- @H_301_2@官方文档:https://openVPN.net/index.php/open-source/documentation/howto.html
- @H_301_2@安装软件
sudoaptinstallopenVPNeasy-rsa
- @H_301_2@拷贝 easy-rsa 目录
cp-r/usr/share/easy-rsa//etc/openVPN/
- @H_301_2@查看 openssl 版本
opensslversion
cd/etc/openVPN/easy-rsa/ cpopenssl-1.0.0.cnfopenssl.cnf ../vars#source./vars ./clean-all#只是增加客户端证书和私钥的时候不要执行这一句 ./build-ca#注意CommonName
./build-key-serverserver
./build-keyclient1 ./build-keyclient2 ./build-keyclient3
./build-dh
cp/etc/openVPN/easy-rsa/keys/ca.crt/etc/open***/ cp/etc/openVPN/easy-rsa/keys/server.crt/etc/open***/server/ cp/etc/openVPN/easy-rsa/keys/server.key/etc/open***/server/ cp/etc/openVPN/easy-rsa/keys/dh2048.pem/etc/open***/server/
mkdir/etc/open***/server/ccd cd/etc/open***/server/ccd vimclient#文件名对应CommonName #client内容示例(推送固定ip) ifconfig-push192.168.77.46255.255.255.0
cd/etc/openVPN/server/ /etc/openVPN/server#vimserver.con
- @H_301_2@启动服务端
nohupopenVPN/etc/openVPN/server/server.conf&@H_404_98@local192.168.0.110 port10101 prototcp devtap float ca/etc/openVPN/server/ca.crt cert/etc/openVPN/server/server.crt key/etc/openVPN/server/server.key dh/etc/openVPN/server/dh2048.pem server192.168.77.0255.255.255.0 client-config-dir/etc/open***/server/ccd/ client-to-client keepalive10120 comp-lzo persist-key statusopenVPN-status.log log/var/log/openVPN.log verb4 mute20 @H_404_98@client devtap0 remote123.456.789.154 port10101 prototcp float ca./ca.crt cert./client1.crt key./client1.key comp-lzo verb6 mute20 @H_301_2@
@H_301_2@【FAQ】 @H_301_2@Q:客户端连不上服务端,报错:WARNING: No server certificate verification method has been enabled. @H_301_2@A:检查私钥和公钥当中是否有 0B 的文件。 @H_301_2@Q:客户端连不上服务端,报错:TCP: connect to [AF_INET]223.18.95.157:7872 Failed: Unknown error @H_301_2@A:检查客户端外围防火墙。 @H_301_2@
@H_301_2@*** walker ***