zhoukekestar/note

## note
# Aliyun OpenVPN: https://help.aliyun.com/knowledge_detail/42521.html
# sudo bash update_source.sh // usa can't visit mirrors.aliyun.com
yum install -y lzo lzo-devel openssl openssl-devel pam pam-devel pkcs11-helper pkcs11-helper-devel
rpm -qa        lzo lzo-devel openssl openssl-devel pam pam-devel pkcs11-helper pkcs11-helper-devel
wget http://oss.aliyuncs.com/aliyunecs/openvpn-2.2.2.tar.gz
yum install -y rpm-build gcc gcc-c++
rpmbuild -tb openvpn-2.2.2.tar.gz
# rpm -ivh openvpn-2.2.2-1.x86_64.rpm
rpm -ivh ./rpmbuild/RPMS/x86_64/openvpn-2.2.2-1.x86_64.rpm
cd /usr/share/doc/openvpn-2.2.2/easy-rsa/2.0
ln -s openssl-1.0.0.cnf openssl.cnf
source ./vars
 ./clean-all
 ./build-ca
 ./build-key-server aliyuntest
 ./build-dh
cp -a /usr/share/doc/openvpn-2.2.2/easy-rsa/2.0/keys/*  /etc/openvpn/
cp -a /usr/share/doc/openvpn-2.2.2/sample-config-files/server.conf  /etc/openvpn/

##################################################### server.conf 配置
egrep -v “^$|^#|^;” server.conf
local 1.1.1.1  此处请填写用户自己的云服务器的公网IP地址
port 1194
proto udp
dev tun
ca ca.crt
cert aliyuntest.crt   此处crt以及下一行的key，请填写生成服务器端证书时用户自定义的名称
key aliyuntest.key
dh dh1024.pem
server 172.16.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 223.5.5.5"
client-to-client
keepalive 10 120
comp-lzo
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
log         openvpn.log
verb 3

##################################################### server.conf 配置

echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p
service iptables save
/etc/init.d/openvpn start
netstat -ano | grep 1194

service openvpn restart

## 下载openvpn客户端
http://oss.aliyuncs.com/aliyunecs/openvpn-2.1.3-install.rar?spm=5176.7742521.0.0.yLJnzL&file=openvpn-2.1.3-install.rar
保存 /etc/config/aliyuntest.* >> C:\Program Files (x86)\OpenVPN\config
\OpenVPN\sample-config\ 目录中下的 client.opvn 复制到 openvpn 安装路径下的 \OpenVPN\config 目录
修改client.opvn
proto udp   去掉前面的分号，采用与服务器端相同的udp协议
remote  1.1.1.1  1194   此处将1.1.1.1修改为用户的云服务器的公网IP地址，同时将该行前面的注释分号去掉
cert aliyuntest.crt
key aliyuntest.key
	# Aliyun OpenVPN: https://help.aliyun.com/knowledge_detail/42521.html
	# sudo bash update_source.sh // usa can't visit mirrors.aliyun.com
	yum install -y lzo lzo-devel openssl openssl-devel pam pam-devel pkcs11-helper pkcs11-helper-devel
	rpm -qa lzo lzo-devel openssl openssl-devel pam pam-devel pkcs11-helper pkcs11-helper-devel
	wget http://oss.aliyuncs.com/aliyunecs/openvpn-2.2.2.tar.gz
	yum install -y rpm-build gcc gcc-c++
	rpmbuild -tb openvpn-2.2.2.tar.gz
	# rpm -ivh openvpn-2.2.2-1.x86_64.rpm
	rpm -ivh ./rpmbuild/RPMS/x86_64/openvpn-2.2.2-1.x86_64.rpm
	cd /usr/share/doc/openvpn-2.2.2/easy-rsa/2.0
	ln -s openssl-1.0.0.cnf openssl.cnf
	source ./vars
	./clean-all
	./build-ca
	./build-key-server aliyuntest
	./build-dh
	cp -a /usr/share/doc/openvpn-2.2.2/easy-rsa/2.0/keys/* /etc/openvpn/
	cp -a /usr/share/doc/openvpn-2.2.2/sample-config-files/server.conf /etc/openvpn/

	##################################################### server.conf 配置
	egrep -v “^$\|^#\|^;” server.conf
	local 1.1.1.1 此处请填写用户自己的云服务器的公网IP地址
	port 1194
	proto udp
	dev tun
	ca ca.crt
	cert aliyuntest.crt 此处crt以及下一行的key，请填写生成服务器端证书时用户自定义的名称
	key aliyuntest.key
	dh dh1024.pem
	server 172.16.0.0 255.255.255.0
	ifconfig-pool-persist ipp.txt
	push "redirect-gateway def1 bypass-dhcp"
	push "dhcp-option DNS 223.5.5.5"
	client-to-client
	keepalive 10 120
	comp-lzo
	user nobody
	group nobody
	persist-key
	persist-tun
	status openvpn-status.log
	log openvpn.log
	verb 3

	##################################################### server.conf 配置

	echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
	sysctl -p
	service iptables save
	/etc/init.d/openvpn start
	netstat -ano \| grep 1194

	service openvpn restart

	## 下载openvpn客户端
	http://oss.aliyuncs.com/aliyunecs/openvpn-2.1.3-install.rar?spm=5176.7742521.0.0.yLJnzL&file=openvpn-2.1.3-install.rar
	保存 /etc/config/aliyuntest.* >> C:\Program Files (x86)\OpenVPN\config
	\OpenVPN\sample-config\ 目录中下的 client.opvn 复制到 openvpn 安装路径下的 \OpenVPN\config 目录
	修改client.opvn
	proto udp 去掉前面的分号，采用与服务器端相同的udp协议
	remote 1.1.1.1 1194 此处将1.1.1.1修改为用户的云服务器的公网IP地址，同时将该行前面的注释分号去掉
	cert aliyuntest.crt
	key aliyuntest.key