server

1. 下载openvpn： https://openvpn.net/get-open-vpn

选择ubuntu，下载安装包：openvpn-as-2.5.2-Ubuntu14.amd_64.deb

2. ubuntu下安装

sudo dpkg -i openvpn-as-2.5.2-Ubuntu14.amd_64.deb

　　　　-----------

　　　　 sudo dpkg -i <package.deb> 安装一个 Debian 软件包，如你手动下载的文件。

　　　　sudo dpkg -r <package> 移除一个已安装的包裹。

　　　　-----------

　　安装完成后会有提示，没有的话可以查看/usr/local/openvpn_as/init.log里面有信息：

Adding new user login...

useradd -s /sbin/nologin "openvpn"

Writing as configuration file...

Initial Configuration Complete!

You can now continue configuring OpenVPN Access Server by

directing your Web browser to this URL:

https://159.99.251.188:943/admin

Login as "openvpn" with the same password used to authenticate

to this UNIX host.

During normal operation, OpenVPN AS can be accessed via these URLs:

Admin UI: https://159.99.251.188:943/admin

Client UI: https://159.99.251.188:943/

　　此处被用户名密码被拦住好长时间，折腾半天，web上使用openvpn用户登录一直失败，看到这句useradd -s /sbin/nologin "openvpn"后，突然想到会不会是用户添加失败了，重新尝试添加一下用户名和密码

　　新增用户

　　　　sudo useradd -s /sbin/nologin "openvpn

　　修改密码

　　　　sudo passwd "openvpn"

　　再次打开https://159.99.251.188:943/admin，发现可以了，哈哈哈，然后在User Permissions添加client 用户test，打开https://159.99.251.188:943/，下载windows客户端，登录，ok，大功告成。

　　openvpn-as：openvpn Access Server

　　openvpn-as-2.5.2

client

　　1. 通过https://159.99.251.188:943/admin进去之后，建立一个test的client账户，

　　2. 通过https://159.99.251.188:943/client 进入test的账户，登入如图：

　　windows的比较顺利，直接下载客户端，直接连接就ok，

linux下的，点入后发现是一串guide：https://openvpn.net/vpn-server-resources/connecting-to-access-server-with-linux/

　　大概描述需要处理的就是两点：

　　　　1.需要自己安装vpnclient，

　　　　2.通过点击下面的Yourself(user-locked profile)链接来下载client.ovpn，用来进行client端的连接配置。

　　而我是在ubuntu core下面，也无法apt-get openvpn的包，所有的包都是snap的方式进行。

　　通过snap find查找相关vpn的包：

snap find openvpn

Name Version Publisher Notes Summary

skidder-openvpn 2.4 ourhouse - OpenVPN is an open source VPN daemon http://openvpn.net

easy-openvpn 2.3.10-4 canonical鉁[0m - An easy-to-manage OpenVPN deployment.

wireguard-fenriswolf 0.0.20180718+git fenriswolf - WireGuard VPN

　　选择安装了：skidder-openvpn

　　有了client.ovpn以及skidder-openvpn，接下来就是登录了

　　but*************************

skidder-openvpn.openvpn --config client.ovpn

Options error: In [CMD-LINE]:1: Error opening configuration file: client.ovpn

Use --help for more information.

　　刚开始是怀疑是client.ovpn 文件有问题，查找了好久，发现不是文件问题，是命令问题，此处需要下面命令：（在snap包安装目录下直接找执行程序去run）

　　sudo /snap/skidder-openvpn/1/bin/openvpn --config client.ovpn

　　如此，便ok了，连接成功后信息：

sudo /snap/skidder-openvpn/1/bin/openvpn --config client.ovpn
Mon Nov 5 04:44:24 2018 OpenVPN 2.4.0 [git:release/2.4/0fa3df510c10820d+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Mar 5 2017
Mon Nov 5 04:44:24 2018 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
Enter Auth Username:test
Enter Auth Password:
Mon Nov 5 04:44:29 2018 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Nov 5 04:44:29 2018 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Nov 5 04:44:29 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]159.99.251.188:1194
Mon Nov 5 04:44:29 2018 Socket Buffers: R=[212992->200000] S=[212992->200000]
Mon Nov 5 04:44:29 2018 UDP link local: (not bound)
Mon Nov 5 04:44:29 2018 UDP link remote: [AF_INET]159.99.251.188:1194
Mon Nov 5 04:44:29 2018 TLS: Initial packet from [AF_INET]159.99.251.188:1194, sid=987cb66d 0121a426
Mon Nov 5 04:44:29 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Nov 5 04:44:29 2018 VERIFY OK: depth=1, CN=OpenVPN CA
Mon Nov 5 04:44:29 2018 VERIFY OK: nsCertType=SERVER
Mon Nov 5 04:44:29 2018 VERIFY OK: depth=0, CN=OpenVPN Server
Mon Nov 5 04:44:29 2018 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Mon Nov 5 04:44:29 2018 [OpenVPN Server] Peer Connection Initiated with [AF_INET]159.99.251.188:1194
Mon Nov 5 04:44:30 2018 SENT CONTROL [OpenVPN Server]: 'PUSH_REQUEST' (status=1)
Mon Nov 5 04:44:30 2018 PUSH: Received control message: 'PUSH_REPLY,explicit-exit-notify,topology subnet,route-delay 5 30,dhcp-pre-release,dhcp-renew,dhcp-release,route-metric 101,ping 12,ping-restart 50,auth-tokenSESS_ID,comp-lzo yes,redirect-gateway def1,redirect-gateway bypass-dhcp,redirect-gateway autolocal,route-gateway 172.27.232.1,dhcp-option DNS 127.0.1.1,register-dns,block-ipv6,ifconfig 172.27.232.8 255.255.248.0,peer-id 0,cipher AES-256-GCM'
Mon Nov 5 04:44:30 2018 Option 'explicit-exit-notify' in [PUSH-OPTIONS]:1 is ignored by previous <connection> blocks
Mon Nov 5 04:44:30 2018 Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:4: dhcp-pre-release (2.4.0)
Mon Nov 5 04:44:30 2018 Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:5: dhcp-renew (2.4.0)
Mon Nov 5 04:44:30 2018 Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:6: dhcp-release (2.4.0)
Mon Nov 5 04:44:30 2018 Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:17: register-dns (2.4.0)
Mon Nov 5 04:44:30 2018 Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:18: block-ipv6 (2.4.0)
Mon Nov 5 04:44:30 2018 OPTIONS IMPORT: timers and/or timeouts modified
Mon Nov 5 04:44:30 2018 OPTIONS IMPORT: explicit notify parm(s) modified
Mon Nov 5 04:44:30 2018 OPTIONS IMPORT: compression parms modified
Mon Nov 5 04:44:30 2018 OPTIONS IMPORT: --ifconfig/up options modified
Mon Nov 5 04:44:30 2018 OPTIONS IMPORT: route options modified
Mon Nov 5 04:44:30 2018 OPTIONS IMPORT: route-related options modified
Mon Nov 5 04:44:30 2018 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Nov 5 04:44:30 2018 OPTIONS IMPORT: peer-id set
Mon Nov 5 04:44:30 2018 OPTIONS IMPORT: adjusting link_mtu to 1625
Mon Nov 5 04:44:30 2018 OPTIONS IMPORT: data channel crypto options modified
Mon Nov 5 04:44:30 2018 Data Channel Encrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Nov 5 04:44:30 2018 Data Channel Decrypt: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Nov 5 04:44:30 2018 ROUTE_GATEWAY 10.99.134.1/255.255.255.0 IFACE=wwan0 HWADDR=32:99:00:75:e6:1e
Mon Nov 5 04:44:30 2018 TUN/TAP device tun0 opened
Mon Nov 5 04:44:30 2018 TUN/TAP TX queue length set to 100
Mon Nov 5 04:44:30 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Mon Nov 5 04:44:30 2018 /sbin/ifconfig tun0 172.27.232.8 netmask 255.255.248.0 mtu 1500 broadcast 172.27.239.255
Mon Nov 5 04:44:36 2018 ROUTE remote_host is NOT LOCAL
Mon Nov 5 04:44:36 2018 /sbin/route add -net 159.99.251.188 netmask 255.255.255.255 gw 10.99.134.1
Mon Nov 5 04:44:36 2018 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 172.27.232.1
Mon Nov 5 04:44:36 2018 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 172.27.232.1
Mon Nov 5 04:44:36 2018 Initialization Sequence Completed

　　通过ifconfig可以查看，多出来了tun0的地址，便是vpn虚拟分配的地址

admin@DQV8M42:~$ ifconfig

eth0 Link encap:Ethernet HWaddr b8:85:84:a9:50:13

inet addr:159.99.251.184 Bcast:159.99.251.255 Mask:255.255.255.0

inet6 addr: fe80::6b01:2d79:ae01:6a78/64 Scope:Link

UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

RX packets:4251635 errors:0 dropped:4 overruns:0 frame:0

TX packets:65590 errors:3 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1000

RX bytes:342224296 (342.2 MB) TX bytes:17328198 (17.3 MB)

lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0

inet6 addr: ::1/128 Scope:Host

UP LOOPBACK RUNNING MTU:65536 Metric:1

RX packets:161579 errors:0 dropped:0 overruns:0 frame:0

TX packets:161579 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:1

RX bytes:130707491 (130.7 MB) TX bytes:130707491 (130.7 MB)

tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00

inet addr:172.27.232.9 P-t-P:172.27.232.9 Mask:255.255.248.0

UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1

RX packets:0 errors:0 dropped:0 overruns:0 frame:0

TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:100

　　 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

openvpn搭建