centos8 搭建 v**

2022-10-25 15:09:51 浏览数 (3)

更新系统

更新系统,确保tar wget可用

代码语言:javascript复制
sudo dnf update
# or
sudo yum update

sudo dnf install tar wget
# or
sudo yum install tar wget

查找并记下服务器的 IPv4 或 IPv6 地址

如果 你在服务器上用命令看这样拿到的私有地址:

代码语言:javascript复制
ip a
ip a show eth0
代码语言:javascript复制
eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:16:3e:0a:09:5d brd ff:ff:ff:ff:ff:ff
    inet *.*.*.*/16 brd 172.27.255.255 scope global dynamic noprefixroute eth0
       valid_lft 290375478sec preferred_lft 290375478sec
    inet6 ****::****:****:****:****/64 scope link
       valid_lft forever preferred_lft forever

这里需要公网的IP,可以用dig 来查看

代码语言:javascript复制
dig  short myip.opendns.com @resolver1.opendns.com
# or
dig -4 TXT  short o-o.myaddr.l.google.com @ns1.google.com | awk -F'"' '{ print $2 }'

下载并运行 centos-8-vpn.sh 脚本

代码语言:javascript复制
wget https://raw.githubusercontent.com/Angristan/openvpn-install/master/openvpn-install.sh -O centos-8-vpn.sh

chmod  x centos-8-vpn.sh

sudo ./centos-8-vpn.sh

更具提示填写IP 和其他选项

代码语言:javascript复制
Welcome to the OpenVPN installer!
The git repository is available at: https://github.com/angristan/openvpn-install

I need to ask you a few questions before starting the setup.
You can leave the default options and just press enter if you are ok with them.

I need to know the IPv4 address of the network interface you want OpenVPN listening to.
Unless your server is behind NAT, it should be your public IPv4 address.
IP address: *.*.*.* # 这里你需要填写公网地址

Checking for IPv6 connectivity...

Your host does not appear to have IPv6 connectivity.

Do you want to enable IPv6 support (NAT)? [y/n]: y

What port do you want OpenVPN to listen to?
   1) Default: 1194
   2) Custom
   3) Random [49152-65535]
Port choice [1-3]: 1

What protocol do you want OpenVPN to use?
UDP is faster. Unless it is not available, you shouldn't use TCP.
   1) UDP
   2) TCP
Protocol [1-2]: 1

What DNS resolvers do you want to use with the VPN?
   1) Current system resolvers (from /etc/resolv.conf)
   2) Self-hosted DNS Resolver (Unbound)
   3) Cloudflare (Anycast: worldwide)
   4) Quad9 (Anycast: worldwide)
   5) Quad9 uncensored (Anycast: worldwide)
   6) FDN (France)
   7) DNS.WATCH (Germany)
   8) OpenDNS (Anycast: worldwide)
   9) Google (Anycast: worldwide)
   10) Yandex Basic (Russia)
   11) AdGuard DNS (Anycast: worldwide)
   12) NextDNS (Anycast: worldwide)
   13) Custom
DNS [1-12]: 3

Do you want to use compression? It is not recommended since the VORACLE attack makes use of it.
Enable compression? [y/n]: n

Do you want to customize encryption settings?
Unless you know what you're doing, you should stick with the default parameters provided by the script.
Note that whatever you choose, all the choices presented in the script are safe. (Unlike OpenVPN's defaults)
See https://github.com/angristan/openvpn-install#security-and-encryption to learn more.

Customize encryption settings? [y/n]: n

最后生成客户端密钥

代码语言:javascript复制
Tell me a name for the client.
The name must consist of alphanumeric character. It may also include an underscore or a dash.
Client name: vpnClient #文件名称

Do you want to protect the configuration file with a password?
(e.g. encrypt the private key with a password)
   1) Add a passwordless client # 有密码
   2) Use a password for the client # 无密码
Select an option [1-2]: 2

The configuration file has been written to /root/vpnClient.ovpn.
Download the .ovpn file and import it in your OpenVPN client.

可以看到生成的文件在 /root/vpnClient.ovpn

启动/停止/重新启动 OpenV** 服务器

代码语言:javascript复制
systemctl stop openvpn-server@server.service

systemctl start openvpn-server@server.service

systemctl restart openvpn-server@server.service

systemctl status openvpn-server@server.service

如果成功就会看到:

代码语言:javascript复制
systemctl status openvpn-server@server.service
● openvpn-server@server.service - OpenVPN service for server
   Loaded: loaded (/etc/systemd/system/openvpn-server@.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2022-09-23 16:10:45 CST; 2min 20s ago
     Docs: man:openvpn(8)
           https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
           https://community.openvpn.net/openvpn/wiki/HOWTO
 Main PID: 2398216 (openvpn)
   Status: "Initialization Sequence Completed"
    Tasks: 1 (limit: 49489)
   Memory: 1.0M
   CGroup: /system.slice/system-openvpnx2dserver.slice/openvpn-server@server.service
           └─2398216 /usr/sbin/openvpn --status /run/openvpn-server/status-server.log --status-version 2 --suppress-timestamps --cipher AES-256-GCM --ncp-ciphers AES-256-GCM:A>

客户端

Apple App Store :Apple iOS 客户端 Google Play :Android 客户端 Apple MacOS (OS X): 客户端 Windows 8/10: 客户端

Linux 安装客户端

代码语言:javascript复制
sudo yum install openvpn
# or
sudo apt install openvpn
# or
sudo dnf install openvpn

把 生成的 vpnClien 文件 cp 到/etc/openvpn/ 目录,重启

代码语言:javascript复制
sudo cp vpnClien.ovpn /etc/openvpn/client.conf

sudo openvpn --client --config /etc/openvpn/desktop.conf

sudo systemctl start openvpn@client

添加或删除 OpenV** 客户端

服务器再次运行脚本

代码语言:javascript复制
 sudo ./centos-8-vpn.sh
代码语言:javascript复制
Welcome to OpenVPN-install!
The git repository is available at: https://github.com/angristan/openvpn-install

It looks like OpenVPN is already installed.

What do you want to do?
   1) Add a new user # 添加一个新用户
   2) Revoke existing user # 移除一个用户
   3) Remove OpenVPN # 移除OpenVpn
   4) Exit #退出
Select an option [1-4]: 

错误排查

代码语言:javascript复制
journalctl --identifier openvpn

关键

开启 1194 端口

学术研究,请勿作其他用途!!!,

1 人点赞