CentOS 6.5 設定 OpenVPN Client 自動連上方式

因為 Server 與 Server 的聯繫要透過 OpenVPN 所以有這個需求, 本來以為可能要花一些時間寫 script , 測試結果發現非常簡單就可以搞定.

  • 只要安裝 epel 就可以直接透過 yum install openvpn 安裝
    rpm -Uvh http://mirror01.idc.hinet.net/EPEL/6/x86_64/epel-release-6-8.noarch.rpm
    yum install openvpn
  • 先透過 OpenVPN Server 取得到相關的憑證設定檔, 請參考 CentOS 6 安裝與設定 OpenVPN 建立用戶憑證檔案
  • 將取得的 ca.crt / client1.key / client1.crt / ta.key / 以及範例的 ideas_tp.ovpn 放入 /etc/openvpn/ 內
    [root@openvpn-client openvpn]# pwd
    /etc/openvpn
    [root@openvpn-client openvpn]# ls
    ca.crt  ideas_tp.conf  client1.crt  client1.key  ta.key
  • 透過手動命令列方式來確認是否設定檔都正確 openvpn –config ideas_tp.conf
    [root@openvpn-client openvpn]# openvpn --config ideas_tp.conf
    Tue May 20 15:22:24 2014 OpenVPN 2.3.2 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Sep 12 2013
    Tue May 20 15:22:24 2014 WARNING: file 'jonathan-xpc.key' is group or others accessible
    Tue May 20 15:22:24 2014 WARNING: file 'ta.key' is group or others accessible
    Tue May 20 15:22:24 2014 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file
    Tue May 20 15:22:24 2014 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
    Tue May 20 15:22:24 2014 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
    Tue May 20 15:22:24 2014 Socket Buffers: R=[87380->131072] S=[16384->131072]
    Tue May 20 15:22:24 2014 Attempting to establish TCP connection with [AF_INET]175.98.115.2:443 [nonblock]
    :
    :
    Tue May 20 15:22:28 2014 /sbin/ip route add 192.168.102.0/24 via 192.168.201.61
    Tue May 20 15:22:28 2014 /sbin/ip route add 192.167.102.0/24 via 192.168.201.61
    Tue May 20 15:22:28 2014 /sbin/ip route add 192.168.201.1/32 via 192.168.201.61
    Tue May 20 15:22:28 2014 Initialization Sequence Completed
  • 將 範例的 ideas_tp.ovpn 改成 ideas_tp.conf 然後將 openvpn 服務啟動就會自動連上
    [root@openvpn-client openvpn]# service openvpn start
    正在啟動 openvpn:                                         [  確定  ]
  • 設定開機自動連上去 VPN Server
    chkconfig openvpn on
    [root@openvpn-client openvpn]# chkconfig --list | grep openvpn
    openvpn         0:關閉  1:關閉  2:開啟  3:開啟  4:開啟  5:開啟  6:關閉
  • tech/openvpn-client.txt
  • 上一次變更: 2014/05/20 15:26
  • jonathan