通过搭建VPN可以跨复杂网络组建局域网
service端的安装# 先更新一下镜像库 apt-get update # 下载安装脚本(如果访问不了,可以试试这个 https://download.csdn.net/download/s7799653/32472400) wget https://github.com/Nyr/openvpn-install -O openvpn-install.sh # 执行脚本 bash openvpn-install.sh # 根据提示安装即可配置
如果你希望只有在需要访问VPN的局域网的IP时才走局域网的流量,其他时候都用原来的路由设置,可以将server端/etc/openvpn/server/server.conf文件中的push "redirect-gateway def1 bypass-dhcp"和push "dhcp-option DNS 218.201.96.130"删除
默认是的掩码时255.255.225.0,如果觉得生成的IP数量太少或者要调整网段,可以调整/etc/openvpn/server/server.conf文件的server 10.8.0.0 255.255.255.0 ,掩码只能调整到255.255.0.0
生成client的ovpn文件# 在执行一遍安装,根据提示生成即可 bash openvpn-install.sh通过API自动生成OVPN文件
如果觉得每次都要去服务器上生成太麻烦,可以自己写个程序,来实现自动注册,删除。
我用go写了一个,大概思路就是用go执行cmd命令,生成ovpn文件(编译好的:https://download.csdn.net/download/s7799653/32513897):
package main
import (
"github.com/kataras/iris/v12"
"io/ioutil"
"os"
"os/exec"
"strings"
)
func main() {
// 创建 server app
app := iris.Default()
app.Use(VisitLog)
app.Handle("GET", "/ovpn", func(ctx iris.Context) {
name := ctx.PostValue("name")
if name == "" {
ctx.JSON("need name")
}
cmd := exec.Command("sh", "-c", "bash /usr/local/ovpn/newClient.sh "+name)
out, err := cmd.Output()
if err != nil {
ctx.Application().Logger().Error(err.Error())
}
ctx.Application().Logger().Info(string(out))
ovpnfile := "/usr/local/ovpn/" + name + ".ovpn"
ctx.SendFile(ovpnfile, ovpnfile)
})
app.Handle("GET", "/ovpn_list", func(ctx iris.Context) {
files, err := ioutil.ReadDir("/etc/openvpn/server/easy-rsa/pki/reqs/")
if err != nil {
ctx.Application().Logger().Error(err)
}
filesName := make([]string, 0)
for _, file := range files {
if file.Name() == "unsanitized_client.req" || file.Name() == "server.req" || file.Name() == "anti-covid-19-2.req" {
continue
}
filesName = append(filesName, strings.ReplaceAll(file.Name(), ".req", ""))
}
ctx.JSON(filesName)
})
app.Handle("GET", "/ovpn_ip", func(ctx iris.Context) {
ctx.SendFile("/etc/openvpn/server/ipp.txt", "ipp.txt")
})
app.Handle("DELETE", "/ovpn", func(ctx iris.Context) {
name := ctx.PostValue("name")
if name == "unsanitized_client" || name == "server" {
ctx.JSON("error")
}
os.Remove("/usr/local/ovpn/" + name + ".ovpn")
os.Remove("/etc/openvpn/server/easy-rsa/pki/reqs/" + name + ".req")
os.Remove("/etc/openvpn/server/easy-rsa/pki/private/" + name + ".key")
os.Remove("/etc/openvpn/server/easy-rsa/pki/issued/" + name + ".crt")
ctx.JSON("deleted")
})
app.Listen(":8080")
}
func VisitLog(ctx iris.Context) {
ctx.Application().Logger().Infof("%s %s %s", ctx.Method(), ctx.Path(), ctx.Request().Header.Get("User-Agent"))
if ctx.PostValue("password") != "123456" {
ctx.JSON("error")
return
}
ctx.Next()
}
new_client () {
# Generates the custom client.ovpn
{
cat /etc/openvpn/server/client-common.txt
echo ""
cat /etc/openvpn/server/easy-rsa/pki/ca.crt
echo " "
echo ""
sed -ne '/BEGIN CERTIFICATE/,$ p' /etc/openvpn/server/easy-rsa/pki/issued/"$client".crt
echo " "
echo ""
cat /etc/openvpn/server/easy-rsa/pki/private/"$client".key
echo " "
echo ""
sed -ne '/BEGIN OpenVPN Static key/,$ p' /etc/openvpn/server/tc.key
echo " "
} > /usr/local/ovpn/"$client".ovpn
}
echo
unsanitized_client=$1
client=$(sed 's/[^0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_-]/_/g' <<< "$unsanitized_client")
cd /etc/openvpn/server/easy-rsa/
EASYRSA_CERT_EXPIRE=3650 ./easyrsa build-client-full "$client" nopass
# Generates the custom client.ovpn
new_client
echo "$client added. Configuration available in:" /usr/local/ovpn/"$client.ovpn"
exit
API 使用说明
GET:8080/ovpn 创建新的 body 参数: password 123456 name <自己填>
DELETE:8080/ovpn 删除 body 参数: password 123456 name <要删的那个>
GET:8080/ovpn_list 获取已经创建的 body参数 password 123456
GET:8080/ovpn_ip 获取文件对应的IP body参数 password 123456
ovpn 文件保存到 /usr/local/ovpn/.ovpn,需要提前创建该目录,同时newClient.sh也要放到该目录下
client端 ubuntuapt-get install openvpn # 使用生成的openvpn文件。不设置路由,所有流量都用之前的配置,只有要访问vpn网络时,流量才会经过vpn openvpn --route-noexec --daemon --config /etc/openvpn/client/windows.ovpn
安装 https://openvpn.net/client-connect-vpn-for-windows/ 后,将ovpn文件导入即可
Android下载openvpn connect APP(https://openvpn-connect.en.softonic.com/android),导入ovpn文件
