Ubuntu部署OpenVPN服务

发表于 | 分类于 | 543
字数统计 3.5k | 阅读时长 20

0x00 前言

OpenVPN是一款跨平台的开源VPN软件,它利用虚拟网卡,以一种全新的方式实现了SSL VPN的功能,能够适应IP层之上的几乎所有应用。它使用TCP或UDP协议进行通信,相比于其它VPN,具有更好的NAT兼容性。

以下以腾讯云的Ubuntu 16.04.1 TLS 64位系统作为部署环境。
如无特别说明,以下所执行的命令都需要root权限。

0x01 创建证书

如果已经有证书,可以忽略本步操作。

安装easy-rsa

apt-get -y install easy-rsa

修改证书配置

cd /usr/share/easy-rsa

vi vars

修改以下变量的默认配置:

  1. export KEY_COUNTRY="US"
  2. export KEY_PROVINCE="CA"
  3. export KEY_CITY="SanFrancisco"
  4. export KEY_ORG="Fort-Funston"
  5. export KEY_EMAIL="me@myhost.mydomain"
  6. export KEY_OU="MyOrganizationalUnit"
  COPY

如:

  1. export KEY_COUNTRY="CN"
  2. export KEY_PROVINCE="GD"
  3. export KEY_CITY="Shenzhen"
  4. export KEY_ORG="drunkdream"
  5. export KEY_EMAIL="admin@drunkdream.com"
  6. export KEY_OU="drunkdream"
  COPY

# export KEY_CN="CommonName"改为:export KEY_CN="server"

source ./vars

./clean-all

生成根证书

./build-ca

如果出现以下错误:

140695501473432:error:0E065068:configuration file routines:STR_COPY:variable has no value:conf_def.c:584:line 198

139878249313944:error:0E065068:configuration file routines:STR_COPY:variable has no value:conf_def.c:584:line 220

请注释掉198行和220行的内容:

subjectAltName=$ENV::KEY_ALTNAMES

一路回车,完成后,会在keys目录下生成ca.crt和ca.key。

生成服务器证书和密钥

./build-key-server server

遇到Sign the certificate? [y/n]以及1 out of 1 certificate requests certified, commit? [y/n]

请输入y,并回车;其它情况直接回车即可。

完成后,会在keys目录下生成server.crt、server.csr、server.key三个文件。

生成Diffie-Hellman密钥

./build-dh

该步操作耗时较长,请耐心等待。

完成后,会在keys目录下生成dh2048.pem文件。

生成客户端证书和密钥

./build-key client

与前面的步骤相同,在Sign the certificate1 out of 1 certificate requests certified, commit?两处输入y并回车,其它地方直接回车即可。

完成后,会在keys目录下生成client.crt、client.csr、client.key三个文件。

0x02 安装OpenVPN并修改配置

apt-get -y install openvpn

OpenVPN的配置文件目录为:/etc/openvpn。

将之前生成的ca.crt、server.crt、server.key、dh2048.pem这四个文件拷贝到/etc/openvpn目录。

创建/etc/openvpn/server.conf文件,内容如下:

  1. #################################################
  2. # Sample OpenVPN 2.0 config file for            #
  3. # multi-client server.                          #
  4. #                                               #
  5. # This file is for the server side              #
  6. # of a many-clients <-> one-server              #
  7. # OpenVPN configuration.                        #
  8. #                                               #
  9. # OpenVPN also supports                         #
  10. # single-machine <-> single-machine             #
  11. # configurations (See the Examples page         #
  12. # on the web site for more info).               #
  13. #                                               #
  14. # This config should work on Windows            #
  15. # or Linux/BSD systems.  Remember on            #
  16. # Windows to quote pathnames and use            #
  17. # double backslashes, e.g.:                     #
  18. # "C:\\Program Files\\OpenVPN\\config\\foo.key" #
  19. #                                               #
  20. # Comments are preceded with '#' or ';'         #
  21. #################################################
  23. # Which local IP address should OpenVPN
  24. # listen on? (optional)
  25. ;local a.b.c.d
  27. # Which TCP/UDP port should OpenVPN listen on?
  28. # If you want to run multiple OpenVPN instances
  29. # on the same machine, use a different port
  30. # number for each one.  You will need to
  31. # open up this port on your firewall.
  32. port 1194
  34. # TCP or UDP server?
  35. ;proto tcp
  36. proto udp
  38. # "dev tun" will create a routed IP tunnel,
  39. # "dev tap" will create an ethernet tunnel.
  40. # Use "dev tap0" if you are ethernet bridging
  41. # and have precreated a tap0 virtual interface
  42. # and bridged it with your ethernet interface.
  43. # If you want to control access policies
  44. # over the VPN, you must create firewall
  45. # rules for the the TUN/TAP interface.
  46. # On non-Windows systems, you can give
  47. # an explicit unit number, such as tun0.
  48. # On Windows, use "dev-node" for this.
  49. # On most systems, the VPN will not function
  50. # unless you partially or fully disable
  51. # the firewall for the TUN/TAP interface.
  52. ;dev tap
  53. dev tun
  55. # Windows needs the TAP-Win32 adapter name
  56. # from the Network Connections panel if you
  57. # have more than one.  On XP SP2 or higher,
  58. # you may need to selectively disable the
  59. # Windows firewall for the TAP adapter.
  60. # Non-Windows systems usually don't need this.
  61. ;dev-node MyTap
  63. # SSL/TLS root certificate (ca), certificate
  64. # (cert), and private key (key).  Each client
  65. # and the server must have their own cert and
  66. # key file.  The server and all clients will
  67. # use the same ca file.
  68. #
  69. # See the "easy-rsa" directory for a series
  70. # of scripts for generating RSA certificates
  71. # and private keys.  Remember to use
  72. # a unique Common Name for the server
  73. # and each of the client certificates.
  74. #
  75. # Any X509 key management system can be used.
  76. # OpenVPN can also use a PKCS #12 formatted key file
  77. # (see "pkcs12" directive in man page).
  78. ca /etc/openvpn/ca.crt
  79. cert /etc/openvpn/server.crt
  80. key /etc/openvpn/server.key  # This file should be kept secret
  82. # Diffie hellman parameters.
  83. # Generate your own with:
  84. #   openssl dhparam -out dh2048.pem 2048
  85. dh /etc/openvpn/dh2048.pem
  87. # Network topology
  88. # Should be subnet (addressing via IP)
  89. # unless Windows clients v2.0.9 and lower have to
  90. # be supported (then net30, i.e. a /30 per client)
  91. # Defaults to net30 (not recommended)
  92. ;topology subnet
  94. # Configure server mode and supply a VPN subnet
  95. # for OpenVPN to draw client addresses from.
  96. # The server will take 10.8.0.1 for itself,
  97. # the rest will be made available to clients.
  98. # Each client will be able to reach the server
  99. # on 10.8.0.1. Comment this line out if you are
  100. # ethernet bridging. See the man page for more info.
  101. server 192.168.1.0 255.255.255.0
  103. # Maintain a record of client <-> virtual IP address
  104. # associations in this file.  If OpenVPN goes down or
  105. # is restarted, reconnecting clients can be assigned
  106. # the same virtual IP address from the pool that was
  107. # previously assigned.
  108. ifconfig-pool-persist ipp.txt
  110. # Configure server mode for ethernet bridging.
  111. # You must first use your OS's bridging capability
  112. # to bridge the TAP interface with the ethernet
  113. # NIC interface.  Then you must manually set the
  114. # IP/netmask on the bridge interface, here we
  115. # assume 10.8.0.4/255.255.255.0.  Finally we
  116. # must set aside an IP range in this subnet
  117. # (start=10.8.0.50 end=10.8.0.100) to allocate
  118. # to connecting clients.  Leave this line commented
  119. # out unless you are ethernet bridging.
  120. ;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
  122. # Configure server mode for ethernet bridging
  123. # using a DHCP-proxy, where clients talk
  124. # to the OpenVPN server-side DHCP server
  125. # to receive their IP address allocation
  126. # and DNS server addresses.  You must first use
  127. # your OS's bridging capability to bridge the TAP
  128. # interface with the ethernet NIC interface.
  129. # Note: this mode only works on clients (such as
  130. # Windows), where the client-side TAP adapter is
  131. # bound to a DHCP client.
  132. ;server-bridge
  134. # Push routes to the client to allow it
  135. # to reach other private subnets behind
  136. # the server.  Remember that these
  137. # private subnets will also need
  138. # to know to route the OpenVPN client
  139. # address pool (10.8.0.0/255.255.255.0)
  140. # back to the OpenVPN server.
  141. ;push "route 192.168.10.0 255.255.255.0"
  142. ;push "route 192.168.20.0 255.255.255.0"
  144. # To assign specific IP addresses to specific
  145. # clients or if a connecting client has a private
  146. # subnet behind it that should also have VPN access,
  147. # use the subdirectory "ccd" for client-specific
  148. # configuration files (see man page for more info).
  150. # EXAMPLE: Suppose the client
  151. # having the certificate common name "Thelonious"
  152. # also has a small subnet behind his connecting
  153. # machine, such as 192.168.40.128/255.255.255.248.
  154. # First, uncomment out these lines:
  155. ;client-config-dir ccd
  156. ;route 192.168.40.128 255.255.255.248
  157. # Then create a file ccd/Thelonious with this line:
  158. #   iroute 192.168.40.128 255.255.255.248
  159. # This will allow Thelonious' private subnet to
  160. # access the VPN.  This example will only work
  161. # if you are routing, not bridging, i.e. you are
  162. # using "dev tun" and "server" directives.
  164. # EXAMPLE: Suppose you want to give
  165. # Thelonious a fixed VPN IP address of 10.9.0.1.
  166. # First uncomment out these lines:
  167. ;client-config-dir ccd
  168. ;route 10.9.0.0 255.255.255.252
  169. # Then add this line to ccd/Thelonious:
  170. #   ifconfig-push 10.9.0.1 10.9.0.2
  172. # Suppose that you want to enable different
  173. # firewall access policies for different groups
  174. # of clients.  There are two methods:
  175. # (1) Run multiple OpenVPN daemons, one for each
  176. #     group, and firewall the TUN/TAP interface
  177. #     for each group/daemon appropriately.
  178. # (2) (Advanced) Create a script to dynamically
  179. #     modify the firewall in response to access
  180. #     from different clients.  See man
  181. #     page for more info on learn-address script.
  182. ;learn-address ./script
  184. # If enabled, this directive will configure
  185. # all clients to redirect their default
  186. # network gateway through the VPN, causing
  187. # all IP traffic such as web browsing and
  188. # and DNS lookups to go through the VPN
  189. # (The OpenVPN server machine may need to NAT
  190. # or bridge the TUN/TAP interface to the internet
  191. # in order for this to work properly).
  192. push "redirect-gateway def1 bypass-dhcp"
  194. # Certain Windows-specific network settings
  195. # can be pushed to clients, such as DNS
  196. # or WINS server addresses.  CAVEAT:
  197. # http://openvpn.net/faq.html#dhcpcaveats
  198. # The addresses below refer to the public
  199. # DNS servers provided by opendns.com.
  200. push "dhcp-option DNS 114.114.114.114"
  201. push "dhcp-option DNS 8.8.8.8"
  203. # Uncomment this directive to allow different
  204. # clients to be able to "see" each other.
  205. # By default, clients will only see the server.
  206. # To force clients to only see the server, you
  207. # will also need to appropriately firewall the
  208. # server's TUN/TAP interface.
  209. client-to-client
  211. # Uncomment this directive if multiple clients
  212. # might connect with the same certificate/key
  213. # files or common names.  This is recommended
  214. # only for testing purposes.  For production use,
  215. # each client should have its own certificate/key
  216. # pair.
  217. #
  218. # IF YOU HAVE NOT GENERATED INDIVIDUAL
  219. # CERTIFICATE/KEY PAIRS FOR EACH CLIENT,
  220. # EACH HAVING ITS OWN UNIQUE "COMMON NAME",
  221. # UNCOMMENT THIS LINE OUT.
  222. duplicate-cn
  224. # The keepalive directive causes ping-like
  225. # messages to be sent back and forth over
  226. # the link so that each side knows when
  227. # the other side has gone down.
  228. # Ping every 10 seconds, assume that remote
  229. # peer is down if no ping received during
  230. # a 120 second time period.
  231. keepalive 10 120
  233. # For extra security beyond that provided
  234. # by SSL/TLS, create an "HMAC firewall"
  235. # to help block DoS attacks and UDP port flooding.
  236. #
  237. # Generate with:
  238. #   openvpn --genkey --secret ta.key
  239. #
  240. # The server and each client must have
  241. # a copy of this key.
  242. # The second parameter should be '0'
  243. # on the server and '1' on the clients.
  244. ;tls-auth ta.key 0 # This file is secret
  246. # Select a cryptographic cipher.
  247. # This config item must be copied to
  248. # the client config file as well.
  249. ;cipher BF-CBC        # Blowfish (default)
  250. ;cipher AES-128-CBC   # AES
  251. ;cipher DES-EDE3-CBC  # Triple-DES
  253. # Enable compression on the VPN link.
  254. # If you enable it here, you must also
  255. # enable it in the client config file.
  256. comp-lzo
  258. # The maximum number of concurrently connected
  259. # clients we want to allow.
  260. ;max-clients 100
  262. # It's a good idea to reduce the OpenVPN
  263. # daemon's privileges after initialization.
  264. #
  265. # You can uncomment this out on
  266. # non-Windows systems.
  267. user nobody
  268. group nogroup
  270. # The persist options will try to avoid
  271. # accessing certain resources on restart
  272. # that may no longer be accessible because
  273. # of the privilege downgrade.
  274. persist-key
  275. persist-tun
  277. # Output a short status file showing
  278. # current connections, truncated
  279. # and rewritten every minute.
  280. status openvpn-status.log
  282. # By default, log messages will go to the syslog (or
  283. # on Windows, if running as a service, they will go to
  284. # the "\Program Files\OpenVPN\log" directory).
  285. # Use log or log-append to override this default.
  286. # "log" will truncate the log file on OpenVPN startup,
  287. # while "log-append" will append to it.  Use one
  288. # or the other (but not both).
  289. log         /var/log/openvpn.log
  290. log-append  /var/log/openvpn.log
  292. # Set the appropriate level of log
  293. # file verbosity.
  294. #
  295. # 0 is silent, except for fatal errors
  296. # 4 is reasonable for general usage
  297. # 5 and 6 can help to debug connection problems
  298. # 9 is extremely verbose
  299. verb 3
  301. # Silence repeating messages.  At most 20
  302. # sequential messages of the same message
  303. # category will be output to the log.
  304. ;mute 20
  COPY

server 192.168.1.0 255.255.255.0

这行可以根据期望分配的ip段进行相应修改。

0x03 开启iptables的NAT功能

开启ip数据包转发

修改/etc/sysctl.conf文件,去掉#net.ipv4.ip_forward=1前面的#,并保存

sysctl –p

这样就开启了ip数据包转发功能,从而支持在多个网卡间转发数据。

配置NAT转发规则

iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE

将所有来自VPN网段的数据都转发到eth0网卡,并修改源ip为eth0的网卡ip。

开启防火墙策略

iptables -A INPUT -p UDP –dport 1194 -j ACCEPT

此外,还要在腾讯云的云主机控制台中增加入站规则。

0x04 开启服务

systemctl start openvpn@server
systemctl enable openvpn@server

0x05 测试OpenVPN客户端

下载Windows版的OpenVPN安装程序,安装到系统中。

将前面生成的ca.crt、client.crt、client.key三个文件拷贝到电脑中,如:D:\openvpn目录。

将安装目录下sample-config目录中的client.ovpn文件拷贝到config目录下,并修改服务端ip和证书路径配置。

修改后的client.ovpn内容如下:

  1. ##############################################
  2. # Sample client-side OpenVPN 2.0 config file #
  3. # for connecting to multi-client server.     #
  4. #                                            #
  5. # This configuration can be used by multiple #
  6. # clients, however each client should have   #
  7. # its own cert and key files.                #
  8. #                                            #
  9. # On Windows, you might want to rename this  #
  10. # file so it has a .ovpn extension           #
  11. ##############################################
  13. # Specify that we are a client and that we
  14. # will be pulling certain config file directives
  15. # from the server.
  16. client
  18. # Use the same setting as you are using on
  19. # the server.
  20. # On most systems, the VPN will not function
  21. # unless you partially or fully disable
  22. # the firewall for the TUN/TAP interface.
  23. ;dev tap
  24. dev tun
  26. # Windows needs the TAP-Win32 adapter name
  27. # from the Network Connections panel
  28. # if you have more than one.  On XP SP2,
  29. # you may need to disable the firewall
  30. # for the TAP adapter.
  31. ;dev-node MyTap
  33. # Are we connecting to a TCP or
  34. # UDP server?  Use the same setting as
  35. # on the server.
  36. ;proto tcp
  37. proto udp
  39. # The hostname/IP and port of the server.
  40. # You can have multiple remote entries
  41. # to load balance between the servers.
  42. remote 1.2.3.4 1194
  43. ;remote my-server-2 1194
  45. # Choose a random host from the remote
  46. # list for load-balancing.  Otherwise
  47. # try hosts in the order specified.
  48. ;remote-random
  50. # Keep trying indefinitely to resolve the
  51. # host name of the OpenVPN server.  Very useful
  52. # on machines which are not permanently connected
  53. # to the internet such as laptops.
  54. resolv-retry infinite
  56. # Most clients don't need to bind to
  57. # a specific local port number.
  58. nobind
  60. # Downgrade privileges after initialization (non-Windows only)
  61. ;user nobody
  62. ;group nobody
  64. # Try to preserve some state across restarts.
  65. persist-key
  66. persist-tun
  68. # If you are connecting through an
  69. # HTTP proxy to reach the actual OpenVPN
  70. # server, put the proxy server/IP and
  71. # port number here.  See the man page
  72. # if your proxy server requires
  73. # authentication.
  74. ;http-proxy-retry # retry on connection failures
  75. ;http-proxy [proxy server] [proxy port #]
  77. # Wireless networks often produce a lot
  78. # of duplicate packets.  Set this flag
  79. # to silence duplicate packet warnings.
  80. ;mute-replay-warnings
  82. # SSL/TLS parms.
  83. # See the server config file for more
  84. # description.  It's best to use
  85. # a separate .crt/.key file pair
  86. # for each client.  A single ca
  87. # file can be used for all clients.
  88. ca D:\\openvpn\\ca.crt
  89. cert D:\\openvpn\\client.crt
  90. key D:\\openvpn\\client.key
  92. # Verify server certificate by checking that the
  93. # certicate has the correct key usage set.
  94. # This is an important precaution to protect against
  95. # a potential attack discussed here:
  96. #  http://openvpn.net/howto.html#mitm
  97. #
  98. # To use this feature, you will need to generate
  99. # your server certificates with the keyUsage set to
  100. #   digitalSignature, keyEncipherment
  101. # and the extendedKeyUsage to
  102. #   serverAuth
  103. # EasyRSA can do this for you.
  104. remote-cert-tls server
  106. # If a tls-auth key is used on the server
  107. # then every client must also have the key.
  108. ;tls-auth ta.key 1
  110. # Select a cryptographic cipher.
  111. # If the cipher option is used on the server
  112. # then you must also specify it here.
  113. ;cipher x
  115. # Enable compression on the VPN link.
  116. # Don't enable this unless it is also
  117. # enabled in the server config file.
  118. comp-lzo
  120. # Set log file verbosity.
  121. verb 3
  123. # Silence repeating messages
  124. ;mute 20
  COPY

还有一种把证书插入到ovpn文件中的写法,这样可以不用额外提供三个证书文件。

去掉client.ovpn文件中的以下三行:

ca D:\openvpn\ca.crt
cert D:\openvpn\client.crt
key D:\openvpn\client.key

并在文件末尾加入以下内容:

  1. ###############################################################################
  2. # The certificate file of the destination VPN Server.
  3. # 
  4. # The CA certificate file is embedded in the inline format.
  5. # You can replace this CA contents if necessary.
  6. # Please note that if the server certificate is not a self-signed, you have to
  7. # specify the signer's root certificate (CA) here.
  9. <ca>
  10. -----BEGIN CERTIFICATE-----
  11. MIIDAzCCAeugAwIBAgIEEUA4CTANBgkqhkiG9w0BAQsFADA5MRMwEQYDVQQDDAo0
  12. NzFiY2p5LmpwMRUwEwYDVQQKDAxudTU4NW92IHIxaGwxCzAJBgNVBAYTAlVTMB4X
  13. DTE2MDIyOTAyNDQxNloXDTIzMDQyMDAyNDQxNlowOTETMBEGA1UEAwwKNDcxYmNq
  14. eS5qcDEVMBMGA1UECgwMbnU1ODVvdiByMWhsMQswCQYDVQQGEwJVUzCCASIwDQYJ
  15. KoZIhvcNAQEBBQADggEPADCCAQoCggEBAPLuy9Hppm1GGFOtpuMJ3fcj1RsHxoMc
  16. Enr721gq8eYOsddULlMRv5IJMIQZb+8g0mmcZAw4x7Rl3YCptopjrVDDYDl4Ul3y
  17. OwG1EfKJiqGlXM5asdMgk6tU/oB7RMGtjLzVcNSOge24+PigrsRQLS3WcEHX0q6F
  18. WdsvPVnbUzceoug/l+zkA8IVf2eFna9x0WldwjLqJAbcL6YILSKHTpHw40yl44+R
  19. /LBNNVvuUWyVm8FReMbQf0tkRqvl+ZRlpnb3pQ68FWhXfwE9nZD/hbbjcmgf9bMg
  20. cEDI72pCqlw00QodnhwPQJVnhRFQr1u7aMEdXyBzGpdfdOY8GAPP2KkCAwEAAaMT
  21. MBEwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAOG1qYZLpLhmr
  22. WJMMht7ktkWtLD33DUjimS0hj3Z90JsHE/Vwlqi4c+AQUtw2dX/ZfGTRj83aK/cA
  23. GGQ5lW4HudNi6yCr40Ekl7EVeNAUQ+DM8TpAgYq8Hr/qVDGZDCxu61iaR/Qugh4P
  24. qM4YHLlJO140WXto0w3T4SkDGbIsiJnCsUOMzjStRIhKyXl+K62ozuuZAAW6vRTe
  25. kxz9+IHYc/kbAwoU009u+V11mtIzGvJaXhx95YaZX1nkqbH03pdgb4TcG41nXEmE
  26. t7BXXGira4UJmLD8t7VK0LRlmZ+9X2NB5URima6yB23UAILDIX4371QFDvbo8px5
  27. Cym58IyGLA==
  28. -----END CERTIFICATE-----
  30. </ca>
  33. ###############################################################################
  34. # The client certificate file (dummy).
  35. # 
  36. # In some implementations of OpenVPN Client software
  37. # (for example: OpenVPN Client for iOS),
  38. # a pair of client certificate and private key must be included on the
  39. # configuration file due to the limitation of the client.
  40. # So this sample configuration file has a dummy pair of client certificate
  41. # and private key as follows.
  43. <cert>
  44. -----BEGIN CERTIFICATE-----
  45. MIICxjCCAa4CAQAwDQYJKoZIhvcNAQEFBQAwKTEaMBgGA1UEAxMRVlBOR2F0ZUNs
  46. aWVudENlcnQxCzAJBgNVBAYTAkpQMB4XDTEzMDIxMTAzNDk0OVoXDTM3MDExOTAz
  47. MTQwN1owKTEaMBgGA1UEAxMRVlBOR2F0ZUNsaWVudENlcnQxCzAJBgNVBAYTAkpQ
  48. MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5h2lgQQYUjwoKYJbzVZA
  49. 5VcIGd5otPc/qZRMt0KItCFA0s9RwReNVa9fDRFLRBhcITOlv3FBcW3E8h1Us7RD
  50. 4W8GmJe8zapJnLsD39OSMRCzZJnczW4OCH1PZRZWKqDtjlNca9AF8a65jTmlDxCQ
  51. CjntLIWk5OLLVkFt9/tScc1GDtci55ofhaNAYMPiH7V8+1g66pGHXAoWK6AQVH67
  52. XCKJnGB5nlQ+HsMYPV/O49Ld91ZN/2tHkcaLLyNtywxVPRSsRh480jju0fcCsv6h
  53. p/0yXnTB//mWutBGpdUlIbwiITbAmrsbYnjigRvnPqX1RNJUbi9Fp6C2c/HIFJGD
  54. ywIDAQABMA0GCSqGSIb3DQEBBQUAA4IBAQChO5hgcw/4oWfoEFLu9kBa1B//kxH8
  55. hQkChVNn8BRC7Y0URQitPl3DKEed9URBDdg2KOAz77bb6ENPiliD+a38UJHIRMqe
  56. UBHhllOHIzvDhHFbaovALBQceeBzdkQxsKQESKmQmR832950UCovoyRB61UyAV7h
  57. +mZhYPGRKXKSJI6s0Egg/Cri+Cwk4bjJfrb5hVse11yh4D9MHhwSfCOH+0z4hPUT
  58. Fku7dGavURO5SVxMn/sL6En5D+oSeXkadHpDs+Airym2YHh15h0+jPSOoR6yiVp/
  59. 6zZeZkrN43kuS73KpKDFjfFPh8t4r1gOIjttkNcQqBccusnplQ7HJpsk
  60. -----END CERTIFICATE-----
  62. </cert>
  64. <key>
  65. -----BEGIN RSA PRIVATE KEY-----
  66. MIIEpAIBAAKCAQEA5h2lgQQYUjwoKYJbzVZA5VcIGd5otPc/qZRMt0KItCFA0s9R
  67. wReNVa9fDRFLRBhcITOlv3FBcW3E8h1Us7RD4W8GmJe8zapJnLsD39OSMRCzZJnc
  68. zW4OCH1PZRZWKqDtjlNca9AF8a65jTmlDxCQCjntLIWk5OLLVkFt9/tScc1GDtci
  69. 55ofhaNAYMPiH7V8+1g66pGHXAoWK6AQVH67XCKJnGB5nlQ+HsMYPV/O49Ld91ZN
  70. /2tHkcaLLyNtywxVPRSsRh480jju0fcCsv6hp/0yXnTB//mWutBGpdUlIbwiITbA
  71. mrsbYnjigRvnPqX1RNJUbi9Fp6C2c/HIFJGDywIDAQABAoIBAERV7X5AvxA8uRiK
  72. k8SIpsD0dX1pJOMIwakUVyvc4EfN0DhKRNb4rYoSiEGTLyzLpyBc/A28Dlkm5eOY
  73. fjzXfYkGtYi/Ftxkg3O9vcrMQ4+6i+uGHaIL2rL+s4MrfO8v1xv6+Wky33EEGCou
  74. QiwVGRFQXnRoQ62NBCFbUNLhmXwdj1akZzLU4p5R4zA3QhdxwEIatVLt0+7owLQ3
  75. lP8sfXhppPOXjTqMD4QkYwzPAa8/zF7acn4kryrUP7Q6PAfd0zEVqNy9ZCZ9ffho
  76. zXedFj486IFoc5gnTp2N6jsnVj4LCGIhlVHlYGozKKFqJcQVGsHCqq1oz2zjW6LS
  77. oRYIHgECgYEA8zZrkCwNYSXJuODJ3m/hOLVxcxgJuwXoiErWd0E42vPanjjVMhnt
  78. KY5l8qGMJ6FhK9LYx2qCrf/E0XtUAZ2wVq3ORTyGnsMWre9tLYs55X+ZN10Tc75z
  79. 4hacbU0hqKN1HiDmsMRY3/2NaZHoy7MKnwJJBaG48l9CCTlVwMHocIECgYEA8jby
  80. dGjxTH+6XHWNizb5SRbZxAnyEeJeRwTMh0gGzwGPpH/sZYGzyu0SySXWCnZh3Rgq
  81. 5uLlNxtrXrljZlyi2nQdQgsq2YrWUs0+zgU+22uQsZpSAftmhVrtvet6MjVjbByY
  82. DADciEVUdJYIXk+qnFUJyeroLIkTj7WYKZ6RjksCgYBoCFIwRDeg42oK89RFmnOr
  83. LymNAq4+2oMhsWlVb4ejWIWeAk9nc+GXUfrXszRhS01mUnU5r5ygUvRcarV/T3U7
  84. TnMZ+I7Y4DgWRIDd51znhxIBtYV5j/C/t85HjqOkH+8b6RTkbchaX3mau7fpUfds
  85. Fq0nhIq42fhEO8srfYYwgQKBgQCyhi1N/8taRwpk+3/IDEzQwjbfdzUkWWSDk9Xs
  86. H/pkuRHWfTMP3flWqEYgW/LW40peW2HDq5imdV8+AgZxe/XMbaji9Lgwf1RY005n
  87. KxaZQz7yqHupWlLGF68DPHxkZVVSagDnV/sztWX6SFsCqFVnxIXifXGC4cW5Nm9g
  88. va8q4QKBgQCEhLVeUfdwKvkZ94g/GFz731Z2hrdVhgMZaU/u6t0V95+YezPNCQZB
  89. wmE9Mmlbq1emDeROivjCfoGhR3kZXW1pTKlLh6ZMUQUOpptdXva8XxfoqQwa3enA
  90. M7muBbF0XN7VO80iJPv+PmIZdEIAkpwKfi201YB+BafCIuGxIF50Vg==
  91. -----END RSA PRIVATE KEY-----
  93. </key>
  COPY

请根据具体服务器配置修改对应的内容。

打开OpenVPN GUI,选择刚才添加的配置项,进行连接。连接成功后,图标会从灰色变成绿色。

分享
0 comments
Anonymous
Markdown is supported

Be the first guy leaving a comment!