linux基于docker如何安装openvpn服务端及客户端

这篇文章主要为大家展示了"linux基于docker如何安装openvpn服务端及客户端"，内容简而易懂，条理清晰，希望能够帮助大家解决疑惑，下面让小编带领大家一起研究并学习一下"linux基于docker如何安装openvpn服务端及客户端"这篇文章吧。

1.初始化docker

本文安装示例服务端IP：192.11.11.10

在本地创建openvpn配置存放目录

mkdir /data/public/openvpn

通过容器初始化配置等信息

docker run -v /data/public/openvpn:/etc/openvpn --rm kylemanna/openvpn ovpn_genconfig -u udp://openvpn.gongstring.comdocker run -v /data/public/openvpn:/etc/openvpn --rm -it kylemanna/openvpn ovpn_initpki

启动过程中需要输入域名和证书密码：

例如此处输入：vpn123pwd

下面是安装示例：

init-pki complete; you may now create a CA or requests.Your newly created PKI dir is: /etc/openvpn/pkiUsing SSL: openssl OpenSSL 1.1.1d  10 Sep 2019Enter New CA Key Passphrase: Re-Enter New CA Key Passphrase: Generating RSA private key, 2048 bit long modulus (2 primes).................+++++.......................................+++++e is 65537 (0x010001)Can't load /etc/openvpn/pki/.rnd into RNG140360007494984:error:2406F079:random number generator:RAND_load_file:Cannot open file:crypto/rand/randfile.c:98:Filename=/etc/openvpn/pki/.rndYou are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter '.', the field will be left blank.-----Common Name (eg: your user, host, or server name) [Easy-RSA CA]:openvpn.gongstring.comCA creation complete and you may now import and sign cert requests.Your new CA certificate file for publishing is at:/etc/openvpn/pki/ca.crtUsing SSL: openssl OpenSSL 1.1.1d  10 Sep 2019Generating DH parameters, 2048 bit long safe prime, generator 2This is going to take a long time.................+.........................................................................++*++*++*++*DH parameters of size 2048 created at /etc/openvpn/pki/dh.pemUsing SSL: openssl OpenSSL 1.1.1d  10 Sep 2019Generating a RSA private key...............+++++...............................................................................+++++writing new private key to '/etc/openvpn/pki/private/openvpn.gongstring.com.key.XXXXcMLjEc'-----Using configuration from /etc/openvpn/pki/safessl-easyrsa.cnfEnter pass phrase for /etc/openvpn/pki/private/ca.key:Check that the request matches the signatureSignature okThe Subject's Distinguished Name is as followscommonName            :ASN.1 12:'openvpn.gongstring.com'Certificate is to be certified until Aug  5 07:14:33 2023 GMT (1080 days)Write out database with 1 new entriesData Base UpdatedUsing SSL: openssl OpenSSL 1.1.1d  10 Sep 2019Using configuration from /etc/openvpn/pki/safessl-easyrsa.cnfEnter pass phrase for /etc/openvpn/pki/private/ca.key:An updated CRL has been created.CRL file: /etc/openvpn/pki/crl.pem

2.启动容器

docker run -d --name openvpn-server -v /data/public/openvpn/:/etc/openvpn  -p 1194:1194/udp --cap-add=NET_ADMIN  --restart always kylemanna/openvpn

3.生成客户端证书（可多次生成）

中间会需要添加上面的密码：vpn123pwd

docker run -v /data/public/openvpn/:/etc/openvpn --rm -it kylemanna/openvpn easyrsa build-client-full gongstring nopass

其中的gongstring可以换成自己的用户名

4.导出证书给客户端使用

docker run -v /data/public/openvpn/:/etc/openvpn --rm kylemanna/openvpn ovpn_getclient gongstring > /data/public/openvpn/clients/openvpn.gongstring.com.ovpn

执行完成后，在/data/public/openvpn/clients目录下面会出现文件openvpn.gongstring.com.ovpn

5.客户端使用

此处以centos7使用客户端连接为示例。

5.1添加镜像源安装openvpn客户端

vim /etc/yum.repo.d/epel.repo

[epel]name=Extra Packages for Enterprise Linux 7 - $basearchbaseurl=http://mirrors.aliyun.com/epel/7/$basearchfailovermethod=priorityenabled=1gpgcheck=0gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 [epel-debuginfo]name=Extra Packages for Enterprise Linux 7 - $basearch - Debugbaseurl=http://mirrors.aliyun.com/epel/7/$basearch/debugfailovermethod=priorityenabled=0gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7gpgcheck=0 [epel-source]name=Extra Packages for Enterprise Linux 7 - $basearch - Sourcebaseurl=http://mirrors.aliyun.com/epel/7/SRPMSfailovermethod=priorityenabled=0gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7gpgcheck=0

安装

yum makecacheyum update -yyum install -y openssl lzo pam openssl-devel lzo-devel pam-develyum install -y easy-rsayum install -y openvpn

5.2启动client

上传openvpn.gongstring.com.ovpn到服务器的/data/public/openvpn

mkdir -p /data/public/openvpn

可以在服务端使用命令将证书上传到客户端机器：

scp ./openvpn.gongstring.com.ovpn root@192.11.11.11:/data/public/openvpn

执行启动命令，注意客户端要能够通过openvpn.gongstring.com访问到服务端，且端口要开放。当然内网的话，最简单方式就是通过添加hosts。

192.11.11.10   openvpn.gongstring.com

/data/public/openvpnopenvpn ./openvpn.gongstring.com.ovpn

如果登陆成功，会出现如下提示：

Thu Aug 20 23:37:43 2020 OpenVPN 2.4.9 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 24 2020Thu Aug 20 23:37:43 2020 library versions: OpenSSL 1.0.2k-fips  26 Jan 2017, LZO 2.06Thu Aug 20 23:37:43 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]192.168.8.10:1194Thu Aug 20 23:37:43 2020 UDP link local: (not bound)Thu Aug 20 23:37:43 2020 UDP link remote: [AF_INET]192.168.8.10:1194Thu Aug 20 23:37:43 2020 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1541', remote='link-mtu 1542'Thu Aug 20 23:37:43 2020 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'Thu Aug 20 23:37:43 2020 [openvpn.gongstring.com] Peer Connection Initiated with [AF_INET]192.168.8.10:1194Thu Aug 20 23:37:44 2020 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:1: block-outside-dns (2.4.9)Thu Aug 20 23:37:44 2020 TUN/TAP device tun0 openedThu Aug 20 23:37:44 2020 /sbin/ip link set dev tun0 up mtu 1500Thu Aug 20 23:37:44 2020 /sbin/ip addr add dev tun0 local 192.168.255.6 peer 192.168.255.5Thu Aug 20 23:37:44 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent thisThu Aug 20 23:37:44 2020 Initialization Sequence Completed

以上是"linux基于docker如何安装openvpn服务端及客户端"这篇文章的所有内容，感谢各位的阅读！相信大家都有了一定的了解，希望分享的内容对大家有所帮助，如果还想学习更多知识，欢迎关注行业资讯频道！