翻越中国墙,必须要有个境外的VPN账号,下面就介绍一下Ubuntu 16.04配置OpenVPN的方法,首先要有个牛逼点的境外的机器,这里推荐一个超高性价比的SSD的虚拟主机,vultr公司,这是个美国的公司,世界很多地区有机房,每个月只要5美元,
官方网站:http://www.vultr.com/ ,如果打不开可先访问个在线或者免费的vpn代理,首先要进行注册,然后就可以购买了
登陆后可以看到他的界面,非常简单,操作方便,下图是所支持地区的机房,大部分是美国机房,东京机房比较近
下图是所支持的操作系统,基本主流的都包括了
然后就是价格,性价比非常高,支持本站发展,请选择20美元购买链接 http://www.vultr.com/
购买好虚机后,选择 Ubuntu 16.04 操作系统,本文测试的是用Ubuntu 16.04.1,尽可能的简单介绍一下安装过程,下面开始登陆你的Ubuntu服务器
————–正式开始—————–
步骤1:安装OpenVPN
首先,我们将在服务器上安装OpenVPN。OpenVPN在Ubuntu的默认库是可用的,所以安装起来非常容易。
更新一下服务器并开始安装:
1 2 |
sudo apt-get update sudo apt-get install openvpn easy-rsa |
步骤2:创建CA目录,并进入目录
1 2 |
make-cadir ~/openvpn-ca cd ~/openvpn-ca |
步骤3:配置CA变量
vim ~/openvpn-ca/vars
1 2 3 4 5 6 |
export KEY_COUNTRY="CN" export KEY_PROVINCE="BJ" export KEY_CITY="BeiJing" export KEY_ORG="zhoujianhui.com" export KEY_EMAIL="zjhiii@163.com" export KEY_OU="www.zhoujianhui.com" |
1 |
export KEY_NAME="server" |
步骤4:创建证书
1 2 |
cd ~/openvpn-ca source vars |
1 2 |
./clean-all ./build-ca |
步骤5:创建服务器证书、密钥文件
1 |
./build-key-server server |
1 2 |
./build-dh openvpn --genkey --secret keys/ta.key |
1 2 |
cd ~/openvpn-ca source vars |
1 |
./build-key client |
1 2 3 |
cd ~/openvpn-ca source vars ./build-key-pass client |
1 2 3 |
cd ~/openvpn-ca/keys sudo cp ca.crt ca.key server.crt server.key ta.key dh2048.pem /etc/openvpn gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz | sudo tee /etc/openvpn/server.conf |
1 |
sudo vim /etc/openvpn/server.conf |
————————————————-
步骤8:调整服务器网络配置
1 |
sudo vim /etc/sysctl.conf |
1 |
sudo sysctl -p |
1 |
ip route | grep default |
1 |
sudo vim /etc/ufw/before.rules |
1 2 3 4 5 6 7 8 |
# START OPENVPN RULES # NAT table rules *nat :POSTROUTING ACCEPT [0:0] # Allow traffic from OpenVPN client to eth0 -A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE COMMIT # END OPENVPN RULES |
1 |
sudo vim/etc/default/ufw |
开启OpenVPN端口
1 2 3 4 5 |
sudo ufw allow 1194/udp sudo ufw allow OpenSSH sudo ufw disable sudo ufw enable |
1 2 |
sudo systemctl start openvpn@server sudo systemctl status openvpn@server |
1 |
ip addr show tun0 |
1 |
sudo systemctl enable openvpn@server |
步骤10:创建客户端配一键生成脚本
1 2 |
mkdir -p ~/client-configs/files chmod 700 ~/client-configs/files |
1 |
cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf ~/client-configs/base.conf |
1 |
sudo vim ~/client-configs/base.conf |
1 |
sudo vim ~/client-configs/make_config.sh |
内容为:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
#!/bin/bash # First argument: Client identifier KEY_DIR=~/openvpn-ca/keys OUTPUT_DIR=~/client-configs/files BASE_CONFIG=~/client-configs/base.conf cat ${BASE_CONFIG} \ <(echo -e '<ca>') \ ${KEY_DIR}/ca.crt \ <(echo -e '</ca>\n<cert>') \ ${KEY_DIR}/${1}.crt \ <(echo -e '</cert>\n<key>') \ ${KEY_DIR}/${1}.key \ <(echo -e '</key>\n<tls-auth>') \ ${KEY_DIR}/ta.key \ <(echo -e '</tls-auth>') \ >${OUTPUT_DIR}/${1}.ovpn |
1 2 |
sudo chmod 700 ~/client-configs/make_config.sh sudo chown ubuntu.ubuntu make_config.sh |
1 2 |
cd ~/client-configs ./make_config.sh client |
1 2 |
cd ~/client-configs ./make_config.sh client |
1 2 3 |
cd ~/openvpn-ca source vars ./build-key username |
1 2 |
cd ~/client-configs ./make_config.sh username |
————————————————
1 2 3 |
cd ~/openvpn-ca source vars ./revoke-full username |
1 |
sudo cp ~/openvpn-ca/keys/crl.pem /etc/openvpn |
1 |
sudo vim /etc/openvpn/server.conf |
1 |
crl-verify crl.pem |
1 |
sudo systemctl restart openvpn@server |
1 |
sudo vim /home/ubuntu/openvpn-ca/vars |
步骤12:客户端拨OpenVPN
1、CentOS6.x
1 2 |
yum install epel-release -y yum install openvpn -y |
1 2 |
user root group root |
1 |
openvpn --config /etc/openvpn/zhoujianhui.ovpn > /dev/null & |
2、Windows
将配置文件拷贝到安装目录config下
3、Mac OS
Safari 浏览 https://tunnelblick.net/downloads.html
待续。。。