Debian Linux v8.x/9.x中5分钟搭建OpenVPN Server

阳光之吻 2019-06-28

OpenVPN是一个免费的开源VPN(虚拟专用网络)软件,适用于Linux和类Unix系统。它使用SSL / TLS协议实现OSI第2层或第3层安全网络扩展。VPN允许您安全地连接到不安全的公共网络,例如机场或酒店的无线网络。VPN还需要访问您的企业或企业或家庭服务器资源。您可以绕过地理位置阻止的网站,并在线增加您的隐私或安全。本教程提供了在Debian Linux v8.x / 9.x上配置OpenVPN“road warrior”服务器的逐步说明,包括ufw / iptables防火墙配置

步骤如下:

  1. 查找并记下您的公共IP地址
  2. 下载openvpn-install.sh脚本
  3. 运行openvpn-install.sh以安装OpenVPN服务器
  4. 使用IOS / Android / Linux /Windows客户端连接OpenVPN服务器
  5. 验证您的连接

第1步 - 查找您的公共IP地址

1使用以下任一命令查找IPv4公共地址。如果您internface名字为eth0或eth1的,请输入:

$ ip addr show eth0

或者

$ ip addr show eth1

或者

host myip.opendns.com resolver1.opendns.com

又或者

$ dig TXT +short o-o.myaddr.l.google.com @ns1.google.com

示例输出:记下的公共IP地址104.237.156.154即你的OpenVPN服务器的公网IP地址。
Debian Linux v8.x/9.x中5分钟搭建OpenVPN Server

第2步 - 更新系统并安装ufw

1.输入apt-get command / apt命令来更新系统:示例输出:

$ sudo apt-get update
$ sudo apt-get upgrade
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Calculating upgrade... Done
The following packages will be upgraded:
  libc-bin libc-l10n libc6 libexpat1 linux-image-4.9.0-3-amd64 locales
  multiarch-support
7 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 46.6 MB of archives.
After this operation, 0 B of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://security.debian.org/debian-security stretch/updates/main amd64 libc6 amd64 2.24-11+deb9u1 [2,695 kB]
Get:2 http://security.debian.org/debian-security stretch/updates/main amd64 libc-bin amd64 2.24-11+deb9u1 [778 kB]
Get:3 http://security.debian.org/debian-security stretch/updates/main amd64 multiarch-support amd64 2.24-11+deb9u1 [200 kB]
Get:4 http://security.debian.org/debian-security stretch/updates/main amd64 libc-l10n all 2.24-11+deb9u1 [820 kB]
Get:5 http://security.debian.org/debian-security stretch/updates/main amd64 locales all 2.24-11+deb9u1 [3,290 kB]
Get:6 http://security.debian.org/debian-security stretch/updates/main amd64 libexpat1 amd64 2.2.0-2+deb9u1 [83.4 kB]
Get:7 http://security-cdn.debian.org stretch/updates/main amd64 linux-image-4.9.0-3-amd64 amd64 4.9.30-2+deb9u2 [38.7 MB]
Fetched 46.6 MB in 2s (15.5 MB/s)                    
Reading changelogs... Done
Preconfiguring packages ...
(Reading database ... 28439 files and directories currently installed.)
Preparing to unpack .../libc6_2.24-11+deb9u1_amd64.deb ...
Unpacking libc6:amd64 (2.24-11+deb9u1) over (2.24-11) ...
Setting up libc6:amd64 (2.24-11+deb9u1) ...
(Reading database ... 28439 files and directories currently installed.)
Preparing to unpack .../libc-bin_2.24-11+deb9u1_amd64.deb ...
Unpacking libc-bin (2.24-11+deb9u1) over (2.24-11) ...
Setting up libc-bin (2.24-11+deb9u1) ...
Updating /etc/nsswitch.conf to current default.
(Reading database ... 28439 files and directories currently installed.)
Preparing to unpack .../multiarch-support_2.24-11+deb9u1_amd64.deb ...
Unpacking multiarch-support (2.24-11+deb9u1) over (2.24-11) ...
Setting up multiarch-support (2.24-11+deb9u1) ...
(Reading database ... 28439 files and directories currently installed.)
Preparing to unpack .../libc-l10n_2.24-11+deb9u1_all.deb ...
Unpacking libc-l10n (2.24-11+deb9u1) over (2.24-11) ...
Preparing to unpack .../locales_2.24-11+deb9u1_all.deb ...
Unpacking locales (2.24-11+deb9u1) over (2.24-11) ...
Preparing to unpack .../libexpat1_2.2.0-2+deb9u1_amd64.deb ...
Unpacking libexpat1:amd64 (2.2.0-2+deb9u1) over (2.2.0-2) ...
Preparing to unpack .../linux-image-4.9.0-3-amd64_4.9.30-2+deb9u2_amd64.deb ...
Unpacking linux-image-4.9.0-3-amd64 (4.9.30-2+deb9u2) over (4.9.30-2) ...
Setting up libexpat1:amd64 (2.2.0-2+deb9u1) ...
Processing triggers for libc-bin (2.24-11+deb9u1) ...
Setting up libc-l10n (2.24-11+deb9u1) ...
Processing triggers for man-db (2.7.6.1-2) ...
Setting up linux-image-4.9.0-3-amd64 (4.9.30-2+deb9u2) ...
/etc/kernel/postinst.d/initramfs-tools:
update-initramfs: Generating /boot/initrd.img-4.9.0-3-amd64
/etc/kernel/postinst.d/zz-update-grub:
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-4.9.0-3-amd64
Found initrd image: /boot/initrd.img-4.9.0-3-amd64
done
Setting up locales (2.24-11+deb9u1) ...
Generating locales (this might take a while)...
  en_US.UTF-8... done
Generation complete.

重启电脑,保证内核升级生效

$ sudo reboot

第3步-安装ufw ( Uncomplicated Firewall)[不复杂的防火墙]

1.要在Debian 9/8上安装ufw,请键入以下apt-get命令

$ sudo apt-get install ufw

示例输出:

Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following NEW packages will be installed:
  ufw
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 164 kB of archives.
After this operation, 848 kB of additional disk space will be used.
Get:1 http://mirrors.linode.com/debian stretch/main amd64 ufw all 0.35-4 [164 kB]
Fetched 164 kB in 0s (13.1 MB/s)
Preconfiguring packages ...
Selecting previously unselected package ufw.
(Reading database ... 28439 files and directories currently installed.)
Preparing to unpack .../archives/ufw_0.35-4_all.deb ...
Unpacking ufw (0.35-4) ...
Setting up ufw (0.35-4) ...
Creating config file /etc/ufw/before.rules with new version
Creating config file /etc/ufw/before6.rules with new version
Creating config file /etc/ufw/after.rules with new version
Creating config file /etc/ufw/after6.rules with new version
Created symlink /etc/systemd/system/multi-user.target.wants/ufw.service ? /lib/systemd/system/ufw.service.
Processing triggers for systemd (232-25) ...
Processing triggers for man-db (2.7.6.1-2) ...
Processing triggers for rsyslog (8.24.0-1) ...

2.您必须打开所需的端口,例如SSH端口22,80,443等:启用防火墙,运行:

$ sudo ufw allow 22
$ sudo ufw allow 80
$ sudo ufw allow 443
...
$ sudo ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup

第4步 - 下载openvpn-install.sh脚本

键入以下wget命令:

$ wget https://gitee.com/MILISERVICE_admin/codes/al57tqnchxv4se9firj2831/raw?blob_name=5%E5%88%86%E9%92%9F%E6%90%AD%E5%BB%BAOpenVPN+Server -O openvpn-install.sh

输出:

--2018-09-27 12:48:27--  https://git.io/vpn
Resolving git.io (git.io)... 34.238.48.57, 34.238.3.58, 34.235.97.255, ...
Connecting to git.io (git.io)|34.238.48.57|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://raw.github.com/Nyr/openvpn-install/master/openvpn-install.sh [following]
--2018-09-27 12:48:29--  https://raw.github.com/Nyr/openvpn-install/master/openvpn-install.sh
Resolving raw.github.com (raw.github.com)... 151.101.108.133
Connecting to raw.github.com (raw.github.com)|151.101.108.133|:443... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://raw.githubusercontent.com/Nyr/openvpn-install/master/openvpn-install.sh [following]
--2018-09-27 12:48:31--  https://raw.githubusercontent.com/Nyr/openvpn-install/master/openvpn-install.sh
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 151.101.108.133
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|151.101.108.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 14257 (14K) [text/plain]
Saving to: ‘openvpn-install.sh’

openvpn-install.sh                100%[==============================================================>]  13.92K  66.9KB/s   in 0.2s   

2018-09-27 12:48:32 (66.9 KB/s) - ‘openvpn-install.sh’ saved [14257/14257]

运行openvpn-install.sh脚本为您自动安装和配置OpenVPN服务器:

$ sudo bash openvpn-install.sh

当提示设置IP地址为104.237.156.154(用您的实际IP地址替换104.237.156.154)和端口为1194(如果您不使用,则为443)网络服务器)。将Google或OpenDNS DNS服务器与vpn一起使用。接下来,键入客户端名称(例如iPhone,Nexus6,LinuxRouter,BackupServer等)。最后,按[Enter]键在您的系统上安装和设置OpenVPN:
Debian Linux v8.x/9.x中5分钟搭建OpenVPN Server

就这些。您的OpenVPN服务器已配置好并可以使用。您可以使用cat命令查看添加的防火墙规则/etc/rc.local文件:

iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -I FORWARD -s 10.8.0.0/24 -j ACCEPT
iptables -I INPUT -p tcp --dport 1194 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to 104.237.156.154

您可以按如下方式查看脚本生成的openvpn服务器配置文件(不要手动编辑此文件):示例输出:

$ sudo more /etc/openvpn/server.conf
$ sudo vi -M /etc/openvpn/server.conf

如何在Debian Linux 9.x / 8.x LTS上启动/停止/重启OpenVPN服务器?

sudo systemctl start/stop/restart openvpn@server

第4步 - 客户端配置

在服务器上,您将找到一个名为〜/ macos-vpn-client.ovpn的客户端配置文件。您所要做的就是使用scp将此文件复制到本地桌面,并将此文件提供给OpenVPN客户端进行连接:

$ scp [email protected]:~/macos-vpn-client.ovpn .

配置客户端即可,archlinux参考:
OpenVPN (client)

相关推荐