Last active
August 9, 2023 15:15
-
-
Save thesadabc/e05fd7f469486373cf51e647b5e81b4a to your computer and use it in GitHub Desktop.
简单自建openvpn服务器
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# 服务端 | |
export OVPN_DATA=`pwd`/data | |
## 1. 初步构建配置, 这个配置完全不行, 需要再修改route push status等配置 | |
docker run -v `pwd`/data:/etc/openvpn --rm kylemanna/openvpn ovpn_genconfig \ | |
-u udp://x.x.x.x \ | |
-s 10.9.0.0/24 \ | |
-n 8.8.8.8 | |
-p "route 172.20.0.0 255.255.0.0" \ | |
-p "route 8.8.8.8 255.255.255.255" \ | |
-d \ | |
-e'topology subnet' | |
# -u 设置服务地址,可以是域名,对应客户端配置上的remote地址配置, | |
# -s 服务端网段 | |
# -n 客户端使用的dns,看情况与-b参数(block-outside-dns)搭配使用 | |
# -p 推送服务端内网ip等客户端,对应push配置 | |
# -d 关闭客户端默认路由,仅push指定的网段经过服务器,对应取消客户端 redirect-gateway def1 配置 | |
# -e 其他服务端配置。本镜像有问题,不能正确推送服务器网关,需要加这个配置 | |
## 2. 创建证书, 需要输入证书密码 | |
docker run -v $OVPN_DATA:/etc/openvpn --rm -it kylemanna/openvpn ovpn_initpki | |
## 3. 启动服务 | |
docker run --rm --name "openvpn-server" -d -v $OVPN_DATA:/etc/openvpn -p 1194:1194/udp --cap-add=NET_ADMIN kylemanna/openvpn | |
## 4. 服务端流量转发,将vpn网段的流量转发到网卡 | |
docker exec openvpn-server iptables -t nat -A POSTROUTING -s 10.9.0.0/16 -o eth0 -j MASQUERADE | |
# 客户端 | |
## 1. 创建名为 xjpin 的无密码的客户端配置, 需要输入证书密码 | |
docker run -v $OVPN_DATA:/etc/openvpn --rm -it kylemanna/openvpn easyrsa build-client-full xjpin nopass | |
## 2. 导出配置, 可用于客户端连接 | |
docker run -v $OVPN_DATA:/etc/openvpn --rm kylemanna/openvpn ovpn_getclient xjpin > xjpin.ovpn | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment