我使用这个教程安装了OpenVPN: https://blog.ssdnodes.com/blog/tutorial-installing-openvpn-on-ubuntu-16-04/
我可以从我的电脑连接到VPN,但没有互联网连接。在我连接到VPN后,我有通知:client1已连接,IP地址10.8.0.6.
在日志中我看到这样的警告:
2021-10-08 09:40:10 NOTE: --user option is not implemented on Windows
2021-10-08 09:40:10 NOTE: --group option is not implemented on Windows
2021-10-08 09:40:10 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2021-10-08 09:40:10 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
我做错了什么?手册上有没有遗漏的我应该做的事?
我正在使用VMHaus的盆景VPS -我发送了票,但他们告诉我他们没有阻止vpn,无法帮助我。
- 创建实例
- 至少,在实例提供商的控制面板上打开TCP 22和UDP 1194端口。
- SSH到您的实例并使用
sudo su root将用户更改为root - 使用nano
nano filename.sh创建文件 - 使用
chmod +x filename.sh使文件可执行 - 将以下代码粘贴到文件中。
- 使用
./filename.sh执行文件 - 服务器将自动设置,您需要按
yes和enter继续。最后机器将重新启动。 从
/etc/openvpn/client/client.ovpn下载你的配置文件并尝试连接VPN。#!/bin/bash
#Tested on Debian 10. Updata on 2021-10-09; Author: Yuan Lin
#Notes: 1. Switch to root to configure
# e.g. sudo su root
# 2. Change the file to be excutable before run it.
# e.g. chmod +x openvpn.sh
# 3. Open port 1194/udp at the control panel of your cloud provider.
#1. Update program list and upgrade all programs.
apt-get update
apt-get upgrade
#2. Download openvpn easyrsa and ufw firewall
apt-get install openvpn easy-rsa ufw
#3. Copy the sample file to configure your own vpn file.
gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz > /etc/openvpn/server.conf
cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/client/client.ovpn
#4. Configure server vpn file
#nano /etc/openvpn/server.conf
sed -i -e 's/dh2048.pem/dh.pem/g' /etc/openvpn/server.conf
sed -i -e 's/;push "redirect-gateway def1 bypass-dhcp"/push "redirect-gateway def1 bypass-dhcp"/g' /etc/openvpn/server.conf
#Force the client to use only DNS providers assigned by VPN configuration.
echo "" >> /etc/openvpn/server.conf
echo 'push "block-outside-dns"' >> /etc/openvpn/server.conf
#Use Google DNS.
sed -i -e 's/;push "dhcp-option DNS 208.67.222.222"/push "dhcp-option DNS 8.8.8.8"/g' /etc/openvpn/server.conf
sed -i -e 's/;push "dhcp-option DNS 208.67.220.220"/push "dhcp-option DNS 8.8.4.4"/g' /etc/openvpn/server.conf
sed -i -e 's/;user nobody/user nobody/g' /etc/openvpn/server.conf
sed -i -e 's/;group nogroup/group nogroup/g' /etc/openvpn/server.conf
#Allow multi users to connect with the same client fiel.
sed -i -e 's/;duplicate-cn/duplicate-cn/g' /etc/openvpn/server.conf
#Send ping every 5 secs and reconnect after 10 secs if no response.
sed -i -e 's/keepalive 10 120/keepalive 5 10/g' /etc/openvpn/server.conf
#5. IP Forward
#nano /etc/sysctl.conf
sed -i -e 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' nano /etc/sysctl.conf
#nano /etc/default/ufw
sed -i -e 's/DEFAULT_FORWARD_POLICY="DROP"/DEFAULT_FORWARD_POLICY="ACCEPT"/g' /etc/default/ufw
#6. Lead VPN netword to go through the local network.
#nano /etc/ufw/before.rules
cat <<EOT >> /etc/ufw/before.rules
*nat :POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 10.8.0.0/8 -o ens4 -j MASQUERADE
COMMIT
EOT
#7. Open the firewall
ufw allow 22/tcp
ufw allow 1194/udp
ufw enable
#8. Build the openvpn server
openvpn --genkey --secret /etc/openvpn/ta.key
/usr/share/easy-rsa/easyrsa init-pki
/usr/share/easy-rsa/easyrsa gen-dh
/usr/share/easy-rsa/easyrsa build-ca nopass
/usr/share/easy-rsa/easyrsa build-server-full server nopass
#Copy server crendential files to openvpn server directory.
cp $PWD/pki/ca.crt /etc/openvpn
cp $PWD/pki/issued/server.crt /etc/openvpn
cp $PWD/pki/private/server.key /etc/openvpn
cp $PWD/pki/dh.pem /etc/openvpn
#9. Start openvpn server
systemctl start openvpn@server
service openvpn start
#10. Build the openvpn client and repeat the process to create additional clients.
/usr/share/easy-rsa/easyrsa build-client-full myclient nopass
#nano /etc/openvpn/client/client.ovpn
ip_address="$(curl icanhazip.com)"
sed -i -e "s/remote my-server-1 1194/remote ${ip_address} 1194/g" /etc/openvpn/client/client.ovpn
sed -i -e 's/;user nobody/user nobody/g' /etc/openvpn/client/client.ovpn
sed -i -e 's/;group nogroup/group nogroup/g' /etc/openvpn/client/client.ovpn
sed -i -e 's/ca ca.crt/;ca ca.crt/g' /etc/openvpn/client/client.ovpn
sed -i -e 's/cert client.crt/;cert client.crt/g' /etc/openvpn/client/client.ovpn
sed -i -e 's/key client.key/;key client.key/g' /etc/openvpn/client/client.ovpn
sed -i -e 's/tls-auth ta.key 1/;tls-auth ta.key 1/g' /etc/openvpn/client/client.ovpn
#Add client crendential files to a single .ovpn file.
echo "" >> /etc/openvpn/client/client.ovpn
echo "key-direction 1" >> /etc/openvpn/client/client.ovpn
echo "<ca>" >> /etc/openvpn/client/client.ovpn
cat $PWD/pki/ca.crt >> /etc/openvpn/client/client.ovpn
echo "</ca>" >> /etc/openvpn/client/client.ovpn
echo "<cert>" >> /etc/openvpn/client/client.ovpn
cat $PWD/pki/issued/myclient.crt >> /etc/openvpn/client/client.ovpn
echo "</cert>" >> /etc/openvpn/client/client.ovpn
echo "<key>" >> /etc/openvpn/client/client.ovpn
cat $PWD/pki/private/myclient.key >> /etc/openvpn/client/client.ovpn
echo "</key>" >> /etc/openvpn/client/client.ovpn
echo "<tls-auth>" >> /etc/openvpn/client/client.ovpn
cat /etc/openvpn/ta.key >> /etc/openvpn/client/client.ovpn
echo "</tls-auth>" >> /etc/openvpn/client/client.ovpn
#12. reboot the server computer to activate the configuration.
reboot