首页 » linux » ocserv 喂P恩 服务器安装随记

ocserv 喂P恩 服务器安装随记

 

https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm

yum install -y gnutls-devel libev-devel tcp_wrappers-devel pam-devel lz4-devel libseccomp-devel readline-devel libnl3-

devel krb5-devel liboath-devel radcli-devel

yum install -y autoconf automake autogen git2cl xz git

yum install -y gnutls-utils

mkdir -p /opt/soft
cd /opt/soft

git clone https://gitlab.com/ocserv/ocserv.git

编辑文件configure.ac如下:

删除行AM_PROG_AR并添加m4_ifdef([AM_PROG_AR],[AM_PROG_AR])

autoreconf -fvi

./configure && make

生成一个证书

certtool --generate-privkey > ./test-key.pem
certtool --generate-self-signed --load-privkey test-key.pem --outfile test-cert.pem

rpm 方式安装

rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm

yum install ocserv

mkdir CA
cd CA

需要使用certtool 工具生成证书,

查看在哪个包里面

yum provides */certtool

certtool --generate-privkey --outfile ca-key.pem

vim ca.tmpl
------------
cn = "www.abczn.com"
organization = "abczn"
serial = 1
expiration_days = 3650
ca
signing_key
cert_signing_key
crl_signing_key

#生成自签证书
certtool --generate-self-signed --load-privkey ca-key.pem --template ca.tmpl --outfile ca-cert.pem

#生成服务端证书
certtool --generate-privkey --outfile server-key.pem

#声称服务器自己的私钥
certtool --gen

#编辑服务端模版
vim server.tmpl
-----------
cn = "www.abczn.com"
organization = "abczn"
serial = 2
expiration_days = 3650
encryption_key
signing_key
tls_www_server

注意模板前四行得和上面模版前四行一样

#生成服务器证书
certtool --generate-certificate --load-privkey server-key.pem --load-ca-certificate ca-cert.pem --load-ca-privkey ca-key.pem --template server.tmpl --outfile server-cert.pem

#建立私钥目录
mkdir -p /etc/ssl/private
mkdir -p /etc/ssl/certs

拷贝私钥和证书到对应目录
cp server-cert.pem /etc/ssl/certs/
cp server-key.pem /etc/ssl/private/

#编辑ocserv 配置文件
vim /etc/ocserv/ocserv.conf

#auth = "pam"#注释这一行
#auth = "pam[gid-min=1000]"
auth = "plain[/etc/ocserv/ocpasswd]"#修改这一行路径

#取消下面两行注释,并把网段改到111网段,防止冲突
ipv4-network = 192.168.111.0
ipv4-netmask = 255.255.255.0

#dns 修改为下面内容
# dns = fc00::4be0
dns = 8.8.8.8
dns =8.8.4.4

#保存退出

#创建密码认证文件
ocpasswd -c /etc/ocserv/ocpasswd user1

#输入密码即可

#开启内核转发
vim /etc/sysctl.conf

net.ipv4.ip_forward = 1

#编写防火墙规则
iptables -t nat -A POSTROUTING -s 192.168.111.0/24 -o eth0 -j MASQUERADE

iptables -A FORWARD -s 192.168.111.0/24 -j ACCEPT

#启动服务
/etc/init.d/ocserv start

#查看日志模式运行
ocserv -c /etc/ocserv/ocserv.conf -f -d 1

 

客户端连接时候,需要使用域名连接,用IP连接会提示连接失败!

原文链接:ocserv 喂P恩 服务器安装随记,转载请注明来源!

1