鉴于服务器迁移，广州IDC数据需要传输到揭阳IDC，不想先传到本地，在传到揭阳，便打算在揭阳的某台设备安装openvpn，连接后可直接传数据。

安装openvpn有两种方法

• 直接yum安装，简单快捷。但是（有的）机器提示无可用openvpn的包
• 下载脚本，本机器wget提示443，所以手动下载，再传到机器上。

[root@console install_package]#yum install -y openvpn
No package openvpn available.


[root@console install_package]#wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh
Connecting to raw.github.com (raw.github.com)|151.101.228.133|:443... failed: Connection refused.

安装

[root@console install_package]# bash openvpn-install.sh 
Welcome to this OpenVPN road warrior installer!

This server is behind NAT. What is the public IPv4 address or hostname?
Public IPv4 address / hostname [112.90.243.98]:     # 只是安装client，所以直接回车。如果是server，填当前设备的公网IP

Which protocol should OpenVPN use?
   1) UDP (recommended)
   2) TCP
Protocol [1]: 1     # 需要连接的设备是udp， 所以这里选1

What port should OpenVPN listen to?
Port [1194]:      # 默认端口，直接回车

Select a DNS server for the clients:
   1) Current system resolvers
   2) Google
   3) 1.1.1.1
   4) OpenDNS
   5) Quad9
   6) AdGuard
DNS server [1]: 1   # 使用当前设备的DNS解析地址

Enter a name for the first client:
Name [client]:     # 默认回车，client.ovpn文件用以前设置好的。安装后文件在/root/client.ovpn

配置文件在/etc/openvpn/{client | server}。 将client的连接文件传到client目录下

cd /etc/openvpn/client
[root@console client]# ll
total 28
-rw-r--r-- 1 root root 4436 Dec 11 10:16 rtr-ix7m1kkc.crt
-rw-r--r-- 1 root root 1704 Dec 11 10:16 rtr-ix7m1kkc.key
-rw-r--r-- 1 root root  313 Dec 11 10:16 rtr-ix7m1kkc.ovpn
-rw-r--r-- 1 root root  636 Dec 11 10:16 rtr-ix7m1kkc.takey
-rw-r--r-- 1 root root 4481 Dec 11 10:17 yunify-ca.crt

ovpn配置文件内容如下

[root@console client]# cat *.ovpn
# openvpn client windows configuration sample
client
dev tun
proto udp
remote Public_IP 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca yunify-ca.crt
cert rtr-ix7m1kkc.crt
key rtr-ix7m1kkc.key
tls-auth rtr-ix7m1kkc.takey 1
auth-user-pass
cipher AES-256-CBC
comp-lzo
mssfix 1400

openvpn连接脚本

[root@console script]# cat openvpn_client.sh
#!/bin/sh
openvpn --daemon --cd /etc/openvpn/client --config rtr-ix7m1kkc.ovpn --log-append /var/log/openvpn.log

[root@console script]# chmod +x openvpn_client.sh

连接并测试

[root@console script]# ./openvpn_client.sh 
Enter Auth Username: username
Enter Auth Password: ************

[root@console script]# ping 172.20.28.2
PING 172.20.28.2 (172.20.28.2) 56(84) bytes of data.
64 bytes from 172.20.28.2: icmp_seq=1 ttl=61 time=12.7 ms
64 bytes from 172.20.28.2: icmp_seq=2 ttl=61 time=12.6 ms
64 bytes from 172.20.28.2: icmp_seq=3 ttl=61 time=12.6 ms

连接正常，可以传输数据了。