sudo apt-get update#安装更新 sudo apt-get -y install open*** easy-rsa dnsmasq #安装三个包 mkdir /etc/open***/easy-rsa#创建文件目录 cp -r /usr/share/easy-rsa/* /etc/open***/easy-rsa#将文件拷贝进去 sed -i 's/EasyRSA/×××sRUS/g' /etc/open***/easy-rsa/vars #将文件拷贝到vars echo -e export KEY_CN=\"×××sRUS\"'\n'export KEY_ALTNAMES=\"×××sRUS\" >>/etc/open***/easy-rsa/vars sudo su#获取权限 cd /etc/open***/easy-rsa source vars#初始化 ./clear-all#清理 ./build-ca#创建CA证书 ./build-key-server delta#创建服务器端文件 密码12345添加密码 名称sun名称 ./build-dh cd keys cp ca.crt delta.crt delta.key dh2048.pem /etc/open*** mkdir /home/miyao cp /etc/open***/easy-rsa/keys/ca.crt /home/miyao/ cp /usr/share/doc/open***/examples//sample-config-files/server.conf.gz /home/miyao/ gunzip -d server.conf.gz mv server.conf delta.conf sed -i 's/server.crt/delta.crt/g' /etc/open***/delta.conf sed -i 's/server.key/delta.key/g' /etc/open***/delta.conf sed -i 's/dh1024.pem/dh2048.pem/g' /etc/open***/delta.conf echo -e push \"redirect-gateway def1\"'\n'push \"dhcp-option DNS 10.8.0.1\" >>/etc/open***/delta.conf service open*** start sed -i 's/;local a.b.c.d/;local 0.0.0.0/g' /etc/open***/delta.conf echo bind-interfaces>>/etc/dnsmasq.conf sudo service dnsmasq restart echo "1" > /proc/sys/net/ipv4/ip_forward echo net.ipv4.ip_forward=1 >>/etc/sysctl.conf sudo apt-get install iptebles sudo iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT sudo iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT sudo iptables -A FORWARD -j REJECT sudo iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE sudo service dnsmasq restart echo -e iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT'\n'iptables -A FORWARD -s 10.8.0.0/24 -j ACCEPT'\n'iptables -A FORWARD -j REJECT'\n'iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE'\n''\n'service dnsmasq restart >>/etc/rc.local wget http://open***.se/files/other/checkpsw.sh -P /etc/open*** chmod u+x /etc/open***/checkpsw.sh touch /etc/open***/psw-file chmod 777 psw-file echo -e "s1 s1 *" '\n' "s2 s2 *" '\n' "s3 s3 *" '\n' "s3 s3 *" '\n' "s4 s4 *" '\n' "s5 s5 *" '\n' "s6 s6 *" '\n' "s7 s7 *" '\n' "s8 s8 *" '\n' "s9 s9 *" '\n' "s10 s10 *">>/etc/open***/psw-file echo -e client-cert-not-required'\n'username-as-common-name'\n'script-security 3 system'\n'auth-user-pass-verify /etc/open***/checkpsw.sh via-env cp /usr/share/doc/open***/examples/sample-config-files/client.conf /home/miyao/ 修改客户端IP地址 和注销掉两句话 增加auth-user-pass
转载于:https://blog.51cto.com/jinsanpang/1863468