Openwrt CC版固件搭建OpenVPN服务器实现移动设备免流量上网

krv

刷固件等用串口操作时请出主意 串口调试时usb转串口模块波特率应设为115200 终端波特率应设为117500 否则乱码！！！

1. ###############################################
   
2. ####           安装openvpn                 ####
   
3. ###############################################
   
4. 
   
5. opkg update ; opkg install openvpn-openssl openvpn-easy-rsa luci-i18n-openvpn-zh-cn
   
6. 
   
7. ###############################################
   
8. ####           配置vars参数                ####
   
9. ###############################################
   
10. 
    
11. echo > /etc/easy-rsa/vars ; vi /etc/easy-rsa/vars
    
12. 
    
13. ###添加以下参
    
14. export EASY_RSA="/etc/easy-rsa"
    
15. export OPENSSL="openssl"
    
16. export PKCS11TOOL="pkcs11-tool"
    
17. export GREP="grep"
    
18. export KEY_CONFIG=`/usr/sbin/whichopensslcnf $EASY_RSA`
    
19. export KEY_DIR="$EASY_RSA/keys"
    
20. echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
    
21. export PKCS11_MODULE_PATH="dummy"
    
22. export PKCS11_PIN="dummy"
    
23. export KEY_SIZE=1024
    
24. export CA_EXPIRE=3650
    
25. export KEY_EXPIRE=3650
    
26. export KEY_COUNTRY="CN"
    
27. export KEY_PROVINCE="ZJ"
    
28. export KEY_CITY="ZJ"
    
29. export KEY_ORG="ZJ"
    
30. export KEY_EMAIL="ZJ@ZJ.com"
    
31. export KEY_OU="ZJ"
    
32. export KEY_NAME="EasyRSA"
    
33. 
    
34. ###############################################
    
35. ####             创建密钥                  ####
    
36. ###############################################
    
37. 
    
38. # 创建密约的时候要求输入密码不懂得话全部留空 问要不要创建就输入y然后回车
    
39. build-ca
    
40. build-dh
    
41. build-key-server server
    
42. build-key-pkcs12 client1
    
43. 
    
44. cp /etc/easy-rsa/keys/ca.crt /etc/openvpn/
    
45. cp /etc/easy-rsa/keys/server.crt /etc/openvpn/
    
46. cp /etc/easy-rsa/keys/server.key /etc/openvpn/
    
47. cp /etc/easy-rsa/keys/dh1024.pem /etc/openvpn/
    
48. cp /etc/easy-rsa/keys/client1.crt /etc/openvpn/
    
49. cp /etc/easy-rsa/keys/client1.key /etc/openvpn/
    
50. 
    
51. ###############################################
    
52. ####          配置网络及防火墙             ####
    
53. ###############################################
    
54. 
    
55. vi /tmp/setupfirewall.sh
    
56. 
    
57. ###添加以下代码：
    
58. ###设置VPN接口
    
59. uci set network.vpn0="interface"
    
60. uci set network.vpn0.ifname="tun0"
    
61. uci set network.vpn0.proto="none"
    
62. uci set network.vpn0.auto="1"
    
63. uci commit network
    
64. 
    
65. uci add firewall rule
    
66. uci set firewall.@rule[-1].name="Allow-OpenVPN-Inbound"
    
67. uci set firewall.@rule[-1].target="ACCEPT"
    
68. uci set firewall.@rule[-1].src="wan"
    
69. uci set firewall.@rule[-1].proto="tcp"
    
70. uci set firewall.@rule[-1].dest_port="3389"  #开放外网端口
    
71. uci add firewall zone
    
72. uci set firewall.@zone[-1].name="vpn"
    
73. uci set firewall.@zone[-1].input="ACCEPT"
    
74. uci set firewall.@zone[-1].forward="ACCEPT"
    
75. uci set firewall.@zone[-1].output="ACCEPT"
    
76. uci set firewall.@zone[-1].masq="1"
    
77. uci set firewall.@zone[-1].network="vpn0"
    
78. uci add firewall forwarding
    
79. uci set firewall.@forwarding[-1].src="vpn"
    
80. uci set firewall.@forwarding[-1].dest="wan"
    
81. uci add firewall forwarding
    
82. uci set firewall.@forwarding[-1].src="vpn"
    
83. uci set firewall.@forwarding[-1].dest="lan"
    
84. uci commit firewall
    
85. 
    
86. /etc/init.d/network reload;
    
87. /etc/init.d/firewall reload;
    
88. 
    
89. 然后执行：
    
90. sh /tmp/setupfirewall.sh
    
91. 
    
92. ###############################################
    
93. ####          创建openvpn服务器            ####
    
94. ###############################################
    
95. 
    
96. vi /tmp/setupopenvpn.sh
    
97. 
    
98. ###添加以下代码：
    
99. touch /etc/config/openvpn
    
100. uci delete openvpn.sample_server
     
101. uci delete openvpn.sample_client
     
102. uci delete openvpn.custom_config
     
103. 
     
104. uci set openvpn.myvpn='openvpn'
     
105. uci set openvpn.myvpn.enabled='1'
     
106. uci set openvpn.myvpn.proto='tcp-server'
     
107. uci set openvpn.myvpn.port='3389'  #OpenVPN端口
     
108. uci set openvpn.myvpn.dev='tun'
     
109. uci set openvpn.myvpn.topology='subnet'
     
110. uci set openvpn.myvpn.server='10.8.0.0 255.255.255.0'
     
111. uci set openvpn.myvpn.comp_lzo='adaptive'
     
112. uci set openvpn.myvpn.ca='/etc/openvpn/ca.crt'
     
113. uci set openvpn.myvpn.dh='/etc/openvpn/dh1024.pem'
     
114. uci set openvpn.myvpn.cert='/etc/openvpn/server.crt'
     
115. uci set openvpn.myvpn.key='/etc/openvpn/server.key'
     
116. uci set openvpn.myvpn.persist_key='1'
     
117. uci set openvpn.myvpn.persist_tun='1'
     
118. uci set openvpn.myvpn.user='nobody'
     
119. uci set openvpn.myvpn.group='nogroup'
     
120. uci set openvpn.myvpn.max_clients='10'
     
121. uci set openvpn.myvpn.keepalive='10 120'
     
122. uci set openvpn.myvpn.verb='3'
     
123. uci set openvpn.myvpn.status='/var/log/openvpn_status.log'
     
124. uci set openvpn.myvpn.log='/tmp/openvpn.log'
     
125. uci add_list openvpn.myvpn.push='route 192.168.10.0 255.255.255.0' ###推送本地路由表，我这里是192.168.10.0, 你们自己看着改成自己的
     
126. uci add_list openvpn.myvpn.push='comp-lzo adaptive'
     
127. uci add_list openvpn.myvpn.push='redirect-gateway def1 bypass-dhcp' ###推送全部流量走VPN
     
128. uci add_list openvpn.myvpn.push='dhcp-option DNS 192.168.10.1' ###推送网关，我这里是192.168.10.1, 你们自己看着改成自己的
     
129. uci commit openvpn
     
130. /etc/init.d/openvpn start; /etc/init.d/openvpn enable ; sleep 2 ; cat /tmp/openvpn.log
     
131. ###代码结束：
     
132. 
     
133. 然后执行：
     
134. sh /tmp/setupopenvpn.sh
     
135. 
     
136. 没问题的话就会显示openvpn成功 最后如下：
     
137. Initialization Sequence Completed
     
138. 
     
139. ###############################################
     
140. ####           客户端配置文件              ####
     
141. ###############################################
     
142. 
     
143. client
     
144. dev tun
     
145. proto tcp-client
     
146. remote 动态域名或IP 3389
     
147. resolv-retry infinite
     
148. nobind
     
149. persist-key
     
150. persist-tun
     
151. verb 3
     
152. <ca>
     
153. ###复制ca.crt内容到这里###
     
154. </ca>
     
155. <cert>
     
156. ###复制client1.crt内容到这里###
     
157. </cert>
     
158. <key>
     
159. ###复制client1.key内容到这里###
     
160. </key>
     
161. ######################################################
     
162. http-proxy      10.0.0.172 80
     
163. 免流代码添这里
     
164. ######################################################
     

复制代码

小樱

大佬好厉害

krv

小樱 发表于 2016/8/13 20:37
大佬好厉害

你比我更专业>_<