拉新网 - 挖掘京东今日特价爆款商品 - 线报平台

laxinadmin

京东团队长

注册时间： 2019-09-27

帖子： 29

阿里云搭建openvpn

某ecs,采用puppet发布openvpn

yum install puppetserver puppet-agent  -y

puppet module install puppet-openvpn --version 9.1.0

puppet.conf
[main]
server = pupper-serv
certname = pupper-serv
runinterval = 1h
strict_variables = true

# This file can be used to override the default puppet settings.
# See the following links for more details on what settings are available:
# - https://puppet.com/docs/puppet/latest/c … tings.html
# - https://puppet.com/docs/puppet/latest/c … tings.html
# - https://puppet.com/docs/puppet/latest/c … _main.html
# - https://puppet.com/docs/puppet/latest/c … ation.html
[server]
vardir = /opt/puppetlabs/server/data/puppetserver
logdir = /var/log/puppetlabs/puppetserver
rundir = /var/run/puppetlabs/puppetserver
pidfile = /var/run/puppetlabs/puppetserver/puppetserver.pid
codedir = /etc/puppetlabs/code

site.pp

# add a server instance
openvpn::server { 'xinghan':
country      => 'CH',
province     => 'ZH',
city         => 'Beijing',
organization => 'galaxy-future.com',
email        => 'jincai@xxxxx-future.com',
server       => '10.200.200.0 255.255.255.0',
local    => '',
verb     => '6'
}

# define clients
openvpn::client { 'client1':
server => 'xinghan',
}
openvpn::client { 'client2':
server   => 'xinghan',
}

openvpn::client { 'client3':
server   => 'xinghan',
}

  openvpn::client_specific_config { 'client1':
    server => 'xinghan',
    ifconfig => '10.200.200.49 10.200.200.50',
#    dhcp_options => ['DNS 8.8.8.8'],
#    redirect_gateway => true,
     route => ['172.16.16.0 255.255.240.0 10.200.200.1'],
}
openvpn::client_specific_config { 'client2':
server => 'xinghan',
#dhcp_options => ['DNS 8.8.8.8'],
#redirect_gateway => 'true',
}

openvpn::client_specific_config { 'client3':
server => 'xinghan',
#dhcp_options => ['DNS 8.8.8.8'],
#redirect_gateway => 'true',
}

# a revoked client
#openvpn::client { 'client3':
##  server => 'xinghan',
#}
#openvpn::revoke { 'client3':
#  server => 'xinghan',
#}

发布：
puppet agent -t

访问openvpn同网段内ecs
sysctl -w net.ipv4.ip_forward=1
iptables -A FORWARD -i tun0 -j ACCEPT

并在vpc上添加路由

目标：10.200.200.0/24
下一跳： openvpn-serv

laxinadmin

京东团队长

注册时间： 2019-09-27

帖子： 29

Re: 阿里云搭建openvpn

openvpn.conf

mode server
client-config-dir /etc/openvpn/server/xinghan/client-configs
ca /etc/openvpn/server/xinghan/keys/ca.crt
cert /etc/openvpn/server/xinghan/keys/issued/server.crt
key /etc/openvpn/server/xinghan/keys/private/server.key
dh /etc/openvpn/server/xinghan/keys/dh.pem
crl-verify /etc/openvpn/server/xinghan/crl.pem
proto tcp-server
port 1194
tls-server
comp-lzo
group nobody
user nobody
status /var/log/openvpn/xinghan-status.log
dev tun0
server 10.200.200.0 255.255.255.0
push 'route 172.16.16.0 255.255.240.0'
topology net30
verb 6
cipher AES-256-CBC
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256