CentOS 7 - OpenVPN 서버 설치
페이지 정보
작성자
상석하대
쪽지보내기
메일보내기
자기소개
아이디로 검색
전체게시물
에필로그
댓글 0건
조회 2,054회
작성일 22-06-04 20:02
본문
클라이언트가 서버에 개별 접속하는 Remote Access 방식이다.
Client의 트래픽은 Server를 경유하게 한다.
다음을 차례대로 실행, 작성한다.
yum -y update
yum -y install epel-release && yum -y update
yum -y install openvpn telnet net-tools firewalld
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
scp ca.crt server.crt server.key dh2048.pem ta.key root@서버주소:/etc/openvpn/ #컴퓨터에서 전송
chmod 400 /etc/openvpn/server.key
chmod 400 /etc/openvpn/ta.key
vi /etc/openvpn/connect.sh
#!/bin/bash
echo "`date` [${common_name}] [${ifconfig_pool_remote_ip}] [${trusted_ip}]" >> /etc/openvpn/connect.log
chmod +x /etc/openvpn/connect.sh
chown nobody:nobody /etc/openvpn/connect.sh
vi /etc/openvpn/disconnect.sh
#!/bin/bash
echo "`date` [${common_name}] [${ifconfig_pool_remote_ip}] [${trusted_ip}] [TX:${bytes_sent}] [RX:${bytes_received}] [${time_duration}]" >> /etc/openvpn/connect.log
chmod +x /etc/openvpn/disconnect.sh
chown nobody:nobody /etc/openvpn/disconnect.sh
touch /etc/openvpn/connect.log
chown nobody:nobody /etc/openvpn/connect.log
vi /etc/openvpn/server.conf
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
topology subnet
server 10.10.10.0 255.255.255.0
push "redirect-gateway def1"
push "dhcp-option DNS 168.126.63.1" #예, KT
push "dhcp-option DNS 168.126.63.2" #예, KT
script-security 2
client-connect connect.sh
client-disconnect disconnect.sh
management localhost 7501 #관리콘솔, 텔넷
keepalive 10 120
tls-auth ta.key 0
cipher AES-256-GCM
ncp-ciphers AES-256-GCM
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
auth SHA512
compress lz4-v2
max-clients 253 #동시 최대 접속자 수
persist-key
persist-tun
status openvpn-status.log
log-append openvpn.log
verb 3
explicit-exit-notify 1
user nobody
group nobody
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
systemctl restart network.service
systemctl enable firewalld
systemctl start firewalld
firewall-cmd --permanent --zone=public --add-port=1194/udp
firewall-cmd --permanent --zone=public --add-port=22/tcp
firewall-cmd --permanent --add-masquerade
firewall-cmd --reload
firewall-cmd --list-all
systemctl enable openvpn@server.service
systemctl start openvpn@server.service
끝,
*다음은 클라이언트 설정파일 내용이다.
client
dev tun
proto udp
remote 서버주소 1194
resolv-retry infinite
nobind
persist-key
persist-tun
auth-nocache
remote-cert-tls server
cipher AES-256-GCM
ncp-ciphers AES-256-GCM
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
auth SHA512
compress lz4-v2
verb 3
key-direction 1
댓글목록
등록된 댓글이 없습니다.