centos7安裝yum
[root@openvpn ~]# yum -y install easy-rsa openvpn libssl-dev openssl
配置伺服器進行初始化
[root@openvpn ~]#mkdir -p /etc/openvpn/easy-rsa && cp -r /usr/share/easy-rsa/* /etc/openvpn/easy-rsa/
配置pki
[root@openvpn 2.0]# pwd
/etc/openvpn/easy-rsa/2.0
[root@openvpn 2.0]# grep -vE '^#|^$' vars
export EASY_RSA="
pwd
"
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"
export KEY_CONFIG=
$EASY_RSA/whichopensslcnf $EASY_RSA
export KEY_DIR="$EASY_RSA/keys"
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"
export KEY_SIZE=2048
export CA_EXPIRE=3650
export KEY_EXPIRE=3650
export KEY_COUNTRY="CN"
export KEY_PROVINCE="BeiJing"
export KEY_CITY="BeiJing"
export KEY_ORG="9F"
export KEY_EMAIL="[email protected]"
export KEY_OU="MyOrganizationalUnit"
export KEY_NAME=server
export KEY_CN="www.9f.com"
産生ca證書
[root@openvpn 2.0]# source ./vars
NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/2.0/keys
配置證書
1.清空原有證書
[root@openvpn 2.0]# ./clean-all
2.生産伺服器端和用戶端ca證書
[root@openvpn 2.0]# ./build-ca
注:預設配置一路回車,記住名字後面用到
[root@openvpn 2.0]# ./build-key-server server
[root@openvpn 2.0]# ./build-ca client
注:預設配置一路回車,記住名字後面用到
3.生成DH驗證檔案
[root@openvpn 2.0]# ./build-dh
注:生成diffie hellman參數用于增強openvpn安全性生成需要漫長等待讓伺服器飛一會。
配置openvpn server檔案
[root@openvpn openvpn]# grep -vE '^$|^;|^#' server.conf
local 101.200.81.189
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 10.160.0.0 255.240.0.0"
duplicate-cn
keepalive 10 120
tls-auth ta.key 0 # This file is secret
cipher AES-256-CBC
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1
啟動并設定開啟自動啟動openvpn服務
[root@openvpn openvpn]# systemctl start openvpn@server 啟動服務
[root@openvpn openvpn]# systemctl enable openvpn@server 開機啟動
![OpenCV訓練分類器制作xml文檔[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)