openvpn又可以翻墙了
时间:2017-08-09 来源:翻墙论坛 作者:brit...@gmail.com 条评论
安装方法如下:
登录linux vps.
wget https://github.com/Nyr/
bash openvpn-install.sh
运行此条bash openvpn-install.sh,最后显示:
...
Generating a 2048 bit RSA private key
................+++
.............................+
writing new private key to '/etc/openvpn/easy-rsa/pki/
-----
Using configuration from /etc/openvpn/easy-rsa/openssl-
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :PRINTABLE:'server'
Certificate is to be certified until Jul 2 04:22:38 2027 GMT (3650 days)
Write out database with 1 new entries
Data Base Updated
Generating a 2048 bit RSA private key
...........+++
..............................
writing new private key to '/etc/openvpn/easy-rsa/pki/
-----
Using configuration from /etc/openvpn/easy-rsa/openssl-
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :PRINTABLE:'client2'
Certificate is to be certified until Jul 2 04:22:39 2027 GMT (3650 days)
Write out database with 1 new entries
Data Base Updated
Using configuration from /etc/openvpn/easy-rsa/openssl-
An updated CRL has been created.
CRL file: /etc/openvpn/easy-rsa/pki/crl.
* Stopping virtual private network daemon(s)...
* Starting virtual private network daemon(s)...
Finished!
Your client configuration is available at /root/client2.ovpn
If you want to add more clients, you simply need to run this script again!
root@localhost:~#
root@localhost:~# ps aux|grep openvpn
nobody 7875 0.0 0.1 28492 1048 ? Ss 05:22 0:00 /usr/sbin/openvpn --writepid /run/openvpn/server.pid --daemon ovpn-server --cd /etc/openvpn --config /etc/openvpn/server.conf --script-security 2
root 7926 0.0 0.0 11740 904 pts/6 S+ 05:27 0:00 grep openvpn
root@localhost:~#
服务器端的配置文件内容如下:
root@localhost:~# cat /etc/openvpn/server.conf
port 1278
proto udp
dev tun
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-auth ta.key 0
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
cipher AES-256-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem
root@localhost:~#
下载的客户端的配置文件client2.ovpn的内容:
client dev tun proto udp sndbuf 0 rcvbuf 0 remote my-vps-ip 1278 resolv-retry infinite nobind persist-key persist-tun remote-cert-tls server auth SHA512 cipher AES-256-CBC comp-lzo setenv opt block-outside-dns key-direction 1 verb 3
可见2边的配置文件里都有cipher AES-256-CBC 这行代码,而众所周知AES-256-CBC 是用来加密的,就像shadowsocks的4个参数之一:
cipher AES-256-CBC这行代码给openvpn的链接加了一道
注:proto的值建议选择udp, udp协议比tcp协议更抗干扰。
openvpn --writepid /run/openvpn/server.pid --daemon ovpn-server --cd /etc/openvpn --config /etc/openvpn/server.conf --script-security 2
然后设置OpenVPN访问外网:
echo 1 > /proc/sys/net/ipv4/ip_forward
(或者:sysctl -w net.ipv4.ip_forward=1)
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE (注意:如果你的vps是xen/kvm平台,则需把venet
至此,服务器端设置完毕。
如果你的本地机器是mac,请下载/
相关帖子:http://briteming.
本帖即是用此法翻墙后发布的。
如果你使用一段时间翻不了墙了,重启客户端即可。如果还是不行,
注:最好设置本地操作系统的dns为8.8.8.8,
http://briteming.blogspot.com/
如果你的mac系统翻墙一段时间后,你发现翻墙越来越慢,
http://briteming.blogspot.com/
设置本地操作系统的dns为8.8.8.8,
from http://briteming.blogspot.com/
使用10来天后,觉得在openvz vps上搭建的openvpn不易连上,因此强烈建议在kvm vps/xen vps上搭建openvpn!!!
在ios device上,切换app store到香港区,搜索openvpn connect,进行安装。( 在
app store的中国区,openvpn connect已经下架)
然后把下载的客户端的配置文件client2.
