一、安装openvpn
1.更新软件包
yum -y update
2.安装epel扩展源
yum -y install epel-release
3.安装openvpn和easy-rsa
yum -y install openvpn easy-rsa
4.复制easy-rsa文件
[root@localhost ~]# cp -r /usr/share/easy-rsa/ /etc/openvpn/easy-rsa
[root@localhost ~]# cd /etc/openvpn/easy-rsa/
[root@localhost easy-rsa]# \rm 3 3.0
[root@localhost easy-rsa]# cd 3.0.3/
[root@localhost 3.0.3]# find / -type f -name “vars.example” | xargs -i cp {} . && mv vars.example vars
二、生成CA证书
1.创建一个新的 PKI 和 CA
[root@localhost 3.0.3]# ./easyrsa init-pki
2.创建新的CA,不使用密码
[root@localhost 3.0.3]# ./easyrsa build-ca nopass
Note: using Easy-RSA configuration from: ./vars
Generating a 2048 bit RSA private key
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
Common Name (eg: your user, host, or server name) [Easy-RSA CA]: 回车
CA creation complete and you may now import and sign cert requests.
Your new CA certificate file for publishing is at:
/etc/openvpn/easy-rsa/3.0.3/pki/ca.crt
三、创建服务端证书
1.创建服务端证书
[root@localhost 3.0.3]# ./easyrsa gen-req server nopass
Note: using Easy-RSA configuration from: ./vars
Generating a 2048 bit RSA private key
You are about to be asked to e