asysbang

标题: VPN [打印本页]

---

作者: admin    时间: 2020-12-10 10:03
标题: VPN
VPN开发
相对于PPTP和L2TP来讲，可设置端口的openvpn更不容易被封
用于window和linux客户端

部署
1.http://www.xmkeji.net/archives/153
2.https://baijiahao.baidu.com/s?id ... 0&wfr=spider&for=pc

配置
1.https://my.oschina.net/adailinux/blog/4411803  


2.转发和防火墙
https://help.aliyun.com/knowledge_detail/42521.html  

客户端

https://dl3.vessoft.com/files3/o ... ws/download/openvpn


客户端配置
client
dev tun
proto tcp
client-cert-not-required
# set remote server ip and port
remote xx.xx.xx.xx 8084
resolv-retry infinite#不要求客户端有证书client-cert-not-required
username-as-common-name

script-security  system

nobind

persist-key
persist-tun

# crt path
ca /etc/openvpn/client/ca.crt
cert /etc/openvpn/client/client.crt
key /etc/openvpn/client/client.key
;remote-cert-tls server
auth-user-pass /etc/openvpn/pass.txt

# Set log file verbosity.
verb 4

;compress 'lzo'


通过mysql数据库来验证账号密码，方便以后用来记录用户当前在线离线状态的判断

#!/bin/bash HOST="localhost" DB="openvpn" DBUSER="openvpn" DBPASS="123456" DBTABLE='openvpn_user' user=`echo ${username}|sed "s#'/|;/|=/|%##g"` MYSQL="/usr/bin/mysql -h${HOST} -u${DBUSER} -p${DBPASS} " result=`$MYSQL << EOF |tail -n +2 select count(1) from ${DB}.${DBTABLE} WHERE is_enabled='1' AND is_vpn='1' AND password=md5('${password}') AND username='${user}'; EOF` if [ $result -eq 1 ];then exit 0; else exit 1; fi


data-ciphers BF-CBC    2.4版本默认的是'BF-CBC'但是2.5的版本默认不是这个了，需要手动配置，具体配置参考下面的

cipher AES-256-CBC


==https://www.bbsmax.com/A/kjdwZnB5Np/

• #不要求客户端有证书
• client-cert-not-required         （已经过期，新版本是verify-client-cert none）
• username-as-common-name
• script-security  system
  

systemctl restart openvpn@server   重启命令
systemctl status [url=mailtopenvpn@server.service]openvpn@server.service[/url]  查看状态命令


https://yq.aliyun.com/articles/661323
记录客户访问和断开

client-connect ./connect.sh
client-disconnect ./disconnect.sh

##connect.sh

#!/bin/sh

DB='openvpn'

DBADMIN='root'

PASSWD='xxxxxxx'

#!/bin/sh

DB='openvpn'

DBADMIN='root'

PASSWD='123456'

mysql -u$DBADMIN -p$PASSWD -e "INSERT into log (start_time,trusted_ip,trusted_port,protocol,remote_ip,remote_netmask,username)values(now(),'$trusted_ip',$trusted_port,'$proto','$ifconfig_pool_remote_ip','$ifconfig_pool_netmask','$common_name')" $DB

##disconnect.sh                                                                                            

#!/bin/sh

DB='openvpn'

DBADMIN='root'

PASSWD='xmrbi3967968@'

mysql -u$DBADMIN -p$PASSWD -e "UPDATE openvpn.log SET end_time=now(),bytes_received=$bytes_received,bytes_sent=$bytes_sent WHERE trusted_ip='$trusted_ip' and trusted_port=$trusted_port and remote_ip='$ifconfig_pool_remote_ip' and remote_netmask='$ifconfig_pool_netmask' and username='$common_name'" $DB

1

---

欢迎光临 asysbang (http://www.asysbang.com/)

Powered by Discuz! X2.5