公告

特别推出京东优惠挖掘小程序 [点击这里,扫码收藏] 专门收集京东今日特价爆品,商家漏洞等,拼手速,手慢无! 新增优惠: 1,美团外卖红包:扫码至少节省3元,全国可用,用完还能领。 2,车主加油打折服务:一键导航到加油站,选择油枪,支付时直减。 3,电影票购买返利,覆盖所有主流院线。

#1 2021-11-03 22:02:39

laxinadmin
京东团队长
注册时间: 2019-09-27
帖子: 21

阿里云搭建openvpn

某ecs,采用puppet发布openvpn

yum install puppetserver puppet-agent  -y

puppet module install puppet-openvpn --version 9.1.0


puppet.conf
[main]
server = pupper-serv
certname = pupper-serv
runinterval = 1h
strict_variables = true


# This file can be used to override the default puppet settings.
# See the following links for more details on what settings are available:
# - https://puppet.com/docs/puppet/latest/c … tings.html
# - https://puppet.com/docs/puppet/latest/c … tings.html
# - https://puppet.com/docs/puppet/latest/c … _main.html
# - https://puppet.com/docs/puppet/latest/c … ation.html
[server]
vardir = /opt/puppetlabs/server/data/puppetserver
logdir = /var/log/puppetlabs/puppetserver
rundir = /var/run/puppetlabs/puppetserver
pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
codedir = /etc/puppetlabs/code



site.pp

# add a server instance
openvpn::server { 'xinghan':
country      => 'CH',
province     => 'ZH',
city         => 'Beijing',
organization => 'galaxy-future.com',
email        => 'jincai@xxxxx-future.com',
server       => '10.200.200.0 255.255.255.0',
local    => '',
verb     => '6'
}

# define clients
openvpn::client { 'client1':
server => 'xinghan',
}
openvpn::client { 'client2':
server   => 'xinghan',
}

openvpn::client { 'client3':
server   => 'xinghan',
}

  openvpn::client_specific_config { 'client1':
    server => 'xinghan',
    ifconfig => '10.200.200.49 10.200.200.50',
#    dhcp_options => ['DNS 8.8.8.8'],
#    redirect_gateway => true,
     route => ['172.16.16.0 255.255.240.0 10.200.200.1'],
}
openvpn::client_specific_config { 'client2':
server => 'xinghan',
#dhcp_options => ['DNS 8.8.8.8'],
#redirect_gateway => 'true',
}

openvpn::client_specific_config { 'client3':
server => 'xinghan',
#dhcp_options => ['DNS 8.8.8.8'],
#redirect_gateway => 'true',
}

# a revoked client
#openvpn::client { 'client3':
##  server => 'xinghan',
#}
#openvpn::revoke { 'client3':
#  server => 'xinghan',
#}


发布
puppet agent -t

访问openvpn同网段内ecs
sysctl -w net.ipv4.ip_forward=1
iptables -A FORWARD -i tun0 -j ACCEPT

并在vpc上添加路由

目标:10.200.200.0/24
下一跳: openvpn-serv

离线

#2 2021-11-03 22:53:05

laxinadmin
京东团队长
注册时间: 2019-09-27
帖子: 21

Re: 阿里云搭建openvpn

openvpn.conf

mode server
client-config-dir /etc/openvpn/server/xinghan/client-configs
ca /etc/openvpn/server/xinghan/keys/ca.crt
cert /etc/openvpn/server/xinghan/keys/issued/server.crt
key /etc/openvpn/server/xinghan/keys/private/server.key
dh /etc/openvpn/server/xinghan/keys/dh.pem
crl-verify /etc/openvpn/server/xinghan/crl.pem
proto tcp-server
port 1194
tls-server
comp-lzo
group nobody
user nobody
status /var/log/openvpn/xinghan-status.log
dev tun0
server 10.200.200.0 255.255.255.0
push 'route 172.16.16.0 255.255.240.0'
topology net30
verb 6
cipher AES-256-CBC
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256

离线

页脚

Powered by 华新企财帮

京ICP备19031397号-1