1、準備了一臺乾淨的Centos6.5 x64操作系統
# 關閉selinux
setenforce 0sed -i '/^SELINUX=/c\SELINUX=disabled' /etc/selinux/config
# 安裝openssl和lzo,lzo用於壓縮通訊數據加快傳輸速度yum -y install openssl openssl-develyum -y install lzo# 安裝epel源rpm -ivh http://mirrors.sohu.com/fedora-epel/6/x86_64/epel-release-6-8.noarch.rpmsed -i 's/^mirrorlist=https/mirrorlist=http/' /etc/yum.repos.d/epel.repo
2、安裝及配置Open***和easy-rsa
# 安裝open***和easy-rsayum -y install open*** easy-rsa
cp -rf /usr/share/easy-rsa/2.0/* /etc/open***/easy-rsa/
vim /etc/open***/easy-rsa/vars //默認配置不變
[root@localhost ~]# cat /etc/open***/easy-rsa/vars | grep -v "#"| grep -v "^$"
export EASY_RSA="`pwd`"
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
export KEY_DIR="$EASY_RSA/keys"
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"
export KEY_SIZE=2048
export CA_EXPIRE=3650
export KEY_EXPIRE=3650
export KEY_COUNTRY="US"
export KEY_PROVINCE="CA"
export KEY_CITY="SanFrancisco"
export KEY_ORG="Fort-Funston"
export KEY_EMAIL="[email protected]"
export KEY_OU="MyOrganizationalUnit"
export KEY_NAME="EasyRSA"
[root@localhost ~]#
source ./vars
./build-ca
./build-dh
./build-key-server server
./build-key client
//都是默認一路回車 (y/n 選擇y)
[root@localhost open***]# pwd
/etc/open***
[root@localhost open***]# open*** --genkey --secret ta.key
[root@localhost open***]# ls
ca.crt dh2048.pem easy-rsa server.conf server.crt server.key ta.key
[root@localhost open***]#
server.conf 文件配置
[root@localhost ~]# cat /etc/open***/server.conf | grep -v "#"| grep -v ";" | grep -v "^$"
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 192.168.31.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"
keepalive 10 120
cipher AES-256-CBC
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status open***-status.log
verb 3
explicit-exit-notify 1
[root@localhost open***]# /etc/init.d/open*** start
Starting open***: [FAILED]
[root@localhost open***]#
[root@localhost open***]# find / -name open***.log
[root@localhost open***
[root@localhost open***]# tail -f /var/log/messages
Apr 11 10:20:07 localhost open***[9669]: Options error: --explicit-exit-notify cannot be used with --mode server
Apr 11 10:20:07 localhost open***[9669]: Use --help for more information.
Apr 11 10:29:04 localhost open***[9749]: Options error: --explicit-exit-notify cannot be used with --mode server
Apr 11 10:29:04 localhost open***[9749]: Use --help for more information.
Apr 11 10:39:31 localhost open***[9855]: Options error: --explicit-exit-notify cannot be used with --mode server
Apr 11 10:39:31 localhost open***[9855]: Use --help for more information.
Apr 11 10:40:15 localhost open***[9885]: Options error: --explicit-exit-notify cannot be used with --mode server
Apr 11 10:40:15 localhost open***[9885]: Use --help for more information.
Apr 11 11:06:32 localhost open***[9982]: Options error: --explicit-exit-notify cannot be used with --mode server
Apr 11 11:06:32 localhost open***[9982]: Use --help for more information.
請高手指點我這個是哪裏配置出錯了,謝謝。。。