vpn案例1:vpn server和网关在同一台上
浏览数:25 /
时间:2015年06月20日
安装参考 http://qicheng0211.blog.51cto.com/3958621/1575273
http://freeloda.blog.51cto.com/2033581/1354858
一、环境
系统: CentOS 6.4x64最小化安装
eth0: 192.168.3.75 vpn server
eth1: 172.16.1.1 vpn server
win7: 192.168.3.76
client: 172.16.1.2
目的:用户通过win7能连接到内部网络172.16.1.0/24网段,且172.16.1.0/24能访问外网
二、安装yum源,同步时间
[root@vpn-server ~]# rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm [root@vpn-server ~]# sed -i ‘s@#b@b@g‘ /etc/yum.repos.d/epel.repo [root@vpn-server ~]# sed -i ‘s@mirrorlist@#mirrorlist@g‘ /etc/yum.repos.d/epel.repo [root@vpn-server ~]# yum install ntpdate -y [root@vpn-server ~]# echo "*/10 * * * * /usr/sbin/ntpdate asia.pool.ntp.org &>/dev/null" >/var/spool/cron/root [root@vpn-server ~]# crontab -l */10 * * * * /usr/sbin/ntpdate asia.pool.ntp.org &>/dev/null
三、安装基础软件
[root@vpn-server ~]# yum install openssl openssl-devel lzo -y
四、安装openvpn和easy-rsa
[root@vpn-server ~]# yum install openvpn easy-rsa -y #修改vars文件信息 [root@vpn-server 2.0]# pwd /usr/share/easy-rsa/2.0 [root@vpn-server 2.0]# vim vars #修改下面几项 export KEY_COUNTRY="CN" export KEY_PROVINCE="GUANGDONG" export KEY_CITY="GUANGZHOU" export KEY_ORG="MY COMPANY" export KEY_EMAIL="[email protected]" #重新加载环境变量 [root@vpn-server 2.0]# source vars #清除所有证书和相关文件 [root@vpn-server 2.0]# ./clean-all #生成新的根证书和根秘钥 [root@vpn-server 2.0]# ./build-ca #整个过程回车即可 Generating a 2048 bit RSA private key .....................................................+++ .........................................................+++ writing new private key to ‘ca.key‘ ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter ‘.‘, the field will be left blank. ----- Country Name (2 letter code) [CN]: #这里的信息是我们在上面事先设置的 State or Province Name (full name) [GUANGDONG]: Locality Name (eg, city) [GUANGZHOU]: Organization Name (eg, company) [MY COMPANY]: Organizational Unit Name (eg, section) [MyOrganizationalUnit]: Common Name (eg, your name or your server‘s hostname) [MY COMPANY CA]: Name [EasyRSA]: Email Address [[email protected]]:
给服务器端生成证书和秘钥
[root@vpn-server 2.0]# ./build-key-server server Generating a 2048 bit RSA private key .+++ ...........+++ writing new private key to ‘server.key‘ ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter ‘.‘, the field will be left blank. ----- Country Name (2 letter code) [CN]: State or Province Name (full name) [GUANGDONG]: Locality Name (eg, city) [GUANGZHOU]: Organization Name (eg, company) [MY COMPANY]: Organizational Unit Name (eg, section) [MyOrganizationalUnit]: Common Name (eg, your name or your server‘s hostname) [server]: Name [EasyRSA]: Email Address [[email protected]]: Please enter the following ‘extra‘ attributes to be sent with your certificate request A challenge password []: An optional company name []: Using configuration from /usr/share/easy-rsa/2.0/openssl-1.0.0.cnf Check that the request matches the signature Signature ok The Subject‘s Distinguished Name is as follows countryName :PRINTABLE:‘CN‘ stateOrProvinceName :PRINTABLE:‘GUANGDONG‘ localityName :PRINTABLE:‘GUANGZHOU‘ organizationName :PRINTABLE:‘MY COMPANY‘ organizationalUnitName:PRINTABLE:‘MyOrganizationalUnit‘ commonName :PRINTABLE:‘server‘ name :PRINTABLE:‘EasyRSA‘ emailAddress :IA5STRING:‘[email protected]‘ Certificate is to be certified until May 24 07:01:16 2025 GMT (3650 days) Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated
本文出自 “ly36843运维” 博客,请务必保留此出处http://ly36843.blog.51cto.com/3120113/1655632
郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。
