侧边栏壁纸
博主头像
惬意小蜗牛博主等级

海内存知己,天涯若比邻!

  • 累计撰写 54 篇文章
  • 累计创建 143 个标签
  • 累计收到 55 条评论

目 录CONTENT

文章目录

OpenVPN 一键部署脚本

惬意小蜗牛
2022-08-16 / 2 评论 / 0 点赞 / 6,412 阅读 / 1,607 字 / 正在检测是否收录...

OpenVPN 一键部署脚本

下载一键部署脚本

mkdir -p /home/install/openvpn
cd /home/install/openvpn
wget https://raw.githubusercontent.com/Nyr/openvpn-install/master/openvpn-install.sh -O openvpn-install.sh

# 个人Fork地址下载会快点儿
wget https://www.snynas.com:20043/pub/openvpn-install/-/raw/master/openvpn-install.sh?inline=false -O openvpn-install.sh

授权并运行

chmod +x openvpn-install.sh

运行并设置

bash openvpn-install.sh

This server is behind NAT. What is the public IPv4 address or hostname?
Public IPv4 address / hostname [公网IP]:       #监听的IP默认即可
Which protocol should OpenVPN use?
   1) UDP (recommended)
   2) TCP
Protocol [1]: 2             #协议我这里使用TCP
What port should OpenVPN listen to?
Port [1194]:                #端口可以额外制定,或者默认
Select a DNS server for the clients:
   1) Current system resolvers
   2) Google
   3) 1.1.1.1
   4) OpenDNS
   5) Quad9
   6) AdGuard
DNS server [1]: 1                       #DNS我这里选择1 保持不变
Enter a name for the first client:
Name [client]: test                     #创建用户
...
The client configuration is available in: /root/test.ovpn
New clients can be added by running this script again.

证书下载地址在

/root/xxx.ovpn

如果需要修改默认证书保存路径请按照以下方式修改

编辑第一步下载的一键部署脚本文件

vi openvpn-install.sh

# 修改以下三个地方
# 1)修改一, ~/"$client".ovpn 改为 [你的目标存储路径]/"$client".ovpn
new_client () {
    # Generates the custom client.ovpn
    {
    cat /etc/openvpn/server/client-common.txt
    echo "<ca>"
    cat /etc/openvpn/server/easy-rsa/pki/ca.crt
    echo "</ca>"
    echo "<cert>"
    sed -ne '/BEGIN CERTIFICATE/,$ p' /etc/openvpn/server/easy-rsa/pki/issued/"$client".crt
    echo "</cert>"
    echo "<key>"
    cat /etc/openvpn/server/easy-rsa/pki/private/"$client".key
    echo "</key>"
    echo "<tls-crypt>"
    sed -ne '/BEGIN OpenVPN Static key/,$ p' /etc/openvpn/server/tc.key
    echo "</tls-crypt>"
    } > ~/"$client".ovpn
}

# 修改后如下:
new_client () {
    # Generates the custom client.ovpn
    {
    cat /etc/openvpn/server/client-common.txt
    echo "<ca>"
    cat /etc/openvpn/server/easy-rsa/pki/ca.crt
    echo "</ca>"
    echo "<cert>"
    sed -ne '/BEGIN CERTIFICATE/,$ p' /etc/openvpn/server/easy-rsa/pki/issued/"$client".crt
    echo "</cert>"
    echo "<key>"
    cat /etc/openvpn/server/easy-rsa/pki/private/"$client".key
    echo "</key>"
    echo "<tls-crypt>"
    sed -ne '/BEGIN OpenVPN Static key/,$ p' /etc/openvpn/server/tc.key
    echo "</tls-crypt>"
    } > /home/openvpn-clients/"$client".ovpn
}


# 2)修改二, ~/"$client.ovpn" 改为 [你的目标存储路径]/"$client.ovpn"
verb 3" > /etc/openvpn/server/client-common.txt
    # Enable and start the OpenVPN service
    systemctl enable --now openvpn-server@server.service
    # Generates the custom client.ovpn
    new_client
    echo
    echo "Finished!"
    echo
    echo "The client configuration is available in:" ~/"$client.ovpn"
    echo "New clients can be added by running this script again."
else
    clear
    echo "OpenVPN is already installed."
    echo
    echo "Select an option:"
    echo "   1) Add a new client"
    echo "   2) Revoke an existing client"
    echo "   3) Remove OpenVPN"
    echo "   4) Exit"
    read -p "Option: " option

# 修改后如下:
verb 3" > /etc/openvpn/server/client-common.txt
    # Enable and start the OpenVPN service
    systemctl enable --now openvpn-server@server.service
    # Generates the custom client.ovpn
    new_client
    echo
    echo "Finished!"
    echo
    echo "The client configuration is available in:" /home/openvpn-clients/"$client.ovpn"
    echo "New clients can be added by running this script again."
else
    clear
    echo "OpenVPN is already installed."
    echo
    echo "Select an option:"
    echo "   1) Add a new client"
    echo "   2) Revoke an existing client"
    echo "   3) Remove OpenVPN"
    echo "   4) Exit"
    read -p "Option: " option


# 3)修改三, ~/"$client.ovpn" 改为 [你的目标存储路径]/"$client.ovpn"
1)
    echo
    echo "Provide a name for the client:"
    read -p "Name: " unsanitized_client
    client=$(sed 's/[^0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_-]/_/g' <<< "$unsanitized_client")
    while [[ -z "$client" || -e /etc/openvpn/server/easy-rsa/pki/issued/"$client".crt ]]; do
        echo "$client: invalid name."
        read -p "Name: " unsanitized_client
        client=$(sed 's/[^0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_-]/_/g' <<< "$unsanitized_client")
    done
    cd /etc/openvpn/server/easy-rsa/
    EASYRSA_CERT_EXPIRE=3650 ./easyrsa build-client-full "$client" nopass
    # Generates the custom client.ovpn
    new_client
    echo
    echo "$client added. Configuration available in:" ~/"$client.ovpn"
    exit
;;

# 修改后如下:
1)
    echo
    echo "Provide a name for the client:"
    read -p "Name: " unsanitized_client
    client=$(sed 's/[^0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_-]/_/g' <<< "$unsanitized_client")
    while [[ -z "$client" || -e /etc/openvpn/server/easy-rsa/pki/issued/"$client".crt ]]; do
        echo "$client: invalid name."
        read -p "Name: " unsanitized_client
        client=$(sed 's/[^0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_-]/_/g' <<< "$unsanitized_client")
    done
    cd /etc/openvpn/server/easy-rsa/
    EASYRSA_CERT_EXPIRE=3650 ./easyrsa build-client-full "$client" nopass
    # Generates the custom client.ovpn
    new_client
    echo
    echo "$client added. Configuration available in:" /home/openvpn-clients/"$client.ovpn"
    exit
;;

退出保存后

证书下载地址在

/home/openvpn-clients/xxx.ovpn

连接测试

一、下载 OpenVpn 客户端, Windows 用户可以下载 windows-openvpn.msi, Mac 用户可以下载 mac-openvpn.dmgmac-openvpn-client-Tunnelblick

二、下载前面创建好的 xxx.ovpn 证书文件

三、配置客户端

Windows 配置

  1. 安装 windows-openvpn.msi
  2. 打开安装好的客户端 image-20220816104338885

image-20220816104421880

  1. 选择 FILE 选项卡,并拖入下载好的证书文件

image-20220816105326753

拖入后会显示你 OpenVpn 服务端部署机的公网IP地址

image-20220816105520843

  1. 点击 “connect” 按钮连接 OpenVpn 进行测试

    连接中…

    image-20220816105659278

连接成功

image-20220816105807824

验证结果

查出来的 本机IP 如果与上图 客户端中显示的 IP 相同即为成功连接

image-20220816105933005

image-20220816110008868

Mac 配置

OpenVpn 客户端
  1. 安装 mac-openvpn.dmg客户端

  2. 打开安装好的客户端 image-20220816110319967

  3. 选择 FILE 选项卡,并拖入下载好的证书文件

    image-20220816110607804

拖入后会显示你 OpenVpn 服务端部署机的公网IP地址

image-20220816110722029

  1. 点击 “connect” 按钮连接 OpenVpn 进行测试

    连接成功

image-20220816110825121

验证结果

查出来的 本机IP 如果与上图 客户端中显示的 IP 相同即为成功连接

Mac 可以使用 curl 命令来检测也可以使用 Windows 相同检测方法

image-20220816111044177

Tunnelblick 客户端配置
  1. 安装 mac-openvpn-client-Tunnelblick.dmg客户端
  2. 打开安装好的客户端 image-20220816111250139

注意: 打开后,默认是不展示主配置界面的,可以按如下操作打开配置页面

image-20220816111639616

  1. 拖入下载好的证书文件

image-20220816111945359

image-20220816112051921

此处根据需要自行选择,选择后或提示如是 Mac 的登录密码进行确认

image-20220816112201692

导入成功如上图

  1. 连接测试及验证

    选中导入的证书后,点击右下角 连接

image-20220816112326909

连接中…

image-20220816112615453

弹框确认

image-20220816112645754

查看连接状态

image-20220816112857939

验证结果

查出来的 本机IP 如果与上图 客户端中显示的 IP 相同即为成功连接

Mac 可以使用 curl 命令来检测也可以使用 Windows 相同检测方法

image-20220816111044177

0

评论区