本人菜鸟,以前从没接触过centos,新席地网一直参考网络上的文章安装linode vps centos 6 opnvpn,主要是参考了linode的教程及其他文章,linode上的是centos 5版本,centos 6的有些地方要小修改。
参考:farlee.info/archives/burstnet-vps-openvz-install-openvpn-config-vpn-centos.html
centos 5在linde安装的命令为:
rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm
而这个命令在centos 6中要提示错误。
在centos 6中安装新版:
rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-5.noarch.rpm
这个安装就不会出错了。
升级
参考如下:http://library.linode.com/networking/openvpn/centos-5#sph_connect-remote-networks-securely-with-the-vpn
另一个参考文章:
http://bbs.cisco-club.com.cn/thread-17615-1-1.html
在上面重启iptables时可能会报错,修改方法如下.
Code: [root@s1 ~]# service iptables start
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: security raw nat mangle fi[FAILED]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: [ OK ]
参考如下:
http://www.linode.com/forums/archive/o_t/t_3930/iptables.html
————————————
cd /etc/init.d
mv iptables ~/iptables.bak
wget http://epoxie.net/12023.txt && cat 12023.txt | tr -d 'r' > iptables
chmod +x iptables
rm -rf 12023.txt
————————————–
Now, "iptables" should now start successfully:
service iptables restart
/etc/openvpn/server.conf有些内容和路径不一样,我的设置如下
local 你的VPS的IP地址
port 1996
proto udp
dev tun
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
status /etc/openvpn/easy-rsa/2.0/keys/openvpn-status.log
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1"
push dhcp-option DNS 8.8.8.8.
push dhcp-option DNS 8.8.4.4.
push "dhcp-option DNS 10.8.0.1"
client-to-client
keepalive 10 120
comp-lzo
persist-key
persist-tun
verb 3
windows 7中使用openvpn GUI时会提示加载路由失败,可能是兼容和权限问题。
hu Apr 07 23:30:54 2011 ROUTE: route addition failed using CreateIpForwardEntry: 至少有一个参数不正确。 [if_index=15]
参考修改方法如下:http://blog.sina.com.cn/s/blog_57c70e190100qbjb.html
我的XP兼容性修改了,有的参数不能全加,加了openvpn GUI启动不起来,我的设置如下:
client
route-method exe
dev tun
proto udp
remote VPS的IP地址 1996
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
comp-lzo
verb 3
评论前必须登录!
注册