centos 6.5 X64 install Openvpn Server fail

前端之家收集整理的这篇文章主要介绍了centos 6.5 X64 install Openvpn Server fail前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。

1、准备了一台干净的Centos6.5 x64操作系统


#关闭selinux

setenforce0

sed-i'/^SELINUX=/c\SELINUX=disabled'/etc/selinux/config

#安装openssl和lzo,lzo用于压缩通讯数据加快传输速度
yum-y install opensslopenssl-devel
lzo

#安装epel源
rpm-ivhhttp: //mirrors .sohu.com /fedora-epel/6/x86_64/epel-release-6-8 .noarch.rpm

's/^mirrorlist=https/mirrorlist=http/'/etc/yum.repos.d/epel.repo


2、安装及配置OpenVPN和easy-rsa

#安装openvpn和easy-rsa

yum-yinstallopenvpneasy-rsa

cp -rf /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa/

vim /etc/openvpn/easy-rsa/vars //默认配置不变

[root@localhost ~]# cat /etc/openvpn/easy-rsa/vars | grep -v "#"| grep -v "^$"

export EASY_RSA="`pwd`"

export OPENSSL="openssl"

export PKCS11TOOL="pkcs11-tool"

export GREP="grep"

export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`

export KEY_DIR="$EASY_RSA/keys"

echo NOTE: If you run ./clean-all,I will be doing a rm -rf on $KEY_DIR

export PKCS11_MODULE_PATH="dummy"

export PKCS11_PIN="dummy"

export KEY_SIZE=2048

export CA_EXPIRE=3650

export KEY_EXPIRE=3650

export KEY_COUNTRY="US"

export KEY_PROVINCE="CA"

export KEY_CITY="SanFrancisco"

export KEY_ORG="Fort-Funston"

export KEY_EMAIL="me@myhost.mydomain"

export KEY_OU="MyOrganizationalUnit"

export KEY_NAME="EasyRSA"

[root@localhost ~]#


source ./vars

./build-ca

./build-dh

./build-key-server server

./build-key client

//都是默认一路回车 (y/n 选择y)

[root@localhost openvpn]# pwd

/etc/openvpn

[root@localhost openvpn]# openvpn --genkey --secret ta.key

[root@localhost openvpn]# ls

ca.crt dh2048.pem easy-rsa server.conf server.crt server.key ta.key

[root@localhost openvpn]#


server.conf 文件配置

[root@localhost ~]# cat /etc/openvpn/server.conf | grep -v "#"| grep -v ";" | grep -v "^$"

port 1194

proto udp

dev tun

ca ca.crt

cert server.crt

dh dh2048.pem

server 10.8.0.0 255.255.255.0

ifconfig-pool-persist ipp.txt

push "route 192.168.31.0 255.255.255.0"

push "redirect-gateway def1 bypass-dhcp"

keepalive 10 120

cipher AES-256-CBC

comp-lzo

user nobody

group nobody

persist-key

persist-tun

status openvpn-status.log

verb 3

explicit-exit-notify 1


[root@localhost openvpn]# /etc/init.d/openvpn start

Starting openvpn: [Failed]

[root@localhost openvpn]#

[root@localhost openvpn]# find / -name openvpn.log

[root@localhost openvpn

[root@localhost openvpn]# tail -f /var/log/messages

Apr 11 10:20:07 localhost openvpn[9669]: Options error: --explicit-exit-notify cannot be used with --mode server

Apr 11 10:20:07 localhost openvpn[9669]: Use --help for more information.

Apr 11 10:29:04 localhost openvpn[9749]: Options error: --explicit-exit-notify cannot be used with --mode server

Apr 11 10:29:04 localhost openvpn[9749]: Use --help for more information.

Apr 11 10:39:31 localhost openvpn[9855]: Options error: --explicit-exit-notify cannot be used with --mode server

Apr 11 10:39:31 localhost openvpn[9855]: Use --help for more information.

Apr 11 10:40:15 localhost openvpn[9885]: Options error: --explicit-exit-notify cannot be used with --mode server

Apr 11 10:40:15 localhost openvpn[9885]: Use --help for more information.

Apr 11 11:06:32 localhost openvpn[9982]: Options error: --explicit-exit-notify cannot be used with --mode server

Apr 11 11:06:32 localhost openvpn[9982]: Use --help for more information.


请高手指点我这个是哪里配置出错了,谢谢。。。

猜你在找的CentOS相关文章