Różnice

Różnice między wybraną wersją a wersją aktualną.

--- openvpn_-_użytkownicy_i_prosty_panel [2015/09/29 09:37] – kamil
+++ openvpn_-_użytkownicy_i_prosty_panel [2018/07/16 11:47] (aktualna) – edycja zewnętrzna 127.0.0.1
@@ Linia 10: / Linia 10: @@
 <file>
-aptitude install openvpn nginx php-auth php-auth-http php-auth-sasl php-db php-doc php-file php-fpdf php-gettext php-html-template-it php-http php-http-request php-http-upload php-image-text php-log php-mail php-mail-mime php-mail-mimedecode php-mime-type php-net-checkip php-net-ftp php-net-imap php-net-ipv4 php-net-ipv6 php-net-smtp php-net-socket php-net-url php-net-url2 php-pear php-soap php-timer php-xml-parser php5 php5-cgi php5-cli php5-curl php5-fpm php5-gd php5-geoip php5-gmp php5-imagick php5-imap php5-intl php5-mcrypt php5-mysql php5-rrd php5-sasl php5-xcache php5-xsl
+aptitude install openvpn nginx php-auth php-auth-http php-auth-sasl php-db php-doc php-file php-fpdf php-gettext php-html-template-it php-http php-http-request php-http-upload php-image-text php-log php-mail php-mail-mime php-mail-mimedecode php-mime-type php-net-checkip php-net-ftp php-net-imap php-net-ipv4 php-net-ipv6 php-net-smtp php-net-socket php-net-url php-net-url2 php-pear php-soap php-timer php-xml-parser php5 php5-cgi php5-cli php5-curl php5-fpm php5-gd php5-geoip php5-gmp php5-imagick php5-imap php5-intl php5-mcrypt php5-mysql php5-rrd php5-sasl php5-xcache php5-xsl mysql-server mysql-client
 </file>
@@ Linia 18: / Linia 18: @@
 mkdir -p /usr/share/nginx/o/
 cd /usr/share/nginx/o/
-wget http://kamil.orchia.pl/tmp/simple_openvpn_panel.7z
+svn export http://svn.code.sf.net/p/openvpn-simple-panel/code/trunk/ ./o
-z x simple_openvpn_panel.7z
+chmod +x ./o/scripts/*
-rm simple_openvpn_panel.7z
+chmod -R o-rwx /usr/share/nginx/o
+chown -R www-data:www-data /usr/share/nginx/o
 </file>
 ==== Konfiguracja ====
+OpenVPN:
+<file>
+cd /usr/share/doc/openvpn/examples/easy-rsa/2.0
+source ./vars
+./clean-all
+./build-ca
+./build-key-server server
+./build-dh
+mkdir /etc/openvpn/server
+cp ./keys/{ca.crt,dh1024.pem,server.crt,server.key} /etc/openvpn/server/
+</file>
+Przykładowy plik /etc/openvpn/server/server.ovpn:
+<file>
+local 1.2.2.33
+port 12345
+proto tcp
+dev tap
+ca /etc/openvpn/server/ca.crt
+cert /etc/openvpn/server/server.crt
+key /etc/openvpn/server/server.key
+dh /etc/openvpn/server/dh1024.pem
+server 1.2.3.0 255.255.255.0
+ifconfig-pool-persist /etc/openvpn/server/ipp.txt
+push "route 10.20.0.0 255.255.255.0"
+client-to-client
+keepalive 10 120
+persist-key
+persist-tun
+status /usr/share/nginx/o/openvpn-status.log
+log /etc/openvpn/server/openvpn.log
+verb 3
+auth SHA1
+cipher AES-128-CBC
+tls-cipher DHE-RSA-AES128-SHA
+client-cert-not-required
+username-as-common-name
+client-connect /usr/share/nginx/o/scripts/client_connect.sh
+client-disconnect /usr/share/nginx/o/scripts/client_disconnect.sh
+script-security 2
+auth-user-pass-verify /usr/share/nginx/o/scripts/checkpass.sh via-file
+up /etc/openvpn/server/up.sh
+</file>
+Przykładowy plik /etc/openvpn/server/openvpn.sh:
+<file>
+#!/bin/bash
+pidfile="/etc/openvpn/server/pid"
+pid=""
+if [ -f $pidfile ];
+then
+        pid=`cat $pidfile`
+fi
+start()
+{
+        if [ "$pid" != "" ];
+        then
+                if [ "`ps aux | grep $pid | grep -v grep | wc -l`" == "1" ];
+                then
+                        echo "OpenVPN is already started!"
+                else
+                        openvpn --cd /etc/openvpn/server/ --config server.ovpn --daemon --writepid $pidfile
+                fi
+        else
+                openvpn --cd /etc/openvpn/server/ --config server.ovpn --daemon --writepid $pidfile
+        fi
+}
+stop()
+{
+        if [ "$pid" != "" ];
+        then
+                if [ "`ps aux | grep $pid | grep -v grep | wc -l`" == "1" ];
+                then
+                        kill $pid
+                        echo "" > $pidfile
+                fi
+         fi
+}
+restart()
+{
+        stop
+        sleep 5
+        start
+}
+case "$1" in
+        'start')
+        echo -ne "Starting OpenVPN... "
+        start
+        echo "OK"
+        ;;
+        'restart')
+        echo -ne "Restarting OpenVPN... "
+        stop
+        sleep 5
+        start
+        echo "OK"
+        ;;
+        'stop')
+        echo -ne "Stopping OpenVPN... "
+        stop
+        echo "OK"
+        ;;
+        *)
+        echo -e "\n Usage: openvpn.sh { start | stop | restart }"
+        ;;
+esac
+</file>
+Plik /etc/openvpn/server/up.sh:
+<file>
+#!/bin/sh
+chmod o+r /usr/share/nginx/o/openvpn-status.log
+</file>
+Nadajemy uprawnienia i uruchamiamy OpenVPN:
+<file>
+chmod 700 /etc/openvpn/server/*.sh
+/etc/openvpn/server/openvpn.sh start
+</file>
+Przykładowy plik client.ovpn, który dołączamy z plikiem ca.crt:
+<file>
+client
+dev tap
+proto tcp
+remote 1.2.2.33 12345
+resolv-retry infinite
+nobind
+persist-key
+persist-tun
+ca ca.crt
+ns-cert-type server
+verb 3
+auth-user-pass
+auth SHA1
+cipher AES-128-CBC
+tls-cipher DHE-RSA-AES128-SHA
+</file>
+MySQL:
+<file>
+cd /usr/share/nginx/o/
+mysql -p
+Enter password:
+Welcome to the MySQL monitor.  Commands end with ; or \g.
+Your MySQL connection id is 43
+Server version: 5.5.44-0+deb7u1 (Debian)
+Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
+Oracle is a registered trademark of Oracle Corporation and/or its
+affiliates. Other names may be trademarks of their respective
+owners.
+Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
+mysql> CREATE USER 'openvpn'@'localhost' IDENTIFIED BY 'tajnepass';
+Query OK, 0 rows affected (0.00 sec)
+mysql> CREATE DATABASE openvpn;
+Query OK, 1 row affected (0.00 sec)
+mysql> GRANT ALL PRIVILEGES ON openvpn.* TO openvpn@'localhost';
+Query OK, 0 rows affected (0.00 sec)
+mysql> FLUSH PRIVILEGES;
+Query OK, 0 rows affected (0.00 sec)
+mysql> use openvpn;
+Database changed
+mysql> source ./initdb.sql;
+Query OK, 0 rows affected (0.00 sec)
+Query OK, 0 rows affected (0.00 sec)
+Query OK, 0 rows affected (0.11 sec)
+Query OK, 0 rows affected (0.08 sec)
+Query OK, 0 rows affected (0.07 sec)
+Query OK, 0 rows affected (0.08 sec)
+Query OK, 0 rows affected (0.32 sec)
+Records: 0  Duplicates: 0  Warnings: 0
+Query OK, 0 rows affected (0.22 sec)
+Records: 0  Duplicates: 0  Warnings: 0
+Query OK, 0 rows affected, 1 warning (0.09 sec)
+mysql> \q
+Bye
+</file>
 Nginx:
@@ Linia 29: / Linia 236: @@
         location /o/ {
                 alias /usr/share/nginx/o/public/;
-                allow 1.2.3.0/16;
+                allow 1.2.3.0/24;
                 deny all;
                 auth_basic "Restricted!";
@@ Linia 46: / Linia 253: @@
 Przy generowaniu htpasswd pomoże nam link: [[http://kamil.orchia.pl/php/nginx.php]]
+Sekcję allow i deny ustawiamy dopiero po dodaniu pierwszego użytkownika.
+Kopiujemy plik /usr/share/nginx/o/config/config.ini.example:
+<file>
+cp /usr/share/nginx/o/config/config.ini.example /usr/share/nginx/o/config/config.ini
+</file>
+Konfiguracja panelu jest odczytywana z pliku: /usr/share/nginx/o/config/config.ini
+Uwaga! Pliki /usr/share/nginx/o/scripts/genfw.php oraz /usr/share/nginx/o/scripts/reload.php należy dostosować pod swoją konfigurację.
+Crontab:
+<file>
+*/5 * * * * root cd /usr/share/nginx/o/scripts && ./reload.php
+</file>

kamil.orchia.pl

Narzędzia użytkownika

Narzędzia witryny

Różnice

Narzędzia strony