我的 Centos 版本是 7.2.1511,内核为 3.10.0-327.22.2.el7.x86_64 根据链接https://www.digitalocean.com/community/tutorials/how-to-setup-and-configure-an-openvpn-server-on-centos-7 我已经在我的 CentOS 7 上安装了 Openvpn 2.1.3,但是它不起作用。
错误是
[root@localhost centos7]# systemctl status -l [email protected]
[email protected] - OpenVPN Robust And Highly Flexible Tunneling Application On server
Loaded: loaded (/usr/lib/systemd/system/[email protected]; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Sat 2016-07-23 09:37:42 EDT; 26s ago
Process: 2076 ExecStart=/usr/sbin/openvpn --daemon --writepid /var/run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf (code=exited, status=1/FAILURE)
Jul 23 09:37:42 localhost.localdomain systemd[1]: Starting OpenVPN Robust And Highly Flexible Tunneling Application On server...
Jul 23 09:37:42 localhost.localdomain systemd[1]: [email protected]: control process exited, code=exited status=1
Jul 23 09:37:42 localhost.localdomain systemd[1]: Failed to start OpenVPN Robust And Highly Flexible Tunneling Application On server.
Jul 23 09:37:42 localhost.localdomain systemd[1]: Unit [email protected] entered failed state.
Jul 23 09:37:42 localhost.localdomain systemd[1]: [email protected] failed.
我不喜欢默认端口 1194,我已将端口更改为 3000,并且无法 telnet 3000,即使我尝试手动启动 openvpn,似乎也不起作用。
[root@localhost centos7]# openvpn /etc/openvpn/server.conf
[root@localhost centos7]# telnet localhost 3000
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
我的 server.conf 是
port 3000
#proto tcp
proto udp
dev tun
server 10.8.1.0 255.255.255.0
keepalive 20 120
ca /etc/keys/ca.crt
cert /etc/keys/server.crt
key /etc/keys/server.key
dh /etc/keys/dh1024.pem
#crl-verify keys/crl.pem
tls-auth /etc/keys/ta.key 0
cipher RC2-CBC
user nobody
group nobody
status openvpn-status.log
log-append openvpn.log
verb 2
mute 20
max-clients 200
#management 127.0.0.1 1199
#client-config-dir ccd
client-to-client
persist-key
persist-tun
#ccd-exclusive
#script-security 3 system
push "route 192.168.0.0 255.255.255.0"
push "redirect-gateway def1"
#push "dhcp-option DNS 8.8.8.8"
#push "dhcp-option DNS 8.8.6.6"
#status openvpn-status.log
comp-lzo
verb 3
daemon openvpn
我的安装步骤是
#1
yum install epel-release
#2
yum install openvpn easy-rsa -y
#3
cp /usr/share/doc/openvpn-*/sample/sample-config-files/server.conf /etc/openvpn
#4
vi /etc/openvpn/server.conf
#5
mkdir -p /etc/openvpn/easy-rsa/keys
#6
I copied the keys which was builded by my old server
#7
yum install iptables-services -y
#8
systemctl mask firewalld
#9
systemctl disable firewalld
#10
systemctl enable iptables
#11
systemctl stop firewalld
#12
systemctl start iptables
#13
iptables --flush
#14
yum remove firewalld
#15
iptables -t nat -A POSTROUTING -s 10.8.1.0/24 -o eth0 -j MASQUERADE
#16
iptables-save > /etc/sysconfig/iptables
#17
vi /etc/sysctl.conf
#18 Add the following line at the top of the file:
net.ipv4.ip_forward = 1
我做错了什么?有什么想法吗?