转自linuxzone http://www.linuxzone.net/server/93.html

系统:CentOS

open*** server ip:172.16.1.2

 

[root@localhost ~]#yum -y install openssl-devel

[root@localhost ~]#tar xvf lzo-2.02.tar.gz

[root@localhost ~]#cd lzo-2.02

[root@localhost ~]#./configure

[root@localhost ~]#make

[root@localhost ~]#make install

[root@localhost ~]#cd /root

[root@localhost ~]#tar xvf open***-2.0.9.tar.gz

[root@localhost ~]#cd open***-2.0.9

[root@localhost ~]#./configure --prefix=/usr/local/open***

[root@localhost ~]#make

[root@localhost ~]#make install

[root@localhost ~]#mkdir /etc/open***

[root@localhost ~]#cd /root/open***-2.0.9

[root@localhost ~]#cp sample-config-files/server.conf /etc/open***

[root@localhost ~]#cp -a easy-rsa/  /etc/open***/

[root@localhost ~]#cd /etc/open***/easy-rsa/2.0

[root@localhost ~]#vim vars

export KEY_COUNTRY="CN"

export KEY_PROVINCE="CA"

export KEY_CITY="SZ"

export KEY_ORG="Company"

export KEY_EMAIL="root@localhost.com"

[root@localhost ~]#. vars

[root@localhost ~]#./clean-all

[root@localhost ~]#./build-ca

[root@localhost ~]#./build-key-server server

[root@localhost ~]#./build-key test

[root@localhost ~]#./build-dh

[root@localhost ~]#vim /etc/open***/server.conf

[root@localhost ~]#cat /etc/open***/server.conf | grep -v "^#" | grep -v "^;"

local 172.16.1.2

port 1194

proto tcp

dev tun

ca /etc/open***/easy-rsa/2.0/keys/ca.crt

cert /etc/open***/easy-rsa/2.0/keys/server.crt

key /etc/open***/easy-rsa/2.0/keys/server.key  # This file should be kept secret

dh /etc/open***/easy-rsa/2.0/keys/dh1024.pem

server 172.16.88.0 255.255.255.0

ifconfig-pool-persist ipp.txt

push "route 172.16.1.0 255.255.255.0"   重要有这条才能访问172.16.1.0网段

push "dhcp-option DNS 192.168.1.2"

keepalive 10 120

comp-lzo

persist-key

persist-tun

status open***-status.log

log  /var/log/open***.log

verb 3

[root@localhost ~]#echo 1 >/proc/sys/net/ipv4/ip_forward

[root@localhost ~]#iptables –t nat –A POSTROUTING –s 172.16.88.0/24 -J SNAT --to 172.16.1.2

[root@localhost ~]#/usr/local/open***/sbin/open*** --config /etc/open***/server.conf

 

windows客户端安装open***-2.0.9-gui

客户端配置文件:

client

dev tun

proto tcp

remote172.16.1.21194

resolv-retry infinite

nobind

persist-key

persist-tun

ca e://keys//ca.crt

cert e://keys//test.crt

key e://keys//test.key

comp-lzo

verb 3


完成!