🖧如何在Debian上安裝和連接OpenVPN客戶端

客戶端用於連接到遠程openvpn服務器。 本指南將指導您為Debian系統上的客戶端安裝OpenVPN軟件包。 還可以通過命令行連接到遠程openvpn服務器。

開始之前

我們將假定您已經具有:

  • 具有sudo特權訪問的正在運行的Debian系統。
  • OpenVPN服務器正在遠程系統上運行。
  • 從遠程主機管理員接收到OpenVPN客戶端配置。

第1步-安裝OpenVPN客戶端

默認的Debian存儲庫中提供了OpenVPN軟件包。

在Debian系統上打開一個終端並更新apt緩存。

之後,安裝OpenVPN軟件包。

打開一個終端並運行命令以在Debian上安裝openvpn客戶端:

sudo apt update  sudo apt install openvpn -y 

第2步-連接到OpenVPN服務器

將openvpn客戶端配置文件複製到您的Debian機器上。

您可以使用–config命令行參數來提供配置文件。

該命令將讀取所有必需的數據以從該文件創建vpn。

讓我們運行以下命令以連接到openvpn服務器:

openvpn --config client.ovpn

您應該看到以下輸出:

Thu Sep 10 12:04:18 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]69.87.218.145:1194
Thu Sep 10 12:04:18 2020 Socket Buffers: R=[212992->212992] S=[212992->212992]
Thu Sep 10 12:04:18 2020 UDP link local: (not bound)
Thu Sep 10 12:04:18 2020 UDP link remote: [AF_INET]69.87.218.145:1194
Thu Sep 10 12:04:18 2020 TLS: Initial packet from [AF_INET]69.87.218.145:1194, sid=6d27e1cb 524bd8cd
Thu Sep 10 12:04:18 2020 VERIFY OK: depth=1, CN=Easy-RSA CA
Thu Sep 10 12:04:18 2020 VERIFY OK: depth=0, CN=tecadmin-server
Thu Sep 10 12:04:18 2020 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Thu Sep 10 12:04:18 2020 [tecadmin-server] Peer Connection Initiated with [AF_INET]69.87.218.145:1194
Thu Sep 10 12:04:19 2020 SENT CONTROL [tecadmin-server]: 'PUSH_REQUEST' (status=1)
Thu Sep 10 12:04:19 2020 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.8.0.1,topology net30,ping 20,ping-restart 60,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM'
Thu Sep 10 12:04:19 2020 OPTIONS IMPORT: timers and/or timeouts modified
Thu Sep 10 12:04:19 2020 OPTIONS IMPORT: --ifconfig/up options modified
Thu Sep 10 12:04:19 2020 OPTIONS IMPORT: route options modified

第3步-檢查連接

連接成功後,OpenVPN服務器將在tun0接口上分配一個新的IP地址。

您可以使用以下命令進行檢查:

ip a show tun0 

輸出:

4: tun0:  mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
    link/none 
    inet 10.8.0.6 peer 10.8.0.5/32 scope global tun0
       valid_lft forever preferred_lft forever
    inet6 fe80::7226:57b1:f101:313b/64 scope link stable-privacy 
       valid_lft forever preferred_lft forever

您還可以檢查OpenVPN服務器日誌以檢查連接狀態:

tail -f /var/log/openvpn.log 

您應該看到以下輸出:

Thu Sep 10 12:04:18 2020 45.58.34.83:37445 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Thu Sep 10 12:04:18 2020 45.58.34.83:37445 [client] Peer Connection Initiated with [AF_INET]45.58.34.83:37445
Thu Sep 10 12:04:18 2020 client/45.58.34.83:37445 MULTI_sva: pool returned IPv4=10.8.0.6, IPv6=(Not enabled)
Thu Sep 10 12:04:18 2020 client/45.58.34.83:37445 MULTI: Learn: 10.8.0.6 -> client/45.58.34.83:37445
Thu Sep 10 12:04:18 2020 client/45.58.34.83:37445 MULTI: primary virtual IP for client/45.58.34.83:37445: 10.8.0.6
Thu Sep 10 12:04:19 2020 client/45.58.34.83:37445 PUSH: Received control message: 'PUSH_REQUEST'
Thu Sep 10 12:04:19 2020 client/45.58.34.83:37445 SENT CONTROL [client]: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,route 10.8.0.1,topology net30,ping 20,ping-restart 60,ifconfig 10.8.0.6 10.8.0.5,peer-id 0,cipher AES-256-GCM' (status=1)
Thu Sep 10 12:04:19 2020 client/45.58.34.83:37445 Data Channel: using negotiated cipher 'AES-256-GCM'
Thu Sep 10 12:04:19 2020 client/45.58.34.83:37445 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Sep 10 12:04:19 2020 client/45.58.34.83:37445 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

結論

現在,您的Debian系統已通過VPN連接到遠程服務器。

Sidebar