我按照本文设置了一个 OpenVPN 服务器。
https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-16-04#step-9-start-and-enable-the-openvpn-service
服务器一切运行良好。
m@m-ubu1604:~/client-configs/files$ sudo openvpn --config client1.ovpn
Tue Aug 15 13:05:56 2017 OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 22 2017
Tue Aug 15 13:05:56 2017 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
Tue Aug 15 13:05:56 2017 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Tue Aug 15 13:05:56 2017 Control Channel Authentication: tls-auth using INLINE static key file
Tue Aug 15 13:05:56 2017 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Aug 15 13:05:56 2017 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Aug 15 13:05:56 2017 Socket Buffers: R=[212992->212992] S=[212992->212992]
Tue Aug 15 13:05:56 2017 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
Tue Aug 15 13:05:56 2017 UDPv4 link local: [undef]
Tue Aug 15 13:05:56 2017 UDPv4 link remote: [AF_INET]10.8.0.1:1194
Tue Aug 15 13:05:56 2017 TLS: Initial packet from [AF_INET]10.8.0.1:1194, sid=9af65e56 bf209786
Tue Aug 15 13:05:56 2017 VERIFY OK: depth=1, C=US, ST=NY, L=New York City, O=DigitalOcean, OU=Community, CN=DigitalOcean CA, name=server, [email protected]
Tue Aug 15 13:05:56 2017 Validating certificate key usage
Tue Aug 15 13:05:56 2017 ++ Certificate has key usage 00a0, expects 00a0
Tue Aug 15 13:05:56 2017 VERIFY KU OK
Tue Aug 15 13:05:56 2017 Validating certificate extended key usage
Tue Aug 15 13:05:56 2017 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Aug 15 13:05:56 2017 VERIFY EKU OK
Tue Aug 15 13:05:56 2017 VERIFY OK: depth=0, C=US, ST=NY, L=New York City, O=DigitalOcean, OU=Community, CN=server, name=server, [email protected]
Tue Aug 15 13:05:56 2017 Data Channel Encrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Tue Aug 15 13:05:56 2017 Data Channel Encrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Aug 15 13:05:56 2017 Data Channel Decrypt: Cipher 'AES-128-CBC' initialized with 128 bit key
Tue Aug 15 13:05:56 2017 Data Channel Decrypt: Using 256 bit message hash 'SHA256' for HMAC authentication
Tue Aug 15 13:05:56 2017 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Tue Aug 15 13:05:56 2017 [server] Peer Connection Initiated with [AF_INET]10.8.0.1:1194
Tue Aug 15 13:05:59 2017 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Tue Aug 15 13:05:59 2017 PUSH: Received control message: 'PUSH_REPLY,route 192.168.10.0 255.255.255.0,route 192.168.20.0 255.255.255.0,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Tue Aug 15 13:05:59 2017 OPTIONS IMPORT: timers and/or timeouts modified
Tue Aug 15 13:05:59 2017 OPTIONS IMPORT: --ifconfig/up options modified
Tue Aug 15 13:05:59 2017 OPTIONS IMPORT: route options modified
Tue Aug 15 13:05:59 2017 WARNING: potential conflict between --remote address [10.8.0.1] and --ifconfig address pair [10.8.0.6, 10.8.0.5] -- this is a warning only that is triggered when local/remote addresses exist within the same /24 subnet as --ifconfig endpoints. (silence this warning with --ifconfig-nowarn)
Tue Aug 15 13:05:59 2017 ROUTE_GATEWAY 10.0.0.1/255.255.255.0 IFACE=wlp4s0 HWADDR=14:ab:c5:83:82:ef
Tue Aug 15 13:05:59 2017 TUN/TAP device tun1 opened
Tue Aug 15 13:05:59 2017 TUN/TAP TX queue length set to 100
Tue Aug 15 13:05:59 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Aug 15 13:05:59 2017 /sbin/ip link set dev tun1 up mtu 1500
Tue Aug 15 13:05:59 2017 /sbin/ip addr add dev tun1 local 10.8.0.6 peer 10.8.0.5
Tue Aug 15 13:05:59 2017 /etc/openvpn/update-resolv-conf tun1 1500 1570 10.8.0.6 10.8.0.5 init
Tue Aug 15 13:05:59 2017 /sbin/ip route add 192.168.10.0/24 via 10.8.0.5
Tue Aug 15 13:05:59 2017 /sbin/ip route add 192.168.20.0/24 via 10.8.0.5
Tue Aug 15 13:05:59 2017 /sbin/ip route add 10.8.0.1/32 via 10.8.0.5
Tue Aug 15 13:05:59 2017 GID set to nogroup
Tue Aug 15 13:05:59 2017 UID set to nobody
Tue Aug 15 13:05:59 2017 Initialization Sequence Completed
我如何检查我来自浏览器或终端的请求是否通过了 Open VPN 服务器。
我对 www.google.com 进行了 curl 但在 openserver 终端上没有看到任何内容,以为终端上应该有一些命令表明有新的请求到来。
答案1
首先,要检查你的 IP,你可以运行:
myip="$(dig +short myip.opendns.com @resolver1.opendns.com)"
echo "My WAN/Public IP address: ${myip}"
从:https://www.cyberciti.biz/faq/how-to-find-my-public-ip-address-from-command-line-on-a-linux/
如果您的 IP 与服务器的 IP 匹配,则所有内容都将通过 VPN 进行。如果这不起作用,请尝试使用 GUI 工具,例如network-manager-openvpn,我使用这个工具的运气更好。