setting 配置教程

http://blog.joylau.cn/2020/05...

https://community.openvpn.net...

开启 压缩项

compress lz4-v2push "compress lz4-v2"max-clients 200

openvpn 只容许 单点登录

批改 配置文件
server.conf

批改openVPN配置文件server.conf,内容如下port 1194proto udpdev tunca ca.crtcert server.crtkey server.key  # This file should be kept secretdh dh.pemserver 10.8.0.0 255.255.255.0ifconfig-pool-persist ipp.txtpush "route 172.16.1.0 255.255.255.0"keepalive 10 120cipher AES-256-CBCpersist-keypersist-tunstatus openvpn-status.logverb 3explicit-exit-notify 1duplicate-cn# duplicate-cn :这是字段就是开启一个证书或账户多人同时 登录。
OVPN_DATA="/free_cicdfs0/data/openvpn/openvpn"

Retrieve the client configuration with embedded certificates

OVPN_DATA="/free_cicdfs0/data/openvpn/openvpn"docker run -v $OVPN_DATA:/etc/openvpn --rm kylemanna/openvpn ovpn_getclient wuhan > wuhan.ovpn

demo2

cat /free_cicdfs0/data/openvpn/openvpn/openvpn.confserver 192.168.255.0 255.255.255.0verb 3key /etc/openvpn/pki/private/119.36.243.58.keyca /etc/openvpn/pki/ca.crtcert /etc/openvpn/pki/issued/119.36.243.58.crtdh /etc/openvpn/pki/dh.pemtls-auth /etc/openvpn/pki/ta.keykey-direction 0keepalive 10 60persist-keypersist-tunproto udp# Rely on Docker to do port mapping, internally always 1194port 1195dev tun0status /tmp/openvpn-status.loguser nobodygroup nogroupcomp-lzo no### Route Configurations Belowroute 192.168.254.0 255.255.255.0### Push Configurations Below# push "block-outside-dns"# push "dhcp-option DNS 192.168.99.114"# push "dhcp-option DNS 114.114.114.114"# push "dhcp-option DNS 8.8.8.8"push "comp-lzo no"duplicate-cn

压缩传输

cat /free_cicdfs0/data/openvpn/openvpn/openvpn.confserver 192.168.255.0 255.255.255.0verb 3key /etc/openvpn/pki/private/119.36.243.58.keyca /etc/openvpn/pki/ca.crtcert /etc/openvpn/pki/issued/119.36.243.58.crtdh /etc/openvpn/pki/dh.pemtls-auth /etc/openvpn/pki/ta.keykey-direction 0keepalive 10 60persist-keypersist-tunproto udp# Rely on Docker to do port mapping, internally always 1194port 1195dev tun0status /tmp/openvpn-status.loguser nobodygroup nogroupcompress lz4-v2push "compress lz4-v2"max-clients 200### Route Configurations Belowroute 192.168.254.0 255.255.255.0push "dhcp-option DNS 192.168.99.114"duplicate-cn

教程

Pick a name for the $OVPN_DATA data volume container. It's recommended to use the ovpn-data- prefix to operate seamlessly with the reference systemd service. Users are encourage to replace example with a descriptive name of their choosing.

OVPN_DATA="ovpn-data-example"OVPN_DATA="/free_cicdfs0/data/openvpn/openvpn"

Initialize the $OVPN_DATA container that will hold the configuration files and certificates. The container will prompt for a passphrase to protect the private key used by the newly generated certificate authority.

passwd=free_cicdkitdocker volume create --name $OVPN_DATA# 119 是 服务器 ipdocker run -v $OVPN_DATA:/etc/openvpn --rm kylemanna/openvpn ovpn_genconfig -u udp://119.36.243.58docker run -v $OVPN_DATA:/etc/openvpn --rm -it kylemanna/openvpn ovpn_initpki

Start OpenVPN server process

docker run -v $OVPN_DATA:/etc/openvpn -d -p 192.168.71.100:1194:1194/udp --cap-add=NET_ADMIN kylemanna/openvpn

Generate a client certificate without a passphrase

docker run -v $OVPN_DATA:/etc/openvpn --rm -it kylemanna/openvpn easyrsa build-client-full wuhan nopass

Retrieve the client configuration with embedded certificates

docker run -v $OVPN_DATA:/etc/openvpn --rm kylemanna/openvpn ovpn_getclient wuhan > wuhan.ovpn