您现在的位置是:首页 > 博客日记 > Liunx Liunx

openvpn_as 的配置和使用

2020-11-13 10:57:10 【Liunx】 人已围观

1、 http://openvpn.net/,下载openvpn-as-2.0.10-CentOS7.x86_64.rpm
  1. [root@iZj6cj4e8ncj9eic3qkl57Z src]# cd /usr/local/src/
  2. [root@iZj6cj4e8ncj9eic3qkl57Z src]# wget http://swupdate.openvpn.org/as/openvpn-as-2.0.10-CentOS7.x86_64.rpm
  3. --2020-11-13 09:29:37-- http://swupdate.openvpn.org/as/openvpn-as-2.0.10-CentOS7.x86_64.rpm
  4. Resolving swupdate.openvpn.org (swupdate.openvpn.org)... 104.16.184.48, 104.16.183.48
  5. Connecting to swupdate.openvpn.org (swupdate.openvpn.org)|104.16.184.48|:80... connected.
  6. HTTP request sent, awaiting response... 200 OK
  7. Length: 28552012 (27M) [application/zip]
  8. Saving to: openvpn-as-2.0.10-CentOS7.x86_64.rpm
  9. 100%[==================================================================================================================================>] 28,552,012 22.2MB/s in 1.2s
  10. 2020-11-13 09:29:38 (22.2 MB/s) - openvpn-as-2.0.10-CentOS7.x86_64.rpm saved [28552012/28552012]
2、安装:rpm -i openvpn-as-1.3.5-CentOS5.*.rpm
  1. [root@iZj6cj4e8ncj9eic3qkl57Z src]# rpm -Uvh openvpn-as-2.0.10-CentOS7.x86_64.rpm
  2. Preparing... ################################# [100%]
  3. Updating / installing...
  4. 1:openvpn-as-0:2.0.10-CentOSrelease################################# [100%]
  5. The Access Server has been successfully installed in /usr/local/openvpn_as
  6. Configuration log file has been written to /usr/local/openvpn_as/init.log
  7. Please enter "passwd openvpn" to set the initial
  8. administrative password, then login as "openvpn" to continue
  9. configuration here: https://172.31.54.0:943/admin
  10. To reconfigure manually, use the /usr/local/openvpn_as/bin/ovpn-init tool.
  11. Access Server web UIs are available here:
  12. Admin UI: https://172.31.54.0:943/admin
  13. Client UI: https://172.31.54.0:943/
3、运行/usr/local/openvpn_as/bin/ovpn-init 初始化
  1. [root@iZbp153yczpm4pp9pjs0u3Z vhost]# /usr/local/openvpn_as/bin/ovpn-init
  2. Detected an existing OpenVPN-AS configuration.
  3. Continuing will delete this configuration and restart from scratch.
  4. Please enter 'DELETE' to delete existing configuration: DELETE
  5. Stopping openvpnas daemon...
  6. OpenVPN Access Server
  7. Initial Configuration Tool
  8. ------------------------------------------------------
  9. OpenVPN Access Server End User License Agreement (OpenVPN-AS EULA)
  10. 1. Copyright Notice: OpenVPN Access Server License;
  11. Copyright (c) 2009-2013 OpenVPN Technologies, Inc.. All rights reserved.
  12. "OpenVPN" is a trademark of OpenVPN Technologies, Inc.
  13. 2. Redistribution of OpenVPN Access Server binary forms and related documents,
  14. are permitted provided that redistributions of OpenVPN Access Server binary
  15. forms and related documents reproduce the above copyright notice as well as
  16. a complete copy of this EULA.
  17. 3. You agree not to reverse engineer, decompile, disassemble, modify,
  18. translate, make any attempt to discover the source code of this software,
  19. or create derivative works from this software.
  20. 4. The OpenVPN Access Server is bundled with other open source software
  21. components, some of which fall under different licenses. By using OpenVPN
  22. or any of the bundled components, you agree to be bound by the conditions
  23. of the license for each respective component. For more information, you can
  24. find our complete EULA (End-User License Agreement) on our website
  25. (http://openvpn.net), and a copy of the EULA is also distributed with the
  26. Access Server in the file /usr/local/openvpn_as/license.txt.
  27. 5. This software is provided "as is" and any expressed or implied warranties,
  28. including, but not limited to, the implied warranties of merchantability
  29. and fitness for a particular purpose are disclaimed. In no event shall
  30. OpenVPN Technologies, Inc. be liable for any direct, indirect, incidental,
  31. special, exemplary, or consequential damages (including, but not limited
  32. to, procurement of substitute goods or services; loss of use, data, or
  33. profits; or business interruption) however caused and on any theory of
  34. liability, whether in contract, strict liability, or tort (including
  35. negligence or otherwise) arising in any way out of the use of this
  36. software, even if advised of the possibility of such damage.
  37. 6. OpenVPN Technologies, Inc. is the sole distributor of OpenVPN Access Server
  38. licenses. This agreement and licenses granted by it may not be assigned,
  39. sublicensed, or otherwise transferred by licensee without prior written
  40. consent of OpenVPN Technologies Inc. Any licenses violating this provision
  41. will be subject to revocation and deactivation, and will not be eligible
  42. for refunds.
  43. 7. A purchased license entitles you to use this software for the duration of
  44. time denoted on your license key on any one (1) particular device, up to
  45. the concurrent user limit specified by your license. Multiple license keys
  46. may be activated to achieve a desired concurrency limit on this given
  47. device. Unless otherwise prearranged with OpenVPN Technologies, Inc.,
  48. concurrency counts on license keys are not to be divided for use amongst
  49. multiple devices. Upon activation of the first purchased license key in
  50. this software, you agree to forego any free licenses or keys that were
  51. given to you for demonstration purposes, and as such, the free licenses
  52. will not appear after the activation of a purchased key. You are
  53. responsible for the timely activation of these licenses on your desired
  54. server of choice. Refunds on purchased license keys are only possible
  55. within 30 days of purchase of license key, and then only if the license key
  56. has not already been activated on a system. To request a refund, contact us
  57. through our support ticket system using the account you have used to
  58. purchase the license key. Exceptions to this policy may be given for
  59. machines under failover mode, and when the feature is used as directed in
  60. the OpenVPN Access Server user manual. In these circumstances, a user is
  61. granted one (1) license key (per original license key) for use solely on
  62. failover purposes free of charge. Other failover and/or load balancing use
  63. cases will not be eligible for this exception, and a separate license key
  64. would have to be acquired to satisfy the licensing requirements. To request
  65. a license exception, please file a support ticket in the OpenVPN Access
  66. Server ticketing system. A staff member will be responsible for determining
  67. exception eligibility, and we reserve the right to decline any requests not
  68. meeting our eligibility criteria, or requests which we believe may be
  69. fraudulent in nature.
  70. 8. Activating a license key ties it to the specific hardware/software
  71. combination that it was activated on, and activated license keys are
  72. nontransferable. Substantial software and/or hardware changes may
  73. invalidate an activated license. In case of substantial software and/or
  74. hardware changes, caused by for example, but not limited to failure and
  75. subsequent repair or alterations of (virtualized) hardware/software, our
  76. software product will automatically attempt to contact our online licensing
  77. systems to renegotiate the licensing state. On any given license key, you
  78. are limited to three (3) automatic renegotiations within the license key
  79. lifetime. After these renegotiations are exhausted, the license key is
  80. considered invalid, and the activation state will be locked to the last
  81. valid system configuration it was activated on. OpenVPN Technologies, Inc.
  82. reserves the right to grant exceptions to this policy for license holders
  83. under extenuating circumstances, and such exceptions can be requested
  84. through a ticket via the OpenVPN Access Server ticketing system.
  85. 9. Once an activated license key expires or becomes invalid, the concurrency
  86. limit on our software product will decrease by the amount of concurrent
  87. connections previously granted by the license key. If all of your purchased
  88. license key(s) have expired, the product will revert to demonstration mode,
  89. which allows a maximum of two (2) concurrent users to be connected to your
  90. server. Prior to your license expiration date(s), OpenVPN Technologies,
  91. Inc. will attempt to remind you to renew your license(s) by sending
  92. periodic email messages to the licensee email address on record. You are
  93. solely responsible for the timely renewal of your license key(s) prior to
  94. their expiration if continued operation is expected after the license
  95. expiration date(s). OpenVPN Technologies, Inc. will not be responsible for
  96. any misdirected and/or undeliverable email messages, nor does it have an
  97. obligation to contact you regarding your expiring license keys.
  98. 10. Any valid license key holder is entitled to use our ticketing system for
  99. support questions or issues specifically related to the OpenVPN Access
  100. Server product. To file a ticket, go to our website at http://openvpn.net/
  101. and sign in using the account that was registered and used to purchase the
  102. license key(s). You can then access the support ticket system through our
  103. website and submit a support ticket. Tickets filed in the ticketing system
  104. are answered on a best-effort basis. OpenVPN Technologies, Inc. staff
  105. reserve the right to limit responses to users of our demo / expired
  106. licenses, as well as requests that substantively deviate from the OpenVPN
  107. Access Server product line. Tickets related to the open source version of
  108. OpenVPN will not be handled here.
  109. 11. Purchasing a license key does not entitle you to any special rights or
  110. privileges, except the ones explicitly outlined in this user agreement.
  111. Unless otherwise arranged prior to your purchase with OpenVPN Technologies,
  112. Inc., software maintenance costs and terms are subject to change after your
  113. initial purchase without notice. In case of price decreases or special
  114. promotions, OpenVPN Technologies, Inc. will not retrospectively apply
  115. credits or price adjustments toward any licenses that have already been
  116. issued. Furthermore, no discounts will be given for license maintenance
  117. renewals unless this is specified in your contract with OpenVPN
  118. Technologies, Inc.
  119. Please enter 'yes' to indicate your agreement [no]: yes
  120. Once you provide a few initial configuration settings,
  121. OpenVPN Access Server can be configured by accessing
  122. its Admin Web UI using your Web browser.
  123. Will this be the primary Access Server node?
  124. (enter 'no' to configure as a backup or standby node)
  125. > Press ENTER for default [yes]: yes
  126. Please specify the network interface and IP address to be
  127. used by the Admin Web UI:
  128. (1) all interfaces: 0.0.0.0
  129. (2) eth0: 172.16.254.54
  130. (3) docker0: 172.17.0.1
  131. Please enter the option number from the list above (1-3).
  132. > Press Enter for default [2]: 1
  133. Please specify the port number for the Admin Web UI.
  134. > Press ENTER for default [943]:
  135. Please specify the TCP port number for the OpenVPN Daemon
  136. > Press ENTER for default [1194]:
  137. Should client traffic be routed by default through the VPN?
  138. > Press ENTER for default [yes]:
  139. Should client DNS traffic be routed by default through the VPN?
  140. > Press ENTER for default [yes]:
  141. Use local authentication via internal DB?
  142. > Press ENTER for default [no]:
  143. Private subnets detected: ['172.16.240.0/20', '172.17.0.0/16']
  144. Should private subnets be accessible to clients by default?
  145. > Press ENTER for default [yes]:
  146. To initially login to the Admin Web UI, you must use a
  147. username and password that successfully authenticates you
  148. with the host UNIX system (you can later modify the settings
  149. so that RADIUS or LDAP is used for authentication instead).
  150. You can login to the Admin Web UI as "openvpn" or specify
  151. a different user account to use for this purpose.
  152. Do you wish to login to the Admin UI as "openvpn"?
  153. > Press ENTER for default [yes]:
  154. > Please specify your OpenVPN-AS license key (or leave blank to specify later):
  155. Initializing OpenVPN...
  156. Adding new user login...
  157. useradd -s /sbin/nologin "openvpn"
  158. Writing as configuration file...
  159. Perform sa init...
  160. Wiping any previous userdb...
  161. Creating default profile...
  162. Modifying default profile...
  163. Adding new user to userdb...
  164. Modifying new user as superuser in userdb...
  165. Getting hostname...
  166. Hostname: iZbp153yczpm4pp9pjs0u3Z
  167. Preparing web certificates...
  168. Getting web user account...
  169. Adding web group account...
  170. Adding web group...
  171. Adjusting license directory ownership...
  172. Initializing confdb...
  173. Generating init scripts...
  174. Generating PAM config...
  175. Generating init scripts auto command...
  176. Starting openvpnas...
  177. NOTE: Your system clock must be correct for OpenVPN Access Server
  178. to perform correctly. Please ensure that your time and date
  179. are correct on this system.
  180. Initial Configuration Complete!
  181. You can now continue configuring OpenVPN Access Server by
  182. directing your Web browser to this URL:
  183. https://172.16.254.54:943/admin
  184. Login as "openvpn" with the same password used to authenticate
  185. to this UNIX host.
  186. During normal operation, OpenVPN AS can be accessed via these URLs:
  187. Admin UI: https://172.16.254.54:943/admin
  188. Client UI: https://172.16.254.54:943/
  189. See the Release Notes for this release at:
  190. http://www.openvpn.net/access-server/rn/openvpn_as_2_0_10.html
4.服务端启动成功后,我们就可以通过GUI界面来管理和使用OpenVPN了,不过在使用GUI界面前,我们需要设置OpenVPN管理账户的密码:
  1. # passwd openvpn

密码设置完成后,就可以通过浏览器访问如下URL来打开GUI管理页面:

服务器打开端口943和1194

然后我们打开浏览器访问
Admin UI: https://172.16.254.54:943/admin

我们发现访问不通,把ip换为外网访问 https://majiameng.com:943/admin



关注TinyMeng博客,更多精彩分享,敬请期待!
 

很赞哦! ()