Różnice między wybraną wersją a wersją aktualną.
Poprzednia rewizja po obu stronachPoprzednia wersjaNowa wersja | Poprzednia wersja | ||
openvpn_-_użytkownicy_i_prosty_panel [2015/09/29 09:41] – kamil | openvpn_-_użytkownicy_i_prosty_panel [2018/07/16 11:47] (aktualna) – edycja zewnętrzna 127.0.0.1 | ||
---|---|---|---|
Linia 18: | Linia 18: | ||
mkdir -p / | mkdir -p / | ||
cd / | cd / | ||
- | wget http://kamil.orchia.pl/tmp/simple_openvpn_panel.7z | + | svn export |
- | 7z x simple_openvpn_panel.7z | + | chmod +x ./ |
- | rm simple_openvpn_panel.7z | + | chmod -R o-rwx / |
+ | chown -R www-data: | ||
</ | </ | ||
==== Konfiguracja ==== | ==== Konfiguracja ==== | ||
+ | OpenVPN: | ||
+ | |||
+ | < | ||
+ | cd / | ||
+ | source ./vars | ||
+ | ./clean-all | ||
+ | ./build-ca | ||
+ | ./ | ||
+ | ./build-dh | ||
+ | mkdir / | ||
+ | cp ./ | ||
+ | </ | ||
+ | |||
+ | Przykładowy plik / | ||
+ | |||
+ | < | ||
+ | local 1.2.2.33 | ||
+ | port 12345 | ||
+ | proto tcp | ||
+ | dev tap | ||
+ | ca / | ||
+ | cert / | ||
+ | key / | ||
+ | dh / | ||
+ | server 1.2.3.0 255.255.255.0 | ||
+ | ifconfig-pool-persist / | ||
+ | push "route 10.20.0.0 255.255.255.0" | ||
+ | client-to-client | ||
+ | keepalive 10 120 | ||
+ | persist-key | ||
+ | persist-tun | ||
+ | status / | ||
+ | log / | ||
+ | verb 3 | ||
+ | auth SHA1 | ||
+ | cipher AES-128-CBC | ||
+ | tls-cipher DHE-RSA-AES128-SHA | ||
+ | client-cert-not-required | ||
+ | username-as-common-name | ||
+ | client-connect / | ||
+ | client-disconnect / | ||
+ | script-security 2 | ||
+ | auth-user-pass-verify / | ||
+ | up / | ||
+ | </ | ||
+ | |||
+ | Przykładowy plik / | ||
+ | < | ||
+ | #!/bin/bash | ||
+ | |||
+ | pidfile="/ | ||
+ | |||
+ | pid="" | ||
+ | |||
+ | if [ -f $pidfile ]; | ||
+ | then | ||
+ | pid=`cat $pidfile` | ||
+ | fi | ||
+ | |||
+ | start() | ||
+ | { | ||
+ | if [ " | ||
+ | then | ||
+ | if [ "`ps aux | grep $pid | grep -v grep | wc -l`" == " | ||
+ | then | ||
+ | echo " | ||
+ | else | ||
+ | openvpn --cd / | ||
+ | fi | ||
+ | else | ||
+ | openvpn --cd / | ||
+ | fi | ||
+ | } | ||
+ | |||
+ | stop() | ||
+ | { | ||
+ | if [ " | ||
+ | then | ||
+ | if [ "`ps aux | grep $pid | grep -v grep | wc -l`" == " | ||
+ | then | ||
+ | kill $pid | ||
+ | echo "" | ||
+ | fi | ||
+ | fi | ||
+ | } | ||
+ | |||
+ | restart() | ||
+ | { | ||
+ | stop | ||
+ | sleep 5 | ||
+ | start | ||
+ | } | ||
+ | |||
+ | case " | ||
+ | ' | ||
+ | echo -ne " | ||
+ | start | ||
+ | echo " | ||
+ | ;; | ||
+ | ' | ||
+ | echo -ne " | ||
+ | stop | ||
+ | sleep 5 | ||
+ | start | ||
+ | echo " | ||
+ | ;; | ||
+ | ' | ||
+ | echo -ne " | ||
+ | stop | ||
+ | echo " | ||
+ | ;; | ||
+ | *) | ||
+ | echo -e "\n Usage: openvpn.sh { start | stop | restart }" | ||
+ | ;; | ||
+ | esac | ||
+ | </ | ||
+ | |||
+ | Plik / | ||
+ | < | ||
+ | #!/bin/sh | ||
+ | |||
+ | chmod o+r / | ||
+ | </ | ||
+ | |||
+ | Nadajemy uprawnienia i uruchamiamy OpenVPN: | ||
+ | |||
+ | < | ||
+ | chmod 700 / | ||
+ | / | ||
+ | </ | ||
+ | |||
+ | Przykładowy plik client.ovpn, | ||
+ | < | ||
+ | client | ||
+ | dev tap | ||
+ | proto tcp | ||
+ | remote 1.2.2.33 12345 | ||
+ | resolv-retry infinite | ||
+ | nobind | ||
+ | persist-key | ||
+ | persist-tun | ||
+ | ca ca.crt | ||
+ | ns-cert-type server | ||
+ | verb 3 | ||
+ | auth-user-pass | ||
+ | auth SHA1 | ||
+ | cipher AES-128-CBC | ||
+ | tls-cipher DHE-RSA-AES128-SHA | ||
+ | </ | ||
+ | |||
+ | MySQL: | ||
+ | |||
+ | < | ||
+ | cd / | ||
+ | mysql -p | ||
+ | Enter password: | ||
+ | Welcome to the MySQL monitor. | ||
+ | Your MySQL connection id is 43 | ||
+ | Server version: 5.5.44-0+deb7u1 (Debian) | ||
+ | |||
+ | Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved. | ||
+ | |||
+ | Oracle is a registered trademark of Oracle Corporation and/or its | ||
+ | affiliates. Other names may be trademarks of their respective | ||
+ | owners. | ||
+ | |||
+ | Type ' | ||
+ | |||
+ | mysql> CREATE USER ' | ||
+ | Query OK, 0 rows affected (0.00 sec) | ||
+ | |||
+ | mysql> CREATE DATABASE openvpn; | ||
+ | Query OK, 1 row affected (0.00 sec) | ||
+ | |||
+ | mysql> GRANT ALL PRIVILEGES ON openvpn.* TO openvpn@' | ||
+ | Query OK, 0 rows affected (0.00 sec) | ||
+ | |||
+ | mysql> FLUSH PRIVILEGES; | ||
+ | Query OK, 0 rows affected (0.00 sec) | ||
+ | |||
+ | mysql> use openvpn; | ||
+ | Database changed | ||
+ | mysql> source ./ | ||
+ | Query OK, 0 rows affected (0.00 sec) | ||
+ | |||
+ | Query OK, 0 rows affected (0.00 sec) | ||
+ | |||
+ | Query OK, 0 rows affected (0.11 sec) | ||
+ | |||
+ | Query OK, 0 rows affected (0.08 sec) | ||
+ | |||
+ | Query OK, 0 rows affected (0.07 sec) | ||
+ | |||
+ | Query OK, 0 rows affected (0.08 sec) | ||
+ | |||
+ | Query OK, 0 rows affected (0.32 sec) | ||
+ | Records: 0 Duplicates: 0 Warnings: 0 | ||
+ | |||
+ | Query OK, 0 rows affected (0.22 sec) | ||
+ | Records: 0 Duplicates: 0 Warnings: 0 | ||
+ | |||
+ | Query OK, 0 rows affected, 1 warning (0.09 sec) | ||
+ | |||
+ | mysql> \q | ||
+ | Bye | ||
+ | </ | ||
Nginx: | Nginx: | ||
Linia 29: | Linia 236: | ||
location /o/ { | location /o/ { | ||
alias / | alias / | ||
- | allow 1.2.3.0/16; | + | allow 1.2.3.0/24; |
deny all; | deny all; | ||
auth_basic " | auth_basic " | ||
Linia 46: | Linia 253: | ||
Przy generowaniu htpasswd pomoże nam link: [[http:// | Przy generowaniu htpasswd pomoże nam link: [[http:// | ||
+ | Sekcję allow i deny ustawiamy dopiero po dodaniu pierwszego użytkownika. | ||
+ | Kopiujemy plik / | ||
+ | < | ||
+ | cp / | ||
+ | </ | ||
+ | Konfiguracja panelu jest odczytywana z pliku: / | ||
+ | Uwaga! Pliki / | ||
+ | |||
+ | Crontab: | ||
+ | |||
+ | < | ||
+ | */5 * * * * root cd / | ||
+ | </ |