在本教程中,我们将向您展示如何在 Debian 11 上安装 OpenVPN Server。对于那些不知道的人,OpenVPN 是一种用于创建虚拟专用网络的服务。 也就是说,它允许您链接通过 Internet 连接但不在同一个位置的两个节点。 所有连接到虚拟专用网络的设备就像它们连接到您的局域网一样。 通过 VPN 隧道发送的数据包使用 256 位 AES 加密技术进行加密,从而防止数据被盗。
本文假设您至少具备 Linux 的基本知识,知道如何使用 shell,最重要的是,您将网站托管在自己的 VPS 上。 安装非常简单,假设您在 root 帐户下运行,如果不是,您可能需要添加 ‘sudo‘ 到命令以获取 root 权限。 我将向您展示在 Debian 11 (Bullseye) 上逐步安装 OpenVPN 服务器。
在 Debian 11 Bullseye 上安装 OpenVPN 服务器
第 1 步。在我们安装任何软件之前,重要的是通过运行以下命令确保您的系统是最新的 apt 终端中的命令:
sudo apt update sudo apt upgrade
步骤 2. 在 Debian 11 上安装 OpenVPN 服务器。
现在我们从这里下载脚本安装程序 OpenVPN 服务器 GitHub 使用 curl 命令:
curl -O https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh
下载后,对脚本执行权限,然后运行它:
chmod +x openvpn-install.sh sudo ./openvpn-install.sh
系统将提示您输入一些信息:
Welcome to the OpenVPN installer! The git repository is available at: https://github.com/angristan/openvpn-install I need to ask you a few questions before starting the setup. You can leave the default options and just press enter if you are ok with them. I need to know the IPv4 address of the network interface you want OpenVPN listening to. Unless your server is behind NAT, it should be your public IPv4 address. IP address:
系统将询问我们是否要启用默认禁用的 IPv6:
Checking for IPv6 connectivity... Your host appears to have IPv6 connectivity. Do you want to enable IPv6 support (NAT)? [y/n]: y
默认情况下,OpenVPN 使用端口 1194,如果要使用特定端口,请按 2,然后按:
What port do you want OpenVPN to listen to? 1) Default: 1194 2) Custom 3) Random [49152-65535] Port choice [1-3]: 1
接下来,设置 OpenVPN 将使用的协议:
What protocol do you want OpenVPN to use? UDP is faster. Unless it is not available, you shouldn't use TCP. 1) UDP 2) TCP Protocol [1-2]: 2
现在您必须选择一个 DNS 提供商:
What DNS resolvers do you want to use with the VPN? 1) Current system resolvers (from /etc/resolv.conf) 2) Self-hosted DNS Resolver (Unbound) 3) Cloudflare (Anycast: worldwide) 4) Quad9 (Anycast: worldwide) 5) Quad9 uncensored (Anycast: worldwide) 6) FDN (France) 7) DNS.WATCH (Germany) 8) OpenDNS (Anycast: worldwide) 9) Google (Anycast: worldwide) 10) Yandex Basic (Russia) 11) AdGuard DNS (Anycast: worldwide) 12) NextDNS (Anycast: worldwide) 13) Custom DNS [1-12]: 9
现在将询问您是否要使用压缩。 那里会通知您不建议这样做,但这是您的选择:
Do you want to use compression? It is not recommended since the VORACLE attack make use of it. Enable compression? [y/n]: n
如果您真的知道如何操作 OpenVPN,您可以自定义加密选项。 如果您不这样做,请不要这样做:
Do you want to customize encryption settings? Unless you know what you're doing, you should stick with the default parameters provided by the script. Note that whatever you choose, all the choices presented in the script are safe. (Unlike OpenVPN's defaults) See https://github.com/angristan/openvpn-install#security-and-encryption to learn more. Customize encryption settings? [y/n]: n
然后整个安装过程将开始。 之后,添加一个新客户端,您将看到以下输出屏幕,您必须在其中定义客户端名称:
Okay, that was all I needed. We are ready to setup your OpenVPN server now. You will be able to generate a client at the end of the installation. Press any key to continue... Tell me a name for the client. The name must consist of alphanumeric character. It may also include an underscore or a dash. Client name: idroot
接下来,将询问您是否要使用密码保护配置文件:
Do you want to protect the configuration file with a password? (e.g. encrypt the private key with a password) 1) Add a passwordless client 2) Use a password for the client Select an option [1-2]: 1
最后,您将被告知该过程已成功:
Client idroot added. The configuration file has been written to /home/user/idroot.ovpn. Download the .ovpn file and import it in your OpenVPN client.
一旦完成设置安装,您所要做的就是下载 idroot.ovpn 文件并将其复制到客户端,以便它可以从连接管理器的 GUI 或使用以下命令通过终端进行连接:
openvpn [openvpnfile]
步骤 3. 配置防火墙。
默认情况下,OpenVPN 使用端口 1194,您必须打开所需的端口 1194:
sudo ufw allow 1194 sudo ufw enable
恭喜! 您已成功安装 OpenVPN。 感谢您使用本教程在 Debian 11 Bullseye 上安装最新版本的 OpenVPN 服务器。 如需更多帮助或有用信息,我们建议您查看 官方 OpenVPN 网站.
