OpenVPN2.2.0 一键安装脚本,同时开启TCP 443和UDP 443并创建2个相应的客户端配置文件
#!/bin/bash
ip=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-eth0 | awk -F= '{print $2}'` //获取IP地址
wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.i386.rpm //下载第三方安装源(以便安装openvpn)
rpm -iv rpmforge-release-0.5.2-2.el5.rf.i386.rpm
rm -rf rpmforge-release-0.5.2-2.el5.rf.i386.rpm
yum -y install openvpn openssl openssl-devel //下载安装openvpn和必要的组件
cd /etc/openvpn/
cp -R /usr/share/doc/openvpn-2.2.0/easy-rsa/ /etc/openvpn/ //注意这个版本号目前最新的是2.2.0如果有新版本,则需要修改这个目录名为相应版本.
cd /etc/openvpn/easy-rsa/2.0/
chmod +rwx *
. ./vars
./clean-all
//以下是生成服务器端公钥,所有问题用默认回答即可.
source ./vars
echo -e "nnnnnnn" | ./build-ca
clear
echo "####################################"
echo "Feel free to accept default values"
echo "Wouldn't recommend setting a password here"
echo "Then you'd have to type in the password each time openVPN starts/restarts"
echo "####################################"
./build-key-server server
./build-dh
cp keys/{ca.crt,ca.key,server.crt,server.key,dh1024.pem} /etc/openvpn/
//以下是生成客户端私钥
clear
echo "####################################"
echo "Feel free to accept default values"
echo "This is your client key, you may set a password here but it's not required"
echo "####################################"
./build-key client1
cd keys/
clienttcp="
client
remote $ip 443 //如果VPN服务器在内网需要配置成外网IP
dev tun
proto tcp
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
comp-lzo
route-delay 2
route-method exe
verb 3"
echo "$clienttcp" > $HOSTNAME.tcp.ovpn
clientudp="
client
remote $ip 443 //如果VPN服务器在内网需要配置成外网IP
dev tun
proto udp
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
comp-lzo
route-delay 2
route-method exe
verb 3"
echo "$clientudp" > $HOSTNAME.udp.ovpn
tar czf keys.tgz ca.crt ca.key client1.crt client1.csr client1.key $HOSTNAME.tcp.ovpn $HOSTNAME.udp.ovpn
mv keys.tgz /root/openvpn-client-tcp-udp.tgz
//服务器端配置
servertcp='
port 443
proto tcp
dev tun
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
server 192.168.21.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 120
comp-lzo
persist-key
persist-tun'
echo "$servertcp" > /etc/openvpn/server-tcp.conf
serverudp='
port 443
proto udp
dev tun
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
server 192.168.31.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 120
comp-lzo
persist-key
persist-tun'
echo "$serverudp" > /etc/openvpn/server-udp.conf
//公钥和私钥的信息要一致
//配置IP转发,
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 192.168.21.0/24 -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.31.0/24 -o eth0 -j MASQUERADE
iptables-save > /etc/sysconfig/iptables
sed -i "s/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g" /etc/sysctl.conf
sysctl -p
/etc/init.d/openvpn start
clear
echo "OpenVPN has been installed
Download /root/openvpn-client-tcp-udp.tgz using winscp or other sftp/scp client
Create a directory named vpn at C:Program FilesOpenVPNconfig and untar the content of /root/openvpn-client-tcp-udp.tgz there"
#############
防火墙配置
vi /etc/sysconfig/iptables
-A RH-Firewall-1-INPUT -i tun0 -j ACCEPT //tcp连接后所有数据走tunnel0
-A RH-Firewall-1-INPUT -i tun1 -j ACCEPT //udp连接后所有数据走tunnel1
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 443 -j ACCEPT
重启
service openvpn restart
客户端安装
http://dl.pconline.com.cn/download/56026.html
把生成的配置文件/root/openvpn-client-tcp-udp.tgz 下载后解压放到C:Program FilesOpenVPNconfig即可.
启动openvpn客户端 连接.
############
附生成私钥的脚本.
#!/bin/bash
ip=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-eth0 | awk -F= '{print $2}'`
read -p "Please Enter New Username:" user
cd /etc/openvpn/easy-rsa/2.0/
. ./vars
source ./vars
./build-key $user
cd keys/
clienttcp="
client
remote $ip 443
dev tun
proto tcp
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert $user.crt
key $user.key
ns-cert-type server
comp-lzo
route-delay 2
route-method exe
verb 3"
echo "$clienttcp" > $HOSTNAME.$user.tcp.ovpn
clientudp="
client
remote $ip 443
dev tun
proto udp
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert $user.crt
key $user.key
ns-cert-type server
comp-lzo
route-delay 2
route-method exe
verb 3"
echo "$clientudp" > $HOSTNAME.$user.udp.ovpn
tar czf $HOSTNAME.$user.tgz ca.crt ca.key $user.crt $user.csr $user.key $HOSTNAME.$user.tcp.ovpn $HOSTNAME.$user.udp.ovpn
mv $HOSTNAME.$user.tgz /root
echo "Download /root/$HOSTNAME.$user.tgz using winscp or other sftp/scp client
Create a directory named vpn at C:Program FilesOpenVPNconfig and untar the content of $HOSTNAME.$user.tgz there"
############
#创建带密码登陆的用户(tcp协议)
#!/bin/bash
read -p "Please Enter New Username:" user
cd /etc/openvpn/easy-rsa/2.0/
. ./vars
source ./vars
./build-key-pass $user
cd keys/
clienttcp="
client
remote $ip 8443
dev tun
proto tcp
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert $user.crt
key $user.key
ns-cert-type server
comp-lzo
route-delay 2
route-method exe
verb 3"
echo "$clienttcp" > $HOSTNAME.$user.tcp.ovpn
tar czf $HOSTNAME.$user.tgz ca.crt ca.key $user.crt $user.csr $user.key $HOSTNAME.$user.tcp.ovpn
mv $HOSTNAME.$user.tgz /root
echo "Download /root/$HOSTNAME.$user.tgz using winscp or other sftp/scp client Create a directory named vpn at C:Program FilesOpenVPNconfig and untar the content of $HOSTNAME.$user.tgz there"
