切换阿里云源

先切换到阿里云源,有的源无法通过yum在线安装openvpn
https://www.yuque.com/jaasdsa/vzb506/svteh1

安装

建议安装启用epel源,采用yum的方式安装openvpn。

  1. yum install -y epel-release 
  2. yum update -y
  3. yum install -y openssl lzo pam openssl-devel lzo-devel pam-devel
  4. yum install -y easy-rsa
  5. yum install -y openvpn

防火墙配置

  1. 可以选择关闭防火墙,简单粗暴

    1. systemctl disable firewalld
    2. systemctl stop firewalld
    3. systemctl status firewalld

  2. 不想关闭防火墙,可以选择选择防火墙放行模式

    1. firewall-cmd --permanent --add-masquerade
    2. firewall-cmd --permanent --add-service=openvpn
    3. # 或者添加自定义端口
    4. # firewall-cmd --permanent  --add-port=1194/tcp
    5. firewall-cmd --permanent --direct --passthrough ipv4 -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
    6. firewall-cmd --reload

    配置客户端配置

    1. cd /etc/openvpn/client
    2. touch .service.conf
    3. # 加入下方 .service.conf内容
    4. touch pass.psd
    5. # 加入下方pass.psd内容

    .service.conf ``` client dev-type tun dev tunx proto udp tun-mtu 1500 cipher BF-CBC remote 192.168.19.99 9200 resolv-retry infinite nobind persist-key persist-tun verb 3 auth-user-pass /etc/openvpn/client/pass.psd script-security 2

——-BEGIN CERTIFICATE——- MIIDQTCCAimgAwIBAgIJAPLcXw6Rv4beMA0GCSqGSIb3DQEBCwUAMDcxCzAJBgNV BAYTAkNOMQ4wDAYDVQQKDAVpS3VhaTEYMBYGA1UEAwwPaUt1YWkgRGV2aWNlIENB MB4XDTE5MDQxNzE0MDkxM1oXDTI5MDQxNDE0MDkxM1owNzELMAkGA1UEBhMCQ04x DjAMBgNVBAoMBWlLdWFpMRgwFgYDVQQDDA9pS3VhaSBEZXZpY2UgQ0EwggEiMA0G CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGJwQkFSc/BtubR8SoB/dxEjxMQ/L3 ZlOmRYBiYSMUBUymRtJtbCFclsl7UuVRLoruw/NPuvYSPva2yLS7ow8PkzvPceq9 Hj4+szWh461TZO/41nYYQuwEYAD0uWrMKwBWNF0r8CkfyOtbqVWHO4q1Xy/+OcyT K7WnWoZPHRDIo8bkuyOJOyLIWUOzReC4ZRxWu4lOiWY3ys+BG0JEUmRdJ6kMAdrV L8ECqYuBiTHPjS54rqDE8tu5brSzBENNif4wwxfRovJL39sNCj0VrmpyvksaYdFJ iqJrsPoWCGedBT9NdKIBf+n3M4D8nYPuz/AwFf5BumMt+z2KbhkblfqdAgMBAAGj UDBOMB0GA1UdDgQWBBRS8TGhPuUr19Vpmpa/yvv0czU02jAfBgNVHSMEGDAWgBRS 8TGhPuUr19Vpmpa/yvv0czU02jAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUA A4IBAQApIPzeBFGTjaxSw+s0u8/vDke9Nm+Y7l1TgcLxYI+WajYSJ7n4o6Yc417M hFuZRt5n0dB76OLvQltLh0SEwUVlbM5Zt+XJzU/vP6KDJFmQeF8YDOoAF1oSxlwG VIScjdtlxPSZ4gPY4lV/cibHedD1Ck7ExijO3sGUo/yWkwDI43EGjMI/3jmzdVlS a1fU6jgeHKk/v9RO8JBgLFvrkbluBIM4y/8/CP3xGx2ptDILBgdt2tnrzS5QI/iK 6Fr2bvaRv1RI5v7rlkr49TOoLmQJ9xjWVN9HgqyWRDdbYxZ+aJ1JMyoiYwgU+vHN aFJBNvuqjnk0ukZrRttjwyGbmkdr ——-END CERTIFICATE——-

redirect-gateway def1 bypass-dns # uncomment to set as default gateway

route-nopull # uncomment to disable server route push

#

  1. pass.psd

sh_server 65831086

  1. <a name="oOahE"></a>
  2. ## 启动服务
  3. ```bash
  4. # 查看service名
  5. rpm -ql openvpn |grep service
  6. /usr/lib/systemd/system/openvpn-client@.service
  7. /usr/lib/systemd/system/openvpn-server@.service
  8. # 启动
  9. systemctl start openvpn-client@.service.service
  10. # 开机启动
  11. systemctl enable openvpn-client@.service.service

系统服务文件参考

  1. # /etc/systemd/system/openvpn.service
  2. # systemctl daemon-reload
  3. # systemctl enable openvpn 
  4. # systemctl start openvpn 
  5. # systemctl stop openvpn 
  6. # systemctl disable openvpn 
  8. [Unit]
  9. Description=OpenVPN server
  10. After=syslog.target network-online.target
  11. Wants=network-online.target
  12. Documentation=man:openvpn(8)
  13. Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
  14. Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
  16. [Service]
  17. # type=simple 防止前台进程一直卡住
  18. Type=simple 
  19. PrivateTmp=true
  20. WorkingDirectory=/data/openvpn
  21. ExecStart=/data/openvpn/sbin/openvpn  --config /data/openvpn/server.conf
  22. CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE
  23. LimitNPROC=10
  24. DeviceAllow=/dev/null rw
  25. DeviceAllow=/dev/net/tun rw
  26. ProtectSystem=true
  27. ProtectHome=true
  28. KillMode=process
  29. RestartSec=5s
  30. Restart=on-failure
  32. [Install]
  33. WantedBy=multi-user.target