open***

原创

风雪煮酒 2019-02-19 17:00:29 博主文章分类：远程管理 ©著作权

文章标签 open 文章分类 运维

©著作权归作者所有：来自51CTO博客作者风雪煮酒的原创作品，谢绝转载，否则将追究法律责任

实验环境

centos7.8_x64

open***_server eth0 xx.xx.xx.xx(公网IP) eth1 192.168.20.11

open***_client 192.168.10.12

实验软件

EasyRSA-3.0.1.tgz

lzo-2.06-8.el7.x86_64

open***-devel-2.4.12-1.el7.x86_64

open***-2.4.12-1.el7.x86_64

open***-install-2.4.12-I602.exe

软件安装

modprobe tun && lsmod | grep tun

tun 17094 0

yum install -y lrzsz openssl openssl-devel pam pam-devel

yum install -y open*** open***-devel lzo

touch /var/log/open***.log

tar zxvf EasyRSA-3.0.1.tgz

mv EasyRSA-3.0.1 /etc/open***/server/easy

cd /etc/open***/server/easy/

./easyrsa init-pki

Your newly created PKI dir is: /etc/open***/server/easy/pki

./easyrsa build-ca nopass

/etc/open***/server/easy/pki/ca.crt

./easyrsa gen-dh

DH parameters of size 2048 created at /etc/open***/server/easy/pki/dh.pem

./easyrsa build-server-full server nopass 生成服务端证书

./easyrsa build-client-full winclient1 nopass 生成客户端证书

touch /etc/open***/server/server.conf

cat /etc/open***/server/server.conf

port 1194 默认端口号

proto tcp

dev tun

ca /etc/open***/server/easy/pki/ca.crt

cert /etc/open***/server/easy/pki/issued/server.crt

key /etc/open***/server/easy/pki/private/server.key

dh /etc/open***/server/easy/pki/dh.pem

server 192.168.20.0 255.255.255.0 客户端ip网段

push "route 192.168.10.0 255.255.255.0" 推送内网ip网段路由信息

push "DNS 8.8.8.8"

push "DNS 8.8.4.4"

client-to-client

keepalive 10 120

compress lz4-v2

push "compress lz4-v2"

user nobody

group nobody

max-clients 90000 最大用户数

reneg-sec 0

persist-key

persist-tun

log /var/log/open***.log

verb 5

open*** --daemon --config /etc/open***/server/server.conf 启动服务

echo 'open*** --daemon --config /etc/open***/server/server.conf' >> /etc/rc.d/rc.local 设置开机启动

tail -f /var/log/open***.log | grep 1194

Listening for incoming TCP connection on [AF_INET][undef]:1194

ip addr | grep tun0

tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100

inet 192.168.20.1 peer 192.168.20.2/32 scope global tun0

cp -pr /etc/open***/server/easy/pki/{ca.crt,dh.pem} /etc/open***/client/

cp -pr /etc/open***/server/easy/pki/issued/winclient1.crt /etc/open***/client/

cp -pr /etc/open***/server/easy/pki/private/winclient1.key /etc/open***/client/

touch /etc/open***/client/client.o*** 服务端创建客户端配置文件

cat /etc/open***/client/client.o***

client

dev tun

proto tcp

reneg-sec 0

remote 远程serverip 1194

persist-key

persist-tun

ca ca.crt

cert winclient1.crt

key winclient1.key

keepalive 10 120

verb 5

cd /etc/open***/client

zip -r open***_client.zip 打包客户端证书/配置文件

sz /etc/open***/client/open***_client.zip 下载客户端证书

netstat -tuplna | grep LISTEN

tcp 0 0 0.0.0.0:1194 0.0.0.0:* LISTEN 4821/open***

pkill open*** 杀死进程

open***_windowd服务端安装

open***_open

open***_open_02

ca.crt winclient1.crt winclient1.key 复制到 D:\open***\config\

D:\open***\config\client.o***

client

dev tun

proto tcp

reneg-sec 0

remote xx.xx.xx.xx 1194 公网ip

persist-key

persist-tun

ca ca.crt

cert winclient1.crt

key winclient1.key

keepalive 10 120

verb 5

open***_open_03

open***_open_04

open***_open_05

上一篇：saltstack自动化工具

下一篇：bond网卡冗余绑定

提问和评论都可以，用心的回复会被更多人看到评论

发布评论

相关文章

官方博客	全部文章	热门标签	班级博客
了解我们	网站地图	意见反馈

鸿蒙开发者社区	51CTO学堂
51CTO	软考资讯