1、环境搭建



说明:

vpn client 192.168.8.16/24

openvpn server:

eth0: 192.168.8.41

eth1: 172.16.1.10





app server: 

172.16.1.20





app server和openvpn的eth1都在vmnet2上





openvpn server

# ifconfig

eth0      Link encap:Ethernet  HWaddr 00:0C:29:6C:85:A0  

          inet addr:192.168.8.41  Bcast:192.168.8.255  Mask:255.255.255.0

          inet6 addr: fe80::20c:29ff:fe6c:85a0/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:9587674 errors:0 dropped:0 overruns:0 frame:0

          TX packets:5211921 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000 

          RX bytes:1241650018 (1.1 GiB)  TX bytes:1238208023 (1.1 GiB)





eth1      Link encap:Ethernet  HWaddr 00:0C:29:6C:85:AA  

          inet addr:172.16.1.10  Bcast:172.16.1.255  Mask:255.255.255.0

          inet6 addr: fe80::20c:29ff:fe6c:85aa/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:122 errors:0 dropped:0 overruns:0 frame:0

          TX packets:73 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000 

          RX bytes:11314 (11.0 KiB)  TX bytes:6306 (6.1 KiB)





lo        Link encap:Local Loopback  

          inet addr:127.0.0.1  Mask:255.0.0.0

          inet6 addr: ::1/128 Scope:Host

          UP LOOPBACK RUNNING  MTU:16436  Metric:1

          RX packets:1572 errors:0 dropped:0 overruns:0 frame:0

          TX packets:1572 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0 

          RX bytes:141358 (138.0 KiB)  TX bytes:141358 (138.0 KiB)

2、时间同步:

# ntpdate 192.168.8.102

3、创建openvpn的安装目录

# mkdir -pv /home/tools/openvpn

mkdir: created directory `/home/tools'

mkdir: created directory `/home/tools/openvpn'

# cd /home/tools/openvpn/

上传安装软件到该目录

# ls -l

total 1464

-rw-r--r-- 1 root root 583045 Jun 29 17:30 lzo-2.06.tar.gz

-rw-r--r-- 1 root root 911158 Jun 29 17:30 openvpn-2.2.2.tar.gz

4、安装依赖包

# yum install -y gcc*

# yum install -y openssl*





编译安装依赖包,通过执行 echo $?可以判断步骤是否正确





tar zxf lzo-2.06.tar.gz 

cd lzo-2.06

./configure 

make

make install





安装openvpnserver

# tar zxf openvpn-2.2.2.tar.gz 

# cd openvpn-2.2.2





# ./configure --with-lzo-headers=/usr/local/include --with-lzo-lib=/usr/local/lib

# make && make install





验证是否安装成功

# ll /usr/local/sbin/openvpn 

-rwxr-xr-x 1 root root 2545339 Jun 29 17:55 /usr/local/sbin/openvpn

# which openvpn

/usr/local/sbin/openvpn

5、配置openvpn server的各种密钥

# cd /home/tools/openvpn/openvpn-2.2.2/easy-rsa/2.0

# vim vars





export KEY_COUNTRY="CN"

export KEY_PROVINCE="SZ"

export KEY_CITY="shenzhen"

export KEY_ORG="chinasoft"

export KEY_EMAIL="chinasoft@qq.com"

export KEY_EMAIL=chinasoft@qq.com

export KEY_CN=CN

export KEY_NAME=chinasoft

export KEY_OU=chinasoft

export PKCS11_MODULE_PATH=changeme

export PKCS11_PIN=1234





使配置生效

[root@node3 2.0]# source vars

NOTE: If you run ./clean-all, I will be doing a rm -rf on /home/tools/openvpn/openvpn-2.2.2/easy-rsa/2.0/keys

[root@node3 2.0]# ./clean-all 

[root@node3 2.0]# ./build-ca 

Generating a 1024 bit RSA private key

................................................++++++

....................++++++

writing new private key to 'ca.key'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [CN]:

State or Province Name (full name) [SZ]:

Locality Name (eg, city) [shenzhen]:

Organization Name (eg, company) [chinasoft]:

Organizational Unit Name (eg, section) [chinasoft]:

Common Name (eg, your name or your server's hostname) [CN]:chinasoft

Name [chinasoft]:

Email Address [chinasoft@qq.com]:





# ll keys/

total 12

-rw-r--r-- 1 root root 1367 Jun 29 18:09 ca.crt

-rw------- 1 root root  916 Jun 29 18:09 ca.key

-rw-r--r-- 1 root root    0 Jun 29 18:08 index.txt

-rw-r--r-- 1 root root    3 Jun 29 18:08 serial

生成服务器端证书和秘钥key文件

# ./build-key-server server

Generating a 1024 bit RSA private key

.................................++++++

...............++++++

writing new private key to 'server.key'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [CN]:

State or Province Name (full name) [SZ]:

Locality Name (eg, city) [shenzhen]:

Organization Name (eg, company) [chinasoft]:

Organizational Unit Name (eg, section) [chinasoft]:

Common Name (eg, your name or your server's hostname) [server]:chinasoft

Name [chinasoft]:

Email Address [chinasoft@qq.com]:





Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:123456  

An optional company name []:chinasoft

Using configuration from /home/tools/openvpn/openvpn-2.2.2/easy-rsa/2.0/openssl-1.0.0.cnf

Check that the request matches the signature

Signature ok

The Subject's Distinguished Name is as follows

countryName           :PRINTABLE:'CN'

stateOrProvinceName   :PRINTABLE:'SZ'

localityName          :PRINTABLE:'shenzhen'

organizationName      :PRINTABLE:'chinasoft'

organizationalUnitName:PRINTABLE:'chinasoft'

commonName            :PRINTABLE:'chinasoft'

name                  :PRINTABLE:'chinasoft'

emailAddress          :IA5STRING:'chinasoft@qq.com'

Certificate is to be certified until Jun 27 10:13:59 2026 GMT (3650 days)

Sign the certificate? [y/n]:y









1 out of 1 certificate requests certified, commit? [y/n]y

Write out database with 1 new entries

Data Base Updated

建立2份客户端证书,分别为client和ett

[root@node3 2.0]# ./build-key test





注意:./build-key test 这条命令不能配置成 ./build-key chinasoft及其他和组织等名称相同的文件名,否则无法通信





Generating a 1024 bit RSA private key

.......++++++

................................++++++

writing new private key to 'test.key'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [CN]:

State or Province Name (full name) [SZ]:

Locality Name (eg, city) [shenzhen]:

Organization Name (eg, company) [chinasoft]:

Organizational Unit Name (eg, section) [chinasoft]:

Common Name (eg, your name or your server's hostname) [test]:chinasoft

Name [chinasoft]:

Email Address [chinasoft@qq.com]:





Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:123456

An optional company name []:chinasoft

Using configuration from /home/tools/openvpn/openvpn-2.2.2/easy-rsa/2.0/openssl-1.0.0.cnf

Check that the request matches the signature

Signature ok

The Subject's Distinguished Name is as follows

countryName           :PRINTABLE:'CN'

stateOrProvinceName   :PRINTABLE:'SZ'

localityName          :PRINTABLE:'shenzhen'

organizationName      :PRINTABLE:'chinasoft'

organizationalUnitName:PRINTABLE:'chinasoft'

commonName            :PRINTABLE:'chinasoft'

name                  :PRINTABLE:'chinasoft'

emailAddress          :IA5STRING:'chinasoft@qq.com'

Certificate is to be certified until Jun 27 13:29:36 2026 GMT (3650 days)

Sign the certificate? [y/n]:y

failed to update database

TXT_DB error number 2

创建加密的客户端key

# ./build-key-pass ett

Generating a 1024 bit RSA private key

........................................++++++

................++++++

writing new private key to 'ett.key'

Enter PEM pass phrase:

Verifying - Enter PEM pass phrase:

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [CN]:

State or Province Name (full name) [SZ]:

Locality Name (eg, city) [shenzhen]:

Organization Name (eg, company) [chinasoft]:

Organizational Unit Name (eg, section) [chinasoft]:

Common Name (eg, your name or your server's hostname) [ett]:chinasoft

Name [chinasoft]:

Email Address [chinasoft@qq.com]:





Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:123456

An optional company name []:chinasoft

Using configuration from /home/tools/openvpn/openvpn-2.2.2/easy-rsa/2.0/openssl-1.0.0.cnf

Check that the request matches the signature

Signature ok

The Subject's Distinguished Name is as follows

countryName           :PRINTABLE:'CN'

stateOrProvinceName   :PRINTABLE:'SZ'

localityName          :PRINTABLE:'shenzhen'

organizationName      :PRINTABLE:'chinasoft'

organizationalUnitName:PRINTABLE:'chinasoft'

commonName            :PRINTABLE:'chinasoft'

name                  :PRINTABLE:'chinasoft'

emailAddress          :IA5STRING:'chinasoft@qq.com'

Certificate is to be certified until Jun 27 10:24:44 2026 GMT (3650 days)

Sign the certificate? [y/n]:y

failed to update database

TXT_DB error number 2

生成传输进行密钥交换时用到的交换密钥协议文件

# ./build-dh

# ll keys/dh1024.pem 

-rw-r--r-- 1 root root 245 Jun 29 19:05 keys/dh1024.pem

为防止恶意攻击,如DOS、UDP port flooding,我们生成一个HMAC firewall

# openvpn --genkey --secret keys/ta.key

[root@node3 2.0]# ll keys/ta.key 

-rw------- 1 root root 636 Jun 29 19:07 keys/ta.key

6、配置openvpn.conf文件

# mkdir /etc/openvpn

# cp -a keys /etc/openvpn/

[root@node3 2.0]# cp ../../sample-config-files/server.conf /etc/openvpn/

[root@node3 2.0]# tree /etc/op

openldap/ openvpn/  opt/      

[root@node3 2.0]# tree /etc/openvpn/

-bash: tree: command not found

[root@node3 2.0]# tree /etc/openvpn/

/etc/openvpn/

├── keys

│   ├── 01.pem

│   ├── ca.crt

│   ├── ca.key

│   ├── chinasoft.crt

│   ├── chinasoft.csr

│   ├── chinasoft.key

│   ├── dh1024.pem

│   ├── ett.crt

│   ├── ett.csr

│   ├── ett.key

│   ├── index.txt

│   ├── index.txt.attr

│   ├── index.txt.old

│   ├── serial

│   ├── serial.old

│   ├── server.crt

│   ├── server.csr

│   ├── server.key

│   └── ta.key

└── server.conf









# vim /etc/openvpn/server.conf





local 192.168.8.41 # 监听地址

port 52155 # 监听端口

proto tcp

dev tun

ca /etc/openvpn/keys/ca.crt # ca证书

cert /etc/openvpn/keys/server.crt # 服务证书

key /etc/openvpn/keys/server.key # 服务key

dh /etc/openvpn/keys/dh1024.pem

server 10.8.0.0 255.255.255.0 # vpn server动态分配给vpn client的地址池,一般不需要修改

push "route 172.16.1.0 255.255.255.0" # vpn server所在的内网网段,如果有多个可写写多个push

ifconfig-pool-persist /etc/openvpn/keys/ipp.txt

keepalive 10 120

comp-lzo

persist-key

persist-tun

status openvpn-status.log

verb 3

client-to-client

duplicate-cn

log /var/log/openvpn.log

打开路由转发功能

# vim /etc/sysctl.conf 

net.ipv4.ip_forward = 1

使配置生效

# sysctl -p

net.ipv4.ip_forward = 1

net.ipv4.conf.default.rp_filter = 1

net.ipv4.conf.default.accept_source_route = 0

kernel.sysrq = 0

kernel.core_uses_pid = 1

net.ipv4.tcp_syncookies = 1

error: "net.bridge.bridge-nf-call-ip6tables" is an unknown key

error: "net.bridge.bridge-nf-call-iptables" is an unknown key

error: "net.bridge.bridge-nf-call-arptables" is an unknown key

kernel.msgmnb = 65536

kernel.msgmax = 65536

kernel.shmmax = 68719476736

kernel.shmall = 4294967296

8、启动openvpn server服务

# /usr/local/sbin/openvpn --config /etc/openvpn/server.conf &

检查服务是否正常启动

# netstat -lntup|grep vpn

tcp        0      0 0.0.0.0:52155               0.0.0.0:*                   LISTEN      28959/openvpn    





加入启动脚本

# echo '/usr/local/sbin/openvpn --config /etc/openvpn/server.conf &' >> /etc/rc.local 

[root@node3 openvpn]# tail -1 /etc/rc.local 

tail: inotify cannot be used, reverting to polling

/usr/local/sbin/openvpn --config /etc/openvpn/server.conf &





将openvpn添加为服务的形式

# cp /home/tools/openvpn/openvpn-2.2.2/sample-scripts/openvpn.init /etc/init.d/openvpn

[root@node3 openvpn]# chkconfig --add openvpn

[root@node3 openvpn]# chkconfig --list openvpn

openvpn         0:off1:off2:off3:on4:on5:on6:off

[root@node3 openvpn]# chmod +x /etc/init.d/openvpn 

[root@node3 openvpn]# chkconfig openvpn on

[root@node3 openvpn]# chkconfig --list openvpn

openvpn         0:off1:off2:on3:on4:on5:on6:off

[root@node3 openvpn]# killall openvpn

[root@node3 openvpn]# service openvpn start

Starting openvpn:                                          [  OK  ]

[1]+  Done                    /usr/local/sbin/openvpn --config /etc/openvpn/server.conf

[root@node3 openvpn]# service openvpn restart

Shutting down openvpn:                                     [  OK  ]

Starting openvpn:                                          [  OK  ]





# ifconfig

eth0      Link encap:Ethernet  HWaddr 00:0C:29:6C:85:A0  

          inet addr:192.168.8.41  Bcast:192.168.8.255  Mask:255.255.255.0

          inet6 addr: fe80::20c:29ff:fe6c:85a0/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:9941129 errors:0 dropped:0 overruns:0 frame:0

          TX packets:5344611 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000 

          RX bytes:1366753019 (1.2 GiB)  TX bytes:1255169492 (1.1 GiB)





eth1      Link encap:Ethernet  HWaddr 00:0C:29:6C:85:AA  

          inet addr:172.16.1.10  Bcast:172.16.1.255  Mask:255.255.255.0

          inet6 addr: fe80::20c:29ff:fe6c:85aa/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:414 errors:0 dropped:0 overruns:0 frame:0

          TX packets:78 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000 

          RX bytes:28834 (28.1 KiB)  TX bytes:6644 (6.4 KiB)





lo        Link encap:Local Loopback  

          inet addr:127.0.0.1  Mask:255.0.0.0

          inet6 addr: ::1/128 Scope:Host

          UP LOOPBACK RUNNING  MTU:16436  Metric:1

          RX packets:1738 errors:0 dropped:0 overruns:0 frame:0

          TX packets:1738 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0 

          RX bytes:155542 (151.8 KiB)  TX bytes:155542 (151.8 KiB)





tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  

          inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255

          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1

          RX packets:4 errors:0 dropped:0 overruns:0 frame:0

          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:100 

          RX bytes:240 (240.0 b)  TX bytes:0 (0.0 b)

如果启动报错:

需要修改服务启动服务脚本/etc/init.d/openvpn 

for c in `/bin/ls *.conf 2>/dev/null`; do

改为

for c in `/bin/ls server.conf 2>/dev/null`; do



9、windows客户端openvpn-2.2.2-install.exe安装

在vpn server中安装文件传输工具,将下列文件传送给客户端,放置在E:\Program Files (x86)\OpenVPN\config\test目录下

client.conf 改名为 test.ovpn

# yum install -y lrzsz

# sz -y ca.crt test.crt test.key client.conf





报错:

failed to update database

TXT_DB error number 2





解决办法:

 

vim /home/tools/openvpn/openvpn-2.2.2/easy-rsa/2.0/keys/index.txt.attr

将unique_subject = yes  改为unique_subject = no





在vpn客户端连通后ping 172.16.1.20

通过在appserver 172.16.1.20上抓包发现只有请求的数据包,没有回应

# tcpdump -nnn -s 10000|grep -i icmp

将appserver的网关指向vpnserver的内网网卡后可以ping通,访问nginx服务http://172.16.1.20也正常

# route add default gw 172.16.1.10

或者添加静态路由



# route add -net 10.8.0.0/24 gw 172.16.1.10





如果要是永久生效,有如下几种方法:

方法一:

vi /etc/sysconfig/network-scripts/route-eth0  #默认不存在此文件

加入如下内容:

10.8.0.0/24 via 172.16.1.10

提示:写到配置里,重启网络服务和重启系统都会生效!

 

方法二:

vi /etc/sysconfig/static-routes  #默认不存在此文件

加入如下内容:

any net 10.8.0.0/24 gw 172.16.1.10

提示:写到配置里,重启网络服务和重启系统都会生效!

 

方法三:

vi /etc/rc.local

加入如下内容:

route add -net 10.8.0.0/24 gw 172.16.1.10

PS: 方法一推荐生产环境使用

提示:方法三写到/etc/rc.local里只在开机时加载,当手工重启网络后会失效,但是重启系统后会生效!





注意:如果当VPN客户端的网关不是VPNSERVER内网地址的时候,所有的VPN客户端都要加网络路由,当VPN客户端的网关是VPNSETVER内网地址就不需要添加静态路由了

centos6.5环境搭建openvp服务器及windows客户端搭建及配置详解的更多相关文章

  1. CentOS6.5环境使用keepalived实现nginx服务的高可用性及配置详解

    keepalived基础概念    Keepalived是一个基于VRRP协议来实现的WEB服务高可用方案,可以利用其来避免单点故障.一个WEB服务至少会有2台服务器运行Keepalived,一台为主 ...

  2. Hibernate4搭建Log4J日志管理(附Log4j.properties配置详解)

    1.首先加入slf4j的jar包,即slf4j-api-1.6.1.jar 在hibernate官网下载hibernate-release-4.2.2.Final.zip并解压,在hibernate- ...

  3. Samba centos7文件共享服务器搭建教程,可以更改任意需求操作配置详解。

    先安装软件   yum -y install samba-client 请看如下配置文件说明 [gongxiang]       comment = This is my shared folder  ...

  4. [PXE] Linux(centos6)中PXE 服务器搭建,PXE安装、启动及PXE理论详解

    [PXE] Linux(centos6)中PXE 服务器搭建,PXE安装.启动及PXE理论详解 本篇blog主要讲述了[PXE] linux(centos)PXE无盘服务器搭建,安装,启动及pxe协议 ...

  5. Linux - CentOS6.5服务器搭建与初始化配置详解(下)

    传送带:Linux - CentOS6.5服务器搭建与初始化配置详解(上) 继续接着上面的安装,安装完后会出现下面界面 点击reboot重启 重启后可以看到下面的tty终端界面  因为这就是最小化安装 ...

  6. Linux - CentOS6.5服务器搭建与初始化配置详解(上)

    1.新建一个虚拟机 选择典型 单机下一步 p.MsoNormal,li.MsoNormal,div.MsoNormal { margin: 0cm 0cm 0.0001pt; text-align: ...

  7. JAVA环境变量配置详解(Windows)

    JAVA环境变量配置详解(Windows)   JAVA环境变量JAVA_HOME.CLASSPATH.PATH设置详解  Windows下JAVA用到的环境变量主要有3个,JAVA_HOME.CLA ...

  8. 实时监控、直播流、流媒体、视频网站开发方案流媒体服务器搭建及配置详解:使用nginx搭建rtmp直播、rtmp点播、,hls直播服务配置详解

    注意:这里不会讲到nginx流媒体模块如何安装的问题,只研究rtmp,hls直播和录制相关的nginx服务器配置文件的详细用法和说明.可以对照这些命令详解配置nginx -rtmp服务 一.nginx ...

  9. Windows下Nginx Virtual Host多站点配置详解

    Windows下Nginx Virtual Host多站点配置详解 此教程适用于Windows系统已经配置好Nginx+Php+Mysql环境的同学. 如果您还未搭建WNMP环境,请查看 window ...

随机推荐

  1. @Value加载classpath下的文件

    maven工程中,要加载classpath下的文件并以InputStream的形式返回,通常使用的方法是 InputStream inputStream = Test.class.getClassLo ...

  2. java代码示例(7-1)

    Dog类 /*** * 宠物狗狗类,使用权限修饰符private和public进行封装 * @author chenyanlong * 日期:2017/10/15 */ package com.hp. ...

  3. Simple Question

    一.你会在时间序列数据集上使用什么交叉验证技术?是用k倍? 答:都不是.对于时间序列问题,k倍可能会很麻烦,因为第4年或第5年的一些模式有可能跟第3年的不同,而我们最终可能只是需要对过去几年的进行验证 ...

  4. Linux发行版Debian操作系统破译密码

    Linux发行版Debian操作系统破译密码 作者:尹正杰 版权声明:原创作品,谢绝转载!否则将追究法律责任. 其实玩过Linux的小伙伴,对破解服务器密码都应该有所了解,典型的两个代表,我觉得一个是 ...

  5. 内联函数 —— C 中关键字 inline 用法解析

    一.什么是内联函数 在C语言中,如果一些函数被频繁调用,不断地有函数入栈,即函数栈,会造成栈空间或栈内存的大量消耗. 为了解决这个问题,特别的引入了inline修饰符,表示为内联函数. 栈空间就是指放 ...

  6. POJ - 3122 Pie(二分)

    http://poj.org/problem?id=3122 题意 主人过生日,m个人来庆生,有n块派,m+1个人(还有主人自己)分,问每个人分到的最大体积的派是多大,PS每 个人所分的派必须是在同一 ...

  7. HDU - 5413 CRB and Roads

    CRB and Roads Time Limit: 12000/6000 MS (Java/Others)    Memory Limit: 131072/131072 K (Java/Others) ...

  8. WebSocket 实战之——【WebSocket 原理】

    一.WebSocket是什么? HTML5出的东西(协议),也就是说HTTP协议没有变化,或者说没关系,但HTTP是不支持持久连接的(长连接,循环连接的不算). 首先HTTP有1.1和1.0之说,也就 ...

  9. bootstrap中模态框的使用

    1.代码: <%--登录模态框--%> <li><a href="#" data-toggle="modal" data-targ ...

  10. 《Maven实战》笔记

    maven是什么 maven是 构建工具 依赖关系工具 项目信息管理工具 而JAVA世界的ant只是一个构建工具,不具备依赖管理的功能,需要配合使用ivy进行依赖管理. maven的安装 下载mave ...