\u672c\u6765\u6211\u662f\u7528\u7fa4\u6656\u81ea\u5e26\u7684VPN Server\u642d\u5efaOpenVPN\u670d\u52a1\u7aef\u6765\u8bbf\u95ee\u5bb6\u91cc\u5185\u7f51\u3002\u7531\u4e8e\u5bb6\u91cc\u6ca1\u6709\u516c\u7f51IP\uff0c\u901a\u8fc7\u56fd\u5916VPS\u642d\u5efafrp\u505a\u7aef\u53e3\u6620\u5c04\uff0c\u4f46\u662f\u5982\u6b64\u4e00\u6765OpenVPN\u8fde\u63a5\u5c31\u4f1a\u88ab\u5899\u68c0\u6d4b\u5230\u534f\u8bae\u5e76\u963b\u65ad\uff0c\u53ef\u4ee5\u901a\u8fc7\u518d\u642d\u5efa\u4e00\u4e2aSS(R)\u6216\u8005\u5176\u4ed6\u4ee3\u7406\u4f5c\u4e3aOpenVPN\u524d\u7f6e\u4ee3\u7406\u89e3\u51b3\uff0c\u4f46\u662f\u592a\u8fc7\u9ebb\u70e6\u3002ocserv (AnyConnect VPN\u670d\u52a1\u7aef) \u5c5e\u4e8eSSL VPN\uff0c\u534f\u8bae\u7279\u5f81\u4e0eHTTPS\u7c7b\u4f3c\uff0c\u56e0\u6b64\u4e0d\u4f1a\u88ab\u68c0\u6d4b\u5e76\u963b\u65ad\u3002\u4e0b\u6587\u4ecb\u7ecd\u5728\u7fa4\u6656\u4f7f\u7528Docker\u642d\u5efaocserv\u5e76\u8bbe\u7f6e\u53ea\u8bbf\u95ee\u5185\u7f51\u3002<\/p>\n
\u4f7f\u7528\u7684Docker\u955c\u50cf\uff1a
\nhttps:\/\/hub.docker.com\/r\/vimagick\/ocserv\/
\nGitHub\u5730\u5740\uff1a
\nhttps:\/\/github.com\/vimagick\/dockerfiles\/tree\/master\/ocserv<\/p>\n
SSH\u767b\u5f55\u7fa4\u6656\uff0c\u8f93\u5165sudo -i\u7136\u540e\u8f93\u5165\u5bc6\u7801\u8fdb\u5165ROOT\uff1b
\n\u8f93\u5165docker pull vimagick\/ocserv\u62c9\u53d6\u955c\u50cf\uff1b
\n\u8f93\u5165mkdir ocserv\u521b\u5efa\u6587\u4ef6\u5939\uff1b
\n\u8f93\u5165cd ocserv\u8fdb\u5165\u6587\u4ef6\u5939\uff1b
\n\u8f93\u5165vi docker-compose.yml\u521b\u5efadocker-compose\u914d\u7f6e\u6587\u4ef6\uff1b
\n\u8f93\u5165:set paste\u4f7fvi\u8fdb\u5165\u7c98\u8d34\u6a21\u5f0f\uff0c\u53ef\u8ba9\u7c98\u8d34\u5185\u5bb9\u4e0d\u81ea\u52a8\u5bf9\u9f50\uff1b
\n\u6309i\u952e\u8f93\u5165\u4ee5\u4e0b\u5185\u5bb9\uff1a<\/p>\n
ocserv:\r\n\timage: vimagick\/ocserv\r\n\tports:\r\n\t- \"4443:443\/tcp\"\r\n\t- \"4443:443\/udp\"\r\n\tenvironment:\r\n\t- VPN_DOMAIN=vpn.easypi.pro\r\n\t- VPN_NETWORK=10.20.30.0\r\n\t- VPN_NETMASK=255.255.255.0\r\n\t- LAN_NETWORK=192.168.0.0\r\n\t- LAN_NETMASK=255.255.0.0\r\n\t- VPN_USERNAME=username\r\n\t- VPN_PASSWORD=password\r\n\tcap_add:\r\n\t- NET_ADMIN\r\n\trestart: always<\/pre>\n\u4fee\u6539vpn.easypi.pro\u4e3a\u5c06\u6765\u8bbf\u95ee\u7fa4\u6656\u7684\u57df\u540d\uff0cusername\u4e3a\u7528\u6237\u540d\uff0cpassword\u4e3a\u5bc6\u7801\uff0c\u5176\u4ed6\u7aef\u53e3\u8bbe\u7f6e\u4e5f\u53ef\u4fee\u6539\uff0c\u4fee\u6539\u5b8c\u6210\u540e\u6309Esc\u952e\u7136\u540e\u8f93\u5165\u4e24\u4e2a\u5927\u5199Z\u4fdd\u5b58\u9000\u51fa\u3002<\/p>\n
\u8f93\u5165docker-compose up -d\u542f\u52a8\u5bb9\u5668\uff1b
\n\u4e0b\u8f7dAnyConnect\u5ba2\u6237\u7aef\uff1b
\n\u5728\u5ba2\u6237\u7aef\u670d\u52a1\u5668\u5730\u5740\u4e2d\u8f93\u5165[\u7fa4\u6656\u7684\u57df\u540d\u6216IP]:4443\uff0c\u70b9\u51fb\u8fde\u63a5\uff0c\u7136\u540e\u8f93\u5165\u7528\u6237\u540d\u5bc6\u7801\u5c31\u53ef\u4ee5\u8bbf\u95ee\u7fa4\u6656\u4e86\u3002
\n\u8bf4\u660e\uff1a
\n1. \u63d0\u793a\u8bc1\u4e66\u9519\u8bef\u662f\u56e0\u4e3a\u670d\u52a1\u7aef\u6ca1\u6709\u4f7f\u7528\u6709\u6548\u8bc1\u4e66\uff0c\u89e3\u51b3\u65b9\u6cd5\u662f\u8981\u4e48\u914d\u7f6e\u6709\u6548\u8bc1\u4e66\uff0c\u8981\u4e48\u5728\u5ba2\u6237\u7aef\u8bbe\u7f6e\u91cc\u9762\u5141\u8bb8\u4e0d\u5b89\u5168\u7684\u670d\u52a1\u5668\u8bc1\u4e66\u3002
\n2. \u5982\u679c\u8981\u7528frp\u505a\u7aef\u53e3\u6620\u5c04\uff0c\u9700\u8981\u5c06\u7fa4\u66564443\u7aef\u53e3\u8f6c\u53d1\uff0c\u7136\u540eAnyConnect\u5ba2\u6237\u7aef\u8fde\u63a5\u5730\u5740\u6539\u4e3afrp\u670d\u52a1\u5668\u5730\u5740\u5c31\u53ef\u4ee5\u4e86\u3002<\/p>\n\u6b64\u65f6\u642d\u597d\u7684VPN\u9ed8\u8ba4\u4f1a\u8ba9\u6240\u6709\u6d41\u91cf\u8d70VPN\uff0c\u4e0b\u9762\u4ecb\u7ecd\u5982\u4f55\u53ea\u8d70\u5185\u7f51\u6d41\u91cf\uff1a
\n\u8fdb\u5165ocserv\u5bb9\u5668shell\uff1adocker-compose exec ocserv sh<\/p>\n\u5982\u9700\u4fee\u6539VPN\u7528\u6237\u5bc6\u7801\u6267\u884cocpasswd -c \/etc\/ocserv\/ocpasswd username\uff0cusername\u4e3a\u7528\u6237\u540d\u3002<\/p>\n
\u4fee\u6539ocserv.conf\uff1acd \/etc\/ocserv\/; vi ocserv.conf
\n\u4fee\u6539\u4ee5\u4e0b\u7247\u6bb5\uff1a<\/p>\n\u4fee\u6539\u8def\u7531\u914d\u7f6e\uff0c\u8ba9192.168.0.0\/255.255.0.0\u901a\u8fc7VPN\u8bbf\u95ee\uff1a<\/p>\n
# Routes to be forwarded to the client. If you need the\r\n# client to forward routes to the server, you may use the\r\n# config-per-user\/group or even connect and disconnect scripts.\r\n#\r\n# To set the server as the default gateway for the client just\r\n# comment out all routes from the server, or use the special keyword\r\n# 'default'.\r\n\r\n#route = 10.10.10.0\/255.255.255.0\r\nroute = 192.168.0.0\/255.255.0.0<\/span>\r\n#route = fef4:db8:1000:1001::\/64\r\n#route = default\r\n\r\n# Subsets of the routes above that will not be routed by\r\n# the server.\r\n\r\n#no-route = 192.168.0.0\/255.255.0.0<\/span><\/pre>\n\u4fee\u6539DNS\u914d\u7f6e\uff0c\u7981\u6b62\u8f6c\u53d1DNS\u8bf7\u6c42\uff1a<\/p>\n
# Whether to tunnel all DNS queries via the VPN. This is the default\r\n# when a default route is set.\r\ntunnel-all-dns = false<\/span>\r\n\r\n# The advertized DNS server. Use multiple lines for\r\n# multiple servers.\r\n# dns = fc00::4be0\r\n#dns = 8.8.8.8<\/span><\/pre>\n\u9000\u51fa\u91cd\u542f\u5bb9\u5668<\/p>\n
exit<\/span>\r\ndocker-compose restart<\/pre>\nocserv\u914d\u7f6e\u6587\u4ef6\u53c2\u8003\uff1ahttp:\/\/ocserv.gitlab.io\/www\/manual.html<\/p>\n","protected":false},"excerpt":{"rendered":"\u672c\u6765\u6211\u662f\u7528\u7fa4\u6656\u81ea\u5e26\u7684VPN Server\u642d\u5efaOpenVPN\u670d\u52a1\u7aef\u6765\u8bbf\u95ee\u5bb6\u91cc\u5185\u7f51\u3002\u7531\u4e8e\u5bb6\u91cc\u6ca1\u6709\u516c\u7f51IP\uff0c\u901a\u8fc7\u56fd\u5916VPS\u642d\u5efafrp\u505a\u7aef\u53e3\u6620\u5c04\uff0c\u4f46\u662f\u5982\u6b64\u4e00\u6765OpenVPN\u8fde\u63a5\u5c31\u4f1a\u88ab\u5899\u68c0\u6d4b\u5230\u534f\u8bae\u5e76\u963b\u65ad\uff0c\u53ef\u4ee5\u901a \u00b7\u00b7\u00b7","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[64,66,67],"class_list":["post-515","post","type-post","status-publish","format-standard","hentry","category-jiaocheng","tag-docker","tag-vpn","tag-67"],"views":7459,"_links":{"self":[{"href":"https:\/\/aichh.com\/api\/wp\/v2\/posts\/515","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/aichh.com\/api\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/aichh.com\/api\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/aichh.com\/api\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/aichh.com\/api\/wp\/v2\/comments?post=515"}],"version-history":[{"count":9,"href":"https:\/\/aichh.com\/api\/wp\/v2\/posts\/515\/revisions"}],"predecessor-version":[{"id":699,"href":"https:\/\/aichh.com\/api\/wp\/v2\/posts\/515\/revisions\/699"}],"wp:attachment":[{"href":"https:\/\/aichh.com\/api\/wp\/v2\/media?parent=515"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/aichh.com\/api\/wp\/v2\/categories?post=515"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/aichh.com\/api\/wp\/v2\/tags?post=515"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}