1. 軟件安裝
[root@clust1 ~]# rpm -ivh lzo-2.02-3.el5.kb.i386.rpm Preparing... ########################################### [100%] 1:lzo ########################################### [100%] [root@clust1 ~]# rpm -ivh open***-2.1-0.20.rc4.el5.kb.i386.rpm Preparing... ########################################### [100%] 1:open*** ########################################### [100%] |
2. copy 配置文件
[root@clust1 ~]# cp -r /usr/share/open***/easy-rsa/2.0/ /etc/open***/ [root@clust1 ~]# cp /usr/share/doc/open***-2.1/sample-config-files/server.conf /etc/open***/ |
3. 配置Open***
3.1 生成證書KEY
a. 初始化PKI
[root@clust1 2.0]# pwd /etc/open***/2.0 [root@clust1 2.0]# vim vars 修改:
[root@clust1 2.0]# source ./vars [root@clust1 2.0]# ./clean-all [root@clust1 2.0]# ./build-ca
|
b. 建立 server key
[root@clust1 2.0]# ./build-key-server server
|
c. 生成客戶端 Key
[root@clust1 2.0]# ./build-key bdliu
[root@clust1 2.0]# ./build-key wulianxi
|
3.2 生成 Diffie Hellman 參數
[root@clust1 2.0]# ./build-dh |
3.3 將keys下的所有文件打包下載到本地,其他客戶機用
3.4 創建服務端配置文件
將keys下的 ca.crt , server.crt , server.key , dh1024.pem 拷貝到 /etc/open***
[root@clust1 keys]# pwd /etc/open***/2.0/keys [root@clust1 keys]# cp ca.crt server.crt server.key dh1024.pem /etc/open***/ |
配置文件: /etc/open***/server.conf
port 1194 proto udp dev tun ca ca.crt cert server.crt key server.key # This file should be kept secret dh dh1024.pem server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 192.168.98.153" client-to-client keepalive 10 120 comp-lzo persist-key persist-tun status open***-status.log verb 3 |