wget http://apt.sw.be/redhat/el6/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
rpm -Uvh rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
yum makecache
yum install open***
cp -R /usr/share/doc/open***-2.2.2/easy-rsa /etc/open***
cd /etc/open***/easy-rsa/2.0
chmod +x ./*
source ./vars
./clean-all
./build-ca server
./build-key-server server
./build-key tx***
./build-dh
1、####################服務端配置文件#############
more /etc/open***/server.conf(配置文件修改)
port 1194
proto tcp
dev tun
ca /etc/open***/easy-rsa/2.0/keys/ca.crt
cert /etc/open***/easy-rsa/2.0/keys/server.crt
key /etc/open***/easy-rsa/2.0/keys/server.key
dh /etc/open***/easy-rsa/2.0/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-to-client
push "route 192.168.0.0 255.255.252.0"
keepalive 10 120
push "dhcp-option DNS 8.8.8.8"
comp-lzo
status /var/log/open***/open***-status.log
log /var/log/open***/open***.log
log-append /var/log/open***/open***.log
persist-key
persist-tun
verb 3
duplicate-cn
2、###########開啓轉發功能############
vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
重載命令:sysctl -p
3、#######iptables########################
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
iptables -A INPUT -p TCP --dport 1194 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
4.啓動***軟件
/etc/init.d/open*** start
########################客戶端的配置#################################################
1、將服務器端生成的key(ca.crt,tx***.crt,tx***.key,ca.key)下載到本地,並將其放入客戶端“***安裝目錄config個下面”。
cd /etc/open***/easy-rsa/2.0/keys
進入客戶端Open***目錄,將sample-config下的client.o***文件複製到config目錄,
client端做相應的修改:(不需要密碼認證的)
client
dev tun
proto tcp
remote 218.94.35.226 1194
nobind
persist-key
persist-tun
ca ca.crt
cert tx***.crt
key tx***.key
ns-cert-type server
comp-lzo
verb 3
tun-mtu-extra 32
2.需要密碼認證的配置文件(可以參考如下鏈接)
http://ylw6006.blog.51cto.com/470441/1009004/
http://www.cnblogs.com/electron/p/3488033.html
注意:push "route 192.168.0.0 255.255.252.0",會上***連接上後,直接可以入192.168.0.0網段進行通信
丟包嚴重的情況下,加上此參數tun-mtu-extra 32