简介
本次提供的脚本是纯自动化配置一切,断绝以往的手动配置问题。
下载
[root@iz8vbgkjlbimb3lh5vg2qjz src]# git clone https://github.com/cncentoscn/vpn.git
安装
基于openvpn而配置
配置
[root@iz8vbgkjlbimb3lh5vg2qjz src]# cd vpn/ [root@iz8vbgkjlbimb3lh5vg2qjz vpn]# ll total 16 -rw-r--r-- 1 root root 14814 Jan 29 10:33 openvpn-install.sh [root@instance-7tgaowaa ~]# bash openvpn-install.sh
配置内网IP,这个是自动识别的,直接回车即可
Welcome to this OpenVPN "road warrior" installer! I need to ask you a few questions before starting the setup. You can leave the default options and just press enter if you are ok with them. First, provide the IPv4 address of the network interface you want OpenVPN listening to. IP address: 192.168.0.2
手动输入你的外网IP
This server is behind NAT. What is the public IPv4 address or hostname? Public IP address / hostname: 180.76.189.187
选择协议(推荐默认回车)
Which protocol do you want for OpenVPN connections? 1) UDP (recommended) 2) TCP Protocol [1-2]: 1
端口(建议使用其他端口,不然很容易疯掉的)
What port do you want OpenVPN listening to? Port: 1194
dns(默认即可回车)
Which DNS do you want to use with the VPN? 1) Current system resolvers 2) 1.1.1.1 3) Google 4) OpenDNS 5) Verisign DNS [1-5]: 1
创建客户端(名字自定义即可)
Finally, tell me your name for the client certificate. Please, use one word only, no special characters. Client name: client
再次敲击回车自动安装
Okay, that was all I needed. We are ready to set up your OpenVPN server now. Press any key to continue...
配置成功后,客户端会自动分发到如下目录
Your client configuration is available at: /root/client.ovpn If you want to add more clients, you simply need to run this script again!
客户端增加和删除
[root@instance-7tgaowaa ~]# bash openvpn-install.sh Looks like OpenVPN is already installed. What do you want to do? 1) Add a new user 2) Revoke an existing user 3) Remove OpenVPN 4) Exit Select an option [1-4]:
1.增加客户端
2.删除客户端
3.卸载vpn
4.退出
先演示增加
[root@instance-7tgaowaa ~]# bash openvpn-install.sh Looks like OpenVPN is already installed. What do you want to do? 1) Add a new user 2) Revoke an existing user 3) Remove OpenVPN 4) Exit Select an option [1-4]: 1 Tell me a name for the client certificate. Please, use one word only, no special characters. Client name: lucky Using SSL: openssl OpenSSL 1.0.2k-fips 26 Jan 2017 Generating a 2048 bit RSA private key .........+++ ...............+++ writing new private key to '/etc/openvpn/easy-rsa/pki/private/lucky.key.oc26QPYqMq' ----- Using configuration from ./safessl-easyrsa.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'lucky' Certificate is to be certified until Nov 4 02:40:06 2028 GMT (3650 days) Write out database with 1 new entries Data Base Updated Client lucky added, configuration is available at: /root/lucky.ovpn
演示删除
[root@instance-7tgaowaa ~]# bash openvpn-install.sh Looks like OpenVPN is already installed. What do you want to do? 1) Add a new user 2) Revoke an existing user 3) Remove OpenVPN 4) Exit Select an option [1-4]: 2 Select the existing client certificate you want to revoke: 1) client 2) lucky Select one client [1-2]: 2 Do you really want to revoke access for client lucky? [y/N]: y Using configuration from ./safessl-easyrsa.cnf Revoking Certificate 9B734723BBCE013204DBD17D45D5DAF7. Data Base Updated Using SSL: openssl OpenSSL 1.0.2k-fips 26 Jan 2017 Using configuration from ./safessl-easyrsa.cnf An updated CRL has been created. CRL file: /etc/openvpn/easy-rsa/pki/crl.pem Certificate for client lucky revoked! [root@instance-7tgaowaa ~]#
- 内网指向 push "route 172.16.10.0 255.255.255.0"
继续阅读
- 我的QQ
- QQ扫一扫
-
- 我的头条
- 头条扫一扫
-
评论