安装依赖
#如果是ubuntu20.04,只需要把libssl3删除就可以了
apt install -y bridge-utils dmidecode iptables iproute2 libc6 libffi7 libgcc-s1 liblz4-1 liblzo2-2 libmariadb3 libpcap0.8 libssl3 libstdc++6 libsasl2-2 libsqlite3-0 net-tools python3-pkg-resources python3-migrate python3-sqlalchemy python3-mysqldb python3-ldap3 sqlite3 zlib1g python3-netaddr python3-arrow python3-lxml
apt install openvpn easy-rsa生成密钥
mkdir /etc/openvpn/easy-rsa
cd /etc/openvpn/easy-rsa
./easyrsa init-pki
./easyrsa build-ca
./easyrsa gen-dh
./easyrsa gen-req myservername nopass
./easyrsa sign-req server myservername
cp pki/dh.pem pki/ca.crt pki/issued/myservername.crt pki/private/myservername.key /etc/openvpn/配置openvpn
vim /etc/openvpn/【myservername】.conf
local 152.16.0.243
port 1194
proto tcp
dev tun
ca /etc/openvpn/ca.crt
cert /etc/openvpn/myservername.crt
key /etc/openvpn/myservername.key
dh /etc/openvpn/dh.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
#push "route 39.106.49.170 255.255.255.255"
#push "route 10.8.0.0 255.255.255.0 net_gateway"
#push "redirect-gateway def1 bypass-dhcp"
#push "dhcp-option DNS 114.114.114.114"
#push "dhcp-option DNS 8.8.8.8"
#client-to-client
keepalive 10 120
cipher AES-256-CBC
#tls-auth /etc/openvpn/rsa/ta.key 0
allow-compression yes
comp-lzo
max-clients 100
user root
group root
persist-key
persist-tun
status /var/log/openvpn/openvpn-status.log
log /var/log/openvpn/openvpn.log
log-append /var/log/openvpn/openvpn.log
verb 3
#daemon启动服务
systemctl enable openvpn@myservername
systemctl start openvpn@myservername
systemctl status openvpn@myservername创建客户端密钥
./easyrsa gen-req synology nopass
./easyrsa sign-req client synology
#如果使用yum或apt安装,则命令如下
/usr/share/easy-rsa/easyrsa gen-req thinkpad_qly nopass
/usr/share/easy-rsa/easyrsa sign-req client thinkpad_qly客户端配置文件
client
dev tun
proto tcp
remote 34.14.183.192 1194
resolv-retry infinite
nobind
persist-key
persist-tun
cipher AES-256-CBC
tun-mtu 1500
auth-nocache
comp-lzo
ca ca.crt
cert synology.crt
key synology.key
remote-cert-tls server
verb 3systemctl enable sysstemcopenvpn-client@aliyun
systemctl start sysstemcopenvpn-client@aliyun成功后的配置文件
1、服务器端
port 1194
proto tcp-server
dev tun
local 172.16.0.248
ca /etc/openvpn/server/aliyun/ca.crt
cert /etc/openvpn/server/aliyun/aliyun.crt
key /etc/openvpn/server/aliyun/aliyun.key
dh /etc/openvpn/server/aliyun/dh.pem
mode server
tls-server
topology subnet
push "topology subnet"
ifconfig 192.168.58.1 255.255.254.0
ifconfig-pool 192.168.58.0 192.168.58.253
route-gateway 192.168.58.1
push "route-gateway 192.168.58.1"
client-config-dir /etc/openvpn/server/aliyun/ccd
#push "dhcp-option DNS 8.8.8.8"
#push "dhcp-option DNS 8.8.4.4"
client-to-client
keepalive 10 300
comp-lzo
#data-ciphers-fallback BF-CBC
cipher AES-256-CBC
user root
group root
persist-key
persist-tun
status /etc/openvpn/openvpn-status.log
verb 3
daemon2、客户端
# vim /etc/openvpn/server/aliyun.conf
client
dev tun
proto tcp
remote openvpn服务器地址 1194
resolv-retry infinite
nobind
persist-key
persist-tun
cipher AES-256-CBC
tun-mtu 1500
auth-nocache
comp-lzo
ca ca.crt
cert ops.crt
key ops.key
remote-cert-tls server
verb 3