本次安装环境为 centos7.9
本次安装软件为 openvpnas, 默认是两个连接授权,可以通过代码注入实现多连接授权
1.基础环境以及Python36安装
yum install python36 python36-devel wget -y2.安装 openvpnas
1.在线安装
yum -y install https://as-repository.openvpn.net/as-repo-centos7.rpm
yum -y install openvpn-as2.离线安装【建议】
mkdir /opt/openvpn
cd /opt/openvpn
wget https://openvpn.net/downloads/openvpn-as-latest-CentOS7.x86_64.rpm
wget https://openvpn.net/downloads/openvpn-as-bundled-clients-latest.rpm
yum install ./openvpn-as-*.rpm操作日志如下:
[root@localhost ~]# mkdir /opt/openvpn
[root@localhost ~]# cd /opt/openvpn
[root@localhost openvpn]# wget https://openvpn.net/downloads/openvpn-as-latest-CentOS7.x86_64.rpm
--2023-07-17 17:11:30-- https://openvpn.net/downloads/openvpn-as-latest-CentOS7.x86_64.rpm
Proxy request sent, awaiting response... 301 Moved Permanently
Location: https://openvpn.net/us2/sw/index.php?url=https://swupdate.openvpn.net/as/openvpn-as-2.12.0_2e834031-CentOS7.x86_64.rpm [following]
--2023-07-17 17:11:30-- https://openvpn.net/us2/sw/index.php?url=https://swupdate.openvpn.net/as/openvpn-as-2.12.0_2e834031-CentOS7.x86_64.rpm
Proxy request sent, awaiting response... 301 Moved Permanently
Location: https://swupdate.openvpn.net/as/openvpn-as-2.12.0_2e834031-CentOS7.x86_64.rpm [following]
--2023-07-17 17:11:31-- https://swupdate.openvpn.net/as/openvpn-as-2.12.0_2e834031-CentOS7.x86_64.rpm
Proxy request sent, awaiting response... 200 OK
Length: 28138172 (27M) [binary/octet-stream]
Saving to: ‘openvpn-as-latest-CentOS7.x86_64.rpm’
100%[=============================================================================================>] 28,138,172 3.49MB/s in 6.7s
2023-07-17 17:11:38 (4.03 MB/s) - ‘openvpn-as-latest-CentOS7.x86_64.rpm’ saved [28138172/28138172]
[root@localhost openvpn]# wget https://openvpn.net/downloads/openvpn-as-bundled-clients-latest.rpm
--2023-07-17 17:11:44-- https://openvpn.net/downloads/openvpn-as-bundled-clients-latest.rpm
Proxy request sent, awaiting response... 301 Moved Permanently
Location: https://swupdate.openvpn.net/as/clients/openvpn-as-bundled-clients-27.rpm [following]
--2023-07-17 17:11:45-- https://swupdate.openvpn.net/as/clients/openvpn-as-bundled-clients-27.rpm
Proxy request sent, awaiting response... 200 OK
Length: 276919192 (264M) [application/x-www-form-urlencoded]
Saving to: ‘openvpn-as-bundled-clients-latest.rpm’
100%[=============================================================================================>] 276,919,192 3.50MB/s in 75s
2023-07-17 17:13:00 (3.53 MB/s) - ‘openvpn-as-bundled-clients-latest.rpm’ saved [276919192/276919192]
[root@localhost openvpn]# ll
total 297912
-rw-r--r--. 1 root root 276919192 Dec 14 2022 openvpn-as-bundled-clients-latest.rpm
-rw-r--r--. 1 root root 28138172 Jul 5 20:11 openvpn-as-latest-CentOS7.x86_64.rpm
[root@localhost openvpn]# yum install ./openvpn-as-*.rpm
Loaded plugins: fastestmirror
Examining ./openvpn-as-bundled-clients-latest.rpm: openvpn-as-bundled-clients-27-1.noarch
Marking ./openvpn-as-bundled-clients-latest.rpm to be installed
Examining ./openvpn-as-latest-CentOS7.x86_64.rpm: openvpn-as-2.12.0_2e834031-CentOS7.x86_64
Marking ./openvpn-as-latest-CentOS7.x86_64.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package openvpn-as.x86_64 0:2.12.0_2e834031-CentOS7 will be installed
--> Processing Dependency: unzip for package: openvpn-as-2.12.0_2e834031-CentOS7.x86_64
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
--> Processing Dependency: cyrus-sasl for package: openvpn-as-2.12.0_2e834031-CentOS7.x86_64
--> Processing Dependency: net-tools for package: openvpn-as-2.12.0_2e834031-CentOS7.x86_64
--> Processing Dependency: libpcap for package: openvpn-as-2.12.0_2e834031-CentOS7.x86_64
--> Processing Dependency: xmlsec1 for package: openvpn-as-2.12.0_2e834031-CentOS7.x86_64
--> Processing Dependency: xmlsec1-openssl for package: openvpn-as-2.12.0_2e834031-CentOS7.x86_64
---> Package openvpn-as-bundled-clients.noarch 0:27-1 will be installed
--> Running transaction check
---> Package cyrus-sasl.x86_64 0:2.1.26-24.el7_9 will be installed
---> Package libpcap.x86_64 14:1.5.3-13.el7_9 will be installed
---> Package net-tools.x86_64 0:2.0-0.25.20131004git.el7 will be installed
---> Package unzip.x86_64 0:6.0-24.el7_9 will be installed
---> Package xmlsec1.x86_64 0:1.2.20-7.el7_4 will be installed
--> Processing Dependency: libxslt.so.1(LIBXML2_1.0.22)(64bit) for package: xmlsec1-1.2.20-7.el7_4.x86_64
--> Processing Dependency: libxslt.so.1(LIBXML2_1.0.11)(64bit) for package: xmlsec1-1.2.20-7.el7_4.x86_64
--> Processing Dependency: libxslt.so.1()(64bit) for package: xmlsec1-1.2.20-7.el7_4.x86_64
--> Processing Dependency: libltdl.so.7()(64bit) for package: xmlsec1-1.2.20-7.el7_4.x86_64
---> Package xmlsec1-openssl.x86_64 0:1.2.20-7.el7_4 will be installed
--> Running transaction check
---> Package libtool-ltdl.x86_64 0:2.4.2-22.el7_3 will be installed
---> Package libxslt.x86_64 0:1.1.28-6.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=======================================================================================================================================
Package Arch Version Repository Size
=======================================================================================================================================
Installing:
openvpn-as x86_64 2.12.0_2e834031-CentOS7 /openvpn-as-latest-CentOS7.x86_64 107 M
openvpn-as-bundled-clients noarch 27-1 /openvpn-as-bundled-clients-latest 267 M
Installing for dependencies:
cyrus-sasl x86_64 2.1.26-24.el7_9 updates 88 k
libpcap x86_64 14:1.5.3-13.el7_9 updates 139 k
libtool-ltdl x86_64 2.4.2-22.el7_3 base 49 k
libxslt x86_64 1.1.28-6.el7 base 242 k
net-tools x86_64 2.0-0.25.20131004git.el7 base 306 k
unzip x86_64 6.0-24.el7_9 updates 172 k
xmlsec1 x86_64 1.2.20-7.el7_4 base 177 k
xmlsec1-openssl x86_64 1.2.20-7.el7_4 base 76 k
Transaction Summary
=======================================================================================================================================
Install 2 Packages (+8 Dependent packages)
Total size: 376 M
Total download size: 1.2 M
Installed size: 377 M
Is this ok [y/d/N]: y
Downloading packages:
(1/8): libtool-ltdl-2.4.2-22.el7_3.x86_64.rpm | 49 kB 00:00:00
(2/8): libxslt-1.1.28-6.el7.x86_64.rpm | 242 kB 00:00:00
(3/8): cyrus-sasl-2.1.26-24.el7_9.x86_64.rpm | 88 kB 00:00:00
(4/8): libpcap-1.5.3-13.el7_9.x86_64.rpm | 139 kB 00:00:00
(5/8): xmlsec1-openssl-1.2.20-7.el7_4.x86_64.rpm | 76 kB 00:00:00
(6/8): unzip-6.0-24.el7_9.x86_64.rpm | 172 kB 00:00:00
(7/8): net-tools-2.0-0.25.20131004git.el7.x86_64.rpm | 306 kB 00:00:01
(8/8): xmlsec1-1.2.20-7.el7_4.x86_64.rpm | 177 kB 00:00:00
---------------------------------------------------------------------------------------------------------------------------------------
Total 789 kB/s | 1.2 MB 00:00:01
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : libtool-ltdl-2.4.2-22.el7_3.x86_64 1/10
Installing : libxslt-1.1.28-6.el7.x86_64 2/10
Installing : xmlsec1-1.2.20-7.el7_4.x86_64 3/10
Installing : xmlsec1-openssl-1.2.20-7.el7_4.x86_64 4/10
Installing : cyrus-sasl-2.1.26-24.el7_9.x86_64 5/10
Installing : unzip-6.0-24.el7_9.x86_64 6/10
Installing : net-tools-2.0-0.25.20131004git.el7.x86_64 7/10
Installing : openvpn-as-bundled-clients-27-1.noarch 8/10
Installing : 14:libpcap-1.5.3-13.el7_9.x86_64 9/10
Installing : openvpn-as-2.12.0_2e834031-CentOS7.x86_64 10/10
To reconfigure manually, use the /usr/local/openvpn_as/bin/ovpn-init tool.
+++++++++++++++++++++++++++++++++++++++++++++++
Access Server 2.12.0 has been successfully installed in /usr/local/openvpn_as
Configuration log file has been written to /usr/local/openvpn_as/init.log
Access Server Web UIs are available here:
Admin UI: https://10.66.66.145:943/admin
Client UI: https://10.66.66.145:943/
To login please use the "openvpn" account with "SXBherUnrX8K" password.
(password can be changed on Admin UI)
+++++++++++++++++++++++++++++++++++++++++++++++
Verifying : 14:libpcap-1.5.3-13.el7_9.x86_64 1/10
Verifying : xmlsec1-openssl-1.2.20-7.el7_4.x86_64 2/10
Verifying : libxslt-1.1.28-6.el7.x86_64 3/10
Verifying : xmlsec1-1.2.20-7.el7_4.x86_64 4/10
Verifying : openvpn-as-bundled-clients-27-1.noarch 5/10
Verifying : net-tools-2.0-0.25.20131004git.el7.x86_64 6/10
Verifying : libtool-ltdl-2.4.2-22.el7_3.x86_64 7/10
Verifying : unzip-6.0-24.el7_9.x86_64 8/10
Verifying : cyrus-sasl-2.1.26-24.el7_9.x86_64 9/10
Verifying : openvpn-as-2.12.0_2e834031-CentOS7.x86_64 10/10
Installed:
openvpn-as.x86_64 0:2.12.0_2e834031-CentOS7 openvpn-as-bundled-clients.noarch 0:27-1
Dependency Installed:
cyrus-sasl.x86_64 0:2.1.26-24.el7_9 libpcap.x86_64 14:1.5.3-13.el7_9 libtool-ltdl.x86_64 0:2.4.2-22.el7_3
libxslt.x86_64 0:1.1.28-6.el7 net-tools.x86_64 0:2.0-0.25.20131004git.el7 unzip.x86_64 0:6.0-24.el7_9
xmlsec1.x86_64 0:1.2.20-7.el7_4 xmlsec1-openssl.x86_64 0:1.2.20-7.el7_4
Complete!记录下安装时生成的密码和访问信息
Access Server 2.12.0 has been successfully installed in /usr/local/openvpn_as
Configuration log file has been written to /usr/local/openvpn_as/init.log
Access Server Web UIs are available here:
Admin UI: https://10.66.66.145:943/admin
Client UI: https://10.66.66.145:943/
To login please use the "openvpn" account with "SXBherUnrX8K" password.
(password can be changed on Admin UI)查看openvpnas运行状态
[root@localhost openvpn]# systemctl status openvpnas.service
● openvpnas.service - OpenVPN Access Server
Loaded: loaded (/usr/lib/systemd/system/openvpnas.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2023-07-17 17:15:44 CST; 1min 11s ago
Main PID: 1762 (python3)
CGroup: /system.slice/openvpnas.service
├─1762 python3 -c from pyovpn.sagent.sagent_entry import openvpnas ; openvpnas() --nodaemon --logfile=/var/log/openvpnas....
├─1784 /usr/bin/python3 -c from pyovpn.cserv.wserv_entry import start ; start() -no -u openvpn_as -g openvpn_as --pidfile...
├─1785 /usr/bin/python3 -c from pyovpn.log.logworker import start ; start()
├─1808 /usr/bin/python3 -c from pyovpn.sagent.iptworker import start6 ; start6()
├─1810 /usr/bin/python3 -c from pyovpn.sagent.iptworker import start ; start()
├─1814 openvpn-openssl --errors-to-stderr --config stdin
├─1820 openvpn-openssl --errors-to-stderr --config stdin
├─1824 openvpn-openssl --errors-to-stderr --config stdin
├─1826 openvpn-openssl --errors-to-stderr --config stdin
├─1831 openvpn-openssl --errors-to-stderr --config stdin
├─1833 openvpn-openssl --errors-to-stderr --config stdin
├─1839 openvpn-openssl --errors-to-stderr --config stdin
├─1845 openvpn-openssl --errors-to-stderr --config stdin
├─1871 openvpn-openssl --errors-to-stderr --config stdin
├─1884 openvpn-openssl --errors-to-stderr --config stdin
├─1903 openvpn-openssl --errors-to-stderr --config stdin
├─1905 openvpn-openssl --errors-to-stderr --config stdin
├─1919 openvpn-openssl --errors-to-stderr --config stdin
├─1934 openvpn-openssl --errors-to-stderr --config stdin
├─1949 iptables-restore -n
├─1950 openvpn-openssl --errors-to-stderr --config stdin
├─1965 openvpn-openssl --errors-to-stderr --config stdin
├─1979 openvpn-openssl --errors-to-stderr --config stdin
└─1991 openvpn-openssl --errors-to-stderr --config stdin
Jul 17 17:15:44 localhost.localdomain systemd[1]: Started OpenVPN Access Server.查看openvpn-ssl版本信息
[root@localhost openvpn]# /usr/local/openvpn_as/sbin/openvpn-openssl --version
OpenVPN 2.6.4as0 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
library versions: OpenSSL 1.0.2k-fips 26 Jan 2017, LZO 2.06
Originally developed by James Yonan
Copyright (C) 2002-2023 OpenVPN Inc <sales@openvpn.net>
Compile time defines: enable_async_push=no enable_comp_stub=no enable_crypto_ofb_cfb=yes enable_dco=no enable_debug=yes enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=yes enable_fragment=yes enable_iproute2=no enable_libtool_lock=yes enable_lz4=yes enable_lzo=yes enable_management=yes enable_pam_dlopen=no enable_pedantic=no enable_pkcs11=no enable_plugin_auth_pam=no enable_plugin_down_root=no enable_plugins=yes enable_port_share=yes enable_selinux=no enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=no enable_werror=no enable_win32_dll=yes enable_wolfssl_options_h=yes enable_x509_alt_username=no with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_openssl_engine=auto with_sysroot=no
3.修改用户连接限制,默认是2个
操作命令如下:
cd /opt/openvpn
cp /usr/local/openvpn_as/lib/python/pyovpn-2.0-py3.6.egg{,.bak}
cp /usr/local/openvpn_as/lib/python/pyovpn-2.0-py3.6.egg .
unzip -q pyovpn-2.0-py3.6.egg
cd pyovpn/lic/
mv uprop.pyc uprop2.pyc 增加文件 uprop.py文件,内容如下
from pyovpn.lic import uprop2
old_figure = None
def new_figure(self, licdict):
ret = old_figure(self, licdict)
ret['concurrent_connections'] = 888
return ret
for x in dir(uprop2):
if x[:2] == '__':
continue
if x == 'UsageProperties':
exec('old_figure = uprop2.UsageProperties.figure')
exec('uprop2.UsageProperties.figure = new_figure')
exec('%s = uprop2.%s' % (x, x))
python3 -O -m compileall uprop.py && mv __pycache__/uprop.*.pyc uprop.pyc
cd ../../
zip -rq pyovpn-2.0-py3.6.egg ./pyovpn ./EGG-INFO ./common替换补丁,并且重启
\cp ./pyovpn-2.0-py3.6.egg /usr/local/openvpn_as/lib/python/
systemctl restart openvpnas.service操作日志如下
[root@localhost openvpn]# cp /usr/local/openvpn_as/lib/python/pyovpn-2.0-py3.6.egg{,.bak}
[root@localhost openvpn]# cp /usr/local/openvpn_as/lib/python/pyovpn-2.0-py3.6.egg .
[root@localhost openvpn]# unzip -q pyovpn-2.0-py3.6.egg
[root@localhost openvpn]# ll
total 303760
drwxr-xr-x. 2 root root 79 Jul 17 17:20 common
drwxr-xr-x. 2 root root 126 Jul 17 17:20 EGG-INFO
-rw-r--r--. 1 root root 276919192 Dec 14 2022 openvpn-as-bundled-clients-latest.rpm
-rw-r--r--. 1 root root 28138172 Jul 5 20:11 openvpn-as-latest-CentOS7.x86_64.rpm
drwxr-xr-x. 36 root root 4096 Jul 17 17:20 pyovpn
-rw-r--r--. 1 root root 5980773 Jul 17 17:19 pyovpn-2.0-py3.6.egg
[root@localhost openvpn]# cd pyovpn/lic/
[root@localhost lic]# mv uprop.pyc uprop2.pyc
[root@localhost lic]# vi uprop.py
[root@localhost lic]# cat uprop.py
from pyovpn.lic import uprop2
old_figure = None
def new_figure(self, licdict):
ret = old_figure(self, licdict)
ret['concurrent_connections'] = 888
return ret
for x in dir(uprop2):
if x[:2] == '__':
continue
if x == 'UsageProperties':
exec('old_figure = uprop2.UsageProperties.figure')
exec('uprop2.UsageProperties.figure = new_figure')
exec('%s = uprop2.%s' % (x, x))
[root@localhost lic]# python3 -O -m compileall uprop.py && mv __pycache__/uprop.*.pyc uprop.pyc
Compiling 'uprop.py'...
[root@localhost lic]# cd ../../
[root@localhost openvpn]# zip -rq pyovpn-2.0-py3.6.egg ./pyovpn ./EGG-INFO ./common
[root@localhost openvpn]# \cp ./pyovpn-2.0-py3.6.egg /usr/local/openvpn_as/lib/python/
[root@localhost openvpn]# systemctl restart openvpnas.service
[root@localhost openvpn]# systemctl status openvpnas.service
● openvpnas.service - OpenVPN Access Server
Loaded: loaded (/usr/lib/systemd/system/openvpnas.service; enabled; vendor preset: disabled)
Active: active (running) since Mon 2023-07-17 17:25:58 CST; 5s ago
Process: 2039 ExecStop=/bin/bash /usr/local/openvpn_as/scripts/openvpn_service_cleanup (code=exited, status=0/SUCCESS)
Main PID: 2188 (python3)
CGroup: /system.slice/openvpnas.service
├─2188 python3 -c from pyovpn.sagent.sagent_entry import openvpnas ; openvpnas() --nodaemon --logfile=/var/log/openvpnas....
├─2193 /usr/bin/python3 -c from pyovpn.cserv.wserv_entry import start ; start() -no -u openvpn_as -g openvpn_as --pidfile...
├─2194 /usr/bin/python3 -c from pyovpn.log.logworker import start ; start()
└─2205 iptables -A FORWARD -d 127.77.88.99 -m mark --mark 0x12345678/0x12345678 -j DROP
Jul 17 17:25:58 localhost.localdomain systemd[1]: Started OpenVPN Access Server.自定义web,配置文件路径 /usr/local/openvpn_as/etc/as.conf
1.修改 logo
将logo上传到目录 /usr/local/openvpn_as/etc/下,并修改配置
sa.logo_image_file=/usr/local/openvpn_as/logo.png # 该路径为logo路径2.修改公司名字
sa.company_name=HAHA VPN ADMIN3.隐藏footer
cs.footer=hide
cws.footer=hide重新服务生效
systemctl restart openvpnas.service浏览器访问web
查看用户 openvpn 默认初始化密码
grep -i 'password.$' /usr/local/openvpn_as/init.log通过https://ip直接访问
