在Linux系统的VPS上安装配置OpenVPN的详细教程(linux连接vps)

推荐整理分享在Linux系统的VPS上安装配置OpenVPN的详细教程(linux连接vps)，希望有所帮助，仅作参考，欢迎阅读内容。

文章相关热门搜索词:vpslinux使用教程,linux vps,linux vps和windows vps,在linux系统的应急过程中,可以用,在linux系统的脚本文件一般以什么开头,在linux系统的脚本文件一般以什么开头,在linux系统的脚本文件一般以什么开头,在linux系统的目录结构中可以有几个根目录,内容如对您有帮助，希望把文章链接给更多的朋友！

OpenVPN在安全性上比PPTP，L2TP和IPsec都高，因为它通过三个证书的安全验证，实现了整个通信链路的完整加密。

安装步骤：

一、首先检查VPS上的tun设备是否可用，如果不可用需要联系客服打开，否则OpenVPN无法启用。通过root用户登陆，执行复制代码代码如下:#cat /dev/net/tuncat: /dev/net/tun: File descriptor in bad state如果现实结果如上所示，则表示tun设备可用，其它则表示设备异常，无法安装OpenVPN。

二、下载安装所需软件包：

复制代码代码如下:wget install -y openssl openssl-devel automake pkgconfig iptables

四、安装OpenVPN服务端1.安装pkcs-helper RPM包复制代码代码如下:rpm -ivh pkcs-helper-1.-2.el5.1.i.rpmrpm -ivh pkcs-helper-devel-1.-2.el5.1.i.rpm2.安装 LZO复制代码代码如下:tar zxvf lzo-2..tar.gzcd lzo-2././configure –prefix=/opt/lzomakemake checkmake installcd ../3.安装 OpenVPN复制代码代码如下:tar zxvf openvpn-2.1.4.tar.gzcd openvpn-2.1.4./configure –prefix=/opt/openvpn –with-lzo-headers=/opt/lzo/include –with-lzo-lib=/opt/lzo/lib –with-ssl-headers=/usr/include/openssl –with-ssl-lib=/usr/libmakemake install然后，下面就开始key证书文件的创建，总共需要创建三个，即ca，server key，client key。

4.生成证书Key复制代码代码如下:cp -r easy-rsa /opt/openvpn/cd /opt/openvpn/easy-rsa/2.0/vim export_new_varexport D=`pwd`export KEY_CONFIG=$D/openssl.cnfexport KEY_DIR=$D/keysexport KEY_SIZE=export KEY_COUNTRY=CN #国家export KEY_PROVINCE=BJ #省份export KEY_CITY=BJ #城市export KEY_ORG=”btschina.com” #组织export KEY_EMAIL=”root@btschina.com” #邮箱source export_new_var./clean-all

./build-ca

Generating a bit RSA private key..++++++………..++++++writing new private key to ‘ca.key’—–You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter ‘.’, the field will be left blank.—–Country Name (2 letter code) [CN]:State or Province Name (full name) [BJ]:Locality Name (eg, city) [BJ]:Organization Name (eg, company) [btschina.com]:Organizational Unit Name (eg, section) []:btschinaCommon Name (eg, your name or your server’s hostname) [btschina.com CA]:btschina.comName []:btschinaEmail Address [root@btschina.com]:

5.建立 server key复制代码代码如下:[root@centos 2.0]# ./build-key-server serverGenerating a bit RSA private key……………………….++++++……….++++++writing new private key to ‘server.key’—–You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter ‘.’, the field will be left blank.—–Country Name (2 letter code) [CN]:State or Province Name (full name) [BJ]:Locality Name (eg, city) [BJ]:Organization Name (eg, company) [btschina.com]:Organizational Unit Name (eg, section) []:btschinaCommon Name (eg, your name or your server’s hostname) [server]:btschina.comName []:btschinaEmail Address [root@btschina.com]:</p><p>Please enter the following ‘extra’ attributesto be sent with your certificate requestA challenge password []:An optional company name []:btschina.comUsing configuration from /etc/openvpn/easy-rsa/2.0/openssl.cnfCheck that the request matches the signatureSignature okThe Subject’s Distinguished Name is as followscountryName :P RINTABLE:’CN’stateOrProvinceName :P RINTABLE:’BJ’localityName :P RINTABLE:’BJ’organizationName :P RINTABLE:’btschina.com’organizationalUnitName:PRINTABLE:’btschina’commonName :P RINTABLE:’btschina.com’name :P RINTABLE:’btschina’emailAddress :IA5STRING:’root@btschina.com’Certificate is to be certified until Apr :: GMT ( days)Sign the certificate? [y/n]:y

6.生成客户端 key复制代码代码如下:[root@centos 2.0]# ./build-key client1Generating a bit RSA private key……………………………………………………………………..………++++++………………….++++++writing new private key to ‘client1.key’—–You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter ‘.’, the field will be left blank.—–Country Name (2 letter code) [CN]:State or Province Name (full name) [BJ]:Locality Name (eg, city) [BJ]:Organization Name (eg, company) [btschina.com]:Organizational Unit Name (eg, section) []:btschinaCommon Name (eg, your name or your server’s hostname) [client1]:Name []:btschinaEmail Address [root@btschina.com]:

Please enter the following ‘extra’ attributesto be sent with your certificate requestA challenge password []:An optional company name []:btschina.comUsing configuration from /etc/openvpn/easy-rsa/2.0/openssl.cnfCheck that the request matches the signatureSignature okThe Subject’s Distinguished Name is as followscountryName :P RINTABLE:’CN’stateOrProvinceName :P RINTABLE:’BJ’localityName :P RINTABLE:’BJ’organizationName :P RINTABLE:’btschina.com’organizationalUnitName:PRINTABLE:’btschina’commonName :P RINTABLE:’client1′name :P RINTABLE:’btschina’emailAddress :IA5STRING:’root@btschina.com’Certificate is to be certified until Apr :: GMT ( days)Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]yWrite out database with 1 new entriesData Base Updated

1 out of 1 certificate requests certified, commit? [y/n]yWrite out database with 1 new entriesData Base Updated

如果想生成多个client key的话，重复以上步骤，修改client1为client2，client3……即可。

至此，所有的key都已经生成完毕，如果你想删除这些key，重新生成的话，执行以下命令。复制代码代码如下:source var./clean-all

7.生成 Diffie Hellman 参数复制代码代码如下:./build-dh8.将 keys 下的所有文件打包下载到本地复制代码代码如下:tar -cf keys.tar keys9.创建服务端配置文件复制代码代码如下:vi /opt/openvpn/etc/server.conf内容如下：port proto udp

dev tun

ca /opt/openvpn/easy-rsa/2.0/keys/ca.crtcert /opt/openvpn/easy-rsa/2.0/keys/server.crtkey /opt/openvpn/easy-rsa/2.0/keys/server.keydh /opt/openvpn/easy-rsa/2.0/keys/dh.pem

server ...0 ...0

client-to-clientkeepalive

comp-lzo

persist-keypersist-tunstatus /opt/openvpn/easy-rsa/2.0/keys/openvpn-status.logverb 4

push “dhcp-option DNS ...1″push “dhcp-option DNS 8.8.8.8″push “dhcp-option DNS 8.8.4.4″

.创建客户端配置文件复制代码代码如下:vi /opt/openvpn/etc/client.conf内容如下client

dev tunproto udp

remote ... #请换成自己ippersist-keypersist-tunca /opt/openvpn/easy-rsa/2.0/keys/ca.crtcert /opt/openvpn/easy-rsa/2.0/keys/client1.crtkey /opt/openvpn/easy-rsa/2.0/keys/client1.keyns-cert-type servercomp-lzoverb 3

redirect-gateway def1route-method exeroute-delay 2

.设置 OpenVPN 服务器 reboot后自动启动 openvpn复制代码代码如下:vi /etc/rc.local加入：复制代码代码如下:/opt/openvpn/sbin/openvpn –config /opt/openvpn/etc/server.conf > /dev/null 2>&1 &运行OpenVPN服务端复制代码代码如下:/opt/openvpn/sbin/openvpn –config /opt/openvpn/etc/server.conf > /dev/null 2>&1 &检查服务端是否启动执行复制代码代码如下:netstat -lnp如果看到有 0.0.0.0: 则证明服务端已经成功启动。

五、防火墙规则设置1.开放OpenVPN服务器端口复制代码代码如下:iptables -A INPUT -p udp -m state –state NEW -m udp –dport -j ACCEPT2.启用NAT映射，实现共享上网复制代码代码如下:iptables -t nat -A POSTROUTING -s ...0/...0 -o eth0 -j MASQUERADE3.开启数据转发复制代码代码如下:sysctl -w net.ipv4.ip_forward=1

六、OpenVPN GUI for Windows 客户端安装1.下载并安装 .NET Framwork 3.5 SP1由于OpenVPN客户端需要 .NET Framwork 3.5 SP1 以上的支持，所以很遗憾，我们不得不先安装它。下载地址： FilesOpenVPN TechnologiesOpenVPN Clientetcprofile创建配置文件client.ovpn，内容如下：client

dev tunproto udp

remote ... #请换成自己ip

persist-keypersist-tunca ca.crtcert client1.crtkey client1.keyns-cert-type servercomp-lzoverb 3

redirect-gateway def1route-method exeroute-delay .将所需的证书等文件放入客户端目录将之前压缩的keys.tar压缩文件解压，并将目录下的所有文件移动到目录：C:Program FilesOpenVPN TechnologiesOpenVPN Clientetcprofile

5.启动OpenVPN客户端启动OpenVPN客户端软件，点击添加连接配置，选择本地文件导入，然后导入刚刚创建的client.ovpn文件。如下图所示：

然后界面上会出现一个Client1选项，点击即可登录

登录成功

至此，整个OpenVPN的安装过程就已经完成了，如果你也是国外的VPS主机的话，那就开始体验翻过GFW的快乐吧。

七、卸载OpenVPN如果你觉得OpenVPN用起来太过于麻烦或其它原因想卸载OpenVPN，那么，请执行以下操作。复制代码代码如下:killall openvpnrpm -e pkcs-helper-1.-2.el5.1.i.rpmrpm -e pkcs-helper-devel-1.-2.el5.1.i.rpmrm -rf /opt/lzorm -rf /opt/openvpn

XEN虚拟机在Linux上的安装和使用教程 1、安装xen复制代码代码如下:yuminstallxen*kernel-xen*virt-managervnc*xen-libpython-virtinstkernel-xen：可以跑Xen的Linux核心xen：主要的xen套件，包括配置文件、启动脚本

详解Linux下iptables中的DNAT与SNAT设置 DNAT（DestinationNetworkAddressTranslation,目的地址转换)通常被叫做目的映谢。而SNAT（SourceNetworkAddressTranslation，源地址转换）通常被叫做源映谢。这是我们在设

VMware安装RedHat Linux系统时出现该光盘无法被挂载错误怎么办？ 在使用VmwareWorkstation安装RedHatLinux操作系统时，由于RedHatLinux的安装程序镜像文件有3个，在安装过程中RedHatLinux会在适当的时候提醒我们插入第2张或第3张