内容纲要
ubuntu
创建网桥
cd /etc/netplan/
vi 50-cloud-init.yaml
修改网络配置配置
network:
version: 2
renderer: networkd
ethernets:
ens33:
dhcp4: no
bridges:
br0:
interfaces: [ens33]
addresses: [你的IP/你的掩码]
gateway4: 你的网关
nameservers:
addresses: [8.8.8.8, 1.1.1.1]
应用配置
netplan apply安装openvpn
sudo apt update
sudo apt install openvpn bridge-utils
确认内核支持tap
ls /dev/net/tun
编辑桥接脚本
vi up.sh粘贴配置
#!/bin/bash
BR="br0"
TAP="$1"
# 如果 br0 不存在则创建
if ! ip link show $BR > /dev/null 2>&1; then
ip link add name $BR type bridge
ip link set $BR up
fi
# 把 tap0 加入桥
ip link set $TAP up promisc on
ip link set $TAP master $BR
vi down.sh粘贴配置
#!/bin/bash
BR="br0"
TAP="$1"
ip link set $TAP down
ip link set $TAP nomaster编辑openvpn配置文件
vi client.ovpnclient
dev tap
proto tcp
remote <你的服务器IP> 1194
# 证书
ca ca.crt
cert client.crt
key client.key
# 允许桥接
script-security 2
up /etc/openvpn/up.sh #修改脚本文件路径
down /etc/openvpn/down.sh #修改脚本文件路径
以下为用户名/密码登录配置
client
dev tap
proto tcp
tun-mtu 1400
cipher BF-CBC
comp-lzo
remote 6.6.6.6 1194
resolv-retry infinite
nobind
persist-key
persist-tun
verb 3
auth-user-pass /root/user.txt #user.txt填入用户名/密码
script-security 2
<ca>
-----BEGIN CERTIFICATE-----
MIIDQTCCAimgAwIBAgIJAKrYfOEc83B/MA0GCSqGSIb3DQEBCwUAMDcxCzAJBgNV
BAYTAkNOMQ4wDAYDVQQKDAVpS3VhaTEYMBYGA1UEAwwPaUt1YWkgRGV2aWNlIENB
MB4XDTI1MDcyNjA1NDI1OVoXDTM1MDcyNDA1NDI1OVowNzELMAkGA1UEBhMCQ04x
DjAMBgNVBAoMBWlLdWFpMRgwFgYDVQQDDA9pS3VhaSBEZXZpY2UgQ0EwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDN1rtc10pTG0vREKOuKI4UQaoCUFel
K4ARaKSxKr/m4IsFZh2OKz5d0+KV0c9mTevVRfaNsD0/YJ3RTi6pRHJy8wMuaaZX
LJ5Ks2aLL0AiZVO0u4Yn82MPojQ8k3dvTju2ZzGxKHhQotHMKd0T3iQKbKRfb9tp
2nPoxePN9SLPH8AS1x0aJ6ccnzdwlkquoidljlvnalsjdoqUvbX7UjiKWWoUZUse
/xP7542p2HpgE7rAJJJvMP1OMyBhWOEZFY915/rIDRFOEYNmGAToOD8jZLepRwiW
GCZLpXnOb4H9H5tmFR2XuFlH2Y5W7s1ZF8LW7a1s8m5+6MItEjrsD2wrAgMBAAGj
UDBOMB0GA1UdDgQWBBT7xvLvR6Lehdq5GASyQfO/2LjlCDAfBgNVHSMEGDAWgBT7
xvLvR6Lehdq5GASyQfO/2LjlCDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUA
A4IBAQAVsZQpu+Q4mWVE+aIJ333TFNz8TfBGavcGx4uCWm0rzcrS7ScyKEW1SBIT
ujgGwZ7bL9zOXEsxH34Ns5zxhNgGgCBjY0mJ8RNz20XG1gxvKlzLd/C636tnsHgP
A1+kNkjKrcCOxFQni72mKB9fsSR/keLpCu1bQMHHq00Huz/gR6r542umjPBh3MPE
script-security 2
up up.sh
down down.sh
user.txt格式
user
passwd启动openVPN 并测试二层隧道
sudo openvpn --config client.ovpn
#设置开启自启
sudo cp /root/client.ovpn /etc/openvpn/client/client.conf #复制配置文件
sudo cp /root/up.sh /etc/openvpn/client/up.sh
sudo cp /root/down.sh /etc/openvpn/client/down.sh
sudo cp /root/user.txt /etc/openvpn/client/user.txt
sudo systemctl start openvpn-client@client # 启动
sudo systemctl enable openvpn-client@client # 设置开机自启