centos7下openvpn配置与单独service管理

安装openvpn

1
2
yum install epel-release
yum install openvpn -y

配置opvn

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
vim /etc/openvpn/hlgz.conf
#随便上一个配置
port 2341
dev tun5
proto udp
ifconfig 192.168.20.13 192.168.20.12
<secret>
-----BEGIN OpenVPN Static key V1-----
30a5526e2d658947ff4af097c0d52ac2
d121bdf6c2f49582dbf6f1e568f6c767
-----END OpenVPN Static key V1-----
</secret>
comp-lzo
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
tun-mtu 1396

记得开启ip转发和关闭防火墙

1
2
3
4
5
6
7
#ip转发
vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
sysctl -p
#关防火墙
systemctl disable firewalld
systemctl stop firewalld

新建opvnxx.service配置文件,以我刚才的hlgz.conf为例

1
2
3
4
5
6
7
8
9
10
11
vim /lib/systemd/system/hlgz.service
After=network.target
 
[Service]
Type=forking
ExecStart=/usr/sbin/openvpn --daemon ovpn-hlgz --status /run/openvpn/hlgz.status 10 --cd /etc/openvpn --config /etc/openvpn/hl-gz.conf
ExecReload=/bin/kill -HUP $MAINPID
WorkingDirectory=/etc/openvpn
 
[Install]
WantedBy=multi-user.target

原生的service文件如下

1
2
3
4
5
6
7
8
9
10
11
12
13
[Unit]
Description=OpenVPN connection to %1
After=network.target
 
[Service]
Type=forking
ExecStart=/usr/sbin/openvpn --daemon ovpn-%2 --status /run/openvpn/%3.status 10 --cd /etc/openvpn --config /etc/openvpn/%4.conf
ExecReload=/bin/kill -HUP $MAINPID
WorkingDirectory=/etc/openvpn
 
[Install]
WantedBy=multi-user.target
openvpn@.service (END)

%1的地方是描述
%2是deamon名称
%3是status名称
%4是配置文件所在地方

重新加载&启动

1
2
systemctl daemon-reload
systemctl start hlgz

下面是一段启动好后的status

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
[root@VM_58_3_centos ~]# systemctl status hlgz.service 
hlgz.service - OpenVPN connection to Huali 18F
   Loaded: loaded (/usr/lib/systemd/system/hlgz.service; disabled)
   Active: active (running) since Wed 2016-01-06 21:12:15 CST; 42s ago
  Process: 14833 ExecStart=/usr/sbin/openvpn --daemon ovpn-hlgz --status /run/openvpn/hlgz.status 10 --cd /etc/openvpn --config /etc/openvpn/hl-gz.conf (code=exited, status=0/SUCCESS)
 Main PID: 14834 (openvpn)
   CGroup: /system.slice/hlgz.service
           `-14834 /usr/sbin/openvpn --daemon ovpn-hlgz --status /run/openvpn/hlgz.status 10 --cd /etc/openvpn --config /etc/openvpn/hl-gz.conf
 
Jan 06 21:12:15 VM_58_3_centos systemd[1]: Started OpenVPN connection to Huali 18F.
Jan 06 21:12:15 VM_58_3_centos ovpn-hlgz[14834]: WARNING: normally if you use --mssfix and/or --fragment, you should also set --tun-mtu 1500 (currently it is 1396)
Jan 06 21:12:15 VM_58_3_centos ovpn-hlgz[14834]: TUN/TAP device tun5 opened
Jan 06 21:12:15 VM_58_3_centos ovpn-hlgz[14834]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Jan 06 21:12:15 VM_58_3_centos ovpn-hlgz[14834]: /usr/sbin/ip link set dev tun5 up mtu 1396
Jan 06 21:12:15 VM_58_3_centos ovpn-hlgz[14834]: /usr/sbin/ip addr add dev tun5 local 192.168.20.13 peer 192.168.20.12
Jan 06 21:12:15 VM_58_3_centos ovpn-hlgz[14834]: UDPv4 link local (bound): [undef]
Jan 06 21:12:15 VM_58_3_centos ovpn-hlgz[14834]: UDPv4 link remote: [undef]
Jan 06 21:12:18 VM_58_3_centos ovpn-hlgz[14834]: Peer Connection Initiated with [AF_INET]58.62.159.5:60750
Jan 06 21:12:18 VM_58_3_centos ovpn-hlgz[14834]: Initialization Sequence Completed
Hint: Some lines were ellipsized, use -l to show in full.

添加评论