教你在Centos 6.3下利用openvpn部署远程VPN服务

# 常用于测试

;duplicate-cn

# 设置服务端检测的间隔和超时时间

keepalive 10 120

# 下面是一些对安全性增强的措施

# For extra security beyond that provided

# by SSL/TLS, create an "HMAC firewall"

# to help block DoS attacks and UDP port flooding.

#

# Generate with:

#   openvpn --genkey --secret ta.key

#

# The server and each client must have

# a copy of this key.

# The second parameter should be 0

# on the server and 1 on the clients.

;tls-auth ta.key 0 # This file is secret

# Select a cryptographic cipher.

# This config item must be copied to

# the client config file as well.

;cipher BF-CBC        # Blowfish (default)

;cipher AES-128-CBC   # AES

;cipher DES-EDE3-CBC  # Triple-DES

# 使用lzo压缩的通讯,服务端和客户端都必须配置

comp-lzo

# 设置最大用户数

;max-clients 100

# 让OpenVPN以nobody用户和组来运行（安全）

;user nobody

;group nobody

# The persist options will try to avoid

# accessing certain resources on restart

# that may no longer be accessible because

# of the privilege downgrade.

persist-key

persist-tun

# 输出短日志,每分钟刷新一次,以显示当前的客户端

status /var/log/openvpn/openvpn-status.log

# 缺省日志会记录在系统日志中，但也可以导向到其他地方

# 建议调试的使用先不要设置,调试完成后再定义

log         /var/log/openvpn/openvpn.log

log-append  /var/log/openvpn/openvpn.log

# 设置日志的级别

#

# 0 is silent, except for fatal errors

# 4 is reasonable for general usage

# 5 and 6 can help to debug connection problems

# 9 is extremely verbose

verb 3

# Silence repeating messages.  At most 20

# sequential messages of the same message

# category will be output to the log.

;mute 20

查看本栏目更多精彩内容：http://www.bianceng.cn/OS/Linux/

--------------------------

创建日志目录：

# mkdir -p /var/log/openvpn/

启动openvpn server

# /usr/local/openvpn/sbin/openvpn --config /etc/openvpn/server.conf &

设置开机启动：

# echo "/usr/local/openvpn/sbin/openvpn --config /etc/openvpn/server.conf > /dev/null 2>&1 &" >> /etc/rc.local

client端：

（编辑：应用网_丽江站长网）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!