{"id":169,"date":"2010-05-26T11:38:47","date_gmt":"2010-05-26T03:38:47","guid":{"rendered":"http:\/\/nick.workao.org\/index.php\/linux\/169"},"modified":"2010-06-11T14:36:50","modified_gmt":"2010-06-11T06:36:50","slug":"%e5%9c%a8vps%e4%b8%ad%e5%ae%89%e8%a3%85%e9%85%8d%e7%bd%aeopenvpn","status":"publish","type":"post","link":"http:\/\/nick.txtcc.com\/index.php\/linux\/169","title":{"rendered":"\u5728VPS\u4e2d\u5b89\u88c5\u914d\u7f6eOpenVPN"},"content":{"rendered":"
\n\n\u5982\u679cVPS\u7684\u5e26\u5bbd\u548c\u5185\u5b58\u5145\u8db3\uff0c\u901a\u8fc7\u5b83\u4f7f\u7528VPN\u4ee3\u7406\u4e0a\u7f51\u662f\u975e\u5e38\u65b9\u4fbf\u7684\u3002\u672c\u6587\u4ee5Ubuntu\u7cfb\u7edf\u4e3a\u4f8b\uff0c\u4ecb\u7ecdOpenVPN\u7684\u5b89\u88c5\u4e0e\u914d\u7f6e\u3002 OpenVPN\u8eab\u4efd\u9a8c\u8bc1\u4f7f\u7528\u7684\u662f\u8bc1\u4e66\u6587\u4ef6\uff0c\u800c\u975e\u8d26\u53f7\u5bc6\u7801\u5f62\u5f0f\u3002\n\n\u5b89\u88c5\u914d\u7f6eOpenVPN\u4e4b\u524d\uff0c\u8bf7\u786e\u4fddVPS\u5df2\u652f\u6301tun\/tap\uff0c\u4e14iptables\u5df2\u652f\u6301NAT\u3002ramhost\u7684VPS\u9ed8\u8ba4\u90fd\u662f\u652f\u6301\u7684\u3002\n\n\u5982\u679c\u8fd8\u6ca1\u6709\u5b89\u88c5iptables\u8bf7\u5148\u5b89\u88c5iptables:\napt-get install iptables\n\n\u5b89\u88c5OpenVPN\uff1a\n\napt-get install openvpn\n\n\u62f7\u8d1d\u6587\u4ef6\u5939\uff0c\u4ee5\u65b9\u4fbf\u540e\u7eed\u914d\u7f6e\uff1a\n\ncp -R \/usr\/share\/doc\/openvpn\/examples\/easy-rsa \/etc\/openvpn\n\n\u751f\u6210\u670d\u52a1\u7aef\u548c\u5ba2\u6237\u7aef\u7684\u5bc6\u94a5\u53ca\u8bc1\u4e66\u6587\u4ef6\uff1a\ncd \/etc\/openvpn\/easy-rsa\/2.0\nsource .\/vars\n.\/clean-all\n.\/build-ca\n.\/build-key-server server\n.\/build-key clientsteven\n.\/build-dh\n\n\u5176\u4e2d\u9047\u5230\u9700\u8981\u8f93\u5165\u4fe1\u606f\u7684\u6b65\u9aa4\u5168\u90e8\u6309\u56de\u8f66\u8fc7\u53bb\uff0c\u76f4\u5230\u6700\u540e\u4e00\u4e2a\u6b65\u9aa4\u63d0\u793a\u662f\u5426\u751f\u6210\u8bc1\u4e66\uff0c\u6309Y\u5373\u53ef\u3002\n\n\u914d\u7f6eiptables\u89c4\u5219\uff0c\u4ee5\u8f6c\u53d1\u6765\u81eaVPN\u7684\u8bf7\u6c42\uff1a\nchmod 755 \/etc\/rc.local\nvim \/etc\/rc.local\n\n\u5c06rc.local\u6587\u4ef6\u4fee\u6539\u4e3a\u4ee5\u4e0b\u5185\u5bb9\uff1a\n#!\/bin\/sh -e\n#\n# rc.local\n#\n# This script is executed at the end of each multiuser runlevel.\n# Make sure that the script will “exit 0” on success or any other\n# value on error.\n#\n# In order to enable or disable this script just change the execution\n# bits.\n#\n# By default this script does nothing.\n\n# add iptables rule for openvpn\niptables -t nat -A POSTROUTING -s 10.8.0.0\/24 -o venet0 -j SNAT –to 202.248.185.66\n\n\/etc\/init.d\/openvpn start\n\nexit 0\n\n\u5176\u4e2d\uff0c202.248.185.66\u662fVPS\u7684IP.\n\n\u6ce8\u610f\uff1a\u4e0a\u9762\u90a3\u884c\u5c3eSNAT –to 202.248.185.66\uff0c\u662f\u4e24\u4e2a\u201c-\u201d\u53f7\uff0cWP\u628a\u4e24\u4e2a\u53d8\u6210\u4e00\u4e2a\u4e86\uff0c\u4e0d\u77e5\u9053\u4e3a\u4ec0\u4e48<\/span>\n\n\u521b\u5efaOpenVPN\u7684\u914d\u7f6e\u6587\u4ef6\uff1a\nvim \/etc\/openvpn\/openvpn.conf\n\nopenvpn.conf\u6587\u4ef6\u5185\u5bb9\u5982\u4e0b\uff1a\ndev tun\nproto tcp\nport 1194\n\nca \/etc\/openvpn\/easy-rsa\/2.0\/keys\/ca.crt\ncert \/etc\/openvpn\/easy-rsa\/2.0\/keys\/server.crt\nkey \/etc\/openvpn\/easy-rsa\/2.0\/keys\/server.key\ndh \/etc\/openvpn\/easy-rsa\/2.0\/keys\/dh1024.pem\n\nuser nobody\ngroup nogroup\nserver 10.8.0.0 255.255.255.0\n\npersist-key\npersist-tun\n\n#status openvpn-status.log\n#verb 3\nclient-to-client\n\npush “redirect-gateway def1”\npush “dhcp-option DNS 8.8.8.8”\npush “dhcp-option DNS 8.8.4.4”\n\ncomp-lzo\n\n\u542f\u52a8OpenVPN\uff1a\n\/etc\/init.d\/openvpn start\n\/etc\/rc.local\n\n\u81f3\u6b64\uff0c\u670d\u52a1\u7aef\u7684\u914d\u7f6e\u7ed3\u675f\uff0c\u63a5\u4e0b\u6765\u662fWindows\u5ba2\u6237\u7aef\u7684\u914d\u7f6e\u3002\n\n\u4e0b\u8f7d\u4ee5\u4e0b\u51e0\u4e2a\u6587\u4ef6\u5230\u5ba2\u6237\u7aef\u673a\u5668\uff1a\n\/etc\/openvpn\/easy-rsa\/2.0\/keys\/ca.crt\n\/etc\/openvpn\/easy-rsa\/2.0\/keys\/clientsteven.crt\n\/etc\/openvpn\/easy-rsa\/2.0\/keys\/clientsteven.key\n\n\u4e0b\u8f7d\u5b89\u88c5OpenVPN\uff0c\u4e0b\u8f7d\u94fe\u63a5\uff1a\nhttp:\/\/openvpn.net\/release\/openvpn-2.1.0-install.exe<\/a>\n\n\u5c06\u4e0b\u8f7d\u7684ca.crt\u3001clientsteven.crt\u3001clientsteven.key\u4e09\u4e2a\u6587\u4ef6\u62f7\u8d1d\u5230OpenVPN\u5b89\u88c5\u76ee\u5f55\u7684config \u6587\u4ef6\u5939\u4e0b\uff0c\u5e76\u65b0\u5efaclientsteven.ovpn\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff1a\nclient\ndev tun\nproto tcp\n\n# The hostname\/IP and port of the server.\n# CHANGE THIS TO YOUR VPS IP ADDRESS\nremote 202.248.185.66 1194\n\nresolv-retry infinite\nnobind\n\npersist-key\npersist-tun\n\nca ca.crt\ncert clientsteven.crt\nkey clientsteven.key\n\ncomp-lzo\nverb 3\n\n\u5176\u4e2d\uff0c202.248.185.66\u662fVPS\u7684IP.\n\n\u82e5\u4e4b\u540e\u8fd8\u9700\u8981\u6dfb\u52a0\u5176\u4ed6\u7684VPN\u8d26\u53f7\uff0c\u5219\u9700\u8981\u4ee5\u4e0b\u547d\u4ee4\uff1a\ncd \/etc\/openvpn\/easy-rsa\/2.0\n.\/build-key clientsusan\n\n\u800c\u540e\u4e0b\u8f7d\u76f8\u5e94\u7684\u6587\u4ef6\u5230\u5ba2\u6237\u7aef\uff0c\u5e76\u6309\u7167\u4e4b\u524d\u4ecb\u7ecd\u7684\u6b65\u9aa4\u914d\u7f6e\u5ba2\u6237\u7aef\u3002\n\n<\/div>","protected":false},"excerpt":{"rendered":"

\u5982\u679cVPS\u7684\u5e26\u5bbd\u548c\u5185\u5b58\u5145\u8db3\uff0c\u901a\u8fc7\u5b83\u4f7f\u7528VPN\u4ee3\u7406\u4e0a\u7f51\u662f\u975e\u5e38\u65b9\u4fbf\u7684\u3002\u672c\u6587\u4ee5Ubuntu\u7cfb\u7edf\u4e3a\u4f8b\uff0c\u4ecb\u7ecdOpenVPN\u7684\u5b89\u88c5\u4e0e\u914d\u7f6e\u3002 OpenVPN\u8eab\u4efd\u9a8c\u8bc1\u4f7f\u7528\u7684\u662f\u8bc1\u4e66\u6587\u4ef6\uff0c\u800c\u975e\u8d26\u53f7\u5bc6\u7801\u5f62\u5f0f\u3002 \u5b89\u88c5\u914d\u7f6eOp...<\/p>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[62,7,64],"class_list":["post-169","post","type-post","status-publish","format-standard","hentry","category-linux","tag-openvpn","tag-ubuntu","tag-vps"],"_links":{"self":[{"href":"http:\/\/nick.txtcc.com\/index.php\/wp-json\/wp\/v2\/posts\/169","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/nick.txtcc.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/nick.txtcc.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/nick.txtcc.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/nick.txtcc.com\/index.php\/wp-json\/wp\/v2\/comments?post=169"}],"version-history":[{"count":5,"href":"http:\/\/nick.txtcc.com\/index.php\/wp-json\/wp\/v2\/posts\/169\/revisions"}],"predecessor-version":[{"id":170,"href":"http:\/\/nick.txtcc.com\/index.php\/wp-json\/wp\/v2\/posts\/169\/revisions\/170"}],"wp:attachment":[{"href":"http:\/\/nick.txtcc.com\/index.php\/wp-json\/wp\/v2\/media?parent=169"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/nick.txtcc.com\/index.php\/wp-json\/wp\/v2\/categories?post=169"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/nick.txtcc.com\/index.php\/wp-json\/wp\/v2\/tags?post=169"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}