内容纲要
$ sudo apt-get update && sudo apt-get upgrade
$ sudo apt-get install git
$ cd ~
$ cd clone https://github.com/Nyr/openvpn-install.git
$ cd openvpn-install/
$ ls -1
LICENSE.txt
README.md
openvpn-install.sh
$ chmod +x openvpn-install.sh
$ sudo ./openvpn-install.sh
Welcome to this OpenVPN "road warrior" installer!

I need to ask you a few questions before starting the setup.
You can leave the default options and just press enter if you are ok with them.

First, provide the IPv4 address of the network interface you want OpenVPN
listening to.
IP address: 192.168.10.2

Which protocol do you want for OpenVPN connections?
1) UDP (recommended)
2) TCP
Protocol [1-2]: 1

What port do you want OpenVPN listening to?
Port: 1194

Which DNS do you want to use with the VPN?
1) Current system resolvers
2) 1.1.1.1
3) Google
4) OpenDNS
5) Verisign
DNS [1-5]: 1

Finally, tell me your name for the client certificate.
Please, use one word only, no special characters.
Client name: client

Okay, that was all I needed. We are ready to set up your OpenVPN server now.
Press any key to continue... 
$ cat  /etc/openvpn/server.conf 
port 1194
proto udp
dev tun
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-auth ta.key 0
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
cipher AES-256-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem
$ ip ad | grep tun0
$ ip route | grep tun0

生成客户端配置文件

$ sudo ./openvpn-install.sh
Looks like OpenVPN is already installed.

What do you want to do?
   1) Add a new user
   2) Revoke an existing user
   3) Remove OpenVPN
   4) Exit
Select an option [1-4]: 1

Tell me a name for the client certificate.
Please, use one word only, no special characters.
Client name: josphat.mutai
Generating a 2048 bit RSA private key
...+++
.............................................................................................................................+++
writing new private key to '/etc/openvpn/easy-rsa/pki/private/josphat.mutai.key.8dsSsOTWPe'
-----
Using configuration from ./openssl-easyrsa.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName            :ASN.1 12:'josphat.mutai'
Certificate is to be certified until Jul  4 08:10:32 2028 GMT (3650 days)

Write out database with 1 new entries
Data Base Updated

Client josphat.mutai added, configuration is available at: /root/josphat.mutai.ovpn

下载到客户端,导入到 openvpn 客户端连接。

参考

发表评论

电子邮件地址不会被公开。 必填项已用*标注