Linux 下 Open××× 安裝和 Windows Open××× GUI 安裝筆記
一. Open××× 安裝環境
Server 端的環境
kernel 須要支持 tun 設備, 須要加載 iptables 模塊.
檢查 tun 是否安裝:
代碼:
若是沒有 modinfo 命令, 直接找一下, 看看 kernel 裏是否有 tun.o 文件:
代碼:
檢查iptables 模塊, 查看是否有下列文件:
/etc/init.d/iptables
OpenSSL。若是須要啓用 SSL 鏈接,則須要先安裝 OpenSSL。安裝 OpenSSL 的方法在這裏不作介紹,具體能夠用 Google 搜索。CentOS 下能夠用 yum install:
#yum install openssl
#yum install openssl-devel
安裝的 Open××× 的版本: 2.0.5. 更新的版本. 能夠在http://open***.net 上下載.
Client 端的環境:
Windows XP PRO SP2
Open××× GUI For windows 1.0.3 , 可在 open***.se 下載
注意: Open××× GUI for windows 的版本要和 Open××× Server 的版本配套.
例如, 服務器裝的是 Open××× 2.0.5, 那麼下載的 Open××× GUI fow windows 應該是: open***-2.0.5-gui-1.0.3-install.exe
Open××× GUI的全部歷史版本: http://open***.se/files/install_packages/
二. Open××× 服務端安裝過程 /usr/local/src/
下載 LZO,解壓到lzo-2.02.
地址: http://www.oberhumer.com/opensource/lzo/download/ 代碼:
#wget http://www.oberhumer.com/opensource/lzo/download/lzo-2.02.tar.gz
下載 Open×××, 解壓到open***-2.0.5
地址: http://open***.net/download.html 代碼:
#wget http://open***.net/release/open***-2.0.5.tar.gz
安裝 LZO 代碼:
#cd /lzo-2.02
#./configure
#make
#make check
#make install
安裝 Open×××
代碼:
#cd /open***-2.0.5
#./configure --with-lzo-headers=/usr/local/include --with-lzo-lib=/usr/local/lib --with-ssl-headers=/usr/local/include/openssl --with-ssl-lib=/usr/local/lib
#make
#make install
生成證書Key
初始化 PKI
(若是沒有 export 命令也能夠用 setenv [name] [value] 命令)
代碼:
# cd /etc/open***/2.0/
#vim vars
export D=`pwd`
export KEY_CONFIG=$D/openssl.cnf
export KEY_DIR=$D/keys
export KEY_SIZE=1024
export KEY_COUNTRY=CN
export KEY_PROVINCE=BJ
export KEY_CITY=BJ
export KEY_ORG="zhaoyong.com"
export KEY_EMAIL="zhaoyong012@qq.com"
#source vars
#./clean-all
#./build-ca
Generating a 1024 bit RSA private key
................++++++
........++++++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CN]:
State or Province Name (full name) [BJ]:
Locality Name (eg, city) [BJ]:
Organization Name (eg, company) [zhaoyong.com]:
Organizational Unit Name (eg, section) []:zhaoyong.com
Common Name (eg, your name or your server's hostname) []:server
Email Address [zhaoyong012@qq.com]:
# 創建 server key 代碼: 代碼:
#./build-key-server server
Generating a 1024 bit RSA private key
......++++++
....................++++++
writing new private key to 'server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CN]:
State or Province Name (full name) [BJ]:
Locality Name (eg, city) [BJ]:
Organization Name (eg, company) [zhaoyong.com]:
Organizational Unit Name (eg, section) []:zhaoyong.com
Common Name (eg, your name or your server's hostname) []:server
Email Address [zhaoyong012@qq.com]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:zhaoyong
An optional company name []:zhaoyong.com
Using configuration from /open***-2.0.5/easy-rsa/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'CN'
stateOrProvinceName :PRINTABLE:'BJ'
localityName :PRINTABLE:'BJ'
organizationName :PRINTABLE:'zhaoyong.com'
organizationalUnitName:PRINTABLE:'zhaoyong.com'
commonName :PRINTABLE:'server'
emailAddress :IA5STRING:'zhaoyong012@qq.com'
Certificate is to be certified until Mar 19 08:15:31 2016 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
#生成客戶端 key
代碼:
#./build-key client1
Generating a 1024 bit RSA private key
.....++++++
......++++++
writing new private key to 'client1.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CN]:
State or Province Name (full name) [BJ]:
Locality Name (eg, city) [BJ]:
Organization Name (eg, company) [zhaoyong.com]:
Organizational Unit Name (eg, section) []:zhaoyong.com
Common Name (eg, your name or your server's hostname) []:client1 #重要: 每一個不一樣的 client 生成的證書, 名字必須不一樣.
Email Address [zhaoyong012@qq.com]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:zhaoyong
An optional company name []:zhaoyong.com
Using configuration from /open***-2.0.5/easy-rsa/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'CN'
stateOrProvinceName :PRINTABLE:'BJ'
localityName :PRINTABLE:'BJ'
organizationName :PRINTABLE:'zhaoyong.com'
organizationalUnitName:PRINTABLE:'zhaoyong.com'
commonName :PRINTABLE:'client1'
emailAddress :IA5STRING:'zhaoyong012@qq.com'
Certificate is to be certified until Mar 19 08:22:00 2016 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
依次類推生成其餘客戶端證書/key
代碼:
#./build-key client2
#./build-key client3
注意在進入 Common Name (eg, your name or your server's hostname) []: 的輸入時, 每一個證書輸入的名字必須不一樣.
生成 Diffie Hellman 參數 。代碼:
#./build-dh
將 keys 下的全部文件打包下載到本地
建立服務端配置文件
server.conf 的內容
# cat server.conf | grep -v ^$ | grep -v ^# | grep -v ^\;
local 192.168.5.72
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh /usr/local/etc/dh1024.pem
server 10.8.0.0 255.255.255.0
client-to-client
keepalive 10 120
comp-lzo
persist-key
persist-tun
status open***-status.log
verb 4
push "dhcp-option DNS 202.106.0.20"
三. Open××× GUI For Windows 客戶端安裝過程
安裝 Open××× GUI For Windows, 到 http://open***.se 下載. 目前的版本是 1.0.3. 注意: Open××× GUI 的版本要和 Open××× Server 的版本配套. 詳見第一節一. 安裝環境中的說明.
依屏幕指示安裝open*** gui.
配置 open*** gui
安裝結束後, 進入安裝文件夾下的 config 目錄, 而後將上面的 client.conf 文件從 server 上下載到此文件夾, 並改名爲 client.o***
同時, 將server服務器上的以下密鑰拷貝到本地
ca.crt
ca.key
Server 端的環境
[root@localhost etc]# lsb_release -a
LSB Version: :core-4.0-amd64:core-4.0-ia32:core-4.0-noarch:graphics-4.0-amd64:graphics-4.0-ia32:graphics-4.0-noarch:printing-4.0-amd64:printing-4.0-ia32:printing-4.0-noarch
Distributor ID: CentOS
Description: CentOS release 5.8 (Final)
Release: 5.8
Codename: Final
[root@localhost etc]# uname -a
Linux localhost 2.6.18-308.el5 #1 SMP Tue Feb 21 20:06:06 EST 2012 x86_64 x86_64 x86_64 GNU/Linux
kernel 須要支持 tun 設備, 須要加載 iptables 模塊.
檢查 tun 是否安裝:
代碼:
[root@localhost etc]# modinfo tun
filename: /lib/modules/2.6.18-308.el5/kernel/drivers/net/tun.ko
alias: char-major-10-200
license: GPL
author: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
description: Universal TUN/TAP device driver
srcversion: 430A127E593C2F7EFE6855C
depends:
vermagic: 2.6.18-308.el5 SMP mod_unload gcc-4.1
module_sig: 883f3504f44473a48d0a1fbae482c4c112353409f741ba97727abe79e7a1b293a4b6ac46577b82809e28dd61309aa75474d3abbbe30da852c9a01d67
若是沒有 modinfo 命令, 直接找一下, 看看 kernel 裏是否有 tun.o 文件:
代碼:
檢查iptables 模塊, 查看是否有下列文件:
/etc/init.d/iptables
OpenSSL。若是須要啓用 SSL 鏈接,則須要先安裝 OpenSSL。安裝 OpenSSL 的方法在這裏不作介紹,具體能夠用 Google 搜索。CentOS 下能夠用 yum install:
#yum install openssl
#yum install openssl-devel
安裝的 Open××× 的版本: 2.0.5. 更新的版本. 能夠在http://open***.net 上下載.
Client 端的環境:
Windows XP PRO SP2
Open××× GUI For windows 1.0.3 , 可在 open***.se 下載
注意: Open××× GUI for windows 的版本要和 Open××× Server 的版本配套.
例如, 服務器裝的是 Open××× 2.0.5, 那麼下載的 Open××× GUI fow windows 應該是: open***-2.0.5-gui-1.0.3-install.exe
Open××× GUI的全部歷史版本: http://open***.se/files/install_packages/
二. Open××× 服務端安裝過程 /usr/local/src/
下載 LZO,解壓到lzo-2.02.
地址: http://www.oberhumer.com/opensource/lzo/download/ 代碼:
#wget http://www.oberhumer.com/opensource/lzo/download/lzo-2.02.tar.gz
下載 Open×××, 解壓到open***-2.0.5
地址: http://open***.net/download.html 代碼:
#wget http://open***.net/release/open***-2.0.5.tar.gz
安裝 LZO 代碼:
#cd /lzo-2.02
#./configure
#make
#make check
#make install
安裝 Open×××
代碼:
#cd /open***-2.0.5
#./configure --with-lzo-headers=/usr/local/include --with-lzo-lib=/usr/local/lib --with-ssl-headers=/usr/local/include/openssl --with-ssl-lib=/usr/local/lib
#make
#make install
cp /usr/local/src/open***-2.0.5/easy-rsa/ -r /etc/open***
初始化 PKI
(若是沒有 export 命令也能夠用 setenv [name] [value] 命令)
代碼:
# cd /etc/open***/2.0/
#vim vars
export D=`pwd`
export KEY_CONFIG=$D/openssl.cnf
export KEY_DIR=$D/keys
export KEY_SIZE=1024
export KEY_COUNTRY=CN
export KEY_PROVINCE=BJ
export KEY_CITY=BJ
export KEY_ORG="zhaoyong.com"
export KEY_EMAIL="zhaoyong012@qq.com"
#source vars
#./clean-all
#./build-ca
Generating a 1024 bit RSA private key
................++++++
........++++++
writing new private key to 'ca.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CN]:
State or Province Name (full name) [BJ]:
Locality Name (eg, city) [BJ]:
Organization Name (eg, company) [zhaoyong.com]:
Organizational Unit Name (eg, section) []:zhaoyong.com
Common Name (eg, your name or your server's hostname) []:server
Email Address [zhaoyong012@qq.com]:
# 創建 server key 代碼: 代碼:
#./build-key-server server
Generating a 1024 bit RSA private key
......++++++
....................++++++
writing new private key to 'server.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CN]:
State or Province Name (full name) [BJ]:
Locality Name (eg, city) [BJ]:
Organization Name (eg, company) [zhaoyong.com]:
Organizational Unit Name (eg, section) []:zhaoyong.com
Common Name (eg, your name or your server's hostname) []:server
Email Address [zhaoyong012@qq.com]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:zhaoyong
An optional company name []:zhaoyong.com
Using configuration from /open***-2.0.5/easy-rsa/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'CN'
stateOrProvinceName :PRINTABLE:'BJ'
localityName :PRINTABLE:'BJ'
organizationName :PRINTABLE:'zhaoyong.com'
organizationalUnitName:PRINTABLE:'zhaoyong.com'
commonName :PRINTABLE:'server'
emailAddress :IA5STRING:'zhaoyong012@qq.com'
Certificate is to be certified until Mar 19 08:15:31 2016 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
#生成客戶端 key
代碼:
#./build-key client1
Generating a 1024 bit RSA private key
.....++++++
......++++++
writing new private key to 'client1.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [CN]:
State or Province Name (full name) [BJ]:
Locality Name (eg, city) [BJ]:
Organization Name (eg, company) [zhaoyong.com]:
Organizational Unit Name (eg, section) []:zhaoyong.com
Common Name (eg, your name or your server's hostname) []:client1 #重要: 每一個不一樣的 client 生成的證書, 名字必須不一樣.
Email Address [zhaoyong012@qq.com]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:zhaoyong
An optional company name []:zhaoyong.com
Using configuration from /open***-2.0.5/easy-rsa/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'CN'
stateOrProvinceName :PRINTABLE:'BJ'
localityName :PRINTABLE:'BJ'
organizationName :PRINTABLE:'zhaoyong.com'
organizationalUnitName:PRINTABLE:'zhaoyong.com'
commonName :PRINTABLE:'client1'
emailAddress :IA5STRING:'zhaoyong012@qq.com'
Certificate is to be certified until Mar 19 08:22:00 2016 GMT (3650 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
依次類推生成其餘客戶端證書/key
代碼:
#./build-key client2
#./build-key client3
注意在進入 Common Name (eg, your name or your server's hostname) []: 的輸入時, 每一個證書輸入的名字必須不一樣.
生成 Diffie Hellman 參數 。代碼:
#./build-dh
將 keys 下的全部文件打包下載到本地
建立服務端配置文件
mkdir /etc/open***/2.0/conf
cp /usr/local/src/open***-2.0.5/sample-config-files/server.conf /etc/open***/2.0/conf/server.conf
編輯服務器配置文件
vim /etc/open***/2.0/conf/server.conf
從樣例文件建立:
server.conf 的內容
# cat server.conf | grep -v ^$ | grep -v ^# | grep -v ^\;
local 192.168.5.72
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh /usr/local/etc/dh1024.pem
server 10.8.0.0 255.255.255.0
client-to-client
keepalive 10 120
comp-lzo
persist-key
persist-tun
status open***-status.log
verb 4
push "dhcp-option DNS 202.106.0.20"
#須要將ca.crt、server.crt、server.key、dh1024.pem從keys目錄下拷貝到server.conf的同目錄
建立客戶端配置文件
代碼:
#vim
/etc/open***/2.0/conf/client.conf
client
dev tun
proto udp
remote 192.168.5.72 1194
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
comp-lzo
verb 3
redirect-gateway def1
建立客戶端配置文件
代碼:
cp /usr/local/src/open***-2.0.5/sample-config-files/client.conf /etc/open***/2.0/conf/
#cp客戶端配置文件
client
dev tun
proto udp
remote 192.168.5.72 1194
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
ns-cert-type server
comp-lzo
verb 3
redirect-gateway def1
將keys下的文件打包放到vsftpd目錄下
tar zcvf yskeys.tar.gz keys/
cp yskeys.tar.gz /var/ftp/pub/
啓動Open×××
/usr/local/sbin/open*** --config /etc/open***/2.0/conf/server.conf &
#cp /usr/local/src/open***-2.0.5/sample-scripts/open***.init /etc/init.d/open***
#service open*** restart
#chkconfig -add open***
#chkconfig open*** on
至此,接下來該設置iptables了
============================
啓用iptables
service iptables start
開啓CentOS 5 的路由轉發功能
echo 1 > /proc/sys/net/ipv4/ip_forward
#爲了使CentOS重啓後仍然開啓路由轉發功能咱們須要再執行下列命令
sysctl -w net.ipv4.ip_forward=1
添加包過濾規則
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to-source 119.57.16.5
備註:119.57.16.5 換成你服務器的公網ip
三. Open××× GUI For Windows 客戶端安裝過程
安裝 Open××× GUI For Windows, 到 http://open***.se 下載. 目前的版本是 1.0.3. 注意: Open××× GUI 的版本要和 Open××× Server 的版本配套. 詳見第一節一. 安裝環境中的說明.
依屏幕指示安裝open*** gui.
配置 open*** gui
安裝結束後, 進入安裝文件夾下的 config 目錄, 而後將上面的 client.conf 文件從 server 上下載到此文件夾, 並改名爲 client.o***
同時, 將server服務器上的以下密鑰拷貝到本地
ca.crt
ca.key
client1.crt--->更名client.crt
client1.csr--->更名client.csr
client1.key--->更名client.key
而後雙擊 client.o*** 便可啓動 open***, 或者經過 Open××× GUI 的控制啓動 ×××. 若是雙擊 client.o*** 沒有反應, 則在任務欄點 Open××× GUI 的小圖標右鍵, 選擇 edit config, 將內容複製過去再保存. 而後再點右鍵中的 connect便可. 若是須要第二臺機器上使用 *** , 進行一樣的配置, 只須要將 client1.crt, client1.csr, client1.key 換成對應的 client2.xxx 便可, 而後將 client.o*** 中的對應key文件值改掉.
相關文章
- 1. 【Open-Falcon】Linux下安裝Open-Falcon
- 2. centos6.2下安裝open***
- 3. Open×××安裝配置
- 4. CentOS6.5下安裝Open vSwitch
- 5. windows下open GL的glut如何安裝
- 6. Ubuntu下安裝open-falcon-v0.2.1
- 7. Open Live Writer 安裝
- 8. Docker下的Open STF安裝
- 9. linux上安裝和卸載open-vswitch
- 10. CentOS 8.2 安裝 open-vm-tools
- 更多相關文章...
- • Windows Docker 安裝 - Docker教程
- • SQLite 安裝 - SQLite教程
- • Composer 安裝與使用
- • IntelliJ IDEA安裝代碼格式化插件
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
