1、准备了一台干净的Centos6.5 x64操作系统
#关闭selinux
setenforce0
sed
-i
'/^SELINUX=/c\SELINUX=disabled'
/etc/selinux/config
#安装openssl和lzo,lzo用于压缩通讯数据加快传输速度
install
opensslopenssl-devel
//mirrors
.sohu.com
/fedora-epel/6/x86_64/epel-release-6-8
.noarch.rpm
's/^mirrorlist=https/mirrorlist=http/'/etc/yum
.repos.d
/epel
.repo
2、安装及配置OpenVPN和easy-rsa
yum-yinstall
openvpneasy-rsa
cp -rf /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa/
vim /etc/openvpn/easy-rsa/vars //默认配置不变
[root@localhost ~]# cat /etc/openvpn/easy-rsa/vars | grep -v "#"| grep -v "^$"
export EASY_RSA="`pwd`"
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
export KEY_DIR="$EASY_RSA/keys"
echo NOTE: If you run ./clean-all,I will be doing a rm -rf on $KEY_DIR
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"
export KEY_SIZE=2048
export CA_EXPIRE=3650
export KEY_EXPIRE=3650
export KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="SanFrancisco"
export KEY_ORG="Fort-Funston"
export KEY_EMAIL="me@myhost.mydomain"
export KEY_OU="MyOrganizationalUnit"
export KEY_NAME="EasyRSA"
[root@localhost ~]#
source ./vars
./build-ca
./build-dh
./build-key-server server
./build-key client
//都是默认一路回车 (y/n 选择y)
[root@localhost openvpn]# pwd
/etc/openvpn
[root@localhost openvpn]# openvpn --genkey --secret ta.key
[root@localhost openvpn]# ls
ca.crt dh2048.pem easy-rsa server.conf server.crt server.key ta.key
[root@localhost openvpn]#
server.conf 文件配置
[root@localhost ~]# cat /etc/openvpn/server.conf | grep -v "#"| grep -v ";" | grep -v "^$"
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.31.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"
keepalive 10 120
cipher AES-256-CBC
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1
[root@localhost openvpn]# /etc/init.d/openvpn start
Starting openvpn: [Failed]
[root@localhost openvpn]#
[root@localhost openvpn]# find / -name openvpn.log
[root@localhost openvpn
[root@localhost openvpn]# tail -f /var/log/messages
Apr 11 10:20:07 localhost openvpn[9669]: Options error: --explicit-exit-notify cannot be used with --mode server
Apr 11 10:20:07 localhost openvpn[9669]: Use --help for more information.
Apr 11 10:29:04 localhost openvpn[9749]: Options error: --explicit-exit-notify cannot be used with --mode server
Apr 11 10:29:04 localhost openvpn[9749]: Use --help for more information.
Apr 11 10:39:31 localhost openvpn[9855]: Options error: --explicit-exit-notify cannot be used with --mode server
Apr 11 10:39:31 localhost openvpn[9855]: Use --help for more information.
Apr 11 10:40:15 localhost openvpn[9885]: Options error: --explicit-exit-notify cannot be used with --mode server
Apr 11 10:40:15 localhost openvpn[9885]: Use --help for more information.
Apr 11 11:06:32 localhost openvpn[9982]: Options error: --explicit-exit-notify cannot be used with --mode server
Apr 11 11:06:32 localhost openvpn[9982]: Use --help for more information.
请高手指点我这个是哪里配置出错了,谢谢。。。