In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-01-18 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Development >
Share
Shulou(Shulou.com)06/01 Report--
This article mainly explains "how to configure OpenVPN under Centos7.7". Interested friends may wish to have a look at it. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn how to configure OpenVPN under Centos7.7.
OpenVPN literal translation is a virtual private channel, which provides a tunnel for secure data transmission between enterprises or between individuals and companies. OpenVPN is undoubtedly the vanguard of open source VPN under Linux, providing good performance and friendly user GUI.
Prepare Centos7.7 as server Windows 10 as client Easy-RSA 3.0.6 server openvpn version 2.4.8
Close selinux [root@localhost ~] # sed-I'/ ^ SELINUX/s/enforcing/disabled/g' / etc/selinux/config [root@localhost ~] # setenforce 0 install epel warehouse and openvpn, Easy-RSA [root@localhost ~] # yum-y install epel-release & & yum-y install openvpn easy-rsa configure EASY-RSA 3.0
Create an easy-rsa folder under the / etc/openvpn folder and copy the related files into it
[root@localhost ~] # cp-r / usr/share/easy-rsa/3/* / etc/openvpn/easy-rsa/ [root@localhost ~] # cp-p / usr/share/doc/easy-rsa-3.0.6/vars.example / etc/openvpn/easy-rsa/vars create keys related to OpenVPN
We will create CA keys, server-side and client-side keys, DH and CRL PEM, and TLS authentication key ta.key.
[root@localhost easy-rsa] # cd / etc/openvpn/easy-rsa/ initializes and establishes the CA certificate
Before creating server and client keys, you need to initialize the PKI directory
[root@localhost easy-rsa] #. / easyrsa init-pki [root@localhost easy-rsa] #. / easyrsa build-ca nopass create server key
Create a server key named server1.key
[root@localhost easy-rsa] #. / easyrsa gen-req server1 nopass
Adding the nopass option means that you do not need to add a password for the key.
Sign the server1 key with a CA certificate
[root@localhost easy-rsa] #. / easyrsa sign-req server server1 create client key
Create a client key named client1.key
[root@localhost easy-rsa] #. / easyrsa gen-req client1 nopass
Sign the client1 key with a CA certificate
[root@localhost easy-rsa] #. / easyrsa sign-req client client1 create DH key
Generate a 2048-bit key from the vars configuration file created at the top
[root@localhost easy-rsa] #. / easyrsa gen-dh create TLS authentication key [root@localhost easy-rsa] # openvpn-- genkey-- secret / etc/openvpn/easy-rsa/ta.key generate certificate revocation list (CRL) key
The CRL (Certificate revocation list) key is used to revoke the client key. If you have more than one client certificate on the server and want to delete a key, simply revoke it with the command. / easyrsa revoke NAME.
Generate the CRL key:
[root@localhost easy-rsa] #. / easyrsa gen-crl copy certificate file
Copy the ca certificate, ta.key and server certificate and key to the / etc/openvpn/server folder
[root@localhost easy-rsa] # cp-p pki/ca.crt / etc/openvpn/server/ [root@localhost easy-rsa] # cp-p pki/issued/server1.crt / etc/openvpn/server/ [root@localhost easy-rsa] # cp-p pki/private/server1.key / etc/openvpn/server/ [root@localhost easy-rsa] # cp-p ta.key / etc/openvpn/server/
Copy the ca certificate, ta.key and client certificate and key to the / etc/openvpn/client folder
[root@localhost easy-rsa] # cp-p pki/ca.crt / etc/openvpn/client/ [root@localhost easy-rsa] # cp-p pki/issued/client1.crt / etc/openvpn/client/ [root@localhost easy-rsa] # cp-p pki/private/client1.key / etc/openvpn/client/ [root@localhost easy-rsa] # cp-p ta.key / etc/openvpn/client/
Copy dh.pem, crl.pem to / etc/openvpn/client folder
[root@localhost easy-rsa] # cp pki/dh.pem / etc/openvpn/server/ [root@localhost easy-rsa] # cp pki/crl.pem / etc/openvpn/server/ here, I believe you have a better understanding of "how to configure OpenVPN under Centos7.7". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.