CentOS7 配置 VPNServer 及 使用shadowsocks代理的方法

VPN

#!/bin/bashfunction installVPN(){echo "begin to install VPN services";#check wether vps suppot ppp and tun#判断centos版本if grep -Eqi "release 5." /etc/redhat-release; thenver1='5'elif grep -Eqi "release 6." /etc/redhat-release; thenver1='6'elif grep -Eqi "release 7." /etc/redhat-release; thenver1='7'fiyum install curl -yyum install epel-release -yif [ "$ver1" == "7" ]; then#centos7要安装iptables把默认防火墙关了。systemctl stop firewalld.servicesystemctl disable firewalld.serviceyum install iptables-services -y#centos7需要加这个权限，否则不会开机自动执行chmod +x /etc/rc.d/rc.localfi#先删除已经安装的pptpd和ppprm -rf /etc/pptpd.confrm -rf /etc/pppyum install -y ppp pptpd#写配置文件mknod /dev/ppp c 108 0 echo 1 > /proc/sys/net/ipv4/ip_forward echo "mknod /dev/ppp c 108 0" >> /etc/rc.localecho "echo 1 > /proc/sys/net/ipv4/ip_forward" >> /etc/rc.localecho "localip 172.16.36.1" >> /etc/pptpd.confecho "remoteip 172.16.36.2-254" >> /etc/pptpd.confecho "ms-dns 8.8.8.8" >> /etc/ppp/options.pptpdecho "ms-dns 8.8.4.4" >> /etc/ppp/options.pptpdpass=`openssl rand 6 -base64`if [ "$1" != "" ]then pass=$1fiecho "vpn pptpd ${pass} *" >> /etc/ppp/chap-secretsiptables -t nat -A POSTROUTING -s 172.16.36.0/24 -j SNAT --to-source `curl ip.cn | awk -F ' ' '{print $2}' | awk -F '：' '{print $2}'`iptables -A FORWARD -p tcp --syn -s 172.16.36.0/24 -j TCPMSS --set-mss 1356iptables -I INPUT -p gre -j ACCEPTiptables -I INPUT -p tcp -m tcp --dport 1723 -j ACCEPTservice iptables saveif [ "ver1" == "7" ]; thensystemctl enable iptables.servicesystemctl enable pptpd.servicesystemctl restart iptables.servicesystemctl restart pptpd.serviceelsechkconfig iptables onchkconfig pptpd onservice iptables startservice pptpd startfiecho "================================================"echo "pptpd vpn一键安装包"echo -e "VPN的初始用户名是：\033[41;37m vpn  \033[0m, 初始密码是： \033[41;37m ${pass}  \033[0m"echo "你也可以直接 vi /etc/ppp/chap-secrets修改用户名和密码"echo "================================================"}function addVPNuser(){echo "input user name:"read usernameecho "input password:"read userpasswordecho "${username} pptpd ${userpassword} *" >> /etc/ppp/chap-secretsservice iptables restartservice pptpd start}echo "which do you want to?input the number."echo "1. install VPN service"echo "2. add VPN user"read numcase "$num" in[1] ) (installVPN);;[2] ) (addVPNuser);;*) echo "nothing,exit";;esac

shadowsocks

1.安装pip由于安装的是python 版本的 shadowsocks，所以首先安装pip$ curl "https://bootstrap.pypa.io/get-pip.py" -o "get-pip.py"$ python get-pip.py2.安装shadowsocks$ pip install --upgrade pip$ pip install shadowsocks3.创建配置文件创建文件所在目录:/etc#创建文件命令,$ vi /etc/shadowsocks.json#若进入了etc目录$ vi shadowsocks.json配置文件内容：单端口：{"server":"0.0.0.0","server_port":8989,"local_address":"127.0.0.1","local_port":1080,"password":"tokyopwd","timeout":300,"method":"rc4-md5","fast_open": false,"workers": 1}-----参考----多端口：{"server":"0.0.0.0","local_address":"127.0.0.1","local_port":1080,"port_password":{ --每个端口对应一个密码"1111":"password1","1112":"password2","1113":"password3"},"timeout":300,"method":"aes-256-cfb","fast_open":false}----参考-----4.启动shadowsocks#启动ssserver -c /etc/shadowsocks.json -d start#停止ssserver -c /etc/shadowsocks.json -d stop#重启ssserver -c /etc/shadowsocks.json -d restart启动成功即可通过ss客户端使用。在window端可以在控制台通过以下命令查看端口是否打开telnet {ip} {potr}--------------------可选---------------------5.配置自启动新建启动脚本文件/etc/systemd/system/shadowsocks.service，内容如下：[Unit]Description=Shadowsocks[Service]TimeoutStartSec=0ExecStart=/usr/bin/ssserver -c /etc/shadowsocks.json[Install]WantedBy=multi-user.target通过以下命令注册，启动服务$ systemctl enable shadowsocks$ systemctl start shadowsocks启动后可以查看服务状态$ systemctl status shadowsocks -l若启动成功：● shadowsocks.service - ShadowsocksLoaded: loaded (/etc/systemd/system/shadowsocks.service; enabled; vendor preset: disabled)Active: active (running) since Sun 2017-08-13 18:03:41 CST; 1h 29min agoMain PID: 9567 (ssserver)CGroup: /system.slice/shadowsocks.service└─9567 /usr/bin/python2 /usr/bin/ssserver -c /etc/shadowsocks.json6.firewalld防火墙centos7用的firewalld，若不进行设置，可能会导致SS无法使用--------------------可选---------------------# 开放端口iptables -I INPUT -p tcp --dport 8989-j ACCEPT