├── EasyRSA-2.2.2.tar.gz
├── epel-release-6-8.noarch.rpm
├── 32-epel-release-5-4.noarch.rpm
├── 32-epel-release-6-8.noarch.rpm
├── 64-epel-release-5-4.noarch.rpm
├── epel-release-latest-7.noarch.rpm
├── squid.conf
├── server.conf
├── sysctl.conf
└── openvpn.sh
/EasyRSA-2.2.2.tar.gz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mrcosir/me/HEAD/EasyRSA-2.2.2.tar.gz
--------------------------------------------------------------------------------
/epel-release-6-8.noarch.rpm:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mrcosir/me/HEAD/epel-release-6-8.noarch.rpm
--------------------------------------------------------------------------------
/32-epel-release-5-4.noarch.rpm:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mrcosir/me/HEAD/32-epel-release-5-4.noarch.rpm
--------------------------------------------------------------------------------
/32-epel-release-6-8.noarch.rpm:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mrcosir/me/HEAD/32-epel-release-6-8.noarch.rpm
--------------------------------------------------------------------------------
/64-epel-release-5-4.noarch.rpm:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mrcosir/me/HEAD/64-epel-release-5-4.noarch.rpm
--------------------------------------------------------------------------------
/epel-release-latest-7.noarch.rpm:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/mrcosir/me/HEAD/epel-release-latest-7.noarch.rpm
--------------------------------------------------------------------------------
/squid.conf:
--------------------------------------------------------------------------------
1 | acl SSL_ports port 443
2 | acl Safe_ports port 80
3 | acl Safe_ports port 21
4 | acl Safe_ports port 443
5 | acl Safe_ports port 70
6 | acl Safe_ports port 210
7 | acl Safe_ports port 1025-65535
8 | acl Safe_ports port 280
9 | acl Safe_ports port 488
10 | acl Safe_ports port 591
11 | acl Safe_ports port 777
12 | acl CONNECT method CONNECT
13 | via on
14 | request_header_access X-Forwarded-For deny all
15 | request_header_access user-agent deny all
16 | reply_header_access X-Forwarded-For deny all
17 | reply_header_access user-agent deny all
18 | http_port 80
19 | http_access allow all
20 | access_log /var/log/squid/access.log
21 | visible_hostname TD-LTE/FDD-LTE(nb110.com)
22 | cache_mgr Welcome_to_use_OpenVPN
23 | # 聂人狂
--------------------------------------------------------------------------------
/server.conf:
--------------------------------------------------------------------------------
1 | #################################################
2 | # OpenVPN免流 #
3 | # 2016.02.12 #
4 | # #
5 | #################################################
6 |
7 | port 3389
8 | proto tcp
9 | dev tun
10 | ca /etc/openvpn/easy-rsa/keys/ca.crt
11 | cert /etc/openvpn/easy-rsa/keys/centos.crt
12 | key /etc/openvpn/easy-rsa/keys/centos.key
13 | dh /etc/openvpn/easy-rsa/keys/dh2048.pem
14 | server 10.8.0.0 255.255.255.0
15 | ifconfig-pool-persist ipp.txt
16 | ;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
17 | push "redirect-gateway def1 bypass-dhcp"
18 | ;push "route 192.168.10.0 255.255.255.0"
19 | ;push "route 192.168.20.0 255.255.255.0"
20 | ;push "dhcp-option DNS 114.114.114.114"
21 | ;push "dhcp-option DNS 114.114.115.115"
22 | ;client-to-client
23 | keepalive 10 120
24 | # tls-auth /etc/openvpn/easy-rsa/ta.key 1
25 | comp-lzo
26 | max-clients 10
27 | persist-key
28 | persist-tun
29 | status openvpn-status.log
30 | log openvpn.log
31 | log-append openvpn.log
32 | verb 3
33 | ;mute 20
34 | ;crl-verify /etc/openvpn/easy-rsa/keys/crl.pem
--------------------------------------------------------------------------------
/sysctl.conf:
--------------------------------------------------------------------------------
1 | # Kernel sysctl configuration file for Red Hat Linux
2 | #
3 | # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
4 | # sysctl.conf(5) for more details.
5 |
6 | # Controls IP packet forwarding
7 | net.ipv4.ip_forward = 1
8 |
9 | # Controls source route verification
10 | net.ipv4.conf.default.rp_filter = 1
11 |
12 | # Do not accept source routing
13 | net.ipv4.conf.default.accept_source_route = 0
14 |
15 | # Controls the System Request debugging functionality of the kernel
16 | kernel.sysrq = 0
17 |
18 | # Controls whether core dumps will append the PID to the core filename.
19 | # Useful for debugging multi-threaded applications.
20 | kernel.core_uses_pid = 1
21 |
22 | # Controls the use of TCP syncookies
23 | net.ipv4.tcp_syncookies = 1
24 |
25 | # Disable netfilter on bridges.
26 | net.bridge.bridge-nf-call-ip6tables = 0
27 | net.bridge.bridge-nf-call-iptables = 0
28 | net.bridge.bridge-nf-call-arptables = 0
29 |
30 | # Controls the default maxmimum size of a mesage queue
31 | kernel.msgmnb = 65536
32 |
33 | # Controls the maximum size of a message, in bytes
34 | kernel.msgmax = 65536
35 |
36 | # Controls the maximum shared segment size, in bytes
37 | kernel.shmmax = 68719476736
38 |
39 | # Controls the maximum number of shared memory segments, in pages
40 | kernel.shmall = 4294967296
41 |
--------------------------------------------------------------------------------
/openvpn.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
3 | export PATH
4 | # wget https://raw.github.com/mu228/me/master/openvpn.sh && bash openvpn.sh 2>&1 | tee openvpn.log
5 | clear;
6 | # Logo ******************************************************************
7 | CopyrightLogo='
8 | CentOS OpenVPN-2.3.10 云免服务器
9 | Powered by 2015-2016
10 | All Rights Reserved
11 |
12 | by 聂人狂
13 | ==========================================================================';
14 | echo "$CopyrightLogo";
15 | echo
16 | echo "脚本已由千万人CentOS测试通过"
17 | echo "请按回车继续开始安装:"
18 | read
19 | echo
20 | # BOBLEE
21 | echo "正在部署环境..."
22 | sleep 3
23 | service httpd stop >/dev/null 2>&1
24 | yum -y remove httpd >/dev/null 2>&1
25 | service openvpn stop >/dev/null 2>&1
26 | yum -y remove openvpn >/dev/null 2>&1
27 | rm -rf /etc/openvpn/*
28 | rm -rf /home/vpn.tar.gz
29 | echo "安装执行命令..."
30 | sleep 2
31 | yum install -y redhat-lsb curl gawk
32 | version=`lsb_release -a | grep -e Release|awk -F ":" '{ print $2 }'|awk -F "." '{ print $1 }'`
33 | echo "正在匹配软件源..."
34 | sleep 3
35 |
36 | if [ $version == "5" ];then
37 | if [ $(getconf LONG_BIT) = '64' ] ; then
38 | rpm -ivh https://raw.github.com/mu228/me/master/64-epel-release-5-4.noarch.rpm
39 | else
40 | rpm -ivh https://raw.github.com/mu228/me/master/32-epel-release-5-4.noarch.rpm
41 | fi
42 | fi
43 |
44 | if [ $version == "6" ];then
45 | if [ $(getconf LONG_BIT) = '64' ] ; then
46 | rpm -ivh https://raw.github.com/mu228/me/master/epel-release-6-8.noarch.rpm
47 | else
48 | rpm -ivh https://raw.github.com/mu228/me/master/32-epel-release-6-8.noarch.rpm
49 | fi
50 | fi
51 |
52 | if [ $version == "7" ];then
53 | rpm -ivh https://raw.github.com/mu228/me/master/epel-release-latest-7.noarch.rpm
54 | fi
55 |
56 | if [ ! $version ];then
57 | clear
58 | echo
59 | echo
60 | echo "安装被终止,请在Centos系统上执行操作..."
61 | echo
62 | # Logo ******************************************************************
63 | CO='
64 | OpenVPN-2.3.10 安装失败
65 | Powered by 9u.cc/yum 2015-2016
66 | All Rights Reserved
67 |
68 | ==========================================================================';
69 | echo "$CO";
70 | exit
71 | fi
72 |
73 | echo "检查并更新软件..."
74 | sleep 3
75 | yum update -y
76 |
77 | # OpenVPN Installing ****************************************************************************
78 | echo "配置网络环境..."
79 | sleep 3
80 | myip=`ifconfig | awk -F'[ ]+|:' '/inet addr/{if($4!~/^192.168|^172.16|^10|^127|^0/) print $4}'`
81 | iptables -F >/dev/null 2>&1
82 | service iptables save >/dev/null 2>&1
83 | service iptables restart >/dev/null 2>&1
84 | iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE >/dev/null 2>&1
85 | iptables -A INPUT -p TCP --dport 3389 -j ACCEPT >/dev/null 2>&1
86 | iptables -A INPUT -p TCP --dport 80 -j ACCEPT >/dev/null 2>&1
87 | iptables -A INPUT -p TCP --dport 22 -j ACCEPT >/dev/null 2>&1
88 | iptables -t nat -A POSTROUTING -j MASQUERADE >/dev/null 2>&1
89 | iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT >/dev/null 2>&1
90 | service iptables save
91 | service iptables restart
92 | chkconfig iptables on
93 | # OpenVPN Installing ****************************************************************************
94 |
95 | setenforce 0
96 | cd /etc/
97 | rm -rf ./sysctl.conf
98 | wget https://raw.github.com/mu228/me/master/sysctl.conf
99 | sleep 3
100 | chmod 0755 ./sysctl.conf
101 | sysctl -p
102 |
103 | # OpenVPN Installing ****************************************************************************
104 | echo "正在安装主程序..."
105 | sleep 3
106 | yum install -y squid openssl openssl-devel lzo lzo-devel pam pam-devel automake pkgconfig
107 | yum install -y openvpn
108 |
109 | # OpenVPN Installing ****************************************************************************
110 |
111 | cd /etc/openvpn/
112 | rm -rf ./server.conf
113 | wget https://raw.github.com/mu228/me/master/server.conf
114 | chmod 0755 ./server.conf
115 | cd /etc/squid/
116 | rm -f ./squid.conf
117 | wget https://raw.github.com/mu228/me/master/squid.conf
118 | chmod 0755 /etc/squid/squid.conf
119 | squid -z
120 | squid -s
121 | chkconfig squid on
122 |
123 | # OpenVPN Installing ****************************************************************************
124 | cd /etc/openvpn/
125 | wget https://raw.github.com/mu228/me/master/EasyRSA-2.2.2.tar.gz
126 | tar -zxvf EasyRSA-2.2.2.tar.gz >/dev/null 2>&1
127 | cd /etc/openvpn/easy-rsa/
128 | source vars
129 | ./clean-all
130 | clear
131 | echo
132 | echo
133 | clear
134 | echo
135 | echo "正在生成CA证书文件..."
136 | echo
137 | sleep 3
138 | echo -e "nnnnnnnn" | ./build-ca
139 | echo -e "nnnnnnnnnn" | ./build-key-server server && echo -e "nnnnnnnnnn" | ./build-key me
140 | ./build-ca
141 | clear
142 | echo
143 | echo
144 | echo "正在生成服务端证书,请根据提示输入 y 进行确认,按回车继续"
145 | read
146 | ./build-key-server centos
147 | echo
148 | echo
149 | echo "正在生成客户端证书“me”,请根据提示输入 y 进行确认,按回车继续"
150 | read
151 | ./build-key me
152 | clear
153 | echo
154 | echo "正在生成SSL加密证书,这是一个漫长的过程..."
155 | sleep 2
156 | ./build-dh
157 |
158 | # OpenVPN Installing ****************************************************************************
159 |
160 | service openvpn start
161 | chkconfig openvpn on
162 | # OpenVPN Installing ****************************************************************************
163 | cp /etc/openvpn/easy-rsa/keys/{ca.crt,me.{crt,key}} /home/ >/dev/null 2>&1
164 | cd /home/ >/dev/null 2>&1
165 | clear
166 | echo
167 | echo
168 | echo "正在生成me.ovpn配置文件..."
169 | echo
170 | echo
171 | echo "写入前端代码"
172 | echo '# 云免配置
173 | # 本文件由系统自动生成
174 | setenv IV_GUI_VER "de.blinkt.openvpn 0.6.17"
175 | machine-readable-output
176 | client
177 | dev tun
178 | connect-retry-max 5
179 | connect-retry 5
180 | resolv-retry 60
181 | ########免流代码########
182 | http-proxy-option EXT1 "POST http://rd.go.10086.cn"
183 | http-proxy-option EXT1 "GET http://rd.go.10086.cn"
184 | http-proxy-option EXT1 "X-Online-Host: rd.go.10086.cn"
185 | http-proxy-option EXT1 "POST http://rd.go.10086.cn"
186 | http-proxy-option EXT1 "X-Online-Host: rd.go.10086.cn"
187 | http-proxy-option EXT1 "POST http://rd.go.10086.cn"
188 | http-proxy-option EXT1 "Host: rd.go.10086.cn"
189 | http-proxy-option EXT1 "GET http://rd.go.10086.cn"
190 | http-proxy-option EXT1 "Host: rd.go.10086.cn"' >ovpn.1
191 | echo "写入代理端口"
192 | echo http-proxy $myip 80 >myip
193 | cat ovpn.1 myip>ovpn.2
194 | echo '########免流代码########
195 | ' >ovpn.3
196 | cat ovpn.2 ovpn.3>ovpn.4
197 | echo "写入OpenVPN端口"
198 | echo remote $myip 3389 tcp-client >ovpn.5
199 | cat ovpn.4 ovpn.5>ovpn.6
200 | echo "写入中端代码"
201 | sleep 2
202 | echo 'resolv-retry infinite
203 | nobind
204 | persist-key
205 | persist-tun
206 |
207 | ' >ovpn.7
208 | cat ovpn.6 ovpn.7>ovpn.8
209 | echo "写入CA证书"
210 | sleep 2
211 | cat ovpn.8 ca.crt>ovpn.9
212 | echo '
213 | ' >ovpn.10
214 | cat ovpn.9 ovpn.10>ovpn.11
215 | echo "写入客户端证书"
216 | sleep 2
217 | cat ovpn.11 me.crt>ovpn.12
218 | echo '
219 | ' >ovpn.13
220 | cat ovpn.12 ovpn.13>ovpn.14
221 | echo "写入客户端密钥"
222 | sleep 2
223 | cat ovpn.14 me.key>ovpn.15
224 | echo "写入后端代码"
225 | echo '
226 | ns-cert-type server
227 | comp-lzo
228 | verb 3
229 | ' >ovpn.16
230 | echo "生成me.ovpn文件"
231 | cat ovpn.15 ovpn.16 >me.ovpn
232 | echo "配置文件制作完毕"
233 | echo
234 | sleep 3
235 | clear
236 | tar -zcvf openvpn.tar.gz ./{me.ovpn,ca.crt,me.{crt,key}}
237 | rm -rf ./{myip,ovpn.1,ovpn.2,ovpn.3,ovpn.4,ovpn.5,ovpn.6,ovpn.7,ovpn.8,ovpn.9,ovpn.10,ovpn.11,ovpn.12,ovpn.13,ovpn.14,ovpn.15,ovpn.16,me.ovpn,ca.crt,me.{crt,key}}
238 | clear
239 | # OpenVPN Installing ****************************************************************************
240 | echo
241 | echo "正在创建下载链接:"
242 | echo
243 | sleep 2
244 | echo '=========================================================================='
245 | echo
246 | echo "上传证书文件:"
247 | curl --upload-file ./openvpn.tar.gz https://transfer.sh/openvpn.tar.gz
248 | echo
249 | echo "上传成功"
250 | echo "请复制“https://transfer.sh/..”链接到浏览器下载证书/OpenVPN成品配置文件"
251 | echo
252 | echo '=========================================================================='
253 | echo
254 | Client='
255 | OpenVPN-2.3.10 安装完毕
256 | Powered by bbsx.cn 2015-2016
257 | All Rights Reserved
258 |
259 | ==========================================================================';
260 | echo "$Client";
261 |
262 |
--------------------------------------------------------------------------------