wget http://apt.sw.be/redhat/el6/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
rpm -Uvh rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
yum makecache
yum install open***
cp -R /usr/share/doc/open***-2.2.2/easy-rsa /etc/open***
cd /etc/open***/easy-rsa/2.0
chmod +x ./*
source ./vars
./clean-all
./build-ca server
./build-key-server server
./build-key tx***
./build-dh
1、####################服务端配置文件#############
more /etc/open***/server.conf(配置文件修改)
port 1194
proto tcp
dev tun
ca /etc/open***/easy-rsa/2.0/keys/ca.crt
cert /etc/open***/easy-rsa/2.0/keys/server.crt
key /etc/open***/easy-rsa/2.0/keys/server.key
dh /etc/open***/easy-rsa/2.0/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
client-to-client
push "route 192.168.0.0 255.255.252.0"
keepalive 10 120
push "dhcp-option DNS 8.8.8.8"
comp-lzo
status /var/log/open***/open***-status.log
log /var/log/open***/open***.log
log-append /var/log/open***/open***.log
persist-key
persist-tun
verb 3
duplicate-cn
2、###########开启转发功能############
vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
重载命令:sysctl -p
3、#######iptables########################
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
iptables -A INPUT -p TCP --dport 1194 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
4.启动***软件
/etc/init.d/open*** start
########################客户端的配置#################################################
1、将服务器端生成的key(ca.crt,tx***.crt,tx***.key,ca.key)下载到本地,并将其放入客户端“***安装目录config个下面”。
cd /etc/open***/easy-rsa/2.0/keys
进入客户端Open***目录,将sample-config下的client.o***文件复制到config目录,
client端做相应的修改:(不需要密码认证的)
client
dev tun
proto tcp
remote 218.94.35.226 1194
nobind
persist-key
persist-tun
ca ca.crt
cert tx***.crt
key tx***.key
ns-cert-type server
comp-lzo
verb 3
tun-mtu-extra 32
2.需要密码认证的配置文件(可以参考如下链接)
http://ylw6006.blog.51cto.com/470441/1009004/
http://www.cnblogs.com/electron/p/3488033.html
注意:push "route 192.168.0.0 255.255.252.0",会上***连接上后,直接可以入192.168.0.0网段进行通信
丢包严重的情况下,加上此参数tun-mtu-extra 32