ImageVerifierCode 换一换
格式:DOC , 页数:6 ,大小:53KB ,
资源ID:10968072      下载积分:10 金币
快捷下载
登录下载
邮箱/手机:
温馨提示:
快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。 如填写123,账号就是123,密码也是123。
特别说明:
请自助下载,系统不会自动发送文件的哦; 如果您已付费,想二次下载,请登录后访问:我的下载记录
支付方式: 支付宝    微信支付   
验证码:   换一换

加入VIP,免费下载
 

温馨提示:由于个人手机设置不同,如果发现不能下载,请复制以下地址【https://www.docduoduo.com/d-10968072.html】到电脑端继续下载(重复下载不扣费)。

已注册用户请登录:
账号:
密码:
验证码:   换一换
  忘记密码?
三方登录: 微信登录   QQ登录   微博登录 

下载须知

1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。
2: 试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
3: 文件的所有权益归上传用户所有。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 本站仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。

版权提示 | 免责声明

本文(openvpn安装和配置.doc)为本站会员(精品资料)主动上传,道客多多仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知道客多多(发送邮件至docduoduo@163.com或直接QQ联系客服),我们立即给予删除!

openvpn安装和配置.doc

1、1.软件包:lzo openvpn openssl 2.系统环境:Vps centos53.采用编译方式进行安装tar xzvf openssl-version.tar.gztar xzvf lzo-version.tat.gztar xzvf openvpn-version.tar.gzcd /openssl./configure -prefix=/usr/local/opensslmake;make installcd cd /lzo./configmake;make installcd cd openvpn./configure -with-lzo-headers=/usr/local/

2、lzo/inlcude -with-lzo-lib=/usr/local/lzo/libmake;make install4.生成证书:cd /root/openvpn-2.0.9/easy-rsa i. export D=pwd ii. export KEY_CONFIG=$D/f iii. export KEY_DIR=$D/keys iv. export KEY_SIZE=1024 v. export KEY_COUNTRY=CN vi. export KEY_PROVINCE=BJ vii. export KEY_CITY=BJ viii. export KEY_ORG=“buaa“

3、ix. export KEY_EMAIL=b) ./clean-all c) ./build-ca./clean-all ./build-ca Generating a 1024 bit RSA private key + + writing new private key to ca.key - You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called

4、a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter ., the field will be left blank. - Country Name (2 letter code) CN: State or Province Name (full name) BJ: Locality Name (eg, city) BJ: Organization Nam

5、e (eg, company) dvdmaster: buaaOrganizational Unit Name (eg, section) :gaitCommon Name (eg, your name or your servers hostname) :serverEmail Address :d) ./build-key-server server./build-key-server server Generating a 1024 bit RSA private key + + writing new private key to server.key - You are about

6、to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter ., the field wil

7、l be left blank. - Country Name (2 letter code) CN: State or Province Name (full name) BJ: Locality Name (eg, city) BJ: Organization Name (eg, company) buaa: Organizational Unit Name (eg, section) :gaitCommon Name (eg, your name or your servers hostname) :server Email Address : Please enter the foll

8、owing extra attributes to be sent with your certificate request A challenge password :abcd1234 An optional company name :dvdmaster Using configuration from /openvpn-2.0.5/easy-rsa/f Check that the request matches the signature Signature ok The Subjects Distinguished Name is as follows countryName RI

9、NTABLE:CN stateOrProvinceName RINTABLE:GD localityName RINTABLE:SZ organizationName RINTABLE:dvdmaster organizationalUnitNameRINTABLE:dvdmaster commonName RINTABLE:server emailAddress :IA5STRING: Certificate is to be certified until Mar 19 08:15:31 2016 GMT (3650 days) Sign the certificate? y/n:y 1

10、out of 1 certificate requests certified, commit? y/ny Write out database with 1 new entries Data Base Updated 5.客户端证书在 openvpn 中,这种配置方法是每一个登陆的 VPN 客户端需要有一个证书,每个证书在同一时刻只能供一个客户端连接(如果有两个机器安装相同证书,同时拨服务器,都能拨上,但是只有第一个拨上的才能连通网络) 。所以需要建立许多份证书。下面建立三份,名称分别为 client1 client3。./build-key client1 Generating a 102

11、4 bit RSA private key .+ + writing new private key to client1.key - You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some

12、blank For some fields there will be a default value, If you enter ., the field will be left blank. - Country Name (2 letter code) CN: State or Province Name (full name) BJ: Locality Name (eg, city) BJ: Organization Name (eg, company) buaa: Organizational Unit Name (eg, section) :gaitCommon Name (eg,

13、 your name or your servers hostname) :client1 #重要: 每个不同的 client 生成的证书, 名字必须不同. Email Address : Please enter the following extra attributes to be sent with your certificate request A challenge password :abcd1234 An optional company name :gait Using configuration from /openvpn-2.0.5/easy-rsa/f Check t

14、hat the request matches the signature Signature ok The Subjects Distinguished Name is as follows countryName RINTABLE:CN stateOrProvinceName RINTABLE:GD localityName RINTABLE:SZ organizationName RINTABLE:dvdmaster organizationalUnitName:PRINTABLE:dvdmaster commonName :PRINTABLE:client1 emailAddress

15、:IA5STRING: Certificate is to be certified until Mar 19 08:22:00 2016 GMT (3650 days) Sign the certificate? y/n:y 1 out of 1 certificate requests certified, commit? y/ny Write out database with 1 new entries Data Base Updated ) 依次类推生成其他客户端证书/key: ./build-key client2 ./build-key client3注意在进入 Common N

16、ame (eg, your name or your servers hostname) : 的输入时, 每个证书输入的名字必须不同.g) 执行./build-dhh) 生成的所有证书在/root/openvpn-2.0.9/easy-rsa/keys 下。i. 其中服务器需要的是 ca.crt、server.crt、server.key、dh1024.pem,每个客户端需要的是ca.crt、client1-3.crt、client1-3.key。7、 配置文件a) cp /root/openvpn-2.0.9/sample-config-files/server.conf /usr/loca

17、l/etc/server.confb) vi /usr/local/etc/server.confi. proto udp 改成 proto tcpii. ca 那四行改成ca /root/openvpn-2.0.9/easy-rsa/keys/ca.crtcert /root/openvpn-2.0.9/easy-rsa/keys/server.crtkey /root/openvpn-2.0.9/easy-rsa/keys/server.keydh /root/openvpn-2.0.9/easy-rsa/keys/dh1024.pemiii. server.conf 配置文件见(参考文件

18、 server.conf)8、 启动服务:a) 关闭服务器、防火墙上所有对 SSH(22) 、openvpn (1194 )的拦截。b) echo 1 /proc/sys/net/ipv4/ip_forwardc) /usr/local/sbin/openvpn -config /usr/local/etc/server.confd) 为了实现开机启动,在/etc/rc.local 后面添加/usr/local/sbin/openvpn -config /usr/local/etc/server.conf /dev/null 2利用网络时间同步时间: ntpdate pool.ntp.org5

19、.在 openvz vps 上搭建 openvpnv 之前先执行以下过程:vzctl set 120 -devices c:10:200:rw -savevzctl exec 120 mkdir -p /dev/netvzctl exec 120 mknod /dev/net/tun c 10 200vzctl exec 120 chmod 600 /dev/net/tun否则会不能开启 TUN 6.在 vi ./etc/vz/vz.conf 里找到# IPv4 iptables kernel modulesIPTABLES=“iptable_nat ipt_REJECT ipt_tos ip

20、t_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length“将这里的模块加到 vi /etc/vz/conf/120.conf# CPU fair sheduler parameterCPUUNITS=“1000“VE_ROOT=“/vz/root/$VEID“VE_PRIVATE=“/vz/private/$VEID“OSTEMPLATE=“centos-4-i386-default“ORIGIN_SAMPLE=“vps.basic“IP_ADDRESS=“61.19

21、1.20.26“HOSTNAME=“vps120“NAMESERVER=“202.102.192.68“DEVICES=“c:10:200:rw “IPTABLES=“ip_tables iptable_nat iptable_filter iptable_mangle ipt_limit ipt_REJECT ipt_length “CAPABILITY=“NET_ADMIN:on “否则会报 nat filter 模块不存在需要重新编译内核。再执行 vzctl set 120 -iptables iptable_filter -iptables ipt_length -iptables ipt_limit -iptables iptable_mangle -iptables ipt_REJECT -save 重启 openvz 宿机。最后在 iptables 里开 NATiptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT -to-source 61.191.20.26 xp/vista 上使用 openvpn,如有报错,提示 log: 至少有一个参数不正确, 需要在配置文件中加入route-method exeroute-delay 2

本站链接:文库   一言   我酷   合作

客服QQ:2549714901微博号:道客多多官方知乎号:道客多多

经营许可证编号: 粤ICP备2021046453号世界地图

道客多多©版权所有2020-2025营业执照举报