CentOS OpenVPN一键安装包 - centos, openvpn, 证书

CentOS OpenVPN一键安装包 (1993人路过)

02:54 , 引用(0) Via CentOS OpenVPN一键安装包

之前写过在《CentOS 安装和配置OpenVPN》的教程，今天发布一个OpenVPN的一键安装包。
将下面这行复制到你的linux ssh 控制台，并按下回车，过程中输入一些相关信息即可

引用

wget http://wty.name/linux/sh/openvpn.sh;sh ./openvpn.sh;

安装完成后，把”/root/keys.tgz”下载回本地，解压至”C:\Program Files\OpenVPN\config”

下面这个也是一键安装包，跟上面那个不同的是，这个同时开启TCP 443和UDP 443并创建2个相应的客户端配置文件

引用

wget http://wty.name/linux/sh/openvpn-tcp-udp.sh;sh ./openvpn-tcp-udp.sh;

下面这个是OpenVPN添加用户的脚本

引用

wget http://wty.name/linux/sh/openvpn-add-user.sh;sh ./openvpn-add-user.sh;

在安装结束和头一回新证书的过程中,会有相应的证书表格需要填写,我随便写了一下,只供参考

引用

country Name           :PRINTABLE:'hk' //国家名称：打印：'香港'
state Or Province Name   :PRINTABLE:'idc' //国家或省名：打印：'IDC的
locality Name          :PRINTABLE:'it' //地区名称：打印：'它'
organization Name      :PRINTABLE:'it' //机构名称：打印：'它'
organizational Unit Name:PRINTABLE:'openvpn' //组织单位名称：打印：'虚拟专用网
common Name            :PRINTABLE:'blog.77run.com' //通用名称：打印：'blog.77run.com.com'
name                  :PRINTABLE:'alex' //名称：打印：'亚历克斯
email Address          :IA5STRING:'alex@77run.com' //电子邮件地址：IA5STRING：'alex@77run.com'
an optional company name: 'IT' //一个可选的公司名称

Sign the certificate? [y/n]:y //签名证书？ [是/否]：y

1 out of 1 certificate requests certified, commit? [y/n]y //认证证书请求，提交？ [是/否]y
Write out database with 1 new entries //输出一条新数据
Data Base Updated //资料库更新

以下是TCP+UDP一键安装的源代码脚本,仅供参考,版权归WTY.Name作者所有

是一键安装包，同时开启TCP 443和UDP 443并创建2个相应的客户端配置文件源代码脚本

引用

#!/bin/bash

ip=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-eth0 | awk -F= '{print $2}'`

wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.1-1.el5.rf.i386.rpm
rpm -iv rpmforge-release-0.5.1-1.el5.rf.i386.rpm
rm -rf rpmforge-release-0.5.1-1.el5.rf.i386.rpm

yum -y install openvpn openssl openssl-devel
cd /etc/openvpn/
cp -R /usr/share/doc/openvpn-2.1.4/easy-rsa/ /etc/openvpn/
cd /etc/openvpn/easy-rsa/2.0/
chmod +rwx *
. ./vars
./clean-all
source ./vars

echo -e "\n\n\n\n\n\n\n" | ./build-ca
clear
echo "####################################"
echo "Feel free to accept default values"
echo "Wouldn't recommend setting a password here"
echo "Then you'd have to type in the password each time openVPN starts/restarts"
echo "####################################"
./build-key-server server
./build-dh
cp keys/{ca.crt,ca.key,server.crt,server.key,dh1024.pem} /etc/openvpn/

clear
echo "####################################"
echo "Feel free to accept default values"
echo "This is your client key, you may set a password here but it's not required"
echo "####################################"
./build-key client1
cd keys/

clienttcp="
client
remote $ip 443
dev tun
proto tcp
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
comp-lzo
route-delay 2
route-method exe
verb 3"

echo "$clienttcp" > $HOSTNAME.tcp.ovpn

clientudp="
client
remote $ip 443
dev tun
proto udp
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
comp-lzo
route-delay 2
route-method exe
verb 3"

echo "$clientudp" > $HOSTNAME.udp.ovpn

tar czf keys.tgz ca.crt ca.key client1.crt client1.csr client1.key $HOSTNAME.tcp.ovpn $HOSTNAME.udp.ovpn
mv keys.tgz /root/openvpn-client-tcp-udp.tgz

servertcp='
port 443
proto tcp
dev tun
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
server 192.168.21.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 120
comp-lzo
persist-key
persist-tun'

echo "$servertcp" > /etc/openvpn/server-tcp.conf

serverudp='
port 443
proto udp
dev tun
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
server 192.168.31.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 120
comp-lzo
persist-key
persist-tun'

echo "$serverudp" > /etc/openvpn/server-udp.conf

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 192.168.21.0/24 -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.31.0/24 -o eth0 -j MASQUERADE
iptables-save > /etc/sysconfig/iptables
sed -i "s/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g" /etc/sysctl.conf
sysctl -p

/etc/init.d/openvpn start
clear

echo "OpenVPN has been installed
Download /root/openvpn-client-tcp-udp.tgz using winscp or other sftp/scp client
Create a directory named vpn at C:\Program Files\OpenVPN\config\ and untar the content of /root/openvpn-client-tcp-udp.tgz there"

以下是OpenVPN添加用户的源代码脚本

引用

#!/bin/bash

ip=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-eth0 | awk -F= '{print $2}'`

read -p "Please Enter New Username:" user
cd /etc/openvpn/easy-rsa/2.0/
. ./vars
source ./vars
./build-key $user
cd keys/

clienttcp="
client
remote $ip 443
dev tun
proto tcp
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert $user.crt
key $user.key
ns-cert-type server
comp-lzo
route-delay 2
route-method exe
verb 3"

echo "$clienttcp" > $HOSTNAME.$user.tcp.ovpn

clientudp="
client
remote $ip 443
dev tun
proto udp
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert $user.crt
key $user.key
ns-cert-type server
comp-lzo
route-delay 2
route-method exe
verb 3"

echo "$clientudp" > $HOSTNAME.$user.udp.ovpn

tar czf $HOSTNAME.$user.tgz ca.crt ca.key $user.crt $user.csr $user.key $HOSTNAME.$user.tcp.ovpn $HOSTNAME.$user.udp.ovpn
mv $HOSTNAME.$user.tgz /root

echo "Download /root/$HOSTNAME.$user.tgz using winscp or other sftp/scp client
Create a directory named vpn at C:\Program Files\OpenVPN\config\ and untar the content of $HOSTNAME.$user.tgz there"