centos8 搭建 vpn
更新系统
更新系统,确保tar wget可用
sudo dnf update
# or
sudo yum update
sudo dnf install tar wget
# or
sudo yum install tar wget
查找并记下服务器的 IPv4 或 IPv6 地址
如果 你在服务器上用命令看这样拿到的私有地址:
ip a
ip a show eth0
eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:16:3e:0a:09:5d brd ff:ff:ff:ff:ff:ff
inet *.*.*.*/16 brd 172.27.255.255 scope global dynamic noprefixroute eth0
valid_lft 290375478sec preferred_lft 290375478sec
inet6 ****::****:****:****:****/64 scope link
valid_lft forever preferred_lft forever
这里需要公网的IP,可以用dig
来查看
dig +short myip.opendns.com @resolver1.opendns.com
# or
dig -4 TXT +short o-o.myaddr.l.google.com @ns1.google.com | awk -F'"' '{ print $2 }'
下载并运行 centos-8-vpn.sh 脚本
curl -O https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh
chmod +x openvpn-install.sh
sudo ./openvpn-install.sh
安装Sever
更具提示填写IP 和其他选项
Welcome to the OpenVPN installer!
The git repository is available at: https://github.com/angristan/openvpn-install
I need to ask you a few questions before starting the setup.
You can leave the default options and just press enter if you are ok with them.
I need to know the IPv4 address of the network interface you want OpenVPN listening to.
Unless your server is behind NAT, it should be your public IPv4 address.
IP address: *.*.*.* # 这里你需要填写公网地址
Checking for IPv6 connectivity...
Your host does not appear to have IPv6 connectivity.
Do you want to enable IPv6 support (NAT)? [y/n]: y
What port do you want OpenVPN to listen to?
1) Default: 1194
2) Custom
3) Random [49152-65535]
Port choice [1-3]: 1
What protocol do you want OpenVPN to use?
UDP is faster. Unless it is not available, you shouldn\'t use TCP.
1) UDP
2) TCP
Protocol [1-2]: 1
What DNS resolvers do you want to use with the VPN?
1) Current system resolvers (from /etc/resolv.conf)
2) Self-hosted DNS Resolver (Unbound)
3) Cloudflare (Anycast: worldwide)
4) Quad9 (Anycast: worldwide)
5) Quad9 uncensored (Anycast: worldwide)
6) FDN (France)
7) DNS.WATCH (Germany)
8) OpenDNS (Anycast: worldwide)
9) Google (Anycast: worldwide)
10) Yandex Basic (Russia)
11) AdGuard DNS (Anycast: worldwide)
12) NextDNS (Anycast: worldwide)
13) Custom
DNS [1-12]: 3
Do you want to use compression? It is not recommended since the VORACLE attack makes use of it.
Enable compression? [y/n]: n
Do you want to customize encryption settings?
Unless you know what you\'re doing, you should stick with the default parameters provided by the script.
Note that whatever you choose, all the choices presented in the script are safe. (Unlike OpenVPN\'s defaults)
See https://github.com/angristan/openvpn-install#security-and-encryption to learn more.
Customize encryption settings? [y/n]: n
生成客户端密钥
最后生成客户端密钥 ,客户端要用这个密钥来链接Server
Tell me a name for the client.
The name must consist of alphanumeric character. It may also include an underscore or a dash.
Client name: vpnClient #文件名称
Do you want to protect the configuration file with a password?
(e.g. encrypt the private key with a password)
1) Add a passwordless client # 有密码
2) Use a password for the client # 无密码
Select an option [1-2]: 2
The configuration file has been written to /root/vpnClient.ovpn.
Download the .ovpn file and import it in your OpenVPN client.
可以看到生成的文件在 /root/vpnClient.ovpn
,把这个文件发给客户端.
启动/停止/重新启动 OpenVPN 服务器
systemctl stop openvpn-server@server.service
systemctl start openvpn-server@server.service
systemctl restart openvpn-server@server.service
systemctl status openvpn-server@server.service
如果成功就会看到:
systemctl status openvpn-server@server.service
● openvpn-server@server.service - OpenVPN service for server
Loaded: loaded (/etc/systemd/system/openvpn-server@.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2022-09-23 16:10:45 CST; 2min 20s ago
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Main PID: 2398216 (openvpn)
Status: "Initialization Sequence Completed"
Tasks: 1 (limit: 49489)
Memory: 1.0M
CGroup: /system.slice/system-openvpn\x2dserver.slice/openvpn-server@server.service
└─2398216 /usr/sbin/openvpn --status /run/openvpn-server/status-server.log --status-version 2 --suppress-timestamps --cipher AES-256-GCM --ncp-ciphers AES-256-GCM:A>
可能遇到的错误
- 找不到openvpn 命令, 安装即可
dnf install openvpn
- cp ***server@.service ,sed 失败找不到目录 , 国内的一些魔改的系统(如:Alibaba Linux) 不被识别 , 所以要修改安装文件 ,就是这个文件
openvpn-install.sh
找到如下:
cp /lib/systemd/system/server@.service
# change to
cp /lib/systemd/system/openvpn-server@.service
客户端
客户端都依赖 Server 生成的 xxx.ovpn
这个文件来进行链接Server
Apple App Store :Apple iOS 客户端
vpnClient.ovpn 微信接收这个文件,然后第三方打开,选择openvpn
Google Play :Android 客户端
和IOS一样
Apple MacOS (OS X): 客户端
Windows 8/10: 客户端
Linux 安装客户端
sudo yum install openvpn
# or
sudo apt install openvpn
# or
sudo dnf install openvpn
把 生成的 vpnClien 文件 cp 到/etc/openvpn/
目录,重启
sudo cp vpnClien.ovpn /etc/openvpn/client.conf
sudo openvpn --client --config /etc/openvpn/desktop.conf
sudo systemctl start openvpn@client
添加或删除 OpenVPN 客户端
服务器再次运行脚本
sudo ./centos-8-vpn.sh
Welcome to OpenVPN-install!
The git repository is available at: https://github.com/angristan/openvpn-install
It looks like OpenVPN is already installed.
What do you want to do?
1) Add a new user # 添加一个新用户
2) Revoke existing user # 移除一个用户
3) Remove OpenVPN # 移除OpenVpn
4) Exit #退出
Select an option [1-4]:
错误排查
journalctl --identifier openvpn
关键
开启 1194 端口
学术研究,请勿作其他用途!!!,