Linux安全网 - Linux操作系统_Linux 命令_Linux教程_Linux黑客

会员投稿 投稿指南 本期推荐:
搜索:
您的位置: Linux安全网 > Linux系统 > » 正文

Linux 下 OpenVPN 安装和 Windows OpenVPN GUI 安装笔记

来源: 未知 分享至:

基于伟大的 GFW 越来越牛B,网站的正常维护如 FTP、pop & smtp 的邮件收发、在 google 查技术资料,都经常被 GFW 强行断开。为了解决这个问题,于是我在自己的国外主机上安装了一个 OpenVPN,当时记录了一下安装的经过。

今天正好又有一个朋友问及 OpenVPN 安装的事情,于是我重新整理一下这篇Linux 下 OpenVPN 安装和 Windows OpenVPN GUI 安装笔记

希望对大家有所帮助。

  当时在安装 OpenVPN 的时候,得到了 WenZK 的指导帮助。在此表示感谢。

一. OpenVPN 安装环境

 

    Server 端的环境
  1. redhat, kernel版本: 2.4.20-31.9, IP 为 70.8.7.6
  2. kernel 需要支持 tun 设备, 需要加载 iptables 模块.
    检查 tun 是否安装:
    代码:
    root@a [/]# modinfo tun 
    filename:    /lib/modules/2.4.20-31.9/kernel/drivers/net/tun.o 
    description:  
    author:       
    license:     "GPL" 
    
    如果没有 modinfo 命令, 直接找一下, 看看 kernel 里是否有 tun.o 文件:
    代码:
    find -name tun.o 
    ./lib/modules/2.4.20/kernel/drivers/net/tun.o 
    
    检查iptables 模块, 查看是否有下列文件:
    /etc/init.d/iptables
  3. OpenSSL。如果需要启用 SSL 连接,则需要先安装 OpenSSL。安装 OpenSSL 的方法在这里不做介绍,具体可以用 Google 搜索。CentOS 下可以用 yum install:
    yum install openssl
    yum install openssl-devel
  4. 安装的 OpenVPN 的版本: 2.0.5. 现在似乎已经有一个更新的版本了. 可在http://openvpn.net 上下载.

 

 

    Client 端的环境:
  1. Windows XP PRO SP2
  2. OpenVPN GUI For windows 1.0.3 , 可在 openvpn.se 下载
    注意: OpenVPN GUI for windows 的版本要和 OpenVPN Server 的版本配套.
    例如, 服务器装的是 OpenVPN 2.0.5, 那么下载的 OpenVPN GUI fow windows 应该是: openvpn-2.0.5-gui-1.0.3-install.exe
    OpenVPN GUI的所有历史版本: http://openvpn.se/files/install_packages/

 

 

二. OpenVPN 服务端安装过程

http://www.xiaohui.com/dev/server/20070514-install-openvpn.htm

  1. 用 SecureCRT 登录到 host, 进入根目录 代码:
    cd / 
  2. 下载 LZO,解压到lzo-2.02.

     

    地址: http://www.oberhumer.com/opensource/lzo/download/ 代码:

    wget http://www.oberhumer.com/opensource/lzo/download/lzo-2.02.tar.gz
  3. 下载 OpenVPN, 解压到openvpn-2.0.5

     

    地址: http://openvpn.net/download.html 代码:

    wget http://openvpn.net/release/openvpn-2.0.5.tar.gz
  4. 安装 LZO 代码:
    cd /lzo-2.02 
    ./configure 
    make 
    make check 
    make install 
  5. 安装 OpenVPN

     

    代码:

    cd /openvpn-2.0.5
    ./configure 
    # 或用指定dir: (注:下述命令, 应该在一行写完. 为了方便显示, 这里分成了四行)
    # ./configure --with-lzo-headers=/usr/local/include 
    #  --with-lzo-lib=/usr/local/lib 
    #  --with-ssl-headers=/usr/local/include/openssl 
    #  --with-ssl-lib=/usr/local/lib 
    make 
    make install 
    
  6. 生成证书Key

     

    初始化 PKI

    (如果没有 export 命令也可以用 setenv [name] [value] 命令)

    代码:

    cd /openvpn-2.0.5/easy-rsa 
    export D=`pwd` 
    export KEY_CONFIG=$D/openssl.cnf 
    export KEY_DIR=$D/keys 
    export KEY_SIZE=1024 
    export KEY_COUNTRY=CN 
    export KEY_PROVINCE=GD 
    export KEY_CITY=SZ 
    export KEY_ORG="xiaohui.com" 
    export KEY_EMAIL="your-email [at] xiaohui.com" 
    Build:

     

    代码:

    ./clean-all 
    ./build-ca 
    
    Generating a 1024 bit RSA private key 
    ................++++++ 
    ........++++++ 
    writing new private key to \'ca.key\' 
    ----- 
    You are about to be asked to enter information that will be incorporated 
    into your certificate request. 
    What you are about to enter is what is called a Distinguished Name or a DN. 
    There are quite a few fields but you can leave some blank 
    For some fields there will be a default value, 
    If you enter \'.\', the field will be left blank. 
    ----- 
    Country Name (2 letter code) [CN]: 
    State or Province Name (full name) [GD]: 
    Locality Name (eg, city) [SZ]: 
    Organization Name (eg, company) [xiaohui.com]: 
    Organizational Unit Name (eg, section) []:xiaohui.com 
    Common Name (eg, your name or your server\'s hostname) []:server 
    Email Address [your-email [at] xiaohui.com]: 
    # 建立 server key 代码: 代码:
    ./build-key-server server 
    
    Generating a 1024 bit RSA private key 
    ......++++++ 
    ....................++++++ 
    writing new private key to \'server.key\' 
    ----- 
    You are about to be asked to enter information that will be incorporated 
    into your certificate request. 
    What you are about to enter is what is called a Distinguished Name or a DN. 
    There are quite a few fields but you can leave some blank 
    For some fields there will be a default value, 
    If you enter \'.\', the field will be left blank. 
    ----- 
    Country Name (2 letter code) [CN]: 
    State or Province Name (full name) [GD]: 
    Locality Name (eg, city) [SZ]: 
    Organization Name (eg, company) [xiaohui.com]: 
    Organizational Unit Name (eg, section) []:xiaohui.com 
    Common Name (eg, your name or your server\'s hostname) []:server 
    Email Address [your-email [at] xiaohui.com]: 
    
    Please enter the following \'extra\' attributes 
    to be sent with your certificate request 
    A challenge password []:abcd1234 
    An optional company name []:xiaohui.com 
    Using configuration from /openvpn-2.0.5/easy-rsa/openssl.cnf 
    Check that the request matches the signature 
    Signature ok 
    The Subject\'s Distinguished Name is as follows 
    countryName           :PRINTABLE:\'CN\' 
    stateOrProvinceName   :PRINTABLE:\'GD\' 
    localityName          :PRINTABLE:\'SZ\' 
    organizationName      :PRINTABLE:\'xiaohui.com\' 
    organizationalUnitName:PRINTABLE:\'xiaohui.com\' 
    commonName            :PRINTABLE:\'server\' 
    emailAddress          :IA5STRING:\'your-email [at] xiaohui.com\' 
    Certificate is to be certified until Mar 19 08:15:31 2016 GMT (3650 days) 
    Sign the certificate? [y/n]:y 
    
    
    1 out of 1 certificate requests certified, commit? [y/n]y 
    Write out database with 1 new entries 
    Data Base Updated 

     

    #生成客户端 key

    代码:

    ./build-key client1 
    Generating a 1024 bit RSA private key 
    .....++++++ 
    ......++++++ 
    writing new private key to \'client1.key\' 
    ----- 
    You are about to be asked to enter information that will be incorporated 
    into your certificate request. 
    What you are about to enter is what is called a Distinguished Name or a DN. 
    There are quite a few fields but you can leave some blank 
    For some fields there will be a default value, 
    If you enter \'.\', the field will be left blank. 
    ----- 
    Country Name (2 letter code) [CN]: 
    State or Province Name (full name) [GD]: 
    Locality Name (eg, city) [SZ]: 
    Organization Name (eg, company) [xiaohui.com]: 
    Organizational Unit Name (eg, section) []:xiaohui.com 
    Common Name (eg, your name or your server\'s hostname) []:client1    #重要: 每个不同的 client 生成的证书, 名字必须不同. 
    Email Address [your-email [at] xiaohui.com]: 
    
    Please enter the following \'extra\' attributes 
    to be sent with your certificate request 
    A challenge password []:abcd1234 
    An optional company name []:xiaohui.com 
    Using configuration from /openvpn-2.0.5/easy-rsa/openssl.cnf 
    Check that the request matches the signature 
    Signature ok 
    The Subject\'s Distinguished Name is as follows 
    countryName           :PRINTABLE:\'CN\' 
    stateOrProvinceName   :PRINTABLE:\'GD\' 
    localityName          :PRINTABLE:\'SZ\' 
    organizationName      :PRINTABLE:\'xiaohui.com\' 
    organizationalUnitName:PRINTABLE:\'xiaohui.com\' 
    commonName            :PRINTABLE:\'client1\' 
    emailAddress          :IA5STRING:\'your-email [at] xiaohui.com\' 
    Certificate is to be certified until Mar 19 08:22:00 2016 GMT (3650 days) 
    Sign the certificate? [y/n]:y 
    
    
    1 out of 1 certificate requests certified, commit? [y/n]y 
    Write out database with 1 new entries 
    Data Base Updated 

     

    依次类推生成其他客户端证书/key

    代码:

    ./build-key client2 
    ./build-key client3 
    注意在进入 Common Name (eg, your name or your server\'s hostname) []: 的输入时, 每个证书输入的名字必须不同.
  7. 生成 Diffie Hellman 参数 。代码:
    ./build-dh 
  8. 将 keys 下的所有文件打包下载到本地

     

    代码:

    tar -cf mykeys.tar /openvpn-2.0.5/easy-rsa/keys 
    cp mykeys.tar /home/xiaohui.comsys/public_html/mykeys.tar 
    将 mykeys.tar 移到 web public(绝对路径因人而异) 上, 然后用 http://www.a.com/mykeys.tar 方式将其下载到本地保存, 然后将其从server删除: 代码:
    rm /home/xiaohui.comsys/public_html/mykeys.tar 
    也可以用其他方法把 key file搞到本地,例如 ftp.
  9. 创建服务端配置文件

     

    从样例文件创建:

    代码:

    cd $dir/sample-config-files/ # 进入源代码解压目录下的sample-config-files子目录 
    cp server.conf /usr/local/etc  # cp服务器配置文件到/usr/local/etc 
    vi /usr/local/etc/server.conf 
    我建立的server.conf 的内容稍后另附.
  10. 创建客户端配置文件

     

    代码:

    cd $dir/sample-config-files/  #进入源代码解压目录下的sample-config-files子目录 
    cp client.conf /usr/local/etc  #cp客户端配置文件到/usr/local/etc 
    vi /usr/local/etc/client.conf 
    我建立的client.conf 的内容稍后另附.
  11. 启动Openvpn: openvpn [server config file] 代码:
    /usr/local/sbin/openvpn --config /usr/local/etc/server.conf 

 

 

三. OpenVPN GUI For Windows 客户端安装过程

  1. 安装 OpenVPN GUI For Windows, 到 http://openvpn.se 下载. 目前的版本是 1.0.3. 注意: OpenVPN GUI 的版本要和 OpenVPN Server 的版本配套. 详见第一节一. 安装环境中的说明.

Tags: OpenVPN安装
分享至:
最新图文资讯
1 2 3 4 5 6
相关文章列表:
验证码:点击我更换图片 理智评论文明上网,拒绝恶意谩骂 用户名:
关于我们 - 联系我们 - 广告服务 - 友情链接 - 网站地图 - 版权声明 - 发展历史