OpenVPN

IT
IT
IT
335
文章
1
评论
2020年3月28日13:26:52 评论 7,805 2968字阅读9分53秒

简介

本次提供的脚本是纯自动化配置一切,断绝以往的手动配置问题。

OpenVPN

下载

此处为隐藏的内容!
登录后方可查看!

安装

基于openvpn而配置

配置

[root@iz8vbgkjlbimb3lh5vg2qjz src]# cd vpn/
[root@iz8vbgkjlbimb3lh5vg2qjz vpn]# ll
total 16
-rw-r--r-- 1 root root 14814 Jan 29 10:33 openvpn-install.sh
[root@instance-7tgaowaa ~]# bash openvpn-install.sh

配置内网IP,这个是自动识别的,直接回车即可

Welcome to this OpenVPN "road warrior" installer!
 
I need to ask you a few questions before starting the setup.
You can leave the default options and just press enter if you are ok with them.
 
First, provide the IPv4 address of the network interface you want OpenVPN
listening to.
IP address: 192.168.0.2

手动输入你的外网IP

This server is behind NAT. What is the public IPv4 address or hostname?
Public IP address / hostname: 180.76.189.187

选择协议(推荐默认回车)

Which protocol do you want for OpenVPN connections?
1) UDP (recommended)
2) TCP
Protocol [1-2]: 1

端口(建议使用其他端口,不然很容易疯掉的)

What port do you want OpenVPN listening to?
Port: 1194

dns(默认即可回车)

Which DNS do you want to use with the VPN?
1) Current system resolvers
2) 1.1.1.1
3) Google
4) OpenDNS
5) Verisign
DNS [1-5]: 1

创建客户端(名字自定义即可)

Finally, tell me your name for the client certificate.
Please, use one word only, no special characters.
Client name: client

再次敲击回车自动安装

Okay, that was all I needed. We are ready to set up your OpenVPN server now.
Press any key to continue...

配置成功后,客户端会自动分发到如下目录

Your client configuration is available at: /root/client.ovpn
If you want to add more clients, you simply need to run this script again!

客户端增加和删除

[root@instance-7tgaowaa ~]# bash openvpn-install.sh 
Looks like OpenVPN is already installed.
 
What do you want to do?
1) Add a new user
2) Revoke an existing user
3) Remove OpenVPN
4) Exit
Select an option [1-4]:

1.增加客户端

2.删除客户端

3.卸载vpn

4.退出

先演示增加

[root@instance-7tgaowaa ~]# bash openvpn-install.sh 
Looks like OpenVPN is already installed.
 
What do you want to do?
   1) Add a new user
   2) Revoke an existing user
   3) Remove OpenVPN
   4) Exit
Select an option [1-4]: 1
 
Tell me a name for the client certificate.
Please, use one word only, no special characters.
Client name: lucky
 
Using SSL: openssl OpenSSL 1.0.2k-fips  26 Jan 2017
Generating a 2048 bit RSA private key
.........+++
...............+++
writing new private key to '/etc/openvpn/easy-rsa/pki/private/lucky.key.oc26QPYqMq'
-----
Using configuration from ./safessl-easyrsa.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName            :ASN.1 12:'lucky'
Certificate is to be certified until Nov  4 02:40:06 2028 GMT (3650 days)
 
Write out database with 1 new entries
Data Base Updated
 
Client lucky added, configuration is available at: /root/lucky.ovpn

演示删除

[root@instance-7tgaowaa ~]# bash openvpn-install.sh 
Looks like OpenVPN is already installed.
 
What do you want to do?
1) Add a new user
2) Revoke an existing user
3) Remove OpenVPN
4) Exit
Select an option [1-4]: 2
 
Select the existing client certificate you want to revoke:
1) client
2) lucky
Select one client [1-2]: 2
 
Do you really want to revoke access for client lucky? [y/N]: y
Using configuration from ./safessl-easyrsa.cnf
Revoking Certificate 9B734723BBCE013204DBD17D45D5DAF7.
Data Base Updated
 
Using SSL: openssl OpenSSL 1.0.2k-fips 26 Jan 2017
Using configuration from ./safessl-easyrsa.cnf
 
An updated CRL has been created.
CRL file: /etc/openvpn/easy-rsa/pki/crl.pem
 
 
Certificate for client lucky revoked!
[root@instance-7tgaowaa ~]#
继续阅读
  • 我的QQ
  • QQ扫一扫
  • weinxin
  • 我的头条
  • 头条扫一扫
  • weinxin
CentOS 最后更新:2020-4-1
IT
  • 本文由 发表于 2020年3月28日13:26:52
  • 除非特殊声明,本站文章均为原创,转载请务必保留本文链接
Eureka同步到nacos Nacos

Eureka同步到nacos

官方介绍文档地址 https://nacos.io/zh-cn/docs/nacos-sync.html 官方安装文档地址 https://nacos.io/zh-cn/docs/nacos-sync...
Eureka指定应用的instanceId为IP CentOS

Eureka指定应用的instanceId为IP

痛点 现在所有的应用指定的是服务器默认机器名称,对查看是哪一个服务IP或者单节点自动剔除服务不友好。 像如上图所示,想知道是哪一个节点,还得点开才能获取IP。 改造 全部改成自动获取服务器IP为ins...
阿里云网盘 CentOS

阿里云网盘

申请内测地址 https://survey.aliyun.com/apps/zhiliao/_o6XQjioM 官网地址 https://www.teambition.com/products/pan...
GitLab或Jenkins集成构建工具 CentOS

GitLab或Jenkins集成构建工具

集成构建工具 构建工具是用来将代码编译打包成制品的工具。例如前端项目我们一般使用npm进行打包,后端java项目我们一般使用maven、gradle进行打包。构建工具很多很多,但是集成到gitlab中...