Linux - openvpn seutp automatically
来源:互联网 发布:减肥晚上吃什么 知乎 编辑:程序博客网 时间:2024/05/17 08:12
How to setup a vpn service ?
If you want to setup a vpn service, please try the following bash script.
root@sh:/tmp/openvpn# bash setup.sh[*] Step 1 - Install OpenVPN....[*] Step 2 - Configure OpenVPN...[*] Step 3 - Enable Packet Forwarding...[*] Step 4 - Install and Configure ufw...[*] Step 5 - Configure and Build the Certificate Authority...Generating DH parameters, 2048 bit long safe prime, generator 2This is going to take a long time............................................................................+............................................................................................................+..................................................................................................+......................+....................................................+...............................................................+.............................................................................................................................................................+........................+.......................+..............................................+......+.......................................+............................................................................................................................................................................................................................................................................................................................+.............................................................................................+.....+..............................................+...............................................................+................................................................+...........................................................................................................................................+...................+................................................+.....................................................+....+..................................................................+............................................................................+................................................+.....................................................................................................................................................................................................................+....................................+.............................................................................................................................+..............................................................................................................+............+...........................................................................................................................................................................................................................................................................................................................................................................................................................................................+.................................................+.............................................+..............................................+...........................................+..................................+..............+....................................................+...........................................................................+...............................................................................................................................+..............................................................................................................................................+......................................................................................................................................................................................................................+...................................................................................................................................................................................................................................................+......................................................................................................................................................................................................................................................................+.................................................................................+................................................................+..........................................................................................+...............................................................................+.....................................................................+.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................+........................................................................+......................................................................................................................................................................+.................................................+...................................................................................................................+................................................+...................................................................+.................................................................................+.........................................................................................+............+.......................................................................................................................+..........+........................................................................................+......................................................+......................................................................................................................................................................................................................................................................................................................................................................................................................................................................+.................................................................................................+................................................+.......................................................................................+.................................................................................................................................+........+......+...........................................................................................................................................................................................................................................................+......................+...............................................+............+.............................................................................................................................................+..............................................................................................................................................................................................................................................+.....................................................................................................................................+...................................................................................+....................................+......................+.................................................................................................................+..+.............................+.....................................................................................................................................+....+...................+............+.......................................................++*++*NOTE: If you run ./clean-all, I will be doing a rm -rf on /etc/openvpn/easy-rsa/keysGenerating a 2048 bit RSA private key.........................................+++................................................+++writing new private key to 'ca.key'-----You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [US]:State or Province Name (full name) [CA]:Locality Name (eg, city) [SanFrancisco]:Organization Name (eg, company) [Fort-Funston]:Organizational Unit Name (eg, section) [IT]:Common Name (eg, your name or your server's hostname) [Fort-Funston CA]:Name [server]:Email Address [someone@demo.com]:[*] Step 6 - Generate a Certificate and Key for the Server...Generating a 2048 bit RSA private key..............+++.....................................................................................................................................+++writing new private key to 'server.key'-----You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [US]:State or Province Name (full name) [CA]:Locality Name (eg, city) [SanFrancisco]:Organization Name (eg, company) [Fort-Funston]:Organizational Unit Name (eg, section) [IT]:Common Name (eg, your name or your server's hostname) [server]:Name [server]:Email Address [someone@demo.com]:Please enter the following 'extra' attributesto be sent with your certificate requestA challenge password []:An optional company name []:Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnfCheck that the request matches the signatureSignature okThe Subject's Distinguished Name is as followscountryName :PRINTABLE:'US'stateOrProvinceName :PRINTABLE:'CA'localityName :PRINTABLE:'SanFrancisco'organizationName :PRINTABLE:'Fort-Funston'organizationalUnitName:PRINTABLE:'IT'commonName :PRINTABLE:'server'name :PRINTABLE:'server'emailAddress :IA5STRING:'someone@demo.com'Certificate is to be certified until Dec 10 05:25:25 2026 GMT (3650 days)Sign the certificate? [y/n]:CERTIFICATE WILL NOT BE CERTIFIED[*] Step 7 - Move the Server Certificates and Keys...� openvpn@server.service - OpenVPN connection to server Loaded: loaded (/lib/systemd/system/openvpn@.service; disabled) Active: active (running) since Mon 2016-12-12 05:35:28 UTC; 10s ago Process: 30657 ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --config /etc/openvpn/%i.conf (code=exited, status=0/SUCCESS) Main PID: 30665 (openvpn) CGroup: /system.slice/system-openvpn.slice/openvpn@server.service ��30665 /usr/sbin/openvpn --daemon ovpn-server --status /run/openvpn/server.status 10 --cd /etc/openvpn --config /etc/openvpn/server.conf[*] Step 8 - Generate Certificates and Keys for Clients...Generating a 2048 bit RSA private key........+++........................................................................................+++writing new private key to 'client1.key'-----You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Country Name (2 letter code) [US]:State or Province Name (full name) [CA]:Locality Name (eg, city) [SanFrancisco]:Organization Name (eg, company) [Fort-Funston]:Organizational Unit Name (eg, section) [IT]:Common Name (eg, your name or your server's hostname) [client1]:Name [server]:Email Address [someone@demo.com]:Please enter the following 'extra' attributesto be sent with your certificate requestA challenge password []:An optional company name []:Using configuration from /etc/openvpn/easy-rsa/openssl-1.0.0.cnfCheck that the request matches the signatureSignature okThe Subject's Distinguished Name is as followscountryName :PRINTABLE:'US'stateOrProvinceName :PRINTABLE:'CA'localityName :PRINTABLE:'SanFrancisco'organizationName :PRINTABLE:'Fort-Funston'organizationalUnitName:PRINTABLE:'IT'commonName :PRINTABLE:'client1'name :PRINTABLE:'server'emailAddress :IA5STRING:'someone@demo.com'Certificate is to be certified until Dec 10 05:29:46 2026 GMT (3650 days)Sign the certificate? [y/n]:CERTIFICATE WILL NOT BE CERTIFIEDsed: -e expression #1, char 35: unknown option to `s'[*] Step 9 - Creating a Unified OpenVPN Profile for Client Devices...[*] Step 10 - How to connect openvpn ? - Linux : openvpn --config /etc/openvpn/easy-rsa/keys/client.ovpn - Mac OSX : Tunnelblick
How to connect to openvpn server ?
Linux :
Please download /etc/openvpn/easy-rsa/keys/client.ovpn, and use it in your lab.openvpn --config /etc/openvpn/easy-rsa/keys/client.ovpn
Mac OSX :
If you a mac user, you can use GUI software called Tunnelblick.Tunnelblick
Bash script code
#!/bin/bash# https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-debian-8# Author: Nixawk# Tested on:# - Debian GNU/Linux 8# - Kali LinuxOPENVPN_SERVER=$(ip route get 8.8.8.8 | awk 'NR==1 {print $NF}') # Your server ipOPENVPN_DNSSERVER1='208.67.222.222' # dns server, /etc/openvpn/server.confOPENVPN_DNSSERVER2='208.67.220.220' # dns server, /etc/openvpn/server.confecho "[*] Step 1 - Install OpenVPN...."apt-get -y update > /dev/null# apt-get -y upgrade > /dev/nullapt-get -y install openvpn easy-rsa > /dev/nullecho "[*] Step 2 - Configure OpenVPN..."gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz > /etc/openvpn/server.confsed -i 's/dh dh1024.pem/dh dh2048.pem/' /etc/openvpn/server.confsed -i 's/;push "redirect-gateway def1 bypass-dhcp"/push "redirect-gateway def1 bypass-dhcp"/' /etc/openvpn/server.confsed -i "s/;push \"dhcp-option DNS 208.67.222.222\"/push \"dhcp-option DNS $OPENVPN_DNSSERVER1\"/" /etc/openvpn/server.confsed -i "s/;push \"dhcp-option DNS 208.67.220.220\"/push \"dhcp-option DNS $OPENVPN_DNSSERVER2\"/" /etc/openvpn/server.confsed -i 's/;user nobody/user nobody/' /etc/openvpn/server.confsed -i 's/;group nogroup/group nogroup/' /etc/openvpn/server.confecho "[*] Step 3 - Enable Packet Forwarding..."echo 1 > /proc/sys/net/ipv4/ip_forwardsed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.confecho "[*] Step 4 - Install and Configure ufw..."# Please adjust firewall rules yourself.# apt-get -y install ufw# ufw allow ssh# ufw allow 1194/udp# sed -i 's/DEFAULT_FORWARD_POLICY="DROP"/DEFAULT_FORWARD_POLICY="ACCEPT"/' /etc/default/ufw# ufw enableecho "[*] Step 5 - Configure and Build the Certificate Authority..."cp -r /usr/share/easy-rsa/ /etc/openvpnmkdir /etc/openvpn/easy-rsa/keys# sed -i 's/export KEY_COUNTRY="US"//' /etc/openvpn/easy-rsa/vars# sed -i 's/export KEY_PROVINCE="CA"//' /etc/openvpn/easy-rsa/vars# sed -i 's/export KEY_CITY="SanFrancisco"//' /etc/openvpn/easy-rsa/vars# sed -i 's/export KEY_ORG="Fort-Funston"//' /etc/openvpn/easy-rsa/varssed -i 's/export KEY_EMAIL="me@myhost.mydomain"/export KEY_EMAIL="someone@demo.com"/' /etc/openvpn/easy-rsa/varssed -i 's/export KEY_OU="MyOrganizationalUnit"/export KEY_OU="IT"/' /etc/openvpn/easy-rsa/varssed -i 's/export KEY_NAME="EasyRSA"/export KEY_NAME="server"/' /etc/openvpn/easy-rsa/varsopenssl dhparam -out /etc/openvpn/dh2048.pem 2048cd /etc/openvpn/easy-rsa && . ./vars./clean-all# Build CA using an OpenSSL command. This command will prompt you for a confirmation of "Distinguished Name" variables../build-caecho "[*] Step 6 - Generate a Certificate and Key for the Server..."./build-key-server serverecho "[*] Step 7 - Move the Server Certificates and Keys..."cp /etc/openvpn/easy-rsa/keys/{server.crt,server.key,ca.crt} /etc/openvpnsystemctl start openvpn@server.servicesystemctl status openvpn@server.service# openvpn clients: no internet access after a connectioniptables -t nat -A POSTROUTING -s 10.8.0.0/16 -o eth0 -j SNAT --to "$OPENVPN_SERVER"echo "[*] Step 8 - Generate Certificates and Keys for Clients..."cd /etc/openvpn/easy-rsacp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/easy-rsa/keys/client.ovpnsed -i "s/remote my-server-1 1194/remote $OPENVPN_SERVER 1194/" /etc/openvpn/easy-rsa/keys/client.ovpnsed -i 's/;user nobody/user nobody/' /etc/openvpn/easy-rsa/keys/client.ovpnsed -i 's/;group nogroup/group nogroup/' /etc/openvpn/easy-rsa/keys/client.ovpn./build-key client1sed -i 's/ca ca.crt/# ca ca.crt/' /etc/openvpn/easy-rsa/keys/client.ovpnsed -i 's/cert client.crt/# cert client.crt/' /etc/openvpn/easy-rsa/keys/client.ovpnsed -i 's/key client.key/# key client.key/'/etc/openvpn/easy-rsa/keys/client.ovpnecho "[*] Step 9 - Creating a Unified OpenVPN Profile for Client Devices..."echo '<ca>' >> /etc/openvpn/easy-rsa/keys/client.ovpncat /etc/openvpn/ca.crt >> /etc/openvpn/easy-rsa/keys/client.ovpnecho '</ca>' >> /etc/openvpn/easy-rsa/keys/client.ovpnecho '<cert>' >> /etc/openvpn/easy-rsa/keys/client.ovpncat /etc/openvpn/easy-rsa/keys/client1.crt >> /etc/openvpn/easy-rsa/keys/client.ovpnecho '</cert>' >> /etc/openvpn/easy-rsa/keys/client.ovpnecho '<key>' >> /etc/openvpn/easy-rsa/keys/client.ovpncat /etc/openvpn/easy-rsa/keys/client1.key >> /etc/openvpn/easy-rsa/keys/client.ovpnecho '</key>' >> /etc/openvpn/easy-rsa/keys/client.ovpnecho "[*] Step 10 - How to connect openvpn ?"echo "Liinx : openvpn --config /etc/openvpn/easy-rsa/keys/client.ovpn"echo "Mac OSX: Tunnelblick"
References
- https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-debian-8
0 0
- Linux - openvpn seutp automatically
- Linux下配置OpenVPN
- Linux的openvpn
- openvpn安装(linux)
- linux下openvpn搭建
- linux安装openvpn手记
- Linux中安装OpenVPN
- linux 下openvpn安装
- Linux logged out a user automatically
- Linux VPN服务器之OpenVPN
- linux下的openvpn搭建
- linux openvpn 客户端连接配置
- openvpn 2.4.3安装-linux
- linux下openvpn服务器搭建
- OpenVPN
- OpenVPN
- openVPN
- openVPN
- Android自定义一个属于自己的时间钟表
- windows 如何安装pip
- setFirstDayOfWeek 不起作用,疑惑?
- mysql查询语句select-(null,not null,is null和is not null)
- AS出现Error:(1, 0) Plugin with id' com.android.application' not found.
- Linux - openvpn seutp automatically
- 两种方法实现VersionCode和VersionName自增
- 平淡日子里看见自己
- eclipse导入maven工程
- PC上安装多个操作系统
- Java网络编程
- 关于mac 执行rails c出现completion.rb:9:in `require': dlopen(/Users/guoyoujin/.rvm/rubies/ruby-2.2.5/lib/ru
- iFunk翼真机曝光,实拍美爆了!
- intellij idea "cannot resolve property key"