CentOS 6.5 設定 OpenVPN Client 自動連上方式
因為 Server 與 Server 的聯繫要透過 OpenVPN 所以有這個需求, 本來以為可能要花一些時間寫 script , 測試結果發現非常簡單就可以搞定.
安裝 OpenVPN 套件
- 只要安裝 epel 就可以直接透過 yum install openvpn 安裝
rpm -Uvh http://mirror01.idc.hinet.net/EPEL/6/x86_64/epel-release-6-8.noarch.rpm yum install openvpn
設定 OpenVPN Client
- 先透過 OpenVPN Server 取得到相關的憑證設定檔, 請參考 CentOS 6 安裝與設定 OpenVPN 建立用戶憑證檔案
- 將取得的 ca.crt / client1.key / client1.crt / ta.key / 以及範例的 ideas_tp.ovpn 放入 /etc/openvpn/ 內
[root@openvpn-client openvpn]# pwd /etc/openvpn [root@openvpn-client openvpn]# ls ca.crt ideas_tp.conf client1.crt client1.key ta.key
- 透過手動命令列方式來確認是否設定檔都正確 openvpn –config ideas_tp.conf
[root@openvpn-client openvpn]# openvpn --config ideas_tp.conf Tue May 20 15:22:24 2014 OpenVPN 2.3.2 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Sep 12 2013 Tue May 20 15:22:24 2014 WARNING: file 'jonathan-xpc.key' is group or others accessible Tue May 20 15:22:24 2014 WARNING: file 'ta.key' is group or others accessible Tue May 20 15:22:24 2014 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file Tue May 20 15:22:24 2014 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Tue May 20 15:22:24 2014 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Tue May 20 15:22:24 2014 Socket Buffers: R=[87380->131072] S=[16384->131072] Tue May 20 15:22:24 2014 Attempting to establish TCP connection with [AF_INET]175.98.115.2:443 [nonblock] : : Tue May 20 15:22:28 2014 /sbin/ip route add 192.168.102.0/24 via 192.168.201.61 Tue May 20 15:22:28 2014 /sbin/ip route add 192.167.102.0/24 via 192.168.201.61 Tue May 20 15:22:28 2014 /sbin/ip route add 192.168.201.1/32 via 192.168.201.61 Tue May 20 15:22:28 2014 Initialization Sequence Completed
- 將 範例的 ideas_tp.ovpn 改成 ideas_tp.conf 然後將 openvpn 服務啟動就會自動連上
[root@openvpn-client openvpn]# service openvpn start 正在啟動 openvpn: [ 確定 ]
- 設定開機自動連上去 VPN Server
chkconfig openvpn on
[root@openvpn-client openvpn]# chkconfig --list | grep openvpn openvpn 0:關閉 1:關閉 2:開啟 3:開啟 4:開啟 5:開啟 6:關閉