1、安装openvpn 和easy-rsa(该包用来制作ca证书)
(1)安装epel 仓库源
wget http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
rpm -Uvh epel-release-6-8.noarch.rpm
(2)安装openvpn
[root@master1 ~]# yum install openvpn
(3)在github 上,下载最新的easy-rsa
① https://github.com/OpenVPN/easy-rsa 下载包
② 上传,解压缩
[root@master1]# mkdir openvpn
[root@master1 easy-rsa]# tar xvf EasyRSA-3.0.8.tgz
2、配置/etc/openvpn/ 目录
(1)创建目录,并复制easy-rsa 目录
[root@master1 ~]# mkdir -p /etc/openvpn/
[root@master1 easy-rsa]# cp -rf /usr/share/easy-rsa/EasyRSA-3.0.8/* /etc/openvpn/easy-rsa
cp /etc/openvpn/easy-rsa/openssl-easyrsa.cnf /etc/openvpn/easy-rsa/openssl.cnf
cp vars.example vars
(2)编辑vars文件,根据自己环境配置
[root@master1 easy-rsa]# vim vars
set_var EASYRSA_REQ_COUNTRY "CN" set_var EASYRSA_REQ_PROVINCE "Shanghai" set_var EASYRSA_REQ_CITY "Shanghai" set_var EASYRSA_REQ_ORG "zed" set_var EASYRSA_REQ_EMAIL "hanjushu@zed.com" set_var EASYRSA_REQ_OU "My OpenVPN"
3、创建服务端证书及key
进入/etc/openvpn/easy-rsa/目录
① 初始化
[root@master1 easy-rsa]# ./eas