openvpn安装之一client安装配置

linux  /  管理员 发布于 3年前   4597

#### openvpn安装

yum install -y -q openvpn

#### sysctl.conf 确认ip转发开启

net.ipv4.ip_forward = 1

#### client.conf样例

# cat /etc/openvpn/client/client.conf
client
#dev tap
proto tcp
dev tun
#proto udp
remote 120.78.157.203 4194  #server地址
resolv-retry infinite
nobind
user nobody
group nobody
#user root
#group root
persist-key
persist-tun
ca /etc/openvpn/client/keys/ca.crt
cert /etc/openvpn/client/keys/jiebei1.crt
key /etc/openvpn/client/keys/jiebei1.key
#ns-cert-type server
tls-auth /etc/openvpn/client/keys/ta.key 1
cipher BF-CBC
comp-lzo
status /etc/openvpn/client/openvpn-status.log
log-append  /etc/openvpn/client/openvpn.log
verb 3
mute 20

#### openvpn-client.service样例

[Unit]
Description=OpenVPN Robust And Highly Flexible Tunneling Application
After=network.target
[Service]
PrivateTmp=true
Type=forking
#PIDFile=/etc/openvpn/client/client.pid
ExecStart=/usr/sbin/openvpn --daemon --writepid /etc/openvpn/client/client.pid --config /etc/openvpn/client/client.conf
#核心部分，iptables的转发规则。。
ExecStartPost=/usr/sbin/iptables -t nat -A POSTROUTING -s 10.38.0.1/32 -j SNAT --to-source 172.18.1.58
ExecStartPost=/usr/sbin/iptables -t nat -A POSTROUTING -s 172.18.1.0/24 -d 10.10.1.0/24 -j SNAT --to-source 10.38.0.6
ExecStartPost=/usr/sbin/iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -d 10.10.1.0/24 -j SNAT --to-source 10.38.0.6
ExecStopPost=/usr/sbin/iptables -t nat -D POSTROUTING -s 10.38.0.1/32 -j SNAT --to-source 172.18.1.58
ExecStopPost=/usr/sbin/iptables -t nat -D POSTROUTING -s 172.18.1.0/24 -d 10.10.1.0/24 -j SNAT --to-source 10.38.0.6
ExecStopPost=/usr/sbin/iptables -t nat -D POSTROUTING -s 192.168.1.0/24 -d 10.10.1.0/24 -j SNAT --to-source 10.38.0.6
[Install]
WantedBy=multi-user.target

#### 服务启动关闭

systemctl start/stop/restart openvpn-client