CenTos OpenVpn 一键安装包

2015年04月19日

原创内容,转载请注明出处:http://www.myzhenai.com.cn/post/2015.html http://www.myzhenai.com/thread-17453-1-1.html
关键字:centos openvpn 一键安装包 openvpn install script
pptp一键安装包网上有很多,但是openvpn的一键安装包却很少,这个是我自己写的一个一键安装脚本,利用yum进行安装的,所以安装的版本还算不低.默认会自动识别i386或是x86_64。同时支持centos5x和centos6x.不过好像centos7x还不能够兼容openvpn,起码我在源库里并没有看到有openvpn这个安装包.
虽然说是一键安装的脚本,但是在生成key和dh文件的时候还是需要一路回车并留意输入”y”回车. 因为在这几步这里我折腾了很久也不能实现自动交互,所以也只能是麻烦用户们在这里手动一下.安装完成后需要reboot重启服务器,如果出现无法连接的故障,请检查你服务端时间和本地时间.
一键安装脚本演示视频
Youtube:https://youtu.be/YHlwp8yN1yk
BaiduPan:链接: http://pan.baidu.com/s/1i3O7qQT 密码: wbm2
QQ:http://v.qq.com/boke/page/v/y/2/v0174hns6y2.html

#wget http://www.myzhenai.com.cn/openvpn.sh
## wget https://goo.gl/rht4E1?openvpn.sh
#sh openvpn.sh
#reboot

然后将/home/vpn.tar.gz这个文件下载到本地,这个就是客户端配置文件.

# !/bin/bash
#***************************************************************************************************************************************************#
# CenTos6 OpenVpn VPN Install Script                                                                           #
# Author: RucLinux                                                                                             #  
# Web: http://www.myzhenai.com.cn http://www.myzhenai.com http://www.haikou-china.com http://jiayu.mybabya.com #
yum install redhat-lsb -y
el=`rpm -qa |grep epel` && yum -q remove $el -y
version=`lsb_release -a|grep -e Release|awk -F ":" '{ print $2 }'|awk -F "." '{ print $1 }'`
rm -rf *.rpm
if [ $version == "6" ];then
if [ $(getconf WORD_BIT) = '32' ];then
wget http://apt.sw.be/redhat/el6/en/i386/rpmforge/RPMS/rpmforge-release-0.5.3-1.el6.rf.i686.rpm
rpm -ivh rpmforge-release-0.5.3-1.el6.rf.i686.rpm
else
wget http://apt.sw.be/redhat/el6/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
rpm -ivh rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
fi
fi
if [ $version == "5" ];then
if [ $(getconf WORD_BIT) = '32' ];then
wget http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.5.3-1.el5.rf.i386.rpm
rpm -ivh rpmforge-release-0.5.3-1.el5.rf.i386.rpm
else
wget http://apt.sw.be/redhat/el5/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.3-1.el5.rf.x86_64.rpm
rpm -ivh rpmforge-release-0.5.3-1.el5.rf.x86_64.rpm
fi
fi
if [ $version == "7" ];then
wget http://apt.sw.be/redhat/el7/en/x86_64/rpmforge/RPMS/rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm
rpm -ivh rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm
fi
yum remove openvpn -y
rm -rf /etc/openvpn/*
rm -rf /home/vpn
rm -rf /home/vpn.tar.gz
yum update -y
yum install gcc gcc-c++ lrzsz lzo openssl openssl-devel iptables pkcs11-helper pkcs11-helper-devel openssh-clients openvpn -y
easy=`find / -name easy-rsa` && cp -R $easy /etc/openvpn/
#if ! [ -d "$easy"];then
#yum install easy-rsa -y
#cp -R $easy /etc/openvpn/
#else
#cp -R $easy /etc/openvpn/
#fi
cd /etc/openvpn/easy-rsa/2.0/
chmod +rwx *
./vars
sed -i 's/export KEY_COUNTRY="US"/export KEY_COUNTRY="CN"/g' vars
sed -i 's/export KEY_PROVINCE="CA"/export KEY_PROVINCE="HN"/g' vars
sed -i 's/export KEY_CITY="SanFrancisco"/export KEY_CITY="HAIKOU"/g' vars
sed -i 's/export KEY_ORG="Fort-Funston"/export KEY_ORG="OpenVPN"/g' vars
sed -i 's/export KEY_EMAIL="me@myhost.mydomain"/export KEY_EMAIL="root@foxmail.com"/g' vars
sed -i 's/export KEY_EMAIL=mail@host.domain/export KEY_EMAIL=root@foxmail.com/g' vars
server=`find / -name sample-config-files` && cp $server/server.conf /etc/openvpn/
sed -i 's/;push "route 192.168.10.0 255.255.255.0"/push "route 192.168.10.0 255.255.255.0"/g' /etc/openvpn/server.conf
sed -i 's/;push "dhcp-option DNS 208.67.222.222"/push "dhcp-option DNS 8.8.8.8"/g' /etc/openvpn/server.conf
sed -i 's/;push "dhcp-option DNS 208.67.220.220"/push "dhcp-option DNS 8.8.4.4"/g' /etc/openvpn/server.conf
sed -i 's/;client-to-client/client-to-client/g' /etc/openvpn/server.conf
sed -i 's/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g' /etc/sysctl.conf
. ./vars
./clean-all
#echo -e "\n\n\n\n\n\n\n\n" | ./build-ca
#echo -e "\n\n\n\n\n\n\n\n\n\n" | ./build-key-server server && echo -e "\n\n\n\n\n\n\n\n\n\n" | ./build-key client-name
./build-ca
./build-key-server server
./build-key client-name
./build-dh
openssl rsa -in keys/client-name.key -out keys/client-name.pem
chmod +x keys/*
mkdir /home/vpn
size=`grep 'export KEY_SIZE=1024' $easy/2.0/vars`
if [[ $size == "export KEY_SIZE=1024" ]];then
cp keys/{ca.crt,ca.key,client-name.crt,client-name.csr,client-name.key,server.crt,server.key,dh1024.pem,client-name.pem} /etc/openvpn/
cp keys/{ca.crt,ca.key,client-name.crt,client-name.csr,client-name.key,server.crt,server.key,dh1024.pem,client-name.pem} /home/vpn/
else
cp keys/{ca.crt,ca.key,client-name.crt,client-name.csr,client-name.key,server.crt,server.key,dh2048.pem,client-name.pem} /etc/openvpn/
cp keys/{ca.crt,ca.key,client-name.crt,client-name.csr,client-name.key,server.crt,server.key,dh2048.pem,client-name.pem} /home/vpn/
fi
cd /home/
tar -zcvf vpn.tar.gz vpn/*
cd /
ip=`ifconfig -a|grep inet|grep -v 127.0.0.1|grep -v inet6|awk '{print $2}'|tr -d "addr:"`
iptables -F
service iptables save
service iptables restart
iptables -A INPUT -p tcp --dport 1194 -j ACCEPT
iptables -A INPUT -p udp --dport 1194 -j ACCEPT
iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -p tcp --dport 47 -j ACCEPT
iptables -A INPUT -p tcp --dport 2009 -j ACCEPT
iptables -A INPUT -p udp --dport 2009 -j ACCEPT
iptables -A INPUT -p gre -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -j SNAT --to-source $ip
iptables -t nat -A POSTROUTING -s 10.8.0.20/24 -j SNAT --to-source $ip
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source $ip
iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -j SNAT --to-source $ip
service iptables save
service iptables restart
#con=`grep '/usr/sbin/openvpn –config /etc/openvpn/server.conf &'` /etc/rc.local
#if [[ $con != "/usr/sbin/openvpn –config /etc/openvpn/server.conf &" ]];then
echo '/usr/sbin/openvpn –config /etc/openvpn/server.conf &' >> /etc/rc.local
#fi
#openvpn --config /etc/openvpn/server.conf &
chkconfig openvpn on
chkconfig iptables on
service openvpn start
echo '*********************************************************';
echo '****                                                 ****';
echo '****        End script installation                  ****';
echo '****  Please download your configuration file        ****';
echo '****  /home/vpn.tar.gz     to the local client       ****';
echo '****        http://www.myzhenai.com.cn               ****';

sicnature ---------------------------------------------------------------------
Your current IP address is: 54.198.3.15
Your IP address location: 国
Your IP address country and region: 美国 美国
Your current browser is:
Your current system is:
Original content, please indicate the source:
同福客栈论坛 | 海南仙岛海南乡情论坛 | JiaYu Blog
sicnature ---------------------------------------------------------------------
Welcome to reprint. Please indicate the source http://www.myzhenai.com.cn/post/2015.html

22条评论

  • 海南胡说 2015年04月19日在2:10 上午

    如果出现以下错误提示,请调整你服务器的时间和本地的时间.

    Apr 19 00:02:04 localhost nm-openvpn[17924]: NOTE: the current –script-security setting may allow this configuration to call user-defined scripts
    Apr 19 00:02:04 localhost nm-openvpn[17924]: UDPv4 link local: [undef]
    Apr 19 00:02:04 localhost nm-openvpn[17924]: UDPv4 link remote: [AF_INET]198.74.110.46:1194
    Apr 19 00:02:05 localhost nm-openvpn[17924]: VERIFY ERROR: depth=1, error=certificate is not yet valid: C=CN, ST=HN, L=HAIKOU, O=OpenVPN, OU=changeme, CN=changeme, name=changeme, emailAddress=root@foxmail.com
    Apr 19 00:02:05 localhost nm-openvpn[17924]: TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
    Apr 19 00:02:05 localhost nm-openvpn[17924]: TLS Error: TLS object -> incoming plaintext read error
    Apr 19 00:02:05 localhost nm-openvpn[17924]: TLS Error: TLS handshake failed
    Apr 19 00:02:05 localhost nm-openvpn[17924]: SIGUSR1[soft,tls-error] received, process restarting
    Apr 19 00:02:07 localhost nm-openvpn[17924]: WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

  • 福利天堂 2015年05月3日在1:45 下午

    你的网站做了好久呀

    • 海南胡说 2015年05月17日在2:04 上午

      是的,我的网站做了好几年了.

  • 22ee 2015年10月7日在2:27 上午

    Error: Package: perl-PathTools-3.2701-1.el5.rf.x86_64 (rpmforge)
    Requires: perl(VMS::Filespec)
    Error: Package: pkcs11-helper-devel-1.08-1.el5.rf.x86_64 (rpmforge)
    Requires: pkcs11-helper = 1.08-1.el5.rf
    Installed: pkcs11-helper-1.11-3.el7.x86_64 (@epel)
    pkcs11-helper = 1.11-3.el7
    Available: pkcs11-helper-1.08-1.el5.rf.x86_64 (rpmforge)
    pkcs11-helper = 1.08-1.el5.rf
    You could try using –skip-broken to work around the problem
    You could try running: rpm -Va –nofiles –nodigest
    cp: missing destination file operand after ‘/etc/openvpn/’
    Try ‘cp –help’ for more information.
    openvpn.sh: line 45: cd: /etc/openvpn/easy-rsa/2.0/: No such file or directory
    openvpn.sh: line 47: ./vars: No such file or directory
    sed: can’t read vars: No such file or directory
    sed: can’t read vars: No such file or directory
    sed: can’t read vars: No such file or directory
    sed: can’t read vars: No such file or directory
    sed: can’t read vars: No such file or directory
    sed: can’t read vars: No such file or directory
    cp: cannot stat ‘/server.conf’: No such file or directory
    sed: can’t read /etc/openvpn/server.conf: No such file or directory
    sed: can’t read /etc/openvpn/server.conf: No such file or directory
    sed: can’t read /etc/openvpn/server.conf: No such file or directory
    sed: can’t read /etc/openvpn/server.conf: No such file or directory
    openvpn.sh: line 60: ./vars: No such file or directory

  • 22ee 2015年10月7日在2:28 上午

    centos 7跑了一下你的shell,一大堆错误。多亏我没有在web上面执行,否则又麻烦了。Error: Package: perl-PathTools-3.2701-1.el5.rf.x86_64 (rpmforge)
    Requires: perl(VMS::Filespec)
    Error: Package: pkcs11-helper-devel-1.08-1.el5.rf.x86_64 (rpmforge)
    Requires: pkcs11-helper = 1.08-1.el5.rf
    Installed: pkcs11-helper-1.11-3.el7.x86_64 (@epel)
    pkcs11-helper = 1.11-3.el7
    Available: pkcs11-helper-1.08-1.el5.rf.x86_64 (rpmforge)
    pkcs11-helper = 1.08-1.el5.rf
    You could try using –skip-broken to work around the problem
    You could try running: rpm -Va –nofiles –nodigest
    cp: missing destination file operand after ‘/etc/openvpn/’
    Try ‘cp –help’ for more information.
    openvpn.sh: line 45: cd: /etc/openvpn/easy-rsa/2.0/: No such file or directory
    openvpn.sh: line 47: ./vars: No such file or directory
    sed: can’t read vars: No such file or directory
    sed: can’t read vars: No such file or directory
    sed: can’t read vars: No such file or directory
    sed: can’t read vars: No such file or directory
    sed: can’t read vars: No such file or directory
    sed: can’t read vars: No such file or directory
    cp: cannot stat ‘/server.conf’: No such file or directory
    sed: can’t read /etc/openvpn/server.conf: No such file or directory
    sed: can’t read /etc/openvpn/server.conf: No such file or directory
    sed: can’t read /etc/openvpn/server.conf: No such file or directory
    sed: can’t read /etc/openvpn/server.conf: No such file or directory
    openvpn.sh: line 60: ./vars: No such file or directory

    • 海南胡说 2015年10月8日在12:59 上午

      首先: 同时支持centos5x和centos6x.不过好像centos7x还不能够兼容openvpn,起码我在源库里并没有看到有openvpn这个安装包.

      我在一些安装源里没有看到openvpn的源码包,所以这个是一个问题,其二,你之前使用的是rpmforge的安装源,这里有一些软件包的版本和epel里的有冲突.版本不兼容. 所以导致安装不成功.pkcs11-helper 卸载这个软件包,并卸载rpmforge源.再重新安装看看. 谢谢.

      • oinstallation 2016年11月12日在4:13 下午

        centos 6.8,也跑不了后面的脚本。结果如下:

        cp: 在”/etc/openvpn/” 后缺少了要操作的目标文件
        请尝试执行”cp –help”来获取更多信息。
        openvpn.sh: line 46: cd: /etc/openvpn/easy-rsa/2.0/: 没有那个文件或目录
        openvpn.sh: line 48: ./vars: 没有那个文件或目录
        sed:无法读取 vars:没有那个文件或目录
        sed:无法读取 vars:没有那个文件或目录
        sed:无法读取 vars:没有那个文件或目录
        sed:无法读取 vars:没有那个文件或目录
        sed:无法读取 vars:没有那个文件或目录
        sed:无法读取 vars:没有那个文件或目录
        cp: 无法获取”/server.conf” 的文件状态(stat): 没有那个文件或目录
        sed:无法读取 /etc/openvpn/server.conf:没有那个文件或目录
        sed:无法读取 /etc/openvpn/server.conf:没有那个文件或目录
        sed:无法读取 /etc/openvpn/server.conf:没有那个文件或目录
        sed:无法读取 /etc/openvpn/server.conf:没有那个文件或目录
        openvpn.sh: line 61: ./vars: 没有那个文件或目录

      • oinstallation 2016年11月12日在4:51 下午

        换源就好了。你的脚本里的源更新一下就行。

  • uoo2 2015年10月23日在10:35 上午

    最后那个/home/vpn.tar.gz怎么下载?我是win7客户端

    • uoo2 2015年10月23日在3:28 下午

      哦不,是应该怎么用到win7上

    • 海南胡说 2015年10月24日在10:25 上午

      如果您是指openvpn怎么在win7上使用,那么您应该在win7上安装一个openvpn软件,至于怎么下载那个压缩包,您可以下载putty来连接并使用,可以通过putty使用scp来下载.

  • tom 2015年11月21日在9:03 下午

    一键安装太好了,WIN上的客户端安装后怎么配置呀!能不能在写写!?

    • 海南胡说 2015年11月28日在1:35 下午

      win上需要安装openvpn客户端程序才可以,谢谢

  • Homomimi 2016年04月18日在11:08 上午

    客户端的.ovpn文件怎么配置 不会弄了

  • iMoc 2016年07月1日在6:31 下午

    优化了一下你的代码,最后可以直接输出一个ovpn,QQ联系我一下 992844913,能上网,但是非常的慢,PPTP能到20Mbps,OpenVPN可能只有1Mbps都不到

    • 海南胡说 2016年07月2日在8:53 上午

      openvpn本来就是比pptp要慢一些,因为涉及到加密传输. 您可以更改一下本地的dns和服务端的dns看看.

  • jay 2016年09月29日在10:53 下午

    需要更新了,那个apt.sw.be网站已经打不开,可以试试用这个源
    http://www.rpmfind.net/linux/rpm2html/search.php?query=rpmforge-release

  • 海南胡说 2017年01月25日在6:52 上午

    Jan 25 06:24:11 localhost nm-openvpn[9451]: Authenticate/Decrypt packet error: cipher final failed
    Jan 25 06:24:21 localhost nm-openvpn[9451]: Authenticate/Decrypt packet error: cipher final failed
    Jan 25 06:24:31 localhost nm-openvpn[9451]: Authenticate/Decrypt packet error: cipher final failed
    Jan 25 06:24:41 localhost nm-openvpn[9451]: Authenticate/Decrypt packet error: cipher final failed
    Jan 25 06:24:51 localhost nm-openvpn[9451]: Authenticate/Decrypt packet error: cipher final failed
    Jan 25 06:25:02 localhost nm-openvpn[9451]: Authenticate/Decrypt packet error: cipher final failed
    Jan 25 06:25:12 localhost nm-openvpn[9451]: Authenticate/Decrypt packet error: cipher final failed
    Jan 25 06:25:20 localhost nm-openvpn[9451]: /sbin/ip addr del dev tun0 local 10.8.0.6 peer 10.8.0.5
    Jan 25 06:25:20 localhost NetworkManager[9375]: [1485296720.808686] [nm-system.c:1399] check_one_route(): (tun0): error -12 returned from rtnl_route_del(): Netlink Error (errno = No such process)

    If this happens to you, you probably have a mismatch in the configuration between server and client on the “cipher”-option. (E.g.: cipher AES-128-CB / cipher AES-256-CB) This is not a problem of DD-WRT or OpenVPN but just a config issue which can happen if you follow some of those guidelines strictly without knowing what the config options mean.
    如果这发生在你身上,你可能有一个错配在配置服务器与客户端之间的“密码”选项。(例如:密码aes-128-cb /密码aes-256-cb)这不是问题 DD-WRT或OpenVPN只是配置问题可以发生如果你遵循一些准则,严格不知道什么配置选项。

    如果出现以上错误, 请看一看你服务端上的 /etc/openvpn/server.conf 配置文件里的 cipher AES-256-CBC 是不是开启了, 如果这一项开启了, 本地客户端配置里也要开启这一个加密

发表评论

电子邮件地址不会被公开。 必填项已用*标注