OpenVPN

IT
IT
IT
406
文章
1
评论
2020年3月28日13:26:52 评论 24,559 2992字阅读9分58秒

简介

本次提供的脚本是纯自动化配置一切,断绝以往的手动配置问题。

OpenVPN

下载

[root@iz8vbgkjlbimb3lh5vg2qjz src]# git clone https://github.com/cncentoscn/vpn.git

安装

基于openvpn而配置

配置

[root@iz8vbgkjlbimb3lh5vg2qjz src]# cd vpn/
[root@iz8vbgkjlbimb3lh5vg2qjz vpn]# ll
total 16
-rw-r--r-- 1 root root 14814 Jan 29 10:33 openvpn-install.sh
[root@instance-7tgaowaa ~]# bash openvpn-install.sh

配置内网IP,这个是自动识别的,直接回车即可

Welcome to this OpenVPN "road warrior" installer!
 
I need to ask you a few questions before starting the setup.
You can leave the default options and just press enter if you are ok with them.
 
First, provide the IPv4 address of the network interface you want OpenVPN
listening to.
IP address: 192.168.0.2

手动输入你的外网IP

This server is behind NAT. What is the public IPv4 address or hostname?
Public IP address / hostname: 180.76.189.187

选择协议(推荐默认回车)

Which protocol do you want for OpenVPN connections?
1) UDP (recommended)
2) TCP
Protocol [1-2]: 1

端口(建议使用其他端口,不然很容易疯掉的)

What port do you want OpenVPN listening to?
Port: 1194

dns(默认即可回车)

Which DNS do you want to use with the VPN?
1) Current system resolvers
2) 1.1.1.1
3) Google
4) OpenDNS
5) Verisign
DNS [1-5]: 1

创建客户端(名字自定义即可)

Finally, tell me your name for the client certificate.
Please, use one word only, no special characters.
Client name: client

再次敲击回车自动安装

Okay, that was all I needed. We are ready to set up your OpenVPN server now.
Press any key to continue...

配置成功后,客户端会自动分发到如下目录

Your client configuration is available at: /root/client.ovpn
If you want to add more clients, you simply need to run this script again!

客户端增加和删除

[root@instance-7tgaowaa ~]# bash openvpn-install.sh 
Looks like OpenVPN is already installed.
 
What do you want to do?
1) Add a new user
2) Revoke an existing user
3) Remove OpenVPN
4) Exit
Select an option [1-4]:

1.增加客户端

2.删除客户端

3.卸载vpn

4.退出

先演示增加

[root@instance-7tgaowaa ~]# bash openvpn-install.sh 
Looks like OpenVPN is already installed.
 
What do you want to do?
   1) Add a new user
   2) Revoke an existing user
   3) Remove OpenVPN
   4) Exit
Select an option [1-4]: 1
 
Tell me a name for the client certificate.
Please, use one word only, no special characters.
Client name: lucky
 
Using SSL: openssl OpenSSL 1.0.2k-fips  26 Jan 2017
Generating a 2048 bit RSA private key
.........+++
...............+++
writing new private key to '/etc/openvpn/easy-rsa/pki/private/lucky.key.oc26QPYqMq'
-----
Using configuration from ./safessl-easyrsa.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName            :ASN.1 12:'lucky'
Certificate is to be certified until Nov  4 02:40:06 2028 GMT (3650 days)
 
Write out database with 1 new entries
Data Base Updated
 
Client lucky added, configuration is available at: /root/lucky.ovpn

演示删除

[root@instance-7tgaowaa ~]# bash openvpn-install.sh 
Looks like OpenVPN is already installed.
 
What do you want to do?
1) Add a new user
2) Revoke an existing user
3) Remove OpenVPN
4) Exit
Select an option [1-4]: 2
 
Select the existing client certificate you want to revoke:
1) client
2) lucky
Select one client [1-2]: 2
 
Do you really want to revoke access for client lucky? [y/N]: y
Using configuration from ./safessl-easyrsa.cnf
Revoking Certificate 9B734723BBCE013204DBD17D45D5DAF7.
Data Base Updated
 
Using SSL: openssl OpenSSL 1.0.2k-fips 26 Jan 2017
Using configuration from ./safessl-easyrsa.cnf
 
An updated CRL has been created.
CRL file: /etc/openvpn/easy-rsa/pki/crl.pem
 
 
Certificate for client lucky revoked!
[root@instance-7tgaowaa ~]#
  • 内网指向 push "route 172.16.10.0 255.255.255.0"
继续阅读
  • 我的QQ
  • QQ扫一扫
  • weinxin
  • 我的头条
  • 头条扫一扫
  • weinxin
CentOS 最后更新:2021-1-29
IT
  • 本文由 发表于 2020年3月28日13:26:52
  • 除非特殊声明,本站文章均为原创,转载请务必保留本文链接
Teambition 网盘与阿里云盘数据合并说明 CentOS

Teambition 网盘与阿里云盘数据合并说明

前言 Teambition 团队是阿里巴巴的一个创新产品团队,除了你熟悉的 Teambition App,「阿里云盘」也是我们的作品,它们都属于阿里云正在打造的新一代「云服务」。 过去几个月,我们投入...
CentOS8安装Jenkins CentOS

CentOS8安装Jenkins

简述 Jenkins 是最流行的,开源的,基于 Java 的自动化服务器,它允许你很容易的设置一个持续集成和持续发布的管道。 持续集成 (CI)是一个 DevOps 实践。当团队成员正常提交代码到版本...

您必须才能发表评论!