Welcome to the OpenVPN installer! The git repository is available at: https://github.com/angristan/openvpn-install
I need to ask you a few questions before starting the setup. You can leave the default options and just press enter if you are ok with them.
I need to know the IPv4 address of the network interface you want OpenVPN listening to. Unless your server is behind NAT, it should be your public IPv4 address. IP address: 192.168.2.118 此处填IPV4公网IP或者域名
1 2 3 4 5 6
Checking for IPv6 connectivity...
Your host does not appear to have IPv6 connectivity.
Do you want to enable IPv6 support (NAT)? [y/n]: n IPV6支持,有IPV4的话,可不开启
1 2 3 4 5 6
What port do you want OpenVPN to listen to? 1) Default: 1194 2) Custom 3) Random [49152-65535] Port choice [1-3]: 3 设置端口,不建议默认端口,可自定义或者随机
1 2 3 4 5 6
What protocol do you want OpenVPN to use? UDP is faster. Unless it is not available, you shouldn't use TCP. 1) UDP 2) TCP Protocol [1-2]: 2 选择UDP还是TCP连接,国内环境建议TCP,不用担心被阻断
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
What DNS resolvers do you want to use with the VPN? 1) Current system resolvers (from /etc/resolv.conf) 2) Self-hosted DNS Resolver (Unbound) 3) Cloudflare (Anycast: worldwide) 4) Quad9 (Anycast: worldwide) 5) Quad9 uncensored (Anycast: worldwide) 6) FDN (France) 7) DNS.WATCH (Germany) 8) OpenDNS (Anycast: worldwide) 9) Google (Anycast: worldwide) 10) Yandex Basic (Russia) 11) AdGuard DNS (Anycast: worldwide) 12) NextDNS (Anycast: worldwide) 13) Custom DNS [1-12]: 13 设置下发到客户端的dns,可以13自定义
1 2 3
Do you want to use compression? It is not recommended since the VORACLE attack makes use of it. Enable compression? [y/n]: n 是否开启压缩,人家说不安全,那就默认不开完事
1 2 3 4 5 6 7
Do you want to customize encryption settings? Unless you know what you're doing, you should stick with the default parameters provided by the script. Note that whatever you choose, all the choices presented in the script are safe. (Unlike OpenVPN's defaults) See https://github.com/angristan/openvpn-install#security-and-encryption to learn more.
Customize encryption settings? [y/n]: n 是否自定义加密设置,基本不需要,脚本默认的加密选项已经很高了
1 2 3 4
Okay, that was all I needed. We are ready to setup your OpenVPN server now. You will be able to generate a client at the end of the installation. Press any key to continue... 服务端配置完事了,回车等待安装完成即可!确保网络畅通
客户端配置
添加第一个客户端
服务端配置完成脚本会自动开始创建第一个客户端
1 2 3 4
Tell me a name for the client. The name must consist of alphanumeric character. It may also include an underscore or a dash. Client name:test 输入第一个客户端的名称
1 2 3 4 5 6
Do you want to protect the configuration file with a password? (e.g. encrypt the private key with a password) 1) Add a passwordless client 2) Use a password for the client Select an option [1-2]: 1 是否密码加密配置文件,基本不需要吧?
Notice ------ Keypair and certificate request completed. Your files are: req: /etc/openvpn/easy-rsa/pki/reqs/test.req key: /etc/openvpn/easy-rsa/pki/private/test.key Using configuration from /etc/openvpn/easy-rsa/pki/0039a394/temp.89eaf293 Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows commonName :ASN.1 12:'test' Certificate is to be certified until Jan 18 02:02:55 2035 GMT (3650 days) Write out database with 1 new entries Database updated Notice ------ Certificate created at: * /etc/openvpn/easy-rsa/pki/issued/test.crt Notice ------ Inline file created: * /etc/openvpn/easy-rsa/pki/inline/test.inline Client test added. The configuration file has been written to /root/test.ovpn. Download the .ovpn file and import it in your OpenVPN client. 部署完成!