共计 3106 个字符,预计需要花费 8 分钟才能阅读完成。
setting 配置教程
http://blog.joylau.cn/2020/05…
https://community.openvpn.net…
开启 压缩项
compress lz4-v2
push "compress lz4-v2"
max-clients 200
openvpn 只容许 单点登录
批改 配置文件
server.conf
批改 openVPN 配置文件 server.conf,内容如下
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 172.16.1.0 255.255.255.0"
keepalive 10 120
cipher AES-256-CBC
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1
duplicate-cn
# duplicate-cn:这是字段就是开启一个证书或账户多人同时 登录。
OVPN_DATA="/free_cicdfs0/data/openvpn/openvpn"
Retrieve the client configuration with embedded certificates
OVPN_DATA="/free_cicdfs0/data/openvpn/openvpn"
docker run -v $OVPN_DATA:/etc/openvpn --rm kylemanna/openvpn ovpn_getclient wuhan > wuhan.ovpn
demo2
cat /free_cicdfs0/data/openvpn/openvpn/openvpn.conf
server 192.168.255.0 255.255.255.0
verb 3
key /etc/openvpn/pki/private/119.36.243.58.key
ca /etc/openvpn/pki/ca.crt
cert /etc/openvpn/pki/issued/119.36.243.58.crt
dh /etc/openvpn/pki/dh.pem
tls-auth /etc/openvpn/pki/ta.key
key-direction 0
keepalive 10 60
persist-key
persist-tun
proto udp
# Rely on Docker to do port mapping, internally always 1194
port 1195
dev tun0
status /tmp/openvpn-status.log
user nobody
group nogroup
comp-lzo no
### Route Configurations Below
route 192.168.254.0 255.255.255.0
### Push Configurations Below
# push "block-outside-dns"
# push "dhcp-option DNS 192.168.99.114"
# push "dhcp-option DNS 114.114.114.114"
# push "dhcp-option DNS 8.8.8.8"
push "comp-lzo no"
duplicate-cn
压缩传输
cat /free_cicdfs0/data/openvpn/openvpn/openvpn.conf
server 192.168.255.0 255.255.255.0
verb 3
key /etc/openvpn/pki/private/119.36.243.58.key
ca /etc/openvpn/pki/ca.crt
cert /etc/openvpn/pki/issued/119.36.243.58.crt
dh /etc/openvpn/pki/dh.pem
tls-auth /etc/openvpn/pki/ta.key
key-direction 0
keepalive 10 60
persist-key
persist-tun
proto udp
# Rely on Docker to do port mapping, internally always 1194
port 1195
dev tun0
status /tmp/openvpn-status.log
user nobody
group nogroup
compress lz4-v2
push "compress lz4-v2"
max-clients 200
### Route Configurations Below
route 192.168.254.0 255.255.255.0
push "dhcp-option DNS 192.168.99.114"
duplicate-cn
教程
Pick a name for the $OVPN_DATA data volume container. It’s recommended to use the ovpn-data- prefix to operate seamlessly with the reference systemd service. Users are encourage to replace example with a descriptive name of their choosing.
OVPN_DATA="ovpn-data-example"
OVPN_DATA="/free_cicdfs0/data/openvpn/openvpn"
Initialize the $OVPN_DATA container that will hold the configuration files and certificates. The container will prompt for a passphrase to protect the private key used by the newly generated certificate authority.
passwd=free_cicdkit
docker volume create --name $OVPN_DATA
# 119 是 服务器 ip
docker run -v $OVPN_DATA:/etc/openvpn --rm kylemanna/openvpn ovpn_genconfig -u udp://119.36.243.58
docker run -v $OVPN_DATA:/etc/openvpn --rm -it kylemanna/openvpn ovpn_initpki
Start OpenVPN server process
docker run -v $OVPN_DATA:/etc/openvpn -d -p 192.168.71.100:1194:1194/udp --cap-add=NET_ADMIN kylemanna/openvpn
Generate a client certificate without a passphrase
docker run -v $OVPN_DATA:/etc/openvpn --rm -it kylemanna/openvpn easyrsa build-client-full wuhan nopass
Retrieve the client configuration with embedded certificates
docker run -v $OVPN_DATA:/etc/openvpn --rm kylemanna/openvpn ovpn_getclient wuhan > wuhan.ovpn
正文完