centos下安裝openvpn———客戶端

君落塵發表於2015-01-06
CentOS客戶端

[root@mi7 ~]# cd /etc/yum.repos.d/

[root@mi7 yum.repos.d]# wget http://dl.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm

[root@mi7 yum.repos.d]# wget http://rpms.famillecollet.com/enterprise/remi-release-5.rpm

[root@mi7 yum.repos.d]# sudo rpm -Uvh remi-release-5*.rpm epel-release-5*.rpm

[root@mi7 yum.repos.d]# vi remi.repo

[remi]

name=Les RPM de remi pour Enterprise Linux 5 - $basearch

#baseurl=http://rpms.famillecollet.com/enterprise/5/remi/$basearch/

mirrorlist=http://rpms.famillecollet.com/enterprise/5/remi/mirror

enabled=1

gpgcheck=1

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi

 

[root@mi7 yum.repos.d]#  yum -y install openvpn

[root@mi7 yum.repos.d]# rpm -qa openvpn

openvpn-2.3.6-1.el5

 

在mi14服務端上申請證照

[root@mi14 openvpn]# cd /usr/share/doc/openvpn-2.2.2/easy-rsa/2.0

[root@mi14 2.0]# . vars

NOTE: If you run ./clean-all, I will be doing a rm -rf on /usr/share/doc/openvpn-2.2.2/easy-rsa/2.0/keys

[root@mi14 2.0]#  ./build-key-pass mi7

Generating a 1024 bit RSA private key

............++++++

...............++++++

writing new private key to 'mi7.key'

Enter PEM pass phrase:mi123

Verifying - Enter PEM pass phrase:mi123

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [CN]:回車

State or Province Name (full name) [GD]:回車

Locality Name (eg, city) [BeiJing]:回車

Organization Name (eg, company) [NetSky Studio]:回車

Organizational Unit Name (eg, section) [mi14]:mi7

Common Name (eg, your name or your server's hostname) [mi7]:mi7

Name [mi14]:mi7

Email Address [mi14@mi.com]:mi7@mi.com

 

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:回車

An optional company name []:回車

Using configuration from /usr/share/doc/openvpn-2.2.2/easy-rsa/2.0/openssl-1.0.0.cnf

Check that the request matches the signature

Signature ok

The Subject's Distinguished Name is as follows

countryName           :PRINTABLE:'CN'

stateOrProvinceName   :PRINTABLE:'GD'

localityName          :PRINTABLE:'BeiJing'

organizationName      :PRINTABLE:'NetSky Studio'

organizationalUnitName:PRINTABLE:'mi7'

commonName            :PRINTABLE:'mi7'

name                  :PRINTABLE:'mi7'

emailAddress          :IA5STRING:'mi7@mi.com'

Certificate is to be certified until Jan  2 09:10:32 2025 GMT (3650 days)

Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y

Write out database with 1 new entries

Data Base Updated

 

[root@mi14 2.0]# cp keys/mi7.* /etc/openvpn/

[root@mi7 openvpn]# scp 103.227.78.169:/etc/openvpn/mi7* /etc/openvpn/

[root@mi7 openvpn]# scp 103.227.78.169:/etc/openvpn/ca1.* /etc/openvpn/

[root@mi6 ~]# scp /etc/openvpn/client.ovpn mi7:/etc/openvpn/

[root@mi7 openvpn]# vi client.ovpn

cert mi7.crt

key mi7.key

[root@mi7 openvpn]# service openvpn start

[root@mi7 openvpn]#  openvpn --config /etc/openvpn/client.ovpn

nohup openvpn --config /etc/openvpn/client.ovpn

 

[root@mi7 ~]#  ps -ef | grep openvpn

root     27512 26386  0 17:23 pts/1    00:00:00 openvpn --config /etc/openvpn/client.ovpn

root     27584 27549  0 17:24 pts/2    00:00:00 grep openvpn

[root@mi7 ~]# ping 10.47.0.8

PING 10.47.0.8 (10.47.0.8) 56(84) bytes of data.

64 bytes from 10.47.0.8: icmp_seq=1 ttl=64 time=0.720 ms

64 bytes from 10.47.0.8: icmp_seq=2 ttl=64 time=0.892 ms

 

來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/29819001/viewspace-1392090/,如需轉載,請註明出處,否則將追究法律責任。

相關文章