server
1. 下载openvpn: https://openvpn.net/get-open-vpn
选择ubuntu, 下载安装包:openvpn-as-2.5.2-Ubuntu14.amd_64.deb
2. ubuntu下安装
sudo dpkg -i openvpn-as-2.5.2-Ubuntu14.amd_64.deb
-----------
sudo dpkg -i <package.deb> 安装一个 Debian 软件包,如你手动下载的文件。
sudo dpkg -r <package> 移除一个已安装的包裹。
-----------
安装完成后会有提示,没有的话可以查看/usr/local/openvpn_as/init.log里面有信息:
Adding new user login...
useradd -s /sbin/nologin "openvpn"
Writing as configuration file...
Initial Configuration Complete!
You can now continue configuring OpenVPN Access Server by
directing your Web browser to this URL:
https://159.99.251.188:943/admin
Login as "openvpn" with the same password used to authenticate
to this UNIX host.
During normal operation, OpenVPN AS can be accessed via these URLs:
Admin UI: https://159.99.251.188:943/admin
Client UI: https://159.99.251.188:943/
此处被用户名密码被拦住好长时间,折腾半天,web上使用openvpn用户登录一直失败,看到这句useradd -s /sbin/nologin "openvpn"后,突然想到会不会是用户添加失败了,重新尝试添加一下用户名和密码
新增用户
sudo useradd -s /sbin/nologin "openvpn
修改密码
sudo passwd "openvpn"
再次打开https://159.99.251.188:943/admin,发现可以了,哈哈哈,然后在User Permissions添加client 用户test, 打开https://159.99.251.188:943/,下载windows客户端,登录,ok,大功告成。
openvpn-as:openvpn Access Server
openvpn-as-2.5.2
client
1. 通过https://159.99.251.188:943/admin进去之后,建立一个test的client账户,
2. 通过https://159.99.251.188:943/client 进入test的账户, 登入如图:
1.需要自己安装vpnclient,
2.通过点击下面的Yourself(user-locked profile)链接来下载client.ovpn,用来进行client端的连接配置。
而我是在ubuntu core下面,也无法apt-get openvpn的包,所有的包都是snap的方式进行。
通过snap find查找相关vpn的包:
snap find openvpn
Name Version Publisher Notes Summary
skidder-openvpn 2.4 ourhouse - OpenVPN is an open source VPN daemon http://openvpn.net
easy-openvpn 2.3.10-4 canonical鉁[0m - An easy-to-manage OpenVPN deployment.
wireguard-fenriswolf 0.0.20180718+git fenriswolf - WireGuard VPN
选择安装了:skidder-openvpn
有了client.ovpn以及skidder-openvpn,接下来就是登录了
but*************************
skidder-openvpn.openvpn --config client.ovpn
Options error: In [CMD-LINE]:1: Error opening configuration file: client.ovpn
Use --help for more information.
刚开始是怀疑是client.ovpn 文件有问题,查找了好久,发现不是文件问题,是命令问题,此处需要下面命令:(在snap包安装目录下直接找执行程序去run)
sudo /snap/skidder-openvpn/1/bin/openvpn --config client.ovpn
sudo /snap/skidder-openvpn/1/bin/openvpn --config client.ovpn
Mon Nov 5 04:44:24 2018 OpenVPN 2.4.0 [git:release/2.4/0fa3df510c10820d+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Mar 5 2017
Mon Nov 5 04:44:24 2018 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
Enter Auth Username:test
Enter Auth Password:
Mon Nov 5 04:44:29 2018 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Nov 5 04:44:29 2018 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Nov 5 04:44:29 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]159.99.251.188:1194
Mon Nov 5 04:44:29 2018 Socket Buffers: R=[212992->200000] S=[212992->200000]
Mon Nov 5 04:44:29 2018 UDP link local: (not bound)
Mon Nov 5 04:44:29 2018 UDP link remote: [AF_INET]159.99.251.188:1194
Mon Nov 5 04:44:29 2018 TLS: Initial packet from [AF_INET]159.99.251.188:1194, sid=987cb66d 0121a426
Mon Nov 5 04:44:29 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Nov 5 04:44:29 2018 VERIFY OK: depth=1, CN=OpenVPN CA
Mon Nov 5 04:44:29 2018 VERIFY OK: nsCertType=SERVER
Mon Nov 5 04:44:29 2018 VERIFY OK: depth=0, CN=OpenVPN Server
Mon Nov 5 04:44:29 2018 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Mon Nov 5 04:44:29 2018 [OpenVPN Server] Peer Connection Initiated with [AF_INET]159.99.251.188:1194
Mon Nov 5 04:44:30 2018 SENT CONTROL [OpenVPN Server]: 'PUSH_REQUEST' (status=1)
Mon Nov 5 04:44:30 2018 PUSH: Received control message: 'PUSH_REPLY,explicit-exit-notify,topology subnet,route-delay 5 30,dhcp-pre-release,dhcp-renew,dhcp-release,route-metric 101,ping 12,ping-restart 50,auth-tokenSESS_ID,comp-lzo yes,redirect-gateway def1,redirect-gateway bypass-dhcp,redirect-gateway autolocal,route-gateway 172.27.232.1,dhcp-option DNS 127.0.1.1,register-dns,block-ipv6,ifconfig 172.27.232.8 255.255.248.0,peer-id 0,cipher AES-256-GCM'
Mon Nov 5 04:44:30 2018 Option 'explicit-exit-notify' in [PUSH-OPTIONS]:1 is ignored by previous <connection> blocks
Mon Nov 5 04:44:30 2018 Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:4: dhcp-pre-release (2.4.0)
Mon Nov 5 04:44:30 2018 Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:5: dhcp-renew (2.4.0)
Mon Nov 5 04:44:30 2018 Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:6: dhcp-release (2.4.0)
Mon Nov 5 04:44:30 2018 Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:17: register-dns (2.4.0)
Mon Nov 5 04:44:30 2018 Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:18: block-ipv6 (2.4.0)
Mon Nov 5 04:44:30 2018 OPTIONS IMPORT: timers and/or timeouts modified
Mon Nov 5 04:44:30 2018 OPTIONS IMPORT: explicit notify parm(s) modified
Mon Nov 5 04:44:30 2018 OPTIONS IMPORT: compression parms modified
Mon Nov 5 04:44:30 2018 OPTIONS IMPORT: --ifconfig/up options modified
Mon Nov 5 04:44:30 2018 OPTIONS IMPORT: route options modified
Mon Nov 5 04:44:30 2018 OPTIONS IMPORT: route-related options modified
Mon Nov 5 04:44:30 2018 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Nov 5 04:44:30 2018 OPTIONS IMPORT: peer-id set
Mon Nov 5 04:44:30 2018 OPTIONS IMPORT: adjusting link_mtu to 1625
Mon Nov 5 04:44:30 2018 OPTIONS IMPORT: data channel crypto options modified
Mon Nov 5 04:44:30 2018 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Nov 5 04:44:30 2018 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Nov 5 04:44:30 2018 ROUTE_GATEWAY 10.99.134.1/255.255.255.0 IFACE=wwan0 HWADDR=32:99:00:75:e6:1e
Mon Nov 5 04:44:30 2018 TUN/TAP device tun0 opened
Mon Nov 5 04:44:30 2018 TUN/TAP TX queue length set to 100
Mon Nov 5 04:44:30 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Mon Nov 5 04:44:30 2018 /sbin/ifconfig tun0 172.27.232.8 netmask 255.255.248.0 mtu 1500 broadcast 172.27.239.255
Mon Nov 5 04:44:36 2018 ROUTE remote_host is NOT LOCAL
Mon Nov 5 04:44:36 2018 /sbin/route add -net 159.99.251.188 netmask 255.255.255.255 gw 10.99.134.1
Mon Nov 5 04:44:36 2018 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 172.27.232.1
Mon Nov 5 04:44:36 2018 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 172.27.232.1
Mon Nov 5 04:44:36 2018 Initialization Sequence Completed
通过ifconfig可以查看,多出来了tun0的地址,便是vpn虚拟分配的地址
admin@DQV8M42:~$ ifconfig
eth0 Link encap:Ethernet HWaddr b8:85:84:a9:50:13
inet addr:159.99.251.184 Bcast:159.99.251.255 Mask:255.255.255.0
inet6 addr: fe80::6b01:2d79:ae01:6a78/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4251635 errors:0 dropped:4 overruns:0 frame:0
TX packets:65590 errors:3 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:342224296 (342.2 MB) TX bytes:17328198 (17.3 MB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:161579 errors:0 dropped:0 overruns:0 frame:0
TX packets:161579 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:130707491 (130.7 MB) TX bytes:130707491 (130.7 MB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:172.27.232.9 P-t-P:172.27.232.9 Mask:255.255.248.0
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)