openvpn centos最新安装部署带web管理控制台

以下场景需要安装openvpn

1、出差或者在家需要访问公司内网系统或主机

2、设备访问应用时显示IP为指定城市IP

3、两台没有公网IP的设备互联通讯

4、访问国外网站

OPENVPN安装部署

基础环境配置

# 卸载网络组件
systemctl stop NetworkManager && systemctl disable NetworkManager
# 关闭默认防火墙
systemctl stop firewalld.service && systemctl disable firewalld.service
# 安装iptables
yum install -y iptables
# 升级
iptables yum update iptables
# 安装iptables-services
yum install -y iptables-services
# 设置开机启动
systemctl enable iptables
# 启动
systemctl start iptables
# 清空所有默认规则
iptables -F
# 清空所有自定义规则
iptables -X
# 所有计数器归0
iptables -Z
# 停止服务
systemctl stop iptables
yum install -y yum-utils
yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm 
yum install -y https://rpms.remirepo.net/enterprise/remi-release-7.rpm
yum install -y openvpn

配置证书

./easyrsa init-pki
./easyrsa build-ca nopass 
./easyrsa gen-dh # 

配置服务端配置文件
port 11194
proto tcp
dev tun
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server.crt
key /etc/openvpn/easy-rsa/pki/private/server.key
dh /etc/openvpn/easy-rsa/pki/dh.pem
server 10.8.0.0 255.255.255.0 
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 114.114.114.114" 
push "dhcp-option DNS 8.8.8.8"
client-to-client
duplicate-cn
keepalive 10 120
comp-lzo
max-clients 50
user root
group root
persist-key
persist-tun
status openvpn-status.log
log         openvpn.log
log-append  openvpn.log
verb 3
mute 10
client-cert-not-required
plugin /usr/lib64/openvpn/plugin/lib/openvpn-auth-ldap.so "/etc/openvpn/auth/ldap.conf"
username-as-common-name
push "route 192.168.0.0 255.255.0.0"
push "route 192.168.99.0 255.255.255.0" #

开启路由转发
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p

systemctl enable openvpn@server.service   #配置开机启动openvpn
systemctl start openvpn@server.service  #启动openvpn

客户端的配置
/etc/openvpn/easy-rsa/pki/private/barry.key
/etc/openvpn/easy-rsa/pki/issued/barry.crt
/etc/openvpn/easy-rsa/pki/ca.crt

# 客户端配置文件内容
client
dev tun
proto tcp
resolv-retry infinite
nobind
remote PUBLIC_ADDRESS 11194 
persist-key
persist-tun
ca ca.crt
ns-cert-type server
cert barry.crt
key barry.key
verb 3 # 日志等级
comp-lzo
auth-user-pass

配置openvpn用户图形控制界面如图

详细配置摘自：https://www.hhzdd.com/?p=6