- 1IDEA删除项目_clion删除项目
- 2taro-vue3监听左滑/右滑手势退出_taro 监听小程序回退
- 3Kotlin基础 - 第五章Kotlin中的包_kotlin transformations
- 4MySQL的校对规则设置为 utf8mb4_unicode_ci是干什么的?底层原理是什么?
- 5hadoop-zookeeper-hive-flume-kafka-hbase集群,解决登录报错,Cli.sh启动失败,Error: java.lang.UnsupportedClassVersion_grant all on *.* to hive@localhist identified by '
- 6假设检验中H0和H1检验的理解_零假设h0的格式独立性检验
- 7华为nova4是不是鸿蒙系统,华为nova 4手机什么时候可以升级鸿蒙系统?鸿蒙系统nova4升级时间介绍...
- 8Python深度学习之路:TensorFlow与PyTorch对比【第140篇—Python实现】
- 9数据科学家常用的十大机器学习算法,都在这了!
- 10基于决策树的区块链应用:实现去中心化智能决策与管理_区块链决策树
openvpn centos最新安装部署带web管理控制台
赞
踩
以下场景需要安装openvpn
1、出差或者在家需要访问公司内网系统或主机
2、设备访问应用时显示IP为指定城市IP
3、两台没有公网IP的设备互联通讯
4、访问国外网站
OPENVPN安装部署
基础环境配置
# 卸载网络组件
systemctl stop NetworkManager && systemctl disable NetworkManager
# 关闭默认防火墙
systemctl stop firewalld.service && systemctl disable firewalld.service
# 安装iptables
yum install -y iptables
# 升级
iptables yum update iptables
# 安装iptables-services
yum install -y iptables-services
# 设置开机启动
systemctl enable iptables
# 启动
systemctl start iptables
# 清空所有默认规则
iptables -F
# 清空所有自定义规则
iptables -X
# 所有计数器归0
iptables -Z
# 停止服务
systemctl stop iptables
yum install -y yum-utils
yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
yum install -y https://rpms.remirepo.net/enterprise/remi-release-7.rpm
yum install -y openvpn
配置证书
./easyrsa init-pki
./easyrsa build-ca nopass
./easyrsa gen-dh #
配置服务端配置文件
port 11194
proto tcp
dev tun
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server.crt
key /etc/openvpn/easy-rsa/pki/private/server.key
dh /etc/openvpn/easy-rsa/pki/dh.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 114.114.114.114"
push "dhcp-option DNS 8.8.8.8"
client-to-client
duplicate-cn
keepalive 10 120
comp-lzo
max-clients 50
user root
group root
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
log-append openvpn.log
verb 3
mute 10
client-cert-not-required
plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-ldap.so "/etc/openvpn/auth/ldap.conf"
username-as-common-name
push "route 192.168.0.0 255.255.0.0"
push "route 192.168.99.0 255.255.255.0" #
开启路由转发
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p
systemctl enable openvpn@server.service #配置开机启动openvpn
systemctl start openvpn@server.service #启动openvpn
客户端的配置
/etc/openvpn/easy-rsa/pki/private/barry.key
/etc/openvpn/easy-rsa/pki/issued/barry.crt
/etc/openvpn/easy-rsa/pki/ca.crt
# 客户端配置文件内容
client
dev tun
proto tcp
resolv-retry infinite
nobind
remote PUBLIC_ADDRESS 11194
persist-key
persist-tun
ca ca.crt
ns-cert-type server
cert barry.crt
key barry.key
verb 3 # 日志等级
comp-lzo
auth-user-pass
配置openvpn用户图形控制界面如图
详细配置摘自:https://www.hhzdd.com/?p=6
