openvpnインストール
| # yum install openvpn |
easy-rsaインストール
| # yum install easy-rsa |
ユーティリティのコピー
| # cp -r /usr/share/easy-rsa/2.0/ /etc/openvpn/easy-rsa |
設定の変更
| vi /etc/openvpn/easy-rsa/vars export KEY_COUNRY="JP" export KEY_PROVINCE="Kochi" export KEY_CITY="Nankoku-shi" export KEY_ORG="ibsnet.co.jp" export KEY_EMAIL="info@ibsnet.co.jp" |
キーの作成
| cd /etc/openvpn/easy-rsa . ./vars ./clean-all |
ca証明書の作成
| ./build-ca
Country Name (2 letter code) [JP]: State or Province Name (full name) [Kochi]: Locality Name (eg, city) [Nankoku-shi]: Organization Name (eg, company) [openvpn.ibsnet.co.jp]:ibsnet.co.jp Organizational Unit Name (eg, section) [changeme]:ca1 Common Name (eg, your name or your server's hostname) [changeme]:ibsnet.co.jp CA Name [changeme]:ca1 Email Address [info@ibsnet.co.jp]: |
サーバ証明書の作成
| [root@localhost easy-rsa]# ./build-key-server server Country Name (2 letter code) [JP]: State or Province Name (full name) [Kochi]: Locality Name (eg, city) [Nankoku-shi]: Organization Name (eg, company) [openvpn.ibsnet.co.jp]:ibsnet.co.jp Organizational Unit Name (eg, section) [changeme]:openvpn Common Name (eg, your name or your server's hostname) [server]:openvpn.ibsnet.co.jp Name [changeme]:openvpn Email Address [info@ibsnet.co.jp]: Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated |
各種証明書、キーファイルの作成
| ./build-dh |
TLSキーファイルの作成
| openvpn --genkey --secret /etc/openvpn/ta.key |
作成したキーの移動
| cp keys/ca.crt /etc/openvpn/ cp keys/server.crt /etc/openvpn/ cp keys/server.key /etc/openvpn/ cp keys/dh1024.pem /etc/openvpn/ |
クライアント証明書の作成
| [root@vm-ibsvpn easy-rsa]# ./build-key-pass client_pc1 Enter PEM pass phrase: Verifying - Enter PEM pass phrase: Country Name (2 letter code) [JP]: State or Province Name (full name) [Kochi]: Locality Name (eg, city) [Nankoku-shi]: Organization Name (eg, company) [openvpn.ibsnet.co.jp]:ibsnet.co.jp Organizational Unit Name (eg, section) [changeme]:client_pc1 Common Name (eg, your name or your server's hostname) [client_pc1]: Name [changeme]:client_pc1 Email Address [info@ibsnet.co.jp]: Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y |
サーバ設定
| cp /usr/share/doc/openvpn-2.3.1/sample/sample-config-files/server.conf /etc/openvpn/ vi /etc/openvpn/server.conf user nobody group nobody service openvpn start |
ルーティング設定
| iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE srevice iptables save |
| vi /etc/sysctl.conf net.ipv4.ip_forward = 1 sysctl -p service openvpn restart |
0 件のコメント:
コメントを投稿