반응형
OPENVPN 스크립트로 패키지 설치
openvpn 설치 스크립트 실행
$ wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh
Welcome to this OpenVPN road warrior installer!
Which IPv4 address should be used?
1) 123.123.123.210
2) 172.17.0.1
IPv4 address [1]: 1
Which protocol should OpenVPN use?
1) UDP (recommended)
2) TCP
Protocol [1]: 1
What port should OpenVPN listen to?
Port [1194]: 1194
Select a DNS server for the clients:
1) Current system resolvers
2) Google
3) 1.1.1.1
4) OpenDNS
5) Quad9
6) AdGuard
DNS server [1]: 4
Enter a name for the first client:
Name [client]: test
init-pki complete; you may now create a CA or requests.
Your newly created PKI dir is: /etc/openvpn/server/easy-rsa/pki
Using SSL: openssl OpenSSL 1.0.2k-fips 26 Jan 2017
Generating RSA private key, 2048 bit long modulus
.......+++
...........+++
e is 65537 (0x10001)
Using SSL: openssl OpenSSL 1.0.2k-fips 26 Jan 2017
Generating a 2048 bit RSA private key
....................................+++
....+++
writing new private key to '/etc/openvpn/server/easy-rsa/pki/easy-rsa-23352.PC7PMm/tmp.SE9mzA'
-----
Using configuration from /etc/openvpn/server/easy-rsa/pki/easy-rsa-23352.PC7PMm/tmp.d2Djq5
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :ASN.1 12:'server'
Certificate is to be certified until Sep 26 00:49:49 2030 GMT (3650 days)
Write out database with 1 new entries
Data Base Updated
Using SSL: openssl OpenSSL 1.0.2k-fips 26 Jan 2017
Generating a 2048 bit RSA private key
...................................................................+++
...........................................................................................+++
writing new private key to '/etc/openvpn/server/easy-rsa/pki/easy-rsa-23440.6Sns5M/tmp.MRsxRw'
-----
Using configuration from /etc/openvpn/server/easy-rsa/pki/easy-rsa-23440.6Sns5M/tmp.s2JBc0
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :ASN.1 12:'test'
Certificate is to be certified until Sep 26 00:49:50 2030 GMT (3650 days)
Write out database with 1 new entries
Data Base Updated
Using SSL: openssl OpenSSL 1.0.2k-fips 26 Jan 2017
Using configuration from /etc/openvpn/server/easy-rsa/pki/easy-rsa-23507.AEmJgC/tmp.tH4EXa
An updated CRL has been created.
CRL file: /etc/openvpn/server/easy-rsa/pki/crl.pem
Created symlink from /etc/systemd/system/multi-user.target.wants/openvpn-iptables.service to /etc/systemd/system/openvpn-iptables.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openvpn-server@server.service to /usr/lib/systemd/system/openvpn-server@.service.
Finished!
The client configuration is available in: /root/test.ovpn
New clients can be added by running this script again.
server.conf 설정 파일
$ vim /etc/openvpn/server/server.conf
local 123.123.123.210
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-crypt tc.key
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
#push "redirect-gateway def1 bypass-dhcp"
push "route 123.123.123.204 255.255.255.255"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem
explicit-exit-notify
openvpn 재기동
$ systemctl restart openvpn-server@server.service
openvpn 클라이언트 계정 생성
$ ./openvpn-install.sh new_client
OpenVPN is already installed.
Select an option:
1) Add a new client
2) Revoke an existing client
3) Remove OpenVPN
4) Exit
Option: 1
Provide a name for the client:
Name: test2
Using SSL: openssl OpenSSL 1.0.2k-fips 26 Jan 2017
Generating a 2048 bit RSA private key
.................+++
......................+++
writing new private key to '/etc/openvpn/server/easy-rsa/pki/easy-rsa-25786.5NXSph/tmp.fgF6ri'
-----
Using configuration from /etc/openvpn/server/easy-rsa/pki/easy-rsa-25786.5NXSph/tmp.0FlOUB
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :ASN.1 12:'test2'
Certificate is to be certified until Sep 26 01:22:01 2030 GMT (3650 days)
Write out database with 1 new entries
Data Base Updated
test2 added. Configuration available in: /root/test2.ovpn
728x90
반응형
'리눅스' 카테고리의 다른 글
[VPN] SoftEther VPN 설치 및 설정-3 (0) | 2020.10.04 |
---|---|
웹 서버에서 HSTS(HTTP Strict Transport Security)를 설정하는 방법 (1) | 2020.09.29 |
[VPN] openvpn client 설치(리눅스) (0) | 2020.09.25 |
openvpn 구성 파일(.ovpn) 생성 (0) | 2020.09.25 |
[VPN] openvpn 서버 설치 (0) | 2020.09.25 |