Linux(CentOS 5.0)下用 OpenVPN 实现代理

1、Linux 端软件
# wget (建议，压缩后可提供传输速度)
# wget

2、Windows 客户端软件


二、服务器端安装

1、安装 lzo
# tar xzvf lzo-2.03.tar.gz
# cd lzo-2.03
# ./configure
# make
# make check
# make install

2、安装 OpenVPN
# tar xzvf openvpn-2.0.9.tar.gz
# cd openvpn-2.0.9
# ./configure
# make
# make install

三、服务器端配置

1、生成证书
# mkdir /etc/openvpn
# cp sample-config-files/server.conf /etc/openvpn/
# cd /etc/openvpn/easy-rsa
# vi vars

export KEY_DIR=/etc/openvpn/keys

# source vars
# ./clear-all
# ./build-ca
# ./build-key-server server
# ./build-key client
# ./build-dh

2、配置服务器端
# cd ..
# vi server.conf
 

local x.x.x.x
push "redirect-gateway"
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh1024.pem
verb 5

启动 openvpn
# openvpn --config /etc/openvpn/server.conf &

打开 iptables 的ip转发功能
# echo 1 > /proc/sys/net/ipv4/ip_forward
# iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.1/24 -j MASQUERADE
# /etc/init.d/iptables save
# /etc/init.d/iptables restart

四、客户端安装及配置

安装 openvpn-2.0.9-gui-1.0.3-install.exe
下载 /etc/openvpn/client.conf 到 本地 openvpn/config 并改名为 client.ovpn
下载 /etc/openvpn/easy-rsa/keys/ca.crt /etc/openvpn/easy-rsa/keys/client.crt /etc/openvpn/easy-rsa/keys/client.key 到 本地 openvpn/config
编辑 client.ovpn
 

remote x.x.x.x 1194
ca ca.crt
cert client.crt
key client.key