登录
yum -y install gcc lzo-devel pam-devel epel-release; yum -y install easy-rsa libnl3-devel libcap-ng-devel openssl-devel lz4-devel; ./configure --prefix=/usr/local/openvpn --disable-dco; make && make install; cp -r /usr/share/easy-rsa/3.0.8/ /usr/local/openvpn/easy-rsa; cp /usr/share/doc/easy-rsa-3.0.8/vars.example /usr/local/openvpn/easy-rsa/vars; ./easyrsa init-pki; ./easyrsa build-ca nopass; ./easyrsa gen-req server nopass; ./easyrsa sign server server; ./easyrsa gen-dh; mkdir ssl; ./sbin/openvpn --genkey secret /usr/local/openvpn/ssl/ta.key; cp pki/ca.crt pki/private/server.key pki/issued/server.crt pki/dh.pem ../ssl/; ./sbin/openvpn --config server.conf --daemon;
server.conf配置:
port 1194 proto tcp dev tap ca /usr/local/openvpn/ssl/ca.crt cert /usr/local/openvpn/ssl/server.crt key /usr/local/openvpn/ssl/server.key dh /usr/local/openvpn/ssl/dh.pem server 10.6.0.0 255.255.255.0 duplicate-cn tls-auth /usr/local/openvpn/ssl/ta.key 0 # This file is secret
客户证书:
./easyrsa gen-req client nopass; ./easyrsa sign client client;
评论已关闭