OpenVPN
yum install vim zip
yum install epel-release
yum install openvpn easy-rsa --enablerepo=epel
cp /usr/share/doc/openvpn-*/sample/sample-config-files/server.conf /etc/openvpn/
cp -p /usr/share/easy-rsa/2.0/vars{,.default}
vim /usr/share/easy-rsa/2.0/vars
export KEY_COUNTRY="JP"
export KEY_PROVINCE="Tokyo"
export KEY_CITY="Hoge-ku"
export KEY_ORG="Piyo Company"
export KEY_EMAIL="piyo@hoge.com"
export KEY_OU="HogePiyo"
証明書作成ツールで証明書作成
cd /usr/share/easy-rsa/2.0/
source ./vars
./clean-all
./build-ca
#認証局情報を対話で入力
./build-key-server server
#証明書情報、パスフレーズを対話で入力
サーバ証明書、秘密鍵、その他必要なファイルの生成
ln -s /usr/share/easy-rsa/2.0/keys/server.crt /etc/openvpn/
ln -s /usr/share/easy-rsa/2.0/keys/server.key /etc/openvpn/
ln -s /usr/share/easy-rsa/2.0/keys/ca.crt /etc/openvpn/
sh ./build-dh
ln -s /usr/share/easy-rsa/2.0/keys/dh2048.pem /etc/openvpn/
openvpn --genkey --secret /etc/openvpn/ta.key
ダミーの証明書を作成・削除して証明書廃止リストを作成
./build-key dummy
./revoke-full dummy
ln -s /usr/share/easy-rsa/2.0/keys/crl.pem /etc/openvpn/
サービス登録、起動
sudo chkconfig --level 345 openvpn on
vim /etc/init.d/openvpn
# コメントを外す
echo "net.ipv4.ip_forward = 1" >> /proc/sys/net/ipv4/ip_forward
service openvpn start
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
service iptables save
クライアント証明書の作成
cd /usr/share/easy-rsa/2.0/
source ./vars
./build-key user1
cd keys
mkdir /tmp/vpn_user1
cp -p user1.crt /tmp/vpn_user1/
cp -p user1.key /tmp/vpn_user1/
cp -p /etc/openvpn/ta.key /tmp/vpn_user1/
cp -p /etc/openvpn/ca.crt /tmp/vpn_user1/
cd /tmp/vpn_user1
vim ./vpn_user1.conf
client
remote {サーバーホスト}
proto udp
dev tun
port 1194
tls-client
ca ca.crt
cert user1.crt
key user1.key
comp-lzo
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
redirect-gateway def1
