-
-
Save zhoukekestar/734447cf33845eed3ca455216e319847 to your computer and use it in GitHub Desktop.
openvpn on aliyun
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Aliyun OpenVPN: https://help.aliyun.com/knowledge_detail/42521.html | |
# sudo bash update_source.sh // usa can't visit mirrors.aliyun.com | |
yum install -y lzo lzo-devel openssl openssl-devel pam pam-devel pkcs11-helper pkcs11-helper-devel | |
rpm -qa lzo lzo-devel openssl openssl-devel pam pam-devel pkcs11-helper pkcs11-helper-devel | |
wget http://oss.aliyuncs.com/aliyunecs/openvpn-2.2.2.tar.gz | |
yum install -y rpm-build gcc gcc-c++ | |
rpmbuild -tb openvpn-2.2.2.tar.gz | |
# rpm -ivh openvpn-2.2.2-1.x86_64.rpm | |
rpm -ivh ./rpmbuild/RPMS/x86_64/openvpn-2.2.2-1.x86_64.rpm | |
cd /usr/share/doc/openvpn-2.2.2/easy-rsa/2.0 | |
ln -s openssl-1.0.0.cnf openssl.cnf | |
source ./vars | |
./clean-all | |
./build-ca | |
./build-key-server aliyuntest | |
./build-dh | |
cp -a /usr/share/doc/openvpn-2.2.2/easy-rsa/2.0/keys/* /etc/openvpn/ | |
cp -a /usr/share/doc/openvpn-2.2.2/sample-config-files/server.conf /etc/openvpn/ | |
##################################################### server.conf 配置 | |
egrep -v “^$|^#|^;” server.conf | |
local 1.1.1.1 此处请填写用户自己的云服务器的公网IP地址 | |
port 1194 | |
proto udp | |
dev tun | |
ca ca.crt | |
cert aliyuntest.crt 此处crt以及下一行的key,请填写生成服务器端证书时用户自定义的名称 | |
key aliyuntest.key | |
dh dh1024.pem | |
server 172.16.0.0 255.255.255.0 | |
ifconfig-pool-persist ipp.txt | |
push "redirect-gateway def1 bypass-dhcp" | |
push "dhcp-option DNS 223.5.5.5" | |
client-to-client | |
keepalive 10 120 | |
comp-lzo | |
user nobody | |
group nobody | |
persist-key | |
persist-tun | |
status openvpn-status.log | |
log openvpn.log | |
verb 3 | |
##################################################### server.conf 配置 | |
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf | |
sysctl -p | |
service iptables save | |
/etc/init.d/openvpn start | |
netstat -ano | grep 1194 | |
service openvpn restart | |
## 下载openvpn客户端 | |
http://oss.aliyuncs.com/aliyunecs/openvpn-2.1.3-install.rar?spm=5176.7742521.0.0.yLJnzL&file=openvpn-2.1.3-install.rar | |
保存 /etc/config/aliyuntest.* >> C:\Program Files (x86)\OpenVPN\config | |
\OpenVPN\sample-config\ 目录中下的 client.opvn 复制到 openvpn 安装路径下的 \OpenVPN\config 目录 | |
修改client.opvn | |
proto udp 去掉前面的分号,采用与服务器端相同的udp协议 | |
remote 1.1.1.1 1194 此处将1.1.1.1修改为用户的云服务器的公网IP地址,同时将该行前面的注释分号去掉 | |
cert aliyuntest.crt | |
key aliyuntest.key |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment