support #47

搭建VPN

Added by 龙 辉 over 7 years ago. Updated over 4 years ago.

Status:进行中 Start date:06/25/2012
Priority:High Due date:07/31/2015
Assignee:龙 辉 % Done:

20%

Category:- Spent time: 8.00 hours
Target version:-

Description

在Amazon Web Services上,借助OpenVPN搭建自己的VPN服务,方便灰狐成员。

History

#1 Updated by 龙 辉 over 7 years ago

  • Assignee changed from 龙 辉 to 李 朱超

#2 Updated by 龙 辉 over 7 years ago

在 Linode VPS 上架设 VPN 服务,服务灰狐会员。

Debian 6 64位系统。

#3 Updated by 龙 辉 over 7 years ago

  • % Done changed from 0 to 10

VPN能用了,老猪V5。

#4 Updated by 李 朱超 over 7 years ago

  • Status changed from 进行中 to 已解决

#5 Updated by 龙 辉 about 7 years ago

  • % Done changed from 10 to 20

目前使用 pptpd - PPTP VPN daemon 到时迁移到 OpenVPN
/etc/ppp/chap-secrets

服务端返回:/usr/sbin/pppd local file /etc/ppp/pptpd-options 115200 172.16.16.1:172.16.16.100 ipparam 119.6.72.17 plugin /usr/lib/pptpd/

#6 Updated by 龙 辉 over 4 years ago

  • Due date changed from 07/31/2012 to 07/31/2015
  • Status changed from 已解决 to 进行中
  • Assignee changed from 李 朱超 to 龙 辉

利用好linode每月超过14TB的Month's Network Transfer Pool

#7 Updated by 龙 辉 over 4 years ago

  • Project changed from 安全 to OpenVPN

使用OpenVPN构建我们的VPN基础设施。

http://wiki.huihoo.com/wiki/OpenVPN

#8 Updated by 龙 辉 over 4 years ago

wget git.io/vpn --no-check-certificate -O openvpn-install.sh; bash openvpn-install.sh

Looks like OpenVPN is already installed
What do you want to do?

1) Add a cert for a new user
2) Revoke existing user cert
3) Remove OpenVPN
4) Exit

Select an option [1-4]: 1

Tell me a name for the client cert
Please, use one word only, no special characters
Client name: huihoo
NOTE: If you run ./clean-all, I will be doing a rm rf on /etc/openvpn/easy-rsa/2.0/keys
Using Common Name: huihoo
Generating a 2048 bit RSA private key
..........................................................+++
....+++
writing new private key to 'huihoo.key'
----

Using configuration from /etc/openvpn/easy-rsa/2.0/openssl-1.0.0.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'US'
stateOrProvinceName :PRINTABLE:'CA'
localityName :PRINTABLE:'SanFrancisco'
organizationName :PRINTABLE:'Fort-Funston'
organizationalUnitName:PRINTABLE:'changeme'
commonName :PRINTABLE:'huihoo'
name :PRINTABLE:'changeme'
emailAddress :IA5STRING:''
Certificate is to be certified until Jul 9 09:16:16 2025 GMT (3650 days)

Write out database with 1 new entries
Data Base Updated

Client huihoo added, certs available at ~/huihoo.ovpn

Also available in: Atom PDF