Openwrt CC版固件搭建OpenVPN服务器实现移动设备免流量上网
本帖最后由 krv 于 2016/8/13 18:22 编辑刷固件等用串口操作时请出主意 串口调试时usb转串口模块波特率应设为115200 终端波特率应设为117500 否则乱码!!!
###############################################
#### 安装openvpn ####
###############################################
opkg update ; opkg install openvpn-openssl openvpn-easy-rsa luci-i18n-openvpn-zh-cn
###############################################
#### 配置vars参数 ####
###############################################
echo > /etc/easy-rsa/vars ; vi /etc/easy-rsa/vars
###添加以下参
export EASY_RSA="/etc/easy-rsa"
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"
export KEY_CONFIG=`/usr/sbin/whichopensslcnf $EASY_RSA`
export KEY_DIR="$EASY_RSA/keys"
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"
export KEY_SIZE=1024
export CA_EXPIRE=3650
export KEY_EXPIRE=3650
export KEY_COUNTRY="CN"
export KEY_PROVINCE="ZJ"
export KEY_CITY="ZJ"
export KEY_ORG="ZJ"
export KEY_EMAIL="ZJ@ZJ.com"
export KEY_OU="ZJ"
export KEY_NAME="EasyRSA"
###############################################
#### 创建密钥 ####
###############################################
# 创建密约的时候要求输入密码不懂得话全部留空 问要不要创建就输入y然后回车
build-ca
build-dh
build-key-server server
build-key-pkcs12 client1
cp /etc/easy-rsa/keys/ca.crt /etc/openvpn/
cp /etc/easy-rsa/keys/server.crt /etc/openvpn/
cp /etc/easy-rsa/keys/server.key /etc/openvpn/
cp /etc/easy-rsa/keys/dh1024.pem /etc/openvpn/
cp /etc/easy-rsa/keys/client1.crt /etc/openvpn/
cp /etc/easy-rsa/keys/client1.key /etc/openvpn/
###############################################
#### 配置网络及防火墙 ####
###############################################
vi /tmp/setupfirewall.sh
###添加以下代码:
###设置VPN接口
uci set network.vpn0="interface"
uci set network.vpn0.ifname="tun0"
uci set network.vpn0.proto="none"
uci set network.vpn0.auto="1"
uci commit network
uci add firewall rule
uci set firewall.@rule[-1].name="Allow-OpenVPN-Inbound"
uci set firewall.@rule[-1].target="ACCEPT"
uci set firewall.@rule[-1].src="wan"
uci set firewall.@rule[-1].proto="tcp"
uci set firewall.@rule[-1].dest_port="3389"#开放外网端口
uci add firewall zone
uci set firewall.@zone[-1].name="vpn"
uci set firewall.@zone[-1].input="ACCEPT"
uci set firewall.@zone[-1].forward="ACCEPT"
uci set firewall.@zone[-1].output="ACCEPT"
uci set firewall.@zone[-1].masq="1"
uci set firewall.@zone[-1].network="vpn0"
uci add firewall forwarding
uci set firewall.@forwarding[-1].src="vpn"
uci set firewall.@forwarding[-1].dest="wan"
uci add firewall forwarding
uci set firewall.@forwarding[-1].src="vpn"
uci set firewall.@forwarding[-1].dest="lan"
uci commit firewall
/etc/init.d/network reload;
/etc/init.d/firewall reload;
然后执行:
sh /tmp/setupfirewall.sh
###############################################
#### 创建openvpn服务器 ####
###############################################
vi /tmp/setupopenvpn.sh
###添加以下代码:
touch /etc/config/openvpn
uci delete openvpn.sample_server
uci delete openvpn.sample_client
uci delete openvpn.custom_config
uci set openvpn.myvpn='openvpn'
uci set openvpn.myvpn.enabled='1'
uci set openvpn.myvpn.proto='tcp-server'
uci set openvpn.myvpn.port='3389'#OpenVPN端口
uci set openvpn.myvpn.dev='tun'
uci set openvpn.myvpn.topology='subnet'
uci set openvpn.myvpn.server='10.8.0.0 255.255.255.0'
uci set openvpn.myvpn.comp_lzo='adaptive'
uci set openvpn.myvpn.ca='/etc/openvpn/ca.crt'
uci set openvpn.myvpn.dh='/etc/openvpn/dh1024.pem'
uci set openvpn.myvpn.cert='/etc/openvpn/server.crt'
uci set openvpn.myvpn.key='/etc/openvpn/server.key'
uci set openvpn.myvpn.persist_key='1'
uci set openvpn.myvpn.persist_tun='1'
uci set openvpn.myvpn.user='nobody'
uci set openvpn.myvpn.group='nogroup'
uci set openvpn.myvpn.max_clients='10'
uci set openvpn.myvpn.keepalive='10 120'
uci set openvpn.myvpn.verb='3'
uci set openvpn.myvpn.status='/var/log/openvpn_status.log'
uci set openvpn.myvpn.log='/tmp/openvpn.log'
uci add_list openvpn.myvpn.push='route 192.168.10.0 255.255.255.0' ###推送本地路由表,我这里是192.168.10.0, 你们自己看着改成自己的
uci add_list openvpn.myvpn.push='comp-lzo adaptive'
uci add_list openvpn.myvpn.push='redirect-gateway def1 bypass-dhcp' ###推送全部流量走VPN
uci add_list openvpn.myvpn.push='dhcp-option DNS 192.168.10.1' ###推送网关,我这里是192.168.10.1, 你们自己看着改成自己的
uci commit openvpn
/etc/init.d/openvpn start; /etc/init.d/openvpn enable ; sleep 2 ; cat /tmp/openvpn.log
###代码结束:
然后执行:
sh /tmp/setupopenvpn.sh
没问题的话就会显示openvpn成功 最后如下:
Initialization Sequence Completed
###############################################
#### 客户端配置文件 ####
###############################################
client
dev tun
proto tcp-client
remote 动态域名或IP 3389
resolv-retry infinite
nobind
persist-key
persist-tun
verb 3
<ca>
###复制ca.crt内容到这里###
</ca>
<cert>
###复制client1.crt内容到这里###
</cert>
<key>
###复制client1.key内容到这里###
</key>
######################################################
http-proxy 10.0.0.172 80
免流代码添这里
######################################################
大佬好厉害 小樱 发表于 2016/8/13 20:37
大佬好厉害
你比我更专业>_<
页:
[1]