Linux 下 OpenVPN 安装和 Windows OpenVPN GUI 安装笔记
基于伟大的 GFW 越来越牛B,网站的正常维护如 FTP、pop & smtp 的邮件收发、在 google 查技术资料,都经常被 GFW 强行断开。为了解决这个问题,于是我在自己的国外主机上安装了一个 OpenVPN,当时记录了一下安装的经过。
今天正好又有一个朋友问及 OpenVPN 安装的事情,于是我重新整理一下这篇Linux 下 OpenVPN 安装和 Windows OpenVPN GUI 安装笔记(www.xiaohui/dev/server/20070514-install-openvpn.htm), 希望对大家有所帮助。
当时在安装 OpenVPN 的时候,得到了 WenZK 的指导帮助。在此表示感谢。
一. OpenVPN 安装环境
Server 端的环境
1. redhat, kernel版本: 2.4.20-31.9, IP 为 70.8.7.6
2. kernel 需要支持 tun 设备, 需要加载 iptables 模块.
检查 tun 是否安装:
代码:
代码:
3. root@a [/]# modinfo tun
4. filename: /lib/modules/2.4.20-31.9/kernel/drivers/net/tun.o
5. description:
6. author:
7. license: "GPL"
如果没有 modinfo 命令, 直接一下, 看看 kernel 里是否有 tun.o 文件:
代码:
代码:
find -name tun.o
./lib/modules/2.4.20/kernel/drivers/net/tun.o
检查iptables 模块, 查看是否有下列文件:
/etc/init.d/iptables
/etc/init.d/iptables
8. OpenSSL。如果需要启用 SSL 连接,则需要先安装 OpenSSL。安装 OpenSSL 的方法在这里不做介绍,具体可以用 Google 搜索。CentOS 下可以用 yum install:
9. yum install openssl
yum install openssl-devel
10. 安装的 OpenVPN 的版本: 2.0.5. 现在似乎已经有一个更新的版本了. 可在openvpn 上下载.
Client 端的环境:
1. Windows XP PRO SP2
2. OpenVPN GUI For windows 1.0.3 , 可在 openvpn.se 下载
注意: OpenVPN GUI for windows 的版本要和 OpenVPN Server 的版本配套.
例如, 服务器装的是 OpenVPN 2.0.5, 那么下载的 OpenVPN GUI fow windows 应该是: openvpn-2.0.5-gui-1.
OpenVPN GUI的所有历史版本: openvpn.se/files/install_packages/
例如, 服务器装的是 OpenVPN 2.0.5, 那么下载的 OpenVPN GUI fow windows 应该是: openvpn-2.0.5-gui-1.
OpenVPN GUI的所有历史版本: openvpn.se/files/install_packages/
二. OpenVPN 服务端安装过程
www.xiaohui/dev/server/20070514-install-openvpn.htm
1. 用 SecureCRT 登录到 host, 进入根目录 代码:
cd /
2. 下载 LZO,解压到lzo-2.02.
地址: www.oberhumer/opensource/lzo/download/ 代码:
wget www.oberhumer/opensource/lzo/download/lzo-2.
3. 下载 OpenVPN, 解压到openvpn-2.0.5
地址: openvpn/download.html 代码:
wget openvpn/release/openvpn-2.0.
4. 安装 LZO 代码:
5. cd /lzo-2.02
6. ./configure
7. make
8. make check
make install
9. 安装 OpenVPN
代码:
cd /openvpn-2.0.5
./configure
# 或用指定dir: (注:下述命令, 应该在一行写完. 为了方便显示, 这里分成了四行)
windows server2016# ./configure --with-lzo-headers=/usr/local/include
# --with-lzo-lib=/usr/local/lib
# --with-ssl-headers=/usr/local/include/openssl
# --with-ssl-lib=/usr/local/lib
make
make install
10. 生成证书Key
初始化 PKI
(如果没有 export 命令也可以用 setenv [name] [value] 命令)
代码:
cd /openvpn-2.0.5/easy-rsa
export D=`pwd`
export KEY_CONFIG=$D/opensslf
export KEY_DIR=$D/keys
export KEY_SIZE=1024
export KEY_COUNTRY=CN
export KEY_PROVINCE=GD
export KEY_CITY=SZ
export KEY_ORG="xiaohui"
export KEY_EMAIL="your-email [at] xiaohui"
Build:
代码:
./clean-all
./build-ca
Generating a 1024 bit RSA private key
................++++++
.
.......++++++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CN]:
State or Province Name (full name) [GD]:
Locality Name (eg, city) [SZ]:
Organization Name (eg, company) [xiaohui]:
Organizational Unit Name (eg, section) []:xiaohui
Common Name (eg, your name or your server's hostname) []:server
Email Address [your-email [at] xiaohui]:
# 建立 server key 代码: 代码:
./build-key-server server
Generating a 1024 bit RSA private key
......++++++
....................++++++
writing new private key to 'server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CN]:
State or Province Name (full name) [GD]:
Locality Name (eg, city) [SZ]:
Organization Name (eg, company) [xiaohui]:
Organizational Unit Name (eg, section) []:xiaohui
Common Name (eg, your name or your server's hostname) []:server
Email Address [your-email [at] xiaohui]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:abcd1234
An optional company name []:xiaohui
版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。
发表评论