因為 Server 與 Server 的聯繫要透過 OpenVPN 所以有這個需求, 本來以為可能要花一些時間寫 script , 測試結果發現非常簡單就可以搞定.
rpm -Uvh http://mirror01.idc.hinet.net/EPEL/6/x86_64/epel-release-6-8.noarch.rpm yum install openvpn
[root@openvpn-client openvpn]# pwd /etc/openvpn [root@openvpn-client openvpn]# ls ca.crt ideas_tp.conf client1.crt client1.key ta.key
[root@openvpn-client openvpn]# openvpn --config ideas_tp.conf Tue May 20 15:22:24 2014 OpenVPN 2.3.2 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Sep 12 2013 Tue May 20 15:22:24 2014 WARNING: file 'jonathan-xpc.key' is group or others accessible Tue May 20 15:22:24 2014 WARNING: file 'ta.key' is group or others accessible Tue May 20 15:22:24 2014 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file Tue May 20 15:22:24 2014 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Tue May 20 15:22:24 2014 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Tue May 20 15:22:24 2014 Socket Buffers: R=[87380->131072] S=[16384->131072] Tue May 20 15:22:24 2014 Attempting to establish TCP connection with [AF_INET]175.98.115.2:443 [nonblock] : : Tue May 20 15:22:28 2014 /sbin/ip route add 192.168.102.0/24 via 192.168.201.61 Tue May 20 15:22:28 2014 /sbin/ip route add 192.167.102.0/24 via 192.168.201.61 Tue May 20 15:22:28 2014 /sbin/ip route add 192.168.201.1/32 via 192.168.201.61 Tue May 20 15:22:28 2014 Initialization Sequence Completed
[root@openvpn-client openvpn]# service openvpn start 正在啟動 openvpn: [ 確定 ]
chkconfig openvpn on
[root@openvpn-client openvpn]# chkconfig --list | grep openvpn openvpn 0:關閉 1:關閉 2:開啟 3:開啟 4:開啟 5:開啟 6:關閉