路由"/>
学习笔记:将OpenVPN Access Server on ESXi改造成软路由
当前新版本的OpenVPN的镜像是基于Ubuntu18.04制作的,因此很容易改造成软路由。
免费版限定两个并发连接,不限速。
安装ESXi虚拟机版的OAS
参考: /
OAS产品信息:
- Our appliance for VMWare ESXi is released as an OVA file with virtual hardware revision 8 (vmx-08).
- It is built on the Linux Ubuntu 18.04 LTS x64 operating system and has no GUI.
- By default it is assigned 1 vCPU and 1GB of memory and has a swapfile of 512MB. Adjust as needed.
- When increasing CPU count, remember to increase amount of TCP/UDP daemons as well:
- 1 TCP plus 1 UDP daemon for each 1 vCPU. This is in Network Settings page in the admin UI.
- SSH login as root user is enabled by default, as well as on the console. You should definitely change this password.
- Default root user password is openvpnas.
初始默认账户
-
-
- User name: root
- Password: openvpnas
-
导入OVA镜像后添加网卡,网卡的类型选择E1000
设置IP
默认netplan里指定了networkd管理IP
参考:/
安装NetworkManager
apt install network-manager
修改/etc/netplan/01-netcfg.yaml
一般是这样:
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
version: 2
renderer: networkd
ethernets:
eth0:
dhcp4: no
addresses: [192.168.1.254/24]
gateway4: 192.168.1.1
nameservers:
addresses: [119.29.29.29]
改成这样:
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
version: 2
renderer: NetworkManager
启用NetworkManager
systemctl enable --now network-manager
使用NetworkManager调整网络配置
(可选)安装拨号宽带PPPoE
参考:
apt install -y pppoe pppoeconf
#假定使用eth3接ADSL猫
nmcli conn add con-name adsl type pppoe ifname eth3 autoconnect yes pppoe.username USERNAME pppoe.password PASSWORD
nmcli conn modify adsl connection.zone external
nmcli conn modify eth0 connection.zone internal
nmcli conn reload
nmcli conn up adsl
注:
系统中会自动生成一个拨号网卡 ppp0
可以使用pppoeconf自动配置拨号相关参数
设置ubuntu IP转发
安装ufw防火墙并启用
apt install ufw
systemctl enable --now ufw.service
ufw enable
设置ufw防火墙默认值
ufw default deny incoming
ufw default allow outgoing
查看防火墙状态
ufw status verbose
开启IP转发
参考: Verifying your browser... | myfreax
修改 /etc/sysctl.conf :
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
# Uncomment the next line to enable packet forwarding for IPv6
# Enabling this option disables Stateless Address Autoconfiguration
# based on Router Advertisements for this host
net.ipv6.conf.all.forwarding=1
运行sysctl -p生效
配置UFW以允许转发数据包。
打开UFW配置文件/etc/default/ufw
找到DEFAULT_FORWARD_POLICY键,将值从DROP更改为ACCEPT。
开启IP masqurade (IP伪装)
修改/etc/ufw/before.rules
#NAT table rules 启用nat 表
*nat
# 允许POSTROUTING 链
:POSTROUTING ACCEPT [0:0]
# 转发eth0接口的数据包,请将eth0更改为你对应的接口
-A POSTROUTING -s 192.168.1.0/24 -o ppp0 -j MASQUERADE
# don't delete the 'COMMIT' line or these rules won't be processed
COMMIT
注意不要删除COMMIT关键词,它永远是在最后一行。
别忘了在-A POSTROUTING行中替换eth0以匹配你的计算机可以连接到互联网的名称。
重启电脑或ufw.service后策略生效。
设置ufw防火墙,确保局域网连通性(局域网卡eth0)
ufw allow in on eth0 to any
ufw route allow in on eth0 out on eth0
安装设置MiniUPnP
官网: /
安装:apt install miniupnpd
设置:
根据向导提示,指定 WAN口为ppp0, LAN口为eth0 即可。
至此,软路由功能设置完毕!
按照产品文档设置OpenVPN Access Server即可。
更多推荐
学习笔记:将OpenVPN Access Server on ESXi改造成软路由
发布评论