阿里云centos7基于搭建VPN

本文参考自:http://www.xxkwz.cn/1495.html

前段时间使用pptp搭建了一个VPN,速度很快,但是用了大概一个月挂了,估计是被墙了吧,于是,用shadowsocks重新搭建了一个,

参考了网友教程,结合自己的一些运维经验,终于搭建成功,先记录一下,希望可以帮助有需要的朋友。

一、服务器端配置

1、安装采用的是teddysun(github上可以搜索到)写的一键安装脚本,具体地址如下:

https://raw.githubusercontent.com/teddysun/shadowsocks_install/master/shadowsocks.sh

或者:

https://github.com/teddysun/shadowsocks_install.git

下载后,使用root执行就OK,不再赘述。为防止链接失效,完整的脚本也可在本文末尾附录中看到。

2、修改默认配置

  配置文件路径:/etc/shadowsocks.json

内容: 

{
    "server":"your_server_ip",
    "server_port":8989,
    "local_address":"127.0.0.1",
    "local_port":1080,
    "password":"yourpassword",
    "timeout":300,
    "method":"rc4-md5", "fast_open": false }

 加密方式改为:rc4-md5

 3、修改防火墙

  如果开启了iptables防火墙,需要开放上面的server_port端口

方法:

vi /etc/systemconfig/iptables

-A INPUT -m state --state NEW -m tcp -p tcp --dport 8989 -j ACCEPT

 4、重启服务

  systemctl restart shadowsocks

二、客户端配置

  参考自:https://ttt.tt/150/  

  下载地址:

  Win:

  适合 Windows 7 用户,链接: http://pan.baidu.com/s/1ntoPuI1 密码: vrqh

  适合 Windows 8.1 用户,链接: http://pan.baidu.com/s/1hq6A1yG 密码: 6oe9

  OS X:http://pan.baidu.com/s/1i39qr8D 密码: pv6d

客户端配置界面如下:

注:其中的加密方式要改成 rc4-md5

客户端配置好后,需要设置浏览器的代理信息,以chrome为例:

1、进入chrome://settings/的高级设置

2、网络=》更改代理服务器设置

3、进入其中的局域网设置,截图如下:

以上就是配置的全过程,欢迎提问探讨。

附录:

#!/usr/bin/env bash
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
export PATH
#=================================================================#
#   System Required:  CentOS 6+, Debian 7+, Ubuntu 12+            #
#   Description: One click Install Shadowsocks-Python server      #
#   Author: Teddysun <[email protected]>                             #
#   Thanks: @clowwindy <https://twitter.com/clowwindy>            #
#   Intro:  https://teddysun.com/342.html                         #
#=================================================================#

clear
echo
echo "#############################################################"
echo "# One click Install Shadowsocks-Python server               #"
echo "# Intro: https://teddysun.com/342.html                      #"
echo "# Author: Teddysun <[email protected]>                         #"
echo "# Github: https://github.com/shadowsocks/shadowsocks        #"
echo "#############################################################"
echo

#Current folder
cur_dir=`pwd`

# Make sure only root can run our script
rootness(){
    if [[ $EUID -ne 0 ]]; then
        echo "Error:This script must be run as root!" 1>&2
        exit 1
    fi
}

# Disable selinux
disable_selinux(){
    if [ -s /etc/selinux/config ] && grep ‘SELINUX=enforcing‘ /etc/selinux/config; then
        sed -i ‘s/SELINUX=enforcing/SELINUX=disabled/g‘ /etc/selinux/config
        setenforce 0
    fi
}

#Check system
check_sys(){
    local checkType=$1
    local value=$2

    local release=‘‘
    local systemPackage=‘‘

    if [[ -f /etc/redhat-release ]]; then
        release="centos"
        systemPackage="yum"
    elif cat /etc/issue | grep -Eqi "debian"; then
        release="debian"
        systemPackage="apt"
    elif cat /etc/issue | grep -Eqi "ubuntu"; then
        release="ubuntu"
        systemPackage="apt"
    elif cat /etc/issue | grep -Eqi "centos|red hat|redhat"; then
        release="centos"
        systemPackage="yum"
    elif cat /proc/version | grep -Eqi "debian"; then
        release="debian"
        systemPackage="apt"
    elif cat /proc/version | grep -Eqi "ubuntu"; then
        release="ubuntu"
        systemPackage="apt"
    elif cat /proc/version | grep -Eqi "centos|red hat|redhat"; then
        release="centos"
        systemPackage="yum"
    fi

    if [[ ${checkType} == "sysRelease" ]]; then
        if [ "$value" == "$release" ]; then
            return 0
        else
            return 1
        fi
    elif [[ ${checkType} == "packageManager" ]]; then
        if [ "$value" == "$systemPackage" ]; then
            return 0
        else
            return 1
        fi
    fi
}

# Get version
getversion(){
    if [[ -s /etc/redhat-release ]]; then
        grep -oE  "[0-9.]+" /etc/redhat-release
    else
        grep -oE  "[0-9.]+" /etc/issue
    fi
}

# CentOS version
centosversion(){
    if check_sys sysRelease centos; then
        local code=$1
        local version="$(getversion)"
        local main_ver=${version%%.*}
        if [ "$main_ver" == "$code" ]; then
            return 0
        else
            return 1
        fi
    else
        return 1
    fi
}

# Get public IP address
get_ip(){
    local IP=$( ip addr | egrep -o ‘[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}‘ | egrep -v "^192\.168|^172\.1[6-9]\.|^172\.2[0-9]\.|^172\.3[0-2]\.|^10\.|^127\.|^255\.|^0\." | head -n 1 )
    [ -z ${IP} ] && IP=$( wget -qO- -t1 -T2 ipv4.icanhazip.com )
    [ -z ${IP} ] && IP=$( wget -qO- -t1 -T2 ipinfo.io/ip )
    [ ! -z ${IP} ] && echo ${IP} || echo
}

# Pre-installation settings
pre_install(){
    if check_sys packageManager yum || check_sys packageManager apt; then
        # Not support CentOS 5
        if centosversion 5; then
            echo "Error: Not supported CentOS 5, please change to CentOS 6+/Debian 7+/Ubuntu 12+ and try again."
            exit 1
        fi
    else
        echo "Error: Your OS is not supported. please change OS to CentOS/Debian/Ubuntu and try again."
        exit 1
    fi
    # Set shadowsocks config password
    echo "Please input password for shadowsocks-python:"
    read -p "(Default password: teddysun.com):" shadowsockspwd
    [ -z "${shadowsockspwd}" ] && shadowsockspwd="teddysun.com"
    echo
    echo "---------------------------"
    echo "password = ${shadowsockspwd}"
    echo "---------------------------"
    echo
    # Set shadowsocks config port
    while true
    do
    echo -e "Please input port for shadowsocks-python [1-65535]:"
    read -p "(Default port: 8989):" shadowsocksport
    [ -z "$shadowsocksport" ] && shadowsocksport="8989"
    expr ${shadowsocksport} + 0 &>/dev/null
    if [ $? -eq 0 ]; then
        if [ ${shadowsocksport} -ge 1 ] && [ ${shadowsocksport} -le 65535 ]; then
            echo
            echo "---------------------------"
            echo "port = ${shadowsocksport}"
            echo "---------------------------"
            echo
            break
        else
            echo "Input error, please input correct number"
        fi
    else
        echo "Input error, please input correct number"
    fi
    done
    get_char(){
        SAVEDSTTY=`stty -g`
        stty -echo
        stty cbreak
        dd if=/dev/tty bs=1 count=1 2> /dev/null
        stty -raw
        stty echo
        stty $SAVEDSTTY
    }
    echo
    echo "Press any key to start...or Press Ctrl+C to cancel"
    char=`get_char`
    #Install necessary dependencies
    if check_sys packageManager yum; then
        yum install -y unzip openssl-devel gcc swig python python-devel python-setuptools autoconf libtool libevent automake make curl curl-devel zlib-devel perl perl-devel cpio expat-devel gettext-devel
    elif check_sys packageManager apt; then
        apt-get -y update
        apt-get -y install python python-dev python-pip python-setuptools python-m2crypto curl wget unzip gcc swig automake make perl cpio build-essential
    fi
    cd ${cur_dir}
}

# Download files
download_files(){
    # Download libsodium file
    if ! wget --no-check-certificate -O libsodium-1.0.11.tar.gz https://github.com/jedisct1/libsodium/releases/download/1.0.11/libsodium-1.0.11.tar.gz; then
        echo "Failed to download libsodium-1.0.11.tar.gz!"
        exit 1
    fi
    # Download Shadowsocks file
    if ! wget --no-check-certificate -O shadowsocks-master.zip https://github.com/shadowsocks/shadowsocks/archive/master.zip; then
        echo "Failed to download shadowsocks python file!"
        exit 1
    fi
    # Download Shadowsocks init script
    if check_sys packageManager yum; then
        if ! wget --no-check-certificate https://raw.githubusercontent.com/teddysun/shadowsocks_install/master/shadowsocks -O /etc/init.d/shadowsocks; then
            echo "Failed to download shadowsocks chkconfig file!"
            exit 1
        fi
    elif check_sys packageManager apt; then
        if ! wget --no-check-certificate https://raw.githubusercontent.com/teddysun/shadowsocks_install/master/shadowsocks-debian -O /etc/init.d/shadowsocks; then
            echo "Failed to download shadowsocks chkconfig file!"
            exit 1
        fi
    fi
}

# Config shadowsocks
config_shadowsocks(){
    cat > /etc/shadowsocks.json<<-EOF
{
    "server":"0.0.0.0",
    "server_port":${shadowsocksport},
    "local_address":"127.0.0.1",
    "local_port":1080,
    "password":"${shadowsockspwd}",
    "timeout":300,
    "method":"aes-256-cfb",
    "fast_open":false
}
EOF
}

# Firewall set
firewall_set(){
    echo "firewall set start..."
    if centosversion 6; then
        /etc/init.d/iptables status > /dev/null 2>&1
        if [ $? -eq 0 ]; then
            iptables -L -n | grep -i ${shadowsocksport} > /dev/null 2>&1
            if [ $? -ne 0 ]; then
                iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport ${shadowsocksport} -j ACCEPT
                iptables -I INPUT -m state --state NEW -m udp -p udp --dport ${shadowsocksport} -j ACCEPT
                /etc/init.d/iptables save
                /etc/init.d/iptables restart
            else
                echo "port ${shadowsocksport} has been set up."
            fi
        else
            echo "WARNING: iptables looks like shutdown or not installed, please manually set it if necessary."
        fi
    elif centosversion 7; then
        systemctl status firewalld > /dev/null 2>&1
        if [ $? -eq 0 ]; then
            firewall-cmd --permanent --zone=public --add-port=${shadowsocksport}/tcp
            firewall-cmd --permanent --zone=public --add-port=${shadowsocksport}/udp
            firewall-cmd --reload
        else
            echo "Firewalld looks like not running, try to start..."
            systemctl start firewalld
            if [ $? -eq 0 ]; then
                firewall-cmd --permanent --zone=public --add-port=${shadowsocksport}/tcp
                firewall-cmd --permanent --zone=public --add-port=${shadowsocksport}/udp
                firewall-cmd --reload
            else
                echo "WARNING: Try to start firewalld failed. please enable port ${shadowsocksport} manually if necessary."
            fi
        fi
    fi
    echo "firewall set completed..."
}

# Install Shadowsocks
install(){
    # Install libsodium
    tar zxf libsodium-1.0.11.tar.gz
    cd libsodium-1.0.11
    ./configure && make && make install
    if [ $? -ne 0 ]; then
        echo "libsodium install failed!"
        install_cleanup
        exit 1
    fi
    echo "/usr/local/lib" > /etc/ld.so.conf.d/local.conf
    ldconfig
    # Install Shadowsocks
    cd ${cur_dir}
    unzip -q shadowsocks-master.zip
    if [ $? -ne 0 ];then
        echo "unzip shadowsocks-master.zip failed! please check unzip command."
        install_cleanup
        exit 1
    fi

    cd ${cur_dir}/shadowsocks-master
    python setup.py install --record /usr/local/shadowsocks_install.log

    if [ -f /usr/bin/ssserver ] || [ -f /usr/local/bin/ssserver ]; then
        chmod +x /etc/init.d/shadowsocks
        if check_sys packageManager yum; then
            chkconfig --add shadowsocks
            chkconfig shadowsocks on
        elif check_sys packageManager apt; then
            update-rc.d -f shadowsocks defaults
        fi
        /etc/init.d/shadowsocks start
    else
        echo
        echo "Shadowsocks install failed! please visit https://teddysun.com/342.html and contact."
        install_cleanup
        exit 1
    fi

    clear
    echo
    echo "Congratulations, shadowsocks server install completed!"
    echo -e "Your Server IP: \033[41;37m $(get_ip) \033[0m"
    echo -e "Your Server Port: \033[41;37m ${shadowsocksport} \033[0m"
    echo -e "Your Password: \033[41;37m ${shadowsockspwd} \033[0m"
    echo -e "Your Local IP: \033[41;37m 127.0.0.1 \033[0m"
    echo -e "Your Local Port: \033[41;37m 1080 \033[0m"
    echo -e "Your Encryption Method: \033[41;37m aes-256-cfb \033[0m"
    echo
    echo "Welcome to visit:https://teddysun.com/342.html"
    echo "Enjoy it!"
    echo
}

# Install cleanup
install_cleanup(){
    cd ${cur_dir}
    rm -rf shadowsocks-master.zip shadowsocks-master libsodium-1.0.11.tar.gz libsodium-1.0.11
}

# Uninstall Shadowsocks
uninstall_shadowsocks(){
    printf "Are you sure uninstall Shadowsocks? (y/n) "
    printf "\n"
    read -p "(Default: n):" answer
    [ -z ${answer} ] && answer="n"
    if [ "${answer}" == "y" ] || [ "${answer}" == "Y" ]; then
        ps -ef | grep -v grep | grep -i "ssserver" > /dev/null 2>&1
        if [ $? -eq 0 ]; then
            /etc/init.d/shadowsocks stop
        fi
        if check_sys packageManager yum; then
            chkconfig --del shadowsocks
        elif check_sys packageManager apt; then
            update-rc.d -f shadowsocks remove
        fi
        # delete config file
        rm -f /etc/shadowsocks.json
        rm -f /var/run/shadowsocks.pid
        rm -f /etc/init.d/shadowsocks
        rm -f /var/log/shadowsocks.log
        if [ -f /usr/local/shadowsocks_install.log ]; then
            cat /usr/local/shadowsocks_install.log | xargs rm -rf
        fi
        echo "Shadowsocks uninstall success!"
    else
        echo
        echo "uninstall cancelled, nothing to do..."
        echo
    fi
}

# Install Shadowsocks-python
install_shadowsocks(){
    rootness
    disable_selinux
    pre_install
    download_files
    config_shadowsocks
    if check_sys packageManager yum; then
        firewall_set
    fi
    install
    install_cleanup
}

# Initialization step
action=$1
[ -z $1 ] && action=install
case "$action" in
    install|uninstall)
    ${action}_shadowsocks
    ;;
    *)
    echo "Arguments error! [${action}]"
    echo "Usage: `basename $0` {install|uninstall}"
    ;;
esac

  

 

 

时间: 2024-10-13 18:27:06

阿里云centos7基于搭建VPN的相关文章

阿里云centos7.2 搭建 laravel 框架走过的坑

centos7.2 搭建 laravel框架走过的坑 前言 公司正在处于发展阶段最近开发的伙伴和运维的伙伴一直在忙碌着 开发人员一直在写laravel架构的代码以及新项目的拓展,时间很赶所以作为linux运维的我也不能怠慢. 首先搭建lnmp架构 nginx php 我选择的yum,wget的安装方法 mysql选择编译安装 因为我只认为MySQL我还有编译安装的需要(熟悉熟悉). 准备 : 1.PHP 7版本  2.openssl(yum安装)3.pdo扩展 mysql 4.安装compose

阿里云CentOS7搭建Apache+PHP+MySQL环境,注意php加载mysql的方法

阿里云CentOS7搭建Apache+PHP+MySQL环境 投稿:mrr 字体:[增加 减小] 类型:转载 时间:2017-03-24我要评论 最近要搭建一个阿里云的LMAP环境,选了CentOS7来做搭建.下面通过本文给大家分享阿里云CentOS7搭建Apache+PHP+MySQL环境,感兴趣的朋友一起看看吧 最近要搭建一个阿里云的LMAP环境,选了CentOS7来做搭建. 1.Apache Centos7默认已经安装httpd服务,只是没有启动. 如果你需要全新安装,可以yum inst

阿里云Centos7搭建Samba

2018.11.13第二章前缀不述,略过阿里云控制台等信息(这些都是中文的,稍微瞄一眼都能知道,比较坑的就是规则了,第一个Smaba搭好之后由于没建好规则就一直访问不了,当然这问题百度一下就知道了)自己总结了一下可以搭建的服务,如下列表,然后由易到难开始搭建(主要简单的都会,难的还没开始学).言归正传,开始第一个服务的搭建--Samba.由于本人的学习都是看视频和资料自学,所以老实说很不规范和系统,搭建环境的第一步是干什么?--百度搜阿里云Centos7搭建Samba直接出来一堆,然后再自己归纳

阿里云Centos7使用yum安装MySQL5.6.24的正确姿势

阿里云Centos7使用yum安装MySQL5.6.24 阿里云Centos7使用yum安装MySQL5.6.24 前言:由于某些不可抗力,我要在自己的阿里云服务器上搭建hadoop+hive+mysql+tomcat环境,下为mysql的安装记录 →_→大家都知道,centos自带的repo是不会自动更新每个软件的最新版本,所以无法通过yum方式安装MySQL的高级版本.所以,即使我使劲用yum -y install mysql mysql-server mysql-devel,也是没有人会鸟

阿里云免费服务器搭建学习过程--成功:

2015.11.7整理阿里云免费服务器搭建学习过程:配置lamp环境环境介绍:阿里云免费服务器15天免费试用,我选择的是ubuntu14.04(如果选择的是windowsServer可以切换到Ubuntu,但是会丢失之前的一切文件,项目和配置,当然也可以直接配置wamp环境等) 建议:安装Ubuntu后默认没有图形界面,建议刚开始只是学习体验的话不用去安装图形界面,花时间且用处不大,可以直接在自己电脑上的浏览器利用ip进行访问测试即可. 两步操作1:执行sudo spt-get update,这

[原创]访问未备案的阿里云服务器上搭建的网站

最近租了个阿里云服务器玩,因为没有备案,直接通过IP是无法访问网站的,所以自己摸索出了一种临时访问未备案的阿里云服务器上搭建的网站的方法. 原理很简单,阿里云会判断访问服务器的域名是否已备案,若已备案,则跳转到阿里云内部相应ip的服务器,所以我们只需要找一个阿里云备案过的域名(直接在阿里云的成功案例里面找),这里提供两个:www.php-z.com, www.pipaw.com,然后我们只需更改C:\Windows\System32\drivers\etc下的hosts文件,我的更改如下: #

阿里云上SVN搭建

操作系统centOs6.3 1.安装  #yum install subversion #判断是否安装成功 #subversion -v #或者 svnserve --version #建立SVN库. #mkdir /opt/svn/repos #svnadmin create /opt/svn/repos 执行上面的命令后,自动在repos下建立多个文件, 分别是conf, db,format,hooks, locks, README.txt 2.配置 进入conf目录分别编辑passwd.a

阿里云centos7成功安装和启动nginx,但是外网访问不了的解决方案

问题环境: 阿里云centos7.4.1708 问题描述:成功配置,启动成功,外网访问不了 解决方案: 经过查阅文档,去阿里云后台查看,原来是新购的服务器都加入和实例安全组. (OMG)立即去配置.加入你的80端口,立即就能开启了. 正常默认的是这3个规则 这里在入[方向下]点击任一条规则后面的克隆,在协议类型里面选择HTTP(80)或者想要添加的协议,其他不动,点击确定 在用ip请求 原文地址:https://www.cnblogs.com/SongG-blogs/p/8819516.html

AliOS Things+阿里云 10分钟搭建智慧农业解决方案

摘要: AliOS Things+阿里云 10分钟搭建智慧农业解决方案 1.1 样品介绍 在工业.农业物联网布线场景中以MODBUS类型为主,样品提供MODBUS类型传感器硬件和软件快速接入方案,并将传感器数据上传到阿里云物联网平台,在云端table store数据库存储,在datav数据大屏上可视化展示. AliOS Things+阿里云 10分钟搭建智慧农业解决方案1.1 样品介绍在工业.农业物联网布线场景中以MODBUS类型为主,样品提供MODBUS类型传感器硬件和软件快速接入方案,并将传