centos8 搭建 vpn

邱秋 • 2021年11月29日 • 阅读:1273 • linux centos vpn

更新系统

更新系统,确保tar wget可用

sudo dnf update
# or
sudo yum update

sudo dnf install tar wget
# or
sudo yum install tar wget

查找并记下服务器的 IPv4 或 IPv6 地址

如果 你在服务器上用命令看这样拿到的私有地址:

ip a
ip a show eth0
eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:16:3e:0a:09:5d brd ff:ff:ff:ff:ff:ff
    inet *.*.*.*/16 brd 172.27.255.255 scope global dynamic noprefixroute eth0
       valid_lft 290375478sec preferred_lft 290375478sec
    inet6 ****::****:****:****:****/64 scope link
       valid_lft forever preferred_lft forever

这里需要公网的IP,可以用dig 来查看

dig +short myip.opendns.com @resolver1.opendns.com
# or
dig -4 TXT +short o-o.myaddr.l.google.com @ns1.google.com | awk -F'"' '{ print $2 }'

下载并运行 centos-8-vpn.sh 脚本

curl -O https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh

chmod +x openvpn-install.sh

sudo ./openvpn-install.sh

安装Sever

更具提示填写IP 和其他选项


Welcome to the OpenVPN installer!
The git repository is available at: https://github.com/angristan/openvpn-install

I need to ask you a few questions before starting the setup.
You can leave the default options and just press enter if you are ok with them.

I need to know the IPv4 address of the network interface you want OpenVPN listening to.
Unless your server is behind NAT, it should be your public IPv4 address.
IP address: *.*.*.* # 这里你需要填写公网地址

Checking for IPv6 connectivity...

Your host does not appear to have IPv6 connectivity.

Do you want to enable IPv6 support (NAT)? [y/n]: y

What port do you want OpenVPN to listen to?
   1) Default: 1194
   2) Custom
   3) Random [49152-65535]
Port choice [1-3]: 1

What protocol do you want OpenVPN to use?
UDP is faster. Unless it is not available, you shouldn\'t use TCP.
   1) UDP
   2) TCP
Protocol [1-2]: 1

What DNS resolvers do you want to use with the VPN?
   1) Current system resolvers (from /etc/resolv.conf)
   2) Self-hosted DNS Resolver (Unbound)
   3) Cloudflare (Anycast: worldwide)
   4) Quad9 (Anycast: worldwide)
   5) Quad9 uncensored (Anycast: worldwide)
   6) FDN (France)
   7) DNS.WATCH (Germany)
   8) OpenDNS (Anycast: worldwide)
   9) Google (Anycast: worldwide)
   10) Yandex Basic (Russia)
   11) AdGuard DNS (Anycast: worldwide)
   12) NextDNS (Anycast: worldwide)
   13) Custom
DNS [1-12]: 3

Do you want to use compression? It is not recommended since the VORACLE attack makes use of it.
Enable compression? [y/n]: n

Do you want to customize encryption settings?
Unless you know what you\'re doing, you should stick with the default parameters provided by the script.
Note that whatever you choose, all the choices presented in the script are safe. (Unlike OpenVPN\'s defaults)
See https://github.com/angristan/openvpn-install#security-and-encryption to learn more.

Customize encryption settings? [y/n]: n

生成客户端密钥

最后生成客户端密钥 ,客户端要用这个密钥来链接Server

Tell me a name for the client.
The name must consist of alphanumeric character. It may also include an underscore or a dash.
Client name: vpnClient #文件名称

Do you want to protect the configuration file with a password?
(e.g. encrypt the private key with a password)
   1) Add a passwordless client # 有密码
   2) Use a password for the client # 无密码
Select an option [1-2]: 2

The configuration file has been written to /root/vpnClient.ovpn.
Download the .ovpn file and import it in your OpenVPN client.

可以看到生成的文件在 /root/vpnClient.ovpn ,把这个文件发给客户端.

启动/停止/重新启动 OpenVPN 服务器

systemctl stop openvpn-server@server.service

systemctl start openvpn-server@server.service

systemctl restart openvpn-server@server.service

systemctl status openvpn-server@server.service

如果成功就会看到:

systemctl status openvpn-server@server.service
● openvpn-server@server.service - OpenVPN service for server
   Loaded: loaded (/etc/systemd/system/openvpn-server@.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2022-09-23 16:10:45 CST; 2min 20s ago
     Docs: man:openvpn(8)
           https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
           https://community.openvpn.net/openvpn/wiki/HOWTO
 Main PID: 2398216 (openvpn)
   Status: "Initialization Sequence Completed"
    Tasks: 1 (limit: 49489)
   Memory: 1.0M
   CGroup: /system.slice/system-openvpn\x2dserver.slice/openvpn-server@server.service
           └─2398216 /usr/sbin/openvpn --status /run/openvpn-server/status-server.log --status-version 2 --suppress-timestamps --cipher AES-256-GCM --ncp-ciphers AES-256-GCM:A>

可能遇到的错误

  1. 找不到openvpn 命令, 安装即可
dnf install openvpn
  1. cp ***server@.service ,sed 失败找不到目录 , 国内的一些魔改的系统(如:Alibaba Linux) 不被识别 , 所以要修改安装文件 ,就是这个文件openvpn-install.sh找到如下:
cp /lib/systemd/system/server@.service
# change to 
cp /lib/systemd/system/openvpn-server@.service

客户端

客户端都依赖 Server 生成的 xxx.ovpn 这个文件来进行链接Server

Apple App Store :Apple iOS 客户端

vpnClient.ovpn 微信接收这个文件,然后第三方打开,选择openvpn

Google Play :Android 客户端

和IOS一样

Apple MacOS (OS X): 客户端

Windows 8/10: 客户端

Linux 安装客户端

sudo yum install openvpn
# or
sudo apt install openvpn
# or
sudo dnf install openvpn

把 生成的 vpnClien 文件 cp 到/etc/openvpn/ 目录,重启

sudo cp vpnClien.ovpn /etc/openvpn/client.conf

sudo openvpn --client --config /etc/openvpn/desktop.conf

sudo systemctl start openvpn@client

添加或删除 OpenVPN 客户端

服务器再次运行脚本

 sudo ./centos-8-vpn.sh
Welcome to OpenVPN-install!
The git repository is available at: https://github.com/angristan/openvpn-install

It looks like OpenVPN is already installed.

What do you want to do?
   1) Add a new user # 添加一个新用户
   2) Revoke existing user # 移除一个用户
   3) Remove OpenVPN # 移除OpenVpn
   4) Exit #退出
Select an option [1-4]: 

错误排查

journalctl --identifier openvpn

关键

开启 1194 端口

学术研究,请勿作其他用途!!!,

我,秦始皇,打钱!