yum install -y gcc gcc-c++ openssl openssl-devel wget pam pam-devel


configure: error: lzo enabled but missing
需要手工安装lzo，yum安装的无效
wget http://www.oberhumer.com/opensource/lzo/download/lzo-2.06.tar.gz
tar zxvf lzo-2.06.tar.gz
cd lzo-2.06
./configure --prefix=/usr/local/
make && make install

wget https://swupdate.openvpn.org/community/releases/openvpn-2.4.6.tar.gz
tar zxf openvpn-2.4.6.tar.gz
cd openvpn-2.4.6
./configure -prefix=/etc/openvpn
make && make install

wget https://github.com/OpenVPN/easy-rsa/releases/download/v3.0.4/EasyRSA-3.0.4.tgz
tar zxf EasyRSA-3.0.4.tgz
cp -rf EasyRSA-3.0.4 /etc/openvpn/easy-rsa

创建相关证书
# ./easyrsa init-pki   #创建pki
# ./easyrsa build-ca  nopass #创建ca
# ./easyrsa gen-req server nopass  #创建服务端证书
# ./easyrsa sign server server     #签约服务端证书
# ./easyrsa gen-dh                 #创建diffie-hellman文件
# ./easyrsa gen-req client         #创建客户端证书
# ./easyrsa sign client client     #签约客户端证书，根据提示输入服务端ca密码

echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p

iptables -I INPUT -p udp -m udp --dport 60022 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth1 -j MASQUERADE
service iptables save #保存防火墙配置