当前位置:网站首页>Establishment and use of SSL VPN (OpenVPN)

Establishment and use of SSL VPN (OpenVPN)

2022-06-23 17:59:01Rokas. Yang

One 、 Create Tencent cloud SSL VPN gateway

Protocol type selection SSL, Select to open the cloud VPC The Internet , Here's the picture :

Two 、 establish SSL Server side

At present, Tencent cloud supports SSL VPN The agreement is only UDP, Temporary does not support TCP; Fill in the local network segment as follows ( To get through VPC Network segment ) And peer network segment ( Client intranet segment ), Fill in the port 、 Authentication algorithm 、 Encryption algorithm and other information :

3、 ... and 、 establish SSL client

Select the server created in the previous step , Fill in the remarks and click OK :

Four 、 add to VPC route

When visiting from the cloud to the cloud , I'll look for VPC The routing table points to , Therefore, it is necessary to set the corresponding VPC Add a rule to the off cloud client network segment in the routing table , The next jump points to SSL VPN gateway .

On the private network console , Select the corresponding in the routing table VPC, Corresponding routing table :

After entering the routing table , Select the new routing policy :

To this cloud SSL VPN All operations have been completed .

5、 ... and 、SSL Configuration file download

openvpn yes Linux Open source pioneer under , It provides good performance and friendly users GUI, It is also officially recommended openvpn As ssl vpn Client side usage , The following will be shown in Windows、Debian、Centos How to configure... In the system openvpn client , The client configuration file is being created SSL It will be generated after the client , stay SSL Download the client page :

6、 ... and 、Windows To configure OpenVpn Client

1. Download and install

First of all to openvpn Official download page download openvpn connect( Be careful connect It's just openvpn client , Don't become a server ):

choice Windows This column , And click the Download that will do , If the download page cannot be opened by the wall , Can be found in This link download .

2. Configure and import

Install the option Import Profile, Import profile :

Unzip the configuration file , hold .ovpn Drag and drop the final configuration file :

3. Verify connectivity

Click... After importing connect, And verify connectivity :

adopt route print The command can be seen openvpn After normal operation , The route will be automatically distributed to the peer gateway , meanwhile ping Opposite end VPC Network segment connectivity is normal , There is inflow and outflow , It indicates that it has been opened normally . If ping No cloud vpc machine , Make sure the machine is not prohibited ping、 Security group 、acl The intranet segment of the client is normally released .

At this time to use wireshark Grab a bag and see , It can be found that when interacting with the peer intranet , It's actually the opposite end vpn Gateway interaction , Therefore, it also depends on the public network quality at both ends :

7、 ... and 、Debian/Centos To configure OpenVpn Client

1.Debian Install software source 、 Repository keys and openvpn client

Make sure Debian Support https transmission :

apt install apt-transport-https

install openvpn Official repository key :

curl -fsSL https://swupdate.openvpn.net/repos/openvpn-repo-pkg-key.pub | gpg --dearmor > /etc/apt/trusted.gpg.d/openvpn-repo-pkg-keyring.gpg

Install the software source corresponding to the system version code :

curl -fsSL https://swupdate.openvpn.net/community/openvpn3/repos/openvpn3-$DISTRO.list >/etc/apt/sources.list.d/openvpn3.list
apt-get update

Officially supported release code :

Distribution version

edition

Code name ($DISTRO)

framework

Debian

9

stretch

amd64

Debian

10

buster

amd64,arm64*

Debian

11

bullseye

amd64,arm64*

Ubuntu

18.04

bionic

amd64, arm64*

Ubuntu

20.04

focal

amd64,arm64*

Ubuntu

21.04

hirsute

amd64, arm64*

Here we use Debian9 stretch As a demonstration , The same applies to other distributions , Therefore, the software source installation should be :

curl -fsSL https://swupdate.openvpn.net/community/openvpn3/repos/openvpn3-stretch.list >/etc/apt/sources.list.d/openvpn3.list
apt-get update

Domestic machines due to GFW reason , The above software sources may not be available , Or limited by speed , You can refer to This article Set up a proxy server to use .

apt install openvpn3 

2.Centos install openvpn client

Centos、Redhat The release code supported by the series :

Distribution version

edition

framework

Fedora

33, 34, Rawhide (*2)

aarch64, s390x, x86_64

Red Hat Enterprise Linux / CentOS

7

x86_64

Red Hat Enterprise Linux / CentOS

8

aarch64, x86_64

install yum copr modular :

yum install yum-plugin-copr  

Enable Copr The repository :

yum copr enable dsommers/openvpn3

install Openvpn client:

yum install openvpn3-client

3. Import the configuration file and run

From Tencent cloud SSL The configuration exported from the client console is uploaded to Debian, After decompression, run with the following command :

openvpn3 config-import --config ${MY_CONFIGURATION_FILE}  # Import profile , So that subsequent sessions can reuse 
openvpn3 session-start --config ${MY_CONFIGURATION_FILE}  # Open a session 

sslvpnclient.ovpn Replace it with the correct one ovpn The configuration file , The configuration file name of Tencent cloud official website should be SSLVpnClientConfiguration.ovpn, You can see connected Description connected .

Here we are openvpn It is running normally , Open another one tty Test connectivity :

4.openvpn session management

openvpn Allow multiple profiles and sessions to run simultaneously , You can manage the session by using the following command :

openvpn3 sesstions-list  # View the list of currently running sessions 

Restart the session :

openvpn3 session-manage --config ${CONFIGURATION_PROFILE_NAME} --restart

Disconnect session :

openvpn3 session-manage --session-path /net/openvpn/v3/sessions/..... --disconnect

After the session is disconnected, the traffic usage details will be counted .

View session status :

openvpn3 session-stats --config ${CONFIGURATION_PROFILE_NAME}
openvpn3 session-stats --session-path /net/openvpn/v3/sessions/...

View the session log :

openvpn3 log --config ${CONFIGURATION_PROFILE_NAME}

Incidental PDF edition :

#SSLVPN Construction and use .pdf##SSLVPN Construction and use openvpn- Bright color plate .pdf#

原网站

版权声明
本文为[Rokas. Yang]所创,转载请带上原文链接,感谢
https://chowdera.com/2022/01/202201032316166694.html

随机推荐