Ubuntu 搭建OpenVPN服务器
在Ubuntu上搭建OpenVPN服务器的步骤概括如下:
- 安装OpenVPN:
sudo apt update
sudo apt install openvpn
- 生成服务器密钥和证书:
cd /etc/openvpn
sudo mkdir keys
cd keys
sudo openssl genrsa -out ca.key 2048
sudo openssl req -x509 -new -nodes -key ca.key -days 10000 -out ca.crt -subj "/CN=OpenVPN-CA"
sudo openssl genrsa -out server.key 2048
sudo openssl req -new -key server.key -out server.csr -subj "/CN=OpenVPN-Server"
sudo openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 10000
- 创建Diffie-Hellman参数和HMAC签名:
sudo openvpn --genkey --secret dh.pem
sudo openvpn --genkey --secret ta.key
- 复制证书和密钥到OpenVPN配置目录:
cd /etc/openvpn
sudo cp keys/ca.crt .
sudo cp keys/server.crt .
sudo cp keys/server.key .
sudo cp keys/dh.pem .
sudo cp keys/ta.key .
- 创建OpenVPN服务器配置文件:
sudo nano /etc/openvpn/server.conf
添加以下内容到server.conf
:
dev tun
proto udp
port 1194
ca ca.crt
cert server.crt
key server.key
dh dh.pem
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
client-to-client
keepalive 10 120
tls-auth ta.key 0
cipher AES-256-CBC
compress lz4-v2
max-clients 100
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
- 启动并激活OpenVPN服务:
sudo systemctl start openvpn@server.service
sudo systemctl enable openvpn@server.service
- 配置防火墙允许OpenVPN流量:
sudo ufw allow 1194/udp
sudo ufw allow OpenVPN
sudo ufw enable
客户端配置:
- 下载并安装OpenVPN客户端(如
openvpn-install
)。 - 将服务器上的
ca.crt
,client.crt
,client.key
,ta.key
复制到客户端。 - 创建客户端配置文件,如
client.ovpn
,并添加类似于服务器配置的内容,但需要修改protocal、port和tls-auth等选项。
- 下载并安装OpenVPN客户端(如
评论已关闭