[ad_1]
在本教程中,我们将向您展示如何在 CentOS 8 上安装 OpenVPN。对于那些不知道的人,OpenVPN 是一个开源应用程序,通常被广泛用于在不安全的开放公共互联网上创建安全的数字专用网络. OpenVPN 是一种 SSL VPN 解决方案,可通过 Internet 安全地消除您的系统关系。 客户端-服务器结构中的 OpenVPN 功能。 连接到虚拟专用网络的所有特定设备就像它们连接到您的局域网一样。 通过 VPN 隧道发送的特定数据包使用 256 位 AES 加密技术进行加密,从而防止数据被盗。
本文假设您至少具备 Linux 的基本知识,知道如何使用 shell,最重要的是,您将网站托管在自己的 VPS 上。 安装非常简单,假设您在 root 帐户下运行,如果不是,您可能需要添加 ‘sudo‘ 到命令以获取 root 权限。 我将向您展示如何在 CentOS 8 上逐步安装 OpenVPN 服务器。
在 CentOS 8 上安装 OpenVPN
第 1 步。首先,让我们首先确保您的系统是最新的。
sudo dnf clean all sudo dnf update
步骤 2. 在 CentOS 8 上安装 OpenVPN。
现在我们从 GitHub 下载脚本自动安装 OpenVPN:
git clone https://github.com/Nyr/openvpn-install.git
接下来,切换到 openvpn-install 目录并运行安装程序脚本:
chmod +x openvpn-install.sh sudo ./openvpn-install.sh
您应该得到以下输出:
Welcome to this OpenVPN "road warrior" installer!
I need to ask you a few questions before starting the setup.
You can leave the default options and just press enter if you are ok with them.
First, provide the IPv4 address of the network interface you want OpenVPN
listening to.
IP address: 192.168.77.20 This server is behind NAT. What is the public IPv4 address or hostname?
Public IP address / hostname: vpn.idroot.us Which protocol do you want for OpenVPN connections?
1) UDP (recommended)
2) TCP
Protocol [1-2]: 1 What port do you want OpenVPN listening to?
Port: 148
Which DNS do you want to use with the VPN?
1) Current system resolvers
2) 1.1.1.1
3) Google
4) OpenDNS
5) Verisign
DNS [1-5]: 3 Finally, tell me your name for the client certificate.
Please, use one word only, no special characters.
Client name: godetz Okay, that was all I needed. We are ready to set up your OpenVPN server now.
Press any key to continue…
Updating Subscription Management repositories.
Updating Subscription Management repositories.
Extra Packages for Enterprise Linux 8 - x86_64 189 kB/s | 16 MB 01:24
Last metadata expiration check: 0:00:40 ago on Wed 16 Dec 2019 09:36:46 PM EAT.
Package epel-release-7-11.noarch is already installed.
Dependencies resolved.
Nothing to do.
Complete!
主要的 OpenVPN 服务器配置文件是,/etc/openvpn/server.conf 您可以根据自己的喜好随意调整:
$ cat /etc/openvpn/server.conf port 148 proto udp dev tun sndbuf 0 rcvbuf 0 ca ca.crt cert server.crt key server.key dh dh.pem auth SHA512 tls-auth ta.key 0 topology subnet server 10.8.0.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 192.168.22.1" keepalive 30 120 cipher AES-256-CBC user nobody group nobody persist-key persist-tun status openvpn-status.log verb 3 crl-verify crl.pem
步骤 3. 生成 OpenVPN 用户配置文件。
现在我们使用以下命令生成客户端证书和密钥:
$ sudo ./openvpn-install.sh
Looks like OpenVPN is already installed.
What do you want to do?
1) Add a new user
2) Revoke an existing user
3) Remove OpenVPN
4) Exit
Select an option [1-4]: 1 Tell me a name for the client certificate.
Please, use one word only, no special characters.
Client name: meilana
Using SSL: openssl OpenSSL 1.1.1 FIPS 11 Sep 2018
Can't load /etc/openvpn/easy-rsa/pki/.rnd into RNG
139966006863680:error:2406F079:random number generator:RAND_load_file:Cannot open file:crypto/rand/randfile.c:90:Filename=/etc/openvpn/easy-rsa/pki/.rnd
Generating a RSA private key
……………………………………………………………………..+++++
……………………………………….+++++
writing new private key to '/etc/openvpn/easy-rsa/pki/private/meilana.key.SmeichedelicsaH'
Using configuration from /etc/openvpn/easy-rsa/pki/safessl-easyrsa.cnf
Can't load /etc/openvpn/easy-rsa/pki/.rnd into RNG
13982808174100232:error:2406F079:random number generator:RAND_load_file:Cannot open file:crypto/rand/randfile.c:90:Filename=/etc/openvpn/easy-rsa/pki/.rnd
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :ASN.1 12:'meilana'
Certificate is to be certified until Dec 10 16:36:46 2026 GMT (3650 days)
Write out database with 1 new entries
Data Base Updated
Client user1 added, configuration is available at: /root/meilana.ovpn
这 .ovpn OpenVPN配置文件放在里面 /root 文件夹。
步骤 4. 从客户端连接到 OpenVPN 服务器。
您可以使用与您的选择关联的 VPN 客户端在您的操作系统上配置 OpenVPN 客户端。 对于所有想要使用官方 OpenVPN 客户端的人,请访问 下载网页 并在安装后获取最新版本。
恭喜! 您已成功安装 OpenVPN。 感谢您使用本教程在 CentOS 8 系统上安装 OpenVPN 服务器。 如需更多帮助或有用信息,我们建议您查看 官方 OpenVPN 网站.
[ad_2]