debian 安装配置 openvpn

小白

本片文章主要讲述如何在vps上安装以及配置openvpn。本人已经在tinyvz的 vps上测试成功！

——

0）安装openvpn之前的任务

# apt-get update
# apt-get upgrade
# apt-get install iptables -y


1) 下载并且安装OpenVPN

# apt-get install openvpn

2) 移动相关文件到确定的地方

# cp -R /usr/share/doc/openvpn/examples/easy-rsa /etc/openvpn

3) 创建服务器以及客户端相关证书

# cd /etc/openvpn/easy-rsa/2.0

# . ./vars     

# ./clean-all     

# ./build-ca

# ./build-key-server server

# ./build-key client1

# ./build-dh

请一路回车, 如果需要回答 yes/no 请回答 yes

在输密码处不要输入密码，直接按回车确认

4) 配置 iptables 规则：

# chmod 755 /etc/rc.local

# nano /etc/rc.local

默认内容如下所述

#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.

exit 0

我们在 “exit 0″之前添加如下内容

用你自己的ip地址来替换 “208.110.73.134″

如下所示

#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.

# add iptables rule for openvpn
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j SNAT --to 208.110.73.134

exit 0

5) 创建openvpn 配置文件

# nano /etc/openvpn/openvpn.conf

插入如下内容

    dev tun
    proto tcp
    port 1194

    ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
    cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
    key /etc/openvpn/easy-rsa/2.0/keys/server.key
    dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem

    user nobody
    group nogroup
    server 10.8.0.0 255.255.255.0

    persist-key
    persist-tun

    #status openvpn-status.log
    #verb 3
    client-to-client

    push "redirect-gateway def1"
    push "dhcp-option DNS 8.8.8.8"
    push "dhcp-option DNS 4.2.2.4"

    comp-lzo

6) 启动 OpenVPN:

# /etc/init.d/openvpn start
# /etc/rc.local &

—————

现在下载下述文件到客户端（windows）

/etc/openvpn/easy-rsa/2.0/keys/ca.crt

/etc/openvpn/easy-rsa/2.0/keys/client1.crt

/etc/openvpn/easy-rsa/2.0/keys/client1.key

最后，创建客户端配置文件(client.ovpn)，内容如下所述

client
dev tun
proto tcp

# The hostname/IP and port of the server.
# CHANGE THIS TO YOUR VPS IP ADDRESS
remote 208.110.73.134 1194

resolv-retry infinite
nobind

persist-key
persist-tun

ca ca.crt
cert client1.crt
key client1.key

comp-lzo
verb 3

———–

OpenVPN windows 客户端 http://deploy.ramhost.org/vps/openvpn-2.0.9-gui-1.0.3-install.exe

安装好客户端后 把上述三个文档以及自己创建的配置文件放入C:\Program Files\OpenVPN\config目录然后启动即可。

smyz

技术贴~

wahyan

很多步骤啊

dstwhk

好长 很有难度

mojave

现在都玩goagent了，玩vpn多不好

ybs885

技术贴。。支持下