Ubuntu Server 18.04 与 OpenVPN 2.x

前端之家收集整理的这篇文章主要介绍了Ubuntu Server 18.04 与 OpenVPN 2.x前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
  • 官方文档:@L_502_0@

  • 安装软件

sudoaptinstallopenVPNeasy-rsa
  • 拷贝 easy-rsa 目录

cp-r/usr/share/easy-rsa//etc/openVPN/
  • 查看 openssl 版本

opensslversion
  • 生成 ca 证书(ca.crt)和私钥(ca.key)

cd/etc/openVPN/easy-rsa/
cpopenssl-1.0.0.cnfopenssl.cnf
../vars#source./vars
./clean-all#只是增加客户端证书和私钥的时候不要执行这一句
./build-ca#注意CommonName
  • 生成服务端的证书和私钥(server.crt/server.key)

./build-key-serverserver
  • 生成客户端的证书和私钥

./build-keyclient1
./build-keyclient2
./build-keyclient3
./build-dh
cp/etc/openVPN/easy-rsa/keys/ca.crt/etc/open***/
cp/etc/openVPN/easy-rsa/keys/server.crt/etc/open***/server/
cp/etc/openVPN/easy-rsa/keys/server.key/etc/open***/server/
cp/etc/openVPN/easy-rsa/keys/dh2048.pem/etc/open***/server/
  • 创建 ccd 目录,里面存放推送信息(如固定 ip)到客户端的文件

mkdir/etc/open***/server/ccd
cd/etc/open***/server/ccd
vimclient#文件名对应CommonName

#client内容示例(推送固定ip)
ifconfig-push192.168.77.46255.255.255.0
  • 创建 server.conf,并按照样例写入配置

cd/etc/openVPN/server/
/etc/openVPN/server#vimserver.con
  • 启动服务端

nohupopenVPN/etc/openVPN/server/server.conf&
local192.168.0.110
port10101
prototcp
devtap
float
ca/etc/openVPN/server/ca.crt
cert/etc/openVPN/server/server.crt
key/etc/openVPN/server/server.key
dh/etc/openVPN/server/dh2048.pem
server192.168.77.0255.255.255.0
client-config-dir/etc/open***/server/ccd/
client-to-client
keepalive10120
comp-lzo
persist-key
statusopenVPN-status.log
log/var/log/openVPN.log
verb4
mute20
client
devtap0
remote123.456.789.154
port10101
prototcp
float
ca./ca.crt
cert./client1.crt
key./client1.key
comp-lzo
verb6
mute20


【FAQ】

Q:客户端连不上服务端,报错:WARNING: No server certificate verification method has been enabled.

A:检查私钥和公钥当中是否有 0B 的文件

Q:客户端连不上服务端,报错:TCP: connect to [AF_INET]223.18.95.157:7872 @R_502_159@: Unknown error

A:检查客户端外围防火墙。


*** walker ***

猜你在找的Ubuntu相关文章