更新系统
更新系统,确保tar wget可用
代码语言:javascript复制sudo dnf update
# or
sudo yum update
sudo dnf install tar wget
# or
sudo yum install tar wget
查找并记下服务器的 IPv4 或 IPv6 地址
如果 你在服务器上用命令看这样拿到的私有地址:
代码语言:javascript复制ip a
ip a show eth0
代码语言:javascript复制eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:16:3e:0a:09:5d brd ff:ff:ff:ff:ff:ff
inet *.*.*.*/16 brd 172.27.255.255 scope global dynamic noprefixroute eth0
valid_lft 290375478sec preferred_lft 290375478sec
inet6 ****::****:****:****:****/64 scope link
valid_lft forever preferred_lft forever
这里需要公网的IP,可以用dig
来查看
dig short myip.opendns.com @resolver1.opendns.com
# or
dig -4 TXT short o-o.myaddr.l.google.com @ns1.google.com | awk -F'"' '{ print $2 }'
下载并运行 centos-8-vpn.sh 脚本
代码语言:javascript复制wget https://raw.githubusercontent.com/Angristan/openvpn-install/master/openvpn-install.sh -O centos-8-vpn.sh
chmod x centos-8-vpn.sh
sudo ./centos-8-vpn.sh
更具提示填写IP 和其他选项
代码语言:javascript复制Welcome to the OpenVPN installer!
The git repository is available at: https://github.com/angristan/openvpn-install
I need to ask you a few questions before starting the setup.
You can leave the default options and just press enter if you are ok with them.
I need to know the IPv4 address of the network interface you want OpenVPN listening to.
Unless your server is behind NAT, it should be your public IPv4 address.
IP address: *.*.*.* # 这里你需要填写公网地址
Checking for IPv6 connectivity...
Your host does not appear to have IPv6 connectivity.
Do you want to enable IPv6 support (NAT)? [y/n]: y
What port do you want OpenVPN to listen to?
1) Default: 1194
2) Custom
3) Random [49152-65535]
Port choice [1-3]: 1
What protocol do you want OpenVPN to use?
UDP is faster. Unless it is not available, you shouldn't use TCP.
1) UDP
2) TCP
Protocol [1-2]: 1
What DNS resolvers do you want to use with the VPN?
1) Current system resolvers (from /etc/resolv.conf)
2) Self-hosted DNS Resolver (Unbound)
3) Cloudflare (Anycast: worldwide)
4) Quad9 (Anycast: worldwide)
5) Quad9 uncensored (Anycast: worldwide)
6) FDN (France)
7) DNS.WATCH (Germany)
8) OpenDNS (Anycast: worldwide)
9) Google (Anycast: worldwide)
10) Yandex Basic (Russia)
11) AdGuard DNS (Anycast: worldwide)
12) NextDNS (Anycast: worldwide)
13) Custom
DNS [1-12]: 3
Do you want to use compression? It is not recommended since the VORACLE attack makes use of it.
Enable compression? [y/n]: n
Do you want to customize encryption settings?
Unless you know what you're doing, you should stick with the default parameters provided by the script.
Note that whatever you choose, all the choices presented in the script are safe. (Unlike OpenVPN's defaults)
See https://github.com/angristan/openvpn-install#security-and-encryption to learn more.
Customize encryption settings? [y/n]: n
最后生成客户端密钥
代码语言:javascript复制Tell me a name for the client.
The name must consist of alphanumeric character. It may also include an underscore or a dash.
Client name: vpnClient #文件名称
Do you want to protect the configuration file with a password?
(e.g. encrypt the private key with a password)
1) Add a passwordless client # 有密码
2) Use a password for the client # 无密码
Select an option [1-2]: 2
The configuration file has been written to /root/vpnClient.ovpn.
Download the .ovpn file and import it in your OpenVPN client.
可以看到生成的文件在 /root/vpnClient.ovpn
启动/停止/重新启动 OpenV** 服务器
代码语言:javascript复制systemctl stop openvpn-server@server.service
systemctl start openvpn-server@server.service
systemctl restart openvpn-server@server.service
systemctl status openvpn-server@server.service
如果成功就会看到:
代码语言:javascript复制systemctl status openvpn-server@server.service
● openvpn-server@server.service - OpenVPN service for server
Loaded: loaded (/etc/systemd/system/openvpn-server@.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2022-09-23 16:10:45 CST; 2min 20s ago
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Main PID: 2398216 (openvpn)
Status: "Initialization Sequence Completed"
Tasks: 1 (limit: 49489)
Memory: 1.0M
CGroup: /system.slice/system-openvpnx2dserver.slice/openvpn-server@server.service
└─2398216 /usr/sbin/openvpn --status /run/openvpn-server/status-server.log --status-version 2 --suppress-timestamps --cipher AES-256-GCM --ncp-ciphers AES-256-GCM:A>
客户端
Apple App Store :Apple iOS 客户端 Google Play :Android 客户端 Apple MacOS (OS X): 客户端 Windows 8/10: 客户端
Linux 安装客户端
代码语言:javascript复制sudo yum install openvpn
# or
sudo apt install openvpn
# or
sudo dnf install openvpn
把 生成的 vpnClien 文件 cp 到/etc/openvpn/
目录,重启
sudo cp vpnClien.ovpn /etc/openvpn/client.conf
sudo openvpn --client --config /etc/openvpn/desktop.conf
sudo systemctl start openvpn@client
添加或删除 OpenV** 客户端
服务器再次运行脚本
代码语言:javascript复制 sudo ./centos-8-vpn.sh
代码语言:javascript复制Welcome to OpenVPN-install!
The git repository is available at: https://github.com/angristan/openvpn-install
It looks like OpenVPN is already installed.
What do you want to do?
1) Add a new user # 添加一个新用户
2) Revoke existing user # 移除一个用户
3) Remove OpenVPN # 移除OpenVpn
4) Exit #退出
Select an option [1-4]:
错误排查
代码语言:javascript复制journalctl --identifier openvpn
关键
开启 1194 端口
学术研究,请勿作其他用途!!!,