u6237\u7aef\u9700\u8981\u8bc1\u4e66\u5982\u4e0b<\/p>\n\n\n\n<figure class=\"wp-block-image\"><figure class=\"mdx-lazyload-container\" style=\"\"><div style=\"padding-top:50%\"><\/div><div class=\"mdx-img-loading-sp mdui-valign\"><div><div class=\"mdui-spinner\"><\/div><\/div><\/div><img class=\"lazyload\" title=\"image_1e064adis8tfhpj1mh91pk132s55.png-99.3kB\" src=\"data:image\/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==\" data-src=\"https:\/\/images.ukx.cn\/abcdocker\/fkpobbw6ukc3itzxlc7j0uf0\/image_1e064adis8tfhpj1mh91pk132s55.png\" alt=\"image_1e064adis8tfhpj1mh91pk132s55.png-99.3kB\"><\/figure><\/figure>\n\n\n\n<p>Windows\u5ba2\u6237\u7aef\u4e0b\u8f7d<\/p>\n\n\n\n<p><a href=\"https:\/\/hakureireimu.oss-cn-beijing.aliyuncs.com\/OpenVPN-2.5.6-I601-amd64.msi\">https:\/\/hakureireimu.oss-cn-beijing.aliyuncs.com\/OpenVPN-2.5.6-I601-amd64.msi<\/a><\/p>\n\n\n\n<p>\u5bfc\u5165\u5bc6\u94a5\u6587\u4ef6<\/p>\n\n\n\n<figure class=\"wp-block-image\"><figure class=\"mdx-lazyload-container\" style=\"\"><div style=\"padding-top:50%\"><\/div><div class=\"mdx-img-loading-sp mdui-valign\"><div><div class=\"mdui-spinner\"><\/div><\/div><\/div><img class=\"lazyload\" title=\"image_1e05qccgijf76vd1oq413aj1s4t4b.png-84.5kB\" src=\"data:image\/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==\" data-src=\"https:\/\/images.ukx.cn\/abcdocker\/96h23ahkb66lzt1dypg3faiw\/image_1e05qccgijf76vd1oq413aj1s4t4b.png\" alt=\"image_1e05qccgijf76vd1oq413aj1s4t4b.png-84.5kB\"><\/figure><\/figure>\n\n\n\n<p>\u7136\u540e\u5c06\u6211\u4eec\u5bfc\u51fa\u76845\u4e2a\u8bc1\u4e66\u590d\u5236\u8fc7\u53bb<\/p>\n\n\n\n<figure class=\"wp-block-image\"><figure class=\"mdx-lazyload-container\" style=\"\"><div style=\"padding-top:50%\"><\/div><div class=\"mdx-img-loading-sp mdui-valign\"><div><div class=\"mdui-spinner\"><\/div><\/div><\/div><img class=\"lazyload\" title=\"image_1e064adis8tfhpj1mh91pk132s55.png-99.3kB\" src=\"data:image\/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==\" data-src=\"https:\/\/images.ukx.cn\/abcdocker\/fkpobbw6ukc3itzxlc7j0uf0\/image_1e064adis8tfhpj1mh91pk132s55.png\" alt=\"image_1e064adis8tfhpj1mh91pk132s55.png-99.3kB\"><\/figure><\/figure>\n\n\n\n<p>\u73b0\u5728\u6211\u4eec\u8fdb\u884c\u542f\u52a8openvpn\u5ba2\u6237\u7aef\uff0c\u8fdb\u884c\u8fde\u63a5<\/p>\n\n\n\n<figure class=\"wp-block-image\"><figure class=\"mdx-lazyload-container\" style=\"\"><div style=\"padding-top:50%\"><\/div><div class=\"mdx-img-loading-sp mdui-valign\"><div><div class=\"mdui-spinner\"><\/div><\/div><\/div><img class=\"lazyload\" title=\"image_1e0678fe812fq1hts19pa1jbcg6i9.png-68.1kB\" src=\"data:image\/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==\" data-src=\"https:\/\/images.ukx.cn\/abcdocker\/qozb7qllw0itbwmq2xjss738\/image_1e0678fe812fq1hts19pa1jbcg6i9.png\" alt=\"image_1e0678fe812fq1hts19pa1jbcg6i9.png-68.1kB\"><\/figure><\/figure>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u539f\u6587\u94fe\u63a5: https:\/\/i4t.com\/4481.html \u7cfb\u7edf\u73af\u5883 [root@vpn ~]# cat  [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16,15,1,18],"tags":[],"class_list":["post-279","post","type-post","status-publish","format-standard","hentry","category-linux","category-15","category-uncategorized","category-18"],"_links":{"self":[{"href":"https:\/\/www.mikusss.com\/index.php?rest_route=\/wp\/v2\/posts\/279","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mikusss.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mikusss.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mikusss.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mikusss.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=279"}],"version-history":[{"count":2,"href":"https:\/\/www.mikusss.com\/index.php?rest_route=\/wp\/v2\/posts\/279\/revisions"}],"predecessor-version":[{"id":281,"href":"https:\/\/www.mikusss.com\/index.php?rest_route=\/wp\/v2\/posts\/279\/revisions\/281"}],"wp:attachment":[{"href":"https:\/\/www.mikusss.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=279"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mikusss.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=279"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mikusss.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=279"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}