EPELを利用してのOpenVPN2.3のインストール(CentOS6.4 x86_64)

EPELを利用してOpenVPNを導入します。

openvpnインストール

# yum install openvpn

easy-rsaインストール

# yum install easy-rsa

ユーティリティのコピー

# cp -r /usr/share/easy-rsa/2.0/ /etc/openvpn/easy-rsa

設定の変更

vi /etc/openvpn/easy-rsa/vars export KEY_COUNRY="JP" export KEY_PROVINCE="Kochi" export KEY_CITY="Nankoku-shi" export KEY_ORG="ibsnet.co.jp" export KEY_EMAIL="info@ibsnet.co.jp"

キーの作成

cd /etc/openvpn/easy-rsa . ./vars ./clean-all

ca証明書の作成

./build-ca Country Name (2 letter code) [JP]: State or Province Name (full name) [Kochi]: Locality Name (eg, city) [Nankoku-shi]: Organization Name (eg, company) [openvpn.ibsnet.co.jp]:ibsnet.co.jp Organizational Unit Name (eg, section) [changeme]:ca1 Common Name (eg, your name or your server's hostname) [changeme]:ibsnet.co.jp CA Name [changeme]:ca1 Email Address [info@ibsnet.co.jp]:

サーバ証明書の作成

[root@localhost easy-rsa]# ./build-key-server server Country Name (2 letter code) [JP]: State or Province Name (full name) [Kochi]: Locality Name (eg, city) [Nankoku-shi]: Organization Name (eg, company) [openvpn.ibsnet.co.jp]:ibsnet.co.jp Organizational Unit Name (eg, section) [changeme]:openvpn Common Name (eg, your name or your server's hostname) [server]:openvpn.ibsnet.co.jp Name [changeme]:openvpn Email Address [info@ibsnet.co.jp]: Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y Write out database with 1 new entries Data Base Updated

各種証明書、キーファイルの作成

./build-dh

TLSキーファイルの作成

openvpn --genkey --secret /etc/openvpn/ta.key

作成したキーの移動

cp keys/ca.crt /etc/openvpn/ cp keys/server.crt /etc/openvpn/ cp keys/server.key /etc/openvpn/ cp keys/dh1024.pem /etc/openvpn/

クライアント証明書の作成

[root@vm-ibsvpn easy-rsa]# ./build-key-pass client_pc1 Enter PEM pass phrase: Verifying - Enter PEM pass phrase: Country Name (2 letter code) [JP]: State or Province Name (full name) [Kochi]: Locality Name (eg, city) [Nankoku-shi]: Organization Name (eg, company) [openvpn.ibsnet.co.jp]:ibsnet.co.jp Organizational Unit Name (eg, section) [changeme]:client_pc1 Common Name (eg, your name or your server's hostname) [client_pc1]: Name [changeme]:client_pc1 Email Address [info@ibsnet.co.jp]: Sign the certificate? [y/n]:y 1 out of 1 certificate requests certified, commit? [y/n]y

サーバ設定

cp /usr/share/doc/openvpn-2.3.1/sample/sample-config-files/server.conf /etc/openvpn/ vi /etc/openvpn/server.conf user nobody group nobody service openvpn start

ルーティング設定

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE srevice iptables save

vi /etc/sysctl.conf net.ipv4.ip_forward = 1 sysctl -p service openvpn restart