原创内容,转载请注明出处:https://www.myzhenai.com.cn/post/2015.html https://www.myzhenai.com/thread-17453-1-1.html
关键字:centos openvpn 一键安装包 openvpn install script
pptp一键安装包网上有很多,但是openvpn的一键安装包却很少,这个是我自己写的一个一键安装脚本,利用yum进行安装的,所以安装的版本还算不低.默认会自动识别i386或是x86_64。同时支持centos5x和centos6x.不过好像centos7x还不能够兼容openvpn,起码我在源库里并没有看到有openvpn这个安装包.
虽然说是一键安装的脚本,但是在生成key和dh文件的时候还是需要一路回车并留意输入”y”回车. 因为在这几步这里我折腾了很久也不能实现自动交互,所以也只能是麻烦用户们在这里手动一下.安装完成后需要reboot重启服务器,如果出现无法连接的故障,请检查你服务端时间和本地时间.
一键安装脚本演示视频
Youtube:https://youtu.be/YHlwp8yN1yk
BaiduPan:链接: https://pan.baidu.com/s/1i3O7qQT 密码: wbm2
QQ:https://v.qq.com/boke/page/v/y/2/v0174hns6y2.html
#wget https://www.myzhenai.com.cn/openvpn.sh ## wget https://goo.gl/rht4E1?openvpn.sh #sh openvpn.sh #reboot
然后将/home/vpn.tar.gz这个文件下载到本地,这个就是客户端配置文件.
# !/bin/bash #***************************************************************************************************************************************************# # CenTos6 OpenVpn VPN Install Script # # Author: RucLinux # # Web: https://www.myzhenai.com.cn https://www.myzhenai.com https://www.haikou-china.com https://jiayu.mybabya.com # yum install redhat-lsb -y el=`rpm -qa |grep epel` && yum -q remove $el -y version=`lsb_release -a|grep -e Release|awk -F ":" '{ print $2 }'|awk -F "." '{ print $1 }'` rm -rf *.rpm if [ $version == "6" ];then if [ $(getconf WORD_BIT) = '32' ];then wget https://apt.sw.be/redhat/el6/en/i386/rpmforge/RPMS/rpmforge-release-0.5.3-1.el6.rf.i686.rpm rpm -ivh rpmforge-release-0.5.3-1.el6.rf.i686.rpm else wget https://apt.sw.be/redhat/el6/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm rpm -ivh rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm fi fi if [ $version == "5" ];then if [ $(getconf WORD_BIT) = '32' ];then wget https://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.5.3-1.el5.rf.i386.rpm rpm -ivh rpmforge-release-0.5.3-1.el5.rf.i386.rpm else wget https://apt.sw.be/redhat/el5/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.3-1.el5.rf.x86_64.rpm rpm -ivh rpmforge-release-0.5.3-1.el5.rf.x86_64.rpm fi fi if [ $version == "7" ];then wget https://apt.sw.be/redhat/el7/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm rpm -ivh rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm fi yum remove openvpn -y rm -rf /etc/openvpn/* rm -rf /home/vpn rm -rf /home/vpn.tar.gz yum update -y yum install gcc gcc-c++ lrzsz lzo openssl openssl-devel iptables pkcs11-helper pkcs11-helper-devel openssh-clients openvpn -y easy=`find / -name easy-rsa` && cp -R $easy /etc/openvpn/ #if ! [ -d "$easy"];then #yum install easy-rsa -y #cp -R $easy /etc/openvpn/ #else #cp -R $easy /etc/openvpn/ #fi cd /etc/openvpn/easy-rsa/2.0/ chmod +rwx * ./vars sed -i 's/export KEY_COUNTRY="US"/export KEY_COUNTRY="CN"/g' vars sed -i 's/export KEY_PROVINCE="CA"/export KEY_PROVINCE="HN"/g' vars sed -i 's/export KEY_CITY="SanFrancisco"/export KEY_CITY="HAIKOU"/g' vars sed -i 's/export KEY_ORG="Fort-Funston"/export KEY_ORG="OpenVPN"/g' vars sed -i 's/export KEY_EMAIL="me@myhost.mydomain"/export KEY_EMAIL="root@foxmail.com"/g' vars sed -i 's/export KEY_EMAIL=mail@host.domain/export KEY_EMAIL=root@foxmail.com/g' vars server=`find / -name sample-config-files` && cp $server/server.conf /etc/openvpn/ sed -i 's/;push "route 192.168.10.0 255.255.255.0"/push "route 192.168.10.0 255.255.255.0"/g' /etc/openvpn/server.conf sed -i 's/;push "dhcp-option DNS 208.67.222.222"/push "dhcp-option DNS 8.8.8.8"/g' /etc/openvpn/server.conf sed -i 's/;push "dhcp-option DNS 208.67.220.220"/push "dhcp-option DNS 8.8.4.4"/g' /etc/openvpn/server.conf sed -i 's/;client-to-client/client-to-client/g' /etc/openvpn/server.conf sed -i 's/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g' /etc/sysctl.conf . ./vars ./clean-all #echo -e "\n\n\n\n\n\n\n\n" | ./build-ca #echo -e "\n\n\n\n\n\n\n\n\n\n" | ./build-key-server server && echo -e "\n\n\n\n\n\n\n\n\n\n" | ./build-key client-name ./build-ca ./build-key-server server ./build-key client-name ./build-dh openssl rsa -in keys/client-name.key -out keys/client-name.pem chmod +x keys/* mkdir /home/vpn size=`grep 'export KEY_SIZE=1024' $easy/2.0/vars` if [[ $size == "export KEY_SIZE=1024" ]];then cp keys/{ca.crt,ca.key,client-name.crt,client-name.csr,client-name.key,server.crt,server.key,dh1024.pem,client-name.pem} /etc/openvpn/ cp keys/{ca.crt,ca.key,client-name.crt,client-name.csr,client-name.key,server.crt,server.key,dh1024.pem,client-name.pem} /home/vpn/ else cp keys/{ca.crt,ca.key,client-name.crt,client-name.csr,client-name.key,server.crt,server.key,dh2048.pem,client-name.pem} /etc/openvpn/ cp keys/{ca.crt,ca.key,client-name.crt,client-name.csr,client-name.key,server.crt,server.key,dh2048.pem,client-name.pem} /home/vpn/ fi cd /home/ tar -zcvf vpn.tar.gz vpn/* cd / ip=`ifconfig -a|grep inet|grep -v 127.0.0.1|grep -v inet6|awk '{print $2}'|tr -d "addr:"` iptables -F service iptables save service iptables restart iptables -A INPUT -p tcp --dport 1194 -j ACCEPT iptables -A INPUT -p udp --dport 1194 -j ACCEPT iptables -A INPUT -p tcp --dport 1723 -j ACCEPT iptables -A INPUT -p tcp --dport 47 -j ACCEPT iptables -A INPUT -p tcp --dport 2009 -j ACCEPT iptables -A INPUT -p udp --dport 2009 -j ACCEPT iptables -A INPUT -p gre -j ACCEPT iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -j SNAT --to-source $ip iptables -t nat -A POSTROUTING -s 10.8.0.20/24 -j SNAT --to-source $ip iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source $ip iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -j SNAT --to-source $ip service iptables save service iptables restart #con=`grep '/usr/sbin/openvpn –config /etc/openvpn/server.conf &'` /etc/rc.local #if [[ $con != "/usr/sbin/openvpn –config /etc/openvpn/server.conf &" ]];then echo '/usr/sbin/openvpn –config /etc/openvpn/server.conf &' >> /etc/rc.local #fi #openvpn --config /etc/openvpn/server.conf & chkconfig openvpn on chkconfig iptables on service openvpn start echo '*********************************************************'; echo '**** ****'; echo '**** End script installation ****'; echo '**** Please download your configuration file ****'; echo '**** /home/vpn.tar.gz to the local client ****'; echo '**** https://www.myzhenai.com.cn ****';
sicnature ---------------------------------------------------------------------
I P 地 址: 3.145.93.227
区 域 位 置: 美国
系 统 信 息:
Original content, please indicate the source:
同福客栈论坛 | 蟒蛇科普 | 海南乡情论坛 | JiaYu Blog
sicnature ---------------------------------------------------------------------
Welcome to reprint. Please indicate the source https://myzhenai.com/post/2015.html
22条评论
如果出现以下错误提示,请调整你服务器的时间和本地的时间.
Apr 19 00:02:04 localhost nm-openvpn[17924]: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
Apr 19 00:02:04 localhost nm-openvpn[17924]: UDPv4 link local: [undef]
Apr 19 00:02:04 localhost nm-openvpn[17924]: UDPv4 link remote: [AF_INET]198.74.110.46:1194
Apr 19 00:02:05 localhost nm-openvpn[17924]: VERIFY ERROR: depth=1, error=certificate is not yet valid: C=CN, ST=HN, L=HAIKOU, O=OpenVPN, OU=changeme, CN=changeme, name=changeme, emailAddress=root@foxmail.com
Apr 19 00:02:05 localhost nm-openvpn[17924]: TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Apr 19 00:02:05 localhost nm-openvpn[17924]: TLS Error: TLS object -> incoming plaintext read error
Apr 19 00:02:05 localhost nm-openvpn[17924]: TLS Error: TLS handshake failed
Apr 19 00:02:05 localhost nm-openvpn[17924]: SIGUSR1[soft,tls-error] received, process restarting
Apr 19 00:02:07 localhost nm-openvpn[17924]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
你的网站做了好久呀
是的,我的网站做了好几年了.
Error: Package: perl-PathTools-3.2701-1.el5.rf.x86_64 (rpmforge)
Requires: perl(VMS::Filespec)
Error: Package: pkcs11-helper-devel-1.08-1.el5.rf.x86_64 (rpmforge)
Requires: pkcs11-helper = 1.08-1.el5.rf
Installed: pkcs11-helper-1.11-3.el7.x86_64 (@epel)
pkcs11-helper = 1.11-3.el7
Available: pkcs11-helper-1.08-1.el5.rf.x86_64 (rpmforge)
pkcs11-helper = 1.08-1.el5.rf
You could try using –skip-broken to work around the problem
You could try running: rpm -Va –nofiles –nodigest
cp: missing destination file operand after ‘/etc/openvpn/’
Try ‘cp –help’ for more information.
openvpn.sh: line 45: cd: /etc/openvpn/easy-rsa/2.0/: No such file or directory
openvpn.sh: line 47: ./vars: No such file or directory
sed: can’t read vars: No such file or directory
sed: can’t read vars: No such file or directory
sed: can’t read vars: No such file or directory
sed: can’t read vars: No such file or directory
sed: can’t read vars: No such file or directory
sed: can’t read vars: No such file or directory
cp: cannot stat ‘/server.conf’: No such file or directory
sed: can’t read /etc/openvpn/server.conf: No such file or directory
sed: can’t read /etc/openvpn/server.conf: No such file or directory
sed: can’t read /etc/openvpn/server.conf: No such file or directory
sed: can’t read /etc/openvpn/server.conf: No such file or directory
openvpn.sh: line 60: ./vars: No such file or directory
centos 7跑了一下你的shell,一大堆错误。多亏我没有在web上面执行,否则又麻烦了。Error: Package: perl-PathTools-3.2701-1.el5.rf.x86_64 (rpmforge)
Requires: perl(VMS::Filespec)
Error: Package: pkcs11-helper-devel-1.08-1.el5.rf.x86_64 (rpmforge)
Requires: pkcs11-helper = 1.08-1.el5.rf
Installed: pkcs11-helper-1.11-3.el7.x86_64 (@epel)
pkcs11-helper = 1.11-3.el7
Available: pkcs11-helper-1.08-1.el5.rf.x86_64 (rpmforge)
pkcs11-helper = 1.08-1.el5.rf
You could try using –skip-broken to work around the problem
You could try running: rpm -Va –nofiles –nodigest
cp: missing destination file operand after ‘/etc/openvpn/’
Try ‘cp –help’ for more information.
openvpn.sh: line 45: cd: /etc/openvpn/easy-rsa/2.0/: No such file or directory
openvpn.sh: line 47: ./vars: No such file or directory
sed: can’t read vars: No such file or directory
sed: can’t read vars: No such file or directory
sed: can’t read vars: No such file or directory
sed: can’t read vars: No such file or directory
sed: can’t read vars: No such file or directory
sed: can’t read vars: No such file or directory
cp: cannot stat ‘/server.conf’: No such file or directory
sed: can’t read /etc/openvpn/server.conf: No such file or directory
sed: can’t read /etc/openvpn/server.conf: No such file or directory
sed: can’t read /etc/openvpn/server.conf: No such file or directory
sed: can’t read /etc/openvpn/server.conf: No such file or directory
openvpn.sh: line 60: ./vars: No such file or directory
首先: 同时支持centos5x和centos6x.不过好像centos7x还不能够兼容openvpn,起码我在源库里并没有看到有openvpn这个安装包.
我在一些安装源里没有看到openvpn的源码包,所以这个是一个问题,其二,你之前使用的是rpmforge的安装源,这里有一些软件包的版本和epel里的有冲突.版本不兼容. 所以导致安装不成功.pkcs11-helper 卸载这个软件包,并卸载rpmforge源.再重新安装看看. 谢谢.
centos 6.8,也跑不了后面的脚本。结果如下:
cp: 在”/etc/openvpn/” 后缺少了要操作的目标文件
请尝试执行”cp –help”来获取更多信息。
openvpn.sh: line 46: cd: /etc/openvpn/easy-rsa/2.0/: 没有那个文件或目录
openvpn.sh: line 48: ./vars: 没有那个文件或目录
sed:无法读取 vars:没有那个文件或目录
sed:无法读取 vars:没有那个文件或目录
sed:无法读取 vars:没有那个文件或目录
sed:无法读取 vars:没有那个文件或目录
sed:无法读取 vars:没有那个文件或目录
sed:无法读取 vars:没有那个文件或目录
cp: 无法获取”/server.conf” 的文件状态(stat): 没有那个文件或目录
sed:无法读取 /etc/openvpn/server.conf:没有那个文件或目录
sed:无法读取 /etc/openvpn/server.conf:没有那个文件或目录
sed:无法读取 /etc/openvpn/server.conf:没有那个文件或目录
sed:无法读取 /etc/openvpn/server.conf:没有那个文件或目录
openvpn.sh: line 61: ./vars: 没有那个文件或目录
换源就好了。你的脚本里的源更新一下就行。
谢谢您的提醒.
最后那个/home/vpn.tar.gz怎么下载?我是win7客户端
哦不,是应该怎么用到win7上
如果您是指openvpn怎么在win7上使用,那么您应该在win7上安装一个openvpn软件,至于怎么下载那个压缩包,您可以下载putty来连接并使用,可以通过putty使用scp来下载.
一键安装太好了,WIN上的客户端安装后怎么配置呀!能不能在写写!?
win上需要安装openvpn客户端程序才可以,谢谢
客户端的.ovpn文件怎么配置 不会弄了
参考这个,或者搜一下网络上. http://www.myzhenai.com.cn/post/767.html
优化了一下你的代码,最后可以直接输出一个ovpn,QQ联系我一下 992844913,能上网,但是非常的慢,PPTP能到20Mbps,OpenVPN可能只有1Mbps都不到
openvpn本来就是比pptp要慢一些,因为涉及到加密传输. 您可以更改一下本地的dns和服务端的dns看看.
需要更新了,那个apt.sw.be网站已经打不开,可以试试用这个源
http://www.rpmfind.net/linux/rpm2html/search.php?query=rpmforge-release
谢谢您的回复.
Jan 25 06:24:11 localhost nm-openvpn[9451]: Authenticate/Decrypt packet error: cipher final failed [1485296720.808686] [nm-system.c:1399] check_one_route(): (tun0): error -12 returned from rtnl_route_del(): Netlink Error (errno = No such process)
Jan 25 06:24:21 localhost nm-openvpn[9451]: Authenticate/Decrypt packet error: cipher final failed
Jan 25 06:24:31 localhost nm-openvpn[9451]: Authenticate/Decrypt packet error: cipher final failed
Jan 25 06:24:41 localhost nm-openvpn[9451]: Authenticate/Decrypt packet error: cipher final failed
Jan 25 06:24:51 localhost nm-openvpn[9451]: Authenticate/Decrypt packet error: cipher final failed
Jan 25 06:25:02 localhost nm-openvpn[9451]: Authenticate/Decrypt packet error: cipher final failed
Jan 25 06:25:12 localhost nm-openvpn[9451]: Authenticate/Decrypt packet error: cipher final failed
Jan 25 06:25:20 localhost nm-openvpn[9451]: /sbin/ip addr del dev tun0 local 10.8.0.6 peer 10.8.0.5
Jan 25 06:25:20 localhost NetworkManager[9375]:
If this happens to you, you probably have a mismatch in the configuration between server and client on the “cipher”-option. (E.g.: cipher AES-128-CB / cipher AES-256-CB) This is not a problem of DD-WRT or OpenVPN but just a config issue which can happen if you follow some of those guidelines strictly without knowing what the config options mean.
如果这发生在你身上,你可能有一个错配在配置服务器与客户端之间的“密码”选项。(例如:密码aes-128-cb /密码aes-256-cb)这不是问题 DD-WRT或OpenVPN只是配置问题可以发生如果你遵循一些准则,严格不知道什么配置选项。
如果出现以上错误, 请看一看你服务端上的 /etc/openvpn/server.conf 配置文件里的 cipher AES-256-CBC 是不是开启了, 如果这一项开启了, 本地客户端配置里也要开启这一个加密
https://goo.gl/xrL51x?Installproxy.sh