rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm yum -y install openvpn cp -R /usr/share/openvpn/easy-rsa /etc/openvpn/ cd /etc/openvpn/easy-rsa/2.0

vi vars export KEY_COUNTRY=“CN” export KEY_PROVINCE=“BJ” export KEY_CITY=“BJ” export KEY_ORG=“org” export KEY_EMAIL=“webmaster@test.com”

source ./vars ./clean-all ./build-ca server ./build-key-server server ./build-key client1 ./build-dh

cd .. vi server.conf port 1443 proto tcp dev tun ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt cert /etc/openvpn/easy-rsa/2.0/keys/server.crt key /etc/openvpn/easy-rsa/2.0/keys/server.key dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem server 10.8.0.0 255.255.255.0 push “redirect-gateway def1” push “dhcp-option DNS z.z.z.z” push “dhcp-option DNS z.z.z.z” client-to-client keepalive 10 120 comp-lzo persist-key persist-tun verb 3

vi /etc/sysctl.conf net.ipv4.ip_forward = 1 sysctl -p

iptables -t nat -A POSTROUTING -s 11.8.0.0/24 -o eth0 -j SNAT -–to xxx.xxx.xxx.xxx /etc/init.d/iptables save /etc/init.d/iptables restart

vi /etc/rc.local /usr/sbin/openvpn –config /etc/openvpn/server.conf & /usr/sbin/openvpn –config /etc/openvpn/server.conf >/dev/null 2>&1 &

openvpn –config /etc/openvpn/server.conf &

client1.ovpn: client dev tun proto tcp remote xxx.xxx.xxx.xxx 1443 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert client1.crt key client1.key ns-cert-type server comp-lzo verb 3