#1.open*** server安装


rpm -ivh http://apt.sw.be/redhat/el6/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm


yum install -y open***


#2.证书制作


cp -R /usr/share/doc/open***-*/easy-rsa /etc/open*** 

cd /etc/open***/easy-rsa/2.0

chmod +x  *

. vars

./clean-all

./build-ca server

./build-key-server server

./build-key client

./build-dh



#3.配置文件设定


vim /etc/open***/server.conf


port        1194

proto       udp

dev         tun

ca          /etc/open***/easy-rsa/2.0/keys/ca.crt

cert        /etc/open***/easy-rsa/2.0/keys/server.crt

key         /etc/open***/easy-rsa/2.0/keys/server.key

dh          /etc/open***/easy-rsa/2.0/keys/dh1024.pem

server      10.1.1.0 255.255.255.0

push        "redirect-gateway def1 bypass-dhcp"

push        "dhcp-option DNS 8.8.8.8"

log         /var/log/open***.log

keepalive   10 120

verb        3

client-to-client

comp-lzo

persist-key

persist-tun


#4.Open×××服务设定


sed -i '/net.ipv4.ip_forward/s/0/1/g' /etc/sysctl.conf 

sysctl -w net.ipv4.ip_forward=1

chkconfig open*** on

/etc/init.d/open*** start

iptables -t nat -A POSTROUTING -s 10.1.1.1/24  -j MASQUERADE

/etc/init.d/iptables save


#5.客户端设定


下载gui版的Open××× [open***-install-2.3.10-I602]

安装完成后需将以下证书覆盖到[config]目录下

/etc/open***/easy-rsa/2.0/keys/ca.crt

/etc/open***/easy-rsa/2.0/keys/client.crt

/etc/open***/easy-rsa/2.0/keys/client.key


同时保存以下内容到[config]目录下的client.o***文件


client

dev tun

proto udp

remote ***serverip 1194

resolv-retry infinite

nobind

persist-key

persist-tun

ca ca.crt

cert client.crt

key client.key

comp-lzo

verb 3

redirect-gateway def1

route-method exe

route-delay 2