openvpn部署和迁移
wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.shserver.conflocal 192.168.0.163port 1194proto udpdev tunca ca.crtcert server.crtkey server.keydh dh.pemauth SHA512tls-cry
·
一、openvpn部署
注意事项:安装脚本在执行时有条件的同学可以写域名,便于后期迁移
wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh
server.conf
local 192.168.0.163
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-crypt tc.key
topology subnet
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
#添加默认网关解决连接后无法ssh的问题
#本示例网段是192.168.86.0/24,默认网关是192.168.86.2
push "route 192.168.86.0 255.255.255.0 gw 192.168.86.2"
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
#添加comp-lzo解决连接后无法访问域名问题
comp-lzo
keepalive 10 120
cipher AES-256-CBC
user nobody
group nobody
persist-key
persist-tun
verb 3
crl-verify crl.pem
explicit-exit-notify
客户端连接命令:
openvpn --daemon --cd /etc/openvpn/client/ --config duanshuaixing.ovpn --log-append /var/log/openvpn.log &
修改client配置文件
cp /etc/openvpn/server/client-common.txt /etc/openvpn/server/client-common.txt.bak
client
dev tun
proto udp
remote 154.85.41.27 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA512
cipher AES-256-CBC
#添加comp-lzo解决连接vpn后无法访问域名问题
comp-lzo
ignore-unknown-option block-outside-dns
#删除默认dns配置
#block-outside-dns
verb 3
二、openvpn监控平台部署
1、配置server端平台端关联
echo "management 0.0.0.0 5555" >>/etc/openvpn/server/server.conf
2、部署监控平台
参数说明:
访问域名:OPENVPNMONITOR_DEFAULT_DATETIMEFORMAT
监听主机:OPENVPNMONITOR_SITES_0_HOST
监听主机:OPENVPNMONITOR_SITES_1_HOST
docker run -itd -p 80:80 --name openvpn-monitor \
-e OPENVPNMONITOR_DEFAULT_DATETIMEFORMAT="portal.lab.onap.vip" \
-e OPENVPNMONITOR_DEFAULT_LATITUDE=-37 \
-e OPENVPNMONITOR_DEFAULT_LOGO=logo.jpg \
-e OPENVPNMONITOR_DEFAULT_LONGITUDE=144 \
-e OPENVPNMONITOR_DEFAULT_MAPS=True \
-e OPENVPNMONITOR_DEFAULT_MAPSHEIGHT=500 \
-e OPENVPNMONITOR_DEFAULT_SITE=Test \
-e OPENVPNMONITOR_SITES_0_ALIAS=UDP \
-e OPENVPNMONITOR_SITES_0_HOST=10.100.100.4 \
-e OPENVPNMONITOR_SITES_0_NAME=UDP \
-e OPENVPNMONITOR_SITES_0_PORT=5555 \
-e OPENVPNMONITOR_SITES_0_SHOWDISCONNECT=True \
-e OPENVPNMONITOR_SITES_1_ALIAS=TCP \
-e OPENVPNMONITOR_SITES_1_HOST=10.100.100.4 \
-e OPENVPNMONITOR_SITES_1_NAME=TCP \
-e OPENVPNMONITOR_SITES_1_PORT=5555 \
registry.baidubce.com/docker-hub/ruimarinho/openvpn-monitor:latest
三、openvpn迁移
1、环境:
1>server1迁移到server2
2>server1安装时指定的是域名,不涉及到客户端配置文件更改ip地址的问题
3>安装版本一致
2、迁移vpn
1>在server2上执行安装脚本,公网ip和server1填相同的域名、端口、协议等都需要相同
2>备份server1内的/etc/openvpn目录拷贝到server2
3>修改server.conf内local字段监听的本地ip
4>修改域名解析到server2
5>测试vpn登录是否正常
3、测试结果:迁移后使用原有客户端配置文件可以正常连接到openvpn server
更多推荐
2
0- 0
已为社区贡献1条内容
所有评论(0)