今天安装后, 发现又可用openvpn翻墙了。
4tr免费翻墙网
4tr免费翻墙网
安装方法如下:
4tr免费翻墙网
登录linux vps.
4tr免费翻墙网
wget
https://github.com/Nyr/openvpn-install/raw/master/openvpn-install.sh4tr免费翻墙网
bash openvpn-install.sh
4tr免费翻墙网
4tr免费翻墙网
运行此条bash openvpn-install.sh,最后显示:
4tr免费翻墙网
...
4tr免费翻墙网
Generating a 2048 bit RSA private key
4tr免费翻墙网
................+++
4tr免费翻墙网
.............................+
++
4tr免费翻墙网
writing new private key to '/etc/openvpn/easy-rsa/pki/
private/server.key.bMvlQu5Gie'
4tr免费翻墙网
-----
4tr免费翻墙网
Using configuration from /etc/openvpn/easy-rsa/openssl-
1.0.cnf
4tr免费翻墙网
Check that the request matches the signature
4tr免费翻墙网
Signature ok
4tr免费翻墙网
The Subject's Distinguished Name is as follows
4tr免费翻墙网
commonName :PRINTABLE:'server'
4tr免费翻墙网
Certificate is to be certified until Jul 2 04:22:38 2027 GMT (3650 days)
4tr免费翻墙网
4tr免费翻墙网
Write out database with 1 new entries
4tr免费翻墙网
Data Base Updated
4tr免费翻墙网
Generating a 2048 bit RSA private key
4tr免费翻墙网
...........+++
4tr免费翻墙网
..............................
............+++
4tr免费翻墙网
writing new private key to '/etc/openvpn/easy-rsa/pki/
private/client2.key.
7nwUyrULSK'
4tr免费翻墙网
-----
4tr免费翻墙网
Using configuration from /etc/openvpn/easy-rsa/openssl-
1.0.cnf
4tr免费翻墙网
Check that the request matches the signature
4tr免费翻墙网
Signature ok
4tr免费翻墙网
The Subject's Distinguished Name is as follows
4tr免费翻墙网
commonName :PRINTABLE:'client2'
4tr免费翻墙网
Certificate is to be certified until Jul 2 04:22:39 2027 GMT (3650 days)
4tr免费翻墙网
4tr免费翻墙网
Write out database with 1 new entries
4tr免费翻墙网
Data Base Updated
4tr免费翻墙网
Using configuration from /etc/openvpn/easy-rsa/openssl-
1.0.cnf
4tr免费翻墙网
4tr免费翻墙网
An updated CRL has been created.
4tr免费翻墙网
CRL file: /etc/openvpn/easy-rsa/pki/crl.
pem
4tr免费翻墙网
4tr免费翻墙网
* Stopping virtual private network daemon(s)...
* No VPN is running.
4tr免费翻墙网
* Starting virtual private network daemon(s)...
* Autostarting VPN 'server'
4tr免费翻墙网
Finished!
4tr免费翻墙网
4tr免费翻墙网
Your client configuration is available at
/root/client2.ovpn4tr免费翻墙网
If you want to add more clients, you simply need to run this script again!4tr免费翻墙网
root@localhost:~#
4tr免费翻墙网
root@localhost:~# ps aux|grep openvpn
4tr免费翻墙网
nobody 7875 0.0 0.1 28492 1048 ? Ss 05:22 0:00
/usr/sbin/openvpn --writepid /run/openvpn/server.pid --daemon ovpn-server --cd /etc/openvpn --config /etc/openvpn/server.conf --script-security 24tr免费翻墙网
root 7926 0.0 0.0 11740 904 pts/6 S+ 05:27 0:00 grep openvpn
4tr免费翻墙网
root@localhost:~#
4tr免费翻墙网
4tr免费翻墙网
服务器端的配置文件内容如下:
4tr免费翻墙网
root@localhost:~# cat /etc/openvpn/server.conf
4tr免费翻墙网
port 1278
4tr免费翻墙网
proto
udp4tr免费翻墙网
dev tun
4tr免费翻墙网
sndbuf 0
4tr免费翻墙网
rcvbuf 0
4tr免费翻墙网
ca ca.crt
4tr免费翻墙网
cert server.crt
4tr免费翻墙网
key server.key
4tr免费翻墙网
dh dh.pem
4tr免费翻墙网
auth SHA512
4tr免费翻墙网
tls-auth ta.key 0
4tr免费翻墙网
topology subnet
4tr免费翻墙网
server 10.8.0.0 255.255.255.0
4tr免费翻墙网
ifconfig-pool-persist ipp.txt
4tr免费翻墙网
push "redirect-gateway def1 bypass-dhcp"
4tr免费翻墙网
push "dhcp-option DNS 8.8.8.8"
4tr免费翻墙网
push "dhcp-option DNS 8.8.4.4"
4tr免费翻墙网
keepalive 10 120
4tr免费翻墙网
cipher AES-256-CBC4tr免费翻墙网
comp-lzo
4tr免费翻墙网
user nobody
4tr免费翻墙网
group nogroup
4tr免费翻墙网
persist-key
4tr免费翻墙网
persist-tun
4tr免费翻墙网
status openvpn-status.log
4tr免费翻墙网
verb 3
4tr免费翻墙网
crl-verify crl.pem
4tr免费翻墙网
root@localhost:~#
4tr免费翻墙网
4tr免费翻墙网
下载的客户端的配置文件client2.ovpn的内容:
4tr免费翻墙网
client
dev tun
proto udp
sndbuf 0
rcvbuf 0
remote my-vps-ip 1278
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
comp-lzo
setenv opt block-outside-dns
key-direction 1
verb 3
4tr免费翻墙网
可见2边的配置文件里都有cipher AES-256-CBC 这行代码,而众所周知AES-256-CBC 是用来加密的,就像shadowsocks的4个参数之一:加密方式,我们常用的是aes-256-cfb.估计就是4tr免费翻墙网
cipher AES-256-CBC这行代码给openvpn的链接加了一道密:加密连接,从而使得gfw无法侦测openvpn的流量特征,无法封锁openvpn,于是又可用openvpn翻墙了。4tr免费翻墙网
4tr免费翻墙网
注:proto的值建议选择udp, udp协议比tcp协议更抗干扰。vps类型则建议选择openvz之外的类型,比如kvm/xen.如果你一定要用openvz vps,建议你使用bandwagonhost.com提供的openvz vps,这家的openvz vps默认开启了tun/tap。如果使用其他vps供应商(比如alpharacks.com)的openvz vps,最好发ticket给其客服,要求enable tun/tap.(在其vps control panel里,用户自行enable tun/tap的话,其实并未真正的生效),然后运行:4tr免费翻墙网
openvpn --writepid /run/openvpn/server.pid --daemon ovpn-server --cd /etc/openvpn --config /etc/openvpn/server.conf --script-security 2 4tr免费翻墙网
然后设置OpenVPN访问外网:4tr免费翻墙网
echo 1 > /proc/sys/net/ipv4/ip_forward4tr免费翻墙网
(或者:sysctl -w net.ipv4.ip_forward=1)4tr免费翻墙网
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE (注意:如果你的vps是xen/kvm平台,则需把venet0改为eth0) 4tr免费翻墙网
至此,服务器端设置完毕。4tr免费翻墙网
4tr免费翻墙网
如果你的本地机器是mac,请下载/安装mac上面的openvpn客户端程序tunnelblick.然后在mac的finder里面,进入“下载”文件夹,双击下载到“下载”文件夹中的客户端配置文件(.ovpn文件),即可导入该配置文件到tunnelblick,然后就可用tunnelblick翻墙了。4tr免费翻墙网
4tr免费翻墙网
相关帖子:http://briteming.blogspot.com/2016/08/openvpn.html4tr免费翻墙网
4tr免费翻墙网
本帖即是用此法翻墙后发布的。4tr免费翻墙网
4tr免费翻墙网
如果你使用一段时间翻不了墙了,重启客户端即可。如果还是不行,请重启系统,再运行客户端。4tr免费翻墙网
4tr免费翻墙网
注:最好设置本地操作系统的dns为8.8.8.8,否则即使连上了openvpn server,也还是翻墙失败。mac下的设置方法见此:4tr免费翻墙网
http://briteming.blogspot.com/2017/06/blog-post_87.html 4tr免费翻墙网
4tr免费翻墙网
如果你的mac系统翻墙一段时间后,你发现翻墙越来越慢,估计是mac系统的dns又变回了isp的dns, 此时请按此文4tr免费翻墙网
http://briteming.blogspot.com/2017/06/blog-post_87.html ,4tr免费翻墙网
设置本地操作系统的dns为8.8.8.8,翻墙速度就会立刻变得飞快。4tr免费翻墙网
4tr免费翻墙网
from http://briteming.blogspot.com/2017/07/openvpnopenvpn-installopenvpnopenvpn.html4tr免费翻墙网
4tr免费翻墙网
使用10来天后,觉得在openvz vps上搭建的openvpn不易连上,因此强烈建议在kvm vps/xen vps上搭建openvpn!!!4tr免费翻墙网
在ios device上,切换app store到香港区,搜索openvpn connect,进行安装。( 在4tr免费翻墙网
app store的中国区,openvpn connect已经下架)4tr免费翻墙网
然后把下载的客户端的配置文件client2.4tr免费翻墙网
ovpn作为附件发到自己的邮箱,登录邮箱,点击附件client2.ovpn,会显示‘在openvpn中打开‘的链接,点击该链接,再点击弹出的页面中的“+”号,即可把客户端的配置文件client2.ovpn导入到客户端程序openvpn connect中,然后在openvpn connect中启用连接,稍等片刻,ios device的右上角就会出现VPN字样,ios device即可翻墙
来自https://groups.google.com/forum/#!topic/fqlt/GUn-QNO1ZpU
