🖧如何在Debian上安装和连接OpenVPN客户端

客户端用于连接到远程openvpn服务器。 本指南将指导您为Debian系统上的客户端安装OpenVPN软件包。 还可以通过命令行连接到远程openvpn服务器。

开始之前

我们将假定您已经具有:

  • 具有sudo特权访问的正在运行的Debian系统。
  • OpenVPN服务器正在远程系统上运行。
  • 从远程主机管理员接收到OpenVPN客户端配置。

第1步-安装OpenVPN客户端

默认的Debian存储库中提供了OpenVPN软件包。

在Debian系统上打开一个终端并更新apt缓存。

之后,安装OpenVPN软件包。

打开一个终端并运行命令以在Debian上安装openvpn客户端:

sudo apt update  sudo apt install openvpn -y 

第2步-连接到OpenVPN服务器

将openvpn客户端配置文件复制到您的Debian机器上。

您可以使用–config命令行参数来提供配置文件。

该命令将读取所有必需的数据以从该文件创建vpn。

让我们运行以下命令以连接到openvpn服务器:

openvpn --config client.ovpn

您应该看到以下输出:

Thu Sep 10 12:04:18 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]69.87.218.145:1194
Thu Sep 10 12:04:18 2020 Socket Buffers: R=[212992->212992] S=[212992->212992]
Thu Sep 10 12:04:18 2020 UDP link local: (not bound)
Thu Sep 10 12:04:18 2020 UDP link remote: [AF_INET]69.87.218.145:1194
Thu Sep 10 12:04:18 2020 TLS: Initial packet from [AF_INET]69.87.218.145:1194, sid=6d27e1cb 524bd8cd
Thu Sep 10 12:04:18 2020 VERIFY OK: depth=1, CN=Easy-RSA CA
Thu Sep 10 12:04:18 2020 VERIFY OK: depth=0, CN=tecadmin-server
Thu Sep 10 12:04:18 2020 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Thu Sep 10 12:04:18 2020 [tecadmin-server] Peer Connection Initiated with [AF_INET]69.87.218.145:1194
Thu Sep 10 12:04:19 2020 SENT CONTROL [tecadmin-server]: 'PUSH_REQUEST' (status=1)
Thu Sep 10 12:04:19 2020 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.8.0.1,topology net30,ping 20,ping-restart 60,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM'
Thu Sep 10 12:04:19 2020 OPTIONS IMPORT: timers and/or timeouts modified
Thu Sep 10 12:04:19 2020 OPTIONS IMPORT: --ifconfig/up options modified
Thu Sep 10 12:04:19 2020 OPTIONS IMPORT: route options modified

第3步-检查连接

连接成功后,OpenVPN服务器将在tun0接口上分配一个新的IP地址。

您可以使用以下命令进行检查:

ip a show tun0 

输出:

4: tun0:  mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
    link/none 
    inet 10.8.0.6 peer 10.8.0.5/32 scope global tun0
       valid_lft forever preferred_lft forever
    inet6 fe80::7226:57b1:f101:313b/64 scope link stable-privacy 
       valid_lft forever preferred_lft forever

您还可以检查OpenVPN服务器日志以检查连接状态:

tail -f /var/log/openvpn.log 

您应该看到以下输出:

Thu Sep 10 12:04:18 2020 45.58.34.83:37445 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Thu Sep 10 12:04:18 2020 45.58.34.83:37445 [client] Peer Connection Initiated with [AF_INET]45.58.34.83:37445
Thu Sep 10 12:04:18 2020 client/45.58.34.83:37445 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Thu Sep 10 12:04:18 2020 client/45.58.34.83:37445 MULTI: Learn: 10.8.0.6 -> client/45.58.34.83:37445
Thu Sep 10 12:04:18 2020 client/45.58.34.83:37445 MULTI: primary virtual IP for client/45.58.34.83:37445: 10.8.0.6
Thu Sep 10 12:04:19 2020 client/45.58.34.83:37445 PUSH: Received control message: 'PUSH_REQUEST'
Thu Sep 10 12:04:19 2020 client/45.58.34.83:37445 SENT CONTROL [client]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.8.0.1,topology net30,ping 20,ping-restart 60,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM' (status=1)
Thu Sep 10 12:04:19 2020 client/45.58.34.83:37445 Data Channel: using negotiated cipher 'AES-256-GCM'
Thu Sep 10 12:04:19 2020 client/45.58.34.83:37445 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Sep 10 12:04:19 2020 client/45.58.34.83:37445 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

结论

现在,您的Debian系统已通过VPN连接到远程服务器。

Sidebar