如何在 CentOS 8 上安裝 OpenVPN


本教程將向您展示如何在 CentOS 8 上安裝 OpenVPN。對於那些不知道的人,OpenVPN 是一個廣泛使用的開源應用程序,用於在不安全的開放公共互聯網上創建安全的數字專用網絡。 OpenVPN 是一種 SSL VPN 解決方案,可通過您的互聯網系統的關係安全地消除您。客戶端/服務器架構的 OpenVPN 功能。連接到虛擬專用網絡的所有特定設備的行為就像它們連接到局域網一樣。 通過 VPN 隧道發送的某些數據包使用 256 位 AES 加密進行加密,以防止數據被盜。

本文假設您至少具有 Linux 的基本知識,知道如何使用 shell,最重要的是,將您的網站託管在您的 VPS 上。安裝非常簡單,假設您在 root 帳戶下運行。如果沒有,您需要添加一個’。sudo‘向命令獲取root權限。 我們將逐步解釋如何在 CentOS8 上安裝 OpenVPN 服務器。

在 CentOS 8 上安裝 OpenVPN

步驟1。首先,確保您的系統是最新的。

sudo dnf clean all
sudo dnf update

步驟 2. 在 CentOS8 上安裝 OpenVPN。

然後從 GitHub 下載腳本並自動安裝 OpenVPN。

git clone https://github.com/Nyr/openvpn-install.git

然後切換到 openvpn-install 創建一個目錄並運行安裝程序腳本。

chmod +x openvpn-install.sh
sudo ./openvpn-install.sh

您應該得到以下輸出:

Welcome to this OpenVPN "road warrior" installer!
 I need to ask you a few questions before starting the setup.
 You can leave the default options and just press enter if you are ok with them.
 First, provide the IPv4 address of the network interface you want OpenVPN
 listening to.
 IP address: 192.168.77.20 This server is behind NAT. What is the public IPv4 address or hostname?
 Public IP address / hostname: vpn.idroot.us Which protocol do you want for OpenVPN connections?
    1) UDP (recommended)
    2) TCP
 Protocol [1-2]: 1 What port do you want OpenVPN listening to?
 Port: 148
 Which DNS do you want to use with the VPN?
    1) Current system resolvers
    2) 1.1.1.1
    3) Google
    4) OpenDNS
    5) Verisign
 DNS [1-5]: 3 Finally, tell me your name for the client certificate.
 Please, use one word only, no special characters.
 Client name: godetz Okay, that was all I needed. We are ready to set up your OpenVPN server now.
 Press any key to continue…
 Updating Subscription Management repositories.
 Updating Subscription Management repositories.
 Extra Packages for Enterprise Linux 8 - x86_64                                                                         189 kB/s |  16 MB     01:24    
 Last metadata expiration check: 0:00:40 ago on Wed 16 Dec 2019 09:36:46 PM EAT.
 Package epel-release-7-11.noarch is already installed.
 Dependencies resolved.
 Nothing to do.
 Complete!

主要的 OpenVPN 服務器配置文件是:/etc/openvpn/server.conf 隨意調整它以適應您的喜好。

$ cat  /etc/openvpn/server.conf 

port 148
proto udp
dev tun
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-auth ta.key 0
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 192.168.22.1"
keepalive 30 120
cipher AES-256-CBC
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3
crl-verify crl.pem

步驟 3. 生成 OpenVPN 用戶配置文件。

然後使用以下命令生成客戶端證書和密鑰。

$ sudo ./openvpn-install.sh

Looks like OpenVPN is already installed.
 What do you want to do?
    1) Add a new user
    2) Revoke an existing user
    3) Remove OpenVPN
    4) Exit
 Select an option [1-4]: 1 Tell me a name for the client certificate.
 Please, use one word only, no special characters.
 Client name: meilana
 Using SSL: openssl OpenSSL 1.1.1 FIPS  11 Sep 2018
 Can't load /etc/openvpn/easy-rsa/pki/.rnd into RNG
 139966006863680:error:2406F079:random number generator:RAND_load_file:Cannot open file:crypto/rand/randfile.c:90:Filename=/etc/openvpn/easy-rsa/pki/.rnd
 Generating a RSA private key
 ……………………………………………………………………..+++++
 ……………………………………….+++++
 writing new private key to '/etc/openvpn/easy-rsa/pki/private/meilana.key.SmeichedelicsaH'
 Using configuration from /etc/openvpn/easy-rsa/pki/safessl-easyrsa.cnf
 Can't load /etc/openvpn/easy-rsa/pki/.rnd into RNG
 13982808174100232:error:2406F079:random number generator:RAND_load_file:Cannot open file:crypto/rand/randfile.c:90:Filename=/etc/openvpn/easy-rsa/pki/.rnd
 Check that the request matches the signature
 Signature ok
 The Subject's Distinguished Name is as follows
 commonName            :ASN.1 12:'meilana'
 Certificate is to be certified until Dec 10 16:36:46 2026 GMT (3650 days)
 Write out database with 1 new entries
 Data Base Updated
 Client user1 added, configuration is available at: /root/meilana.ovpn

這個 .ovpn OpenVPN配置文件放在內部 /root 文件夾。

步驟 4. 從客戶端連接到 OpenVPN 服務器。

您可以使用與您的選擇關聯的 VPN 客戶端在您的操作系統上配置 OpenVPN 客戶端。任何想要使用官方 OpenVPN 客戶端的人都應該訪問以下網站: 下載頁面 安裝後獲取最新版本。

恭喜! OpenVPN 現已成功安裝。感謝您使用本教程在您的 CentOS 8 系統上安裝 OpenVPN 服務器。我們鼓勵您查看更多幫助和有用信息。 OpenVPN官網..