| 下次修改 | 前次修改
|
| tech:openvpn-ui [2026/01/13 10:08] – 建立 jonathan | tech:openvpn-ui [2026/01/13 14:11] (目前版本) – 增加 參考網址 jonathan |
|---|
| ====== [draft]安裝 openvpn-ui (OpenVPN + 簡易 WebUI) 方案 ====== | ====== 安裝 openvpn-ui (OpenVPN + 簡易 WebUI) 方案 ====== |
| * 為解決 | * 為解決 |
| - [[tech/dockovpn|DockOVPN (OpenVPN Docker方案)]] 無 WebUI 可管理 VPN 帳號 | - [[tech/dockovpn|DockOVPN (OpenVPN Docker方案)]] 無 WebUI 可管理 VPN 帳號 |
| * OS : Alpine 3.23 + Docker Compose | * OS : Alpine 3.23 + Docker Compose |
| * 規劃環境 | * 規劃環境 |
| * 外部聯入 VPN : vpn.mydomain.com TCP Port 443 | * OpenVPN 內部網路 : 10.0.70.0/24 |
| | * 外部聯入 VPN : vpn.ichiayi.com TCP Port 443 |
| |
| | ===== 安裝設定 ===== |
| | - 建立目錄與下載相關檔案<cli> |
| | mkdir openvpn-ui |
| | cd openvpn-ui |
| | mkdir -p ./config |
| | wget https://raw.githubusercontent.com/d3vilh/openvpn-server/refs/heads/main/server.conf -O server.conf |
| | wget https://raw.githubusercontent.com/d3vilh/openvpn-server/refs/heads/main/config/easy-rsa.vars -O config/easy-rsa.vars |
| | wget https://raw.githubusercontent.com/d3vilh/openvpn-server/refs/heads/main/config/client.conf -O config/client.conf |
| | wget https://github.com/tryweb/docker-compose/raw/refs/heads/main/openvpn-ui/fw-rules.sh -O fw-rules.sh |
| | wget https://github.com/tryweb/docker-compose/raw/refs/heads/main/openvpn-ui/.env.example -O .env |
| | wget https://github.com/tryweb/docker-compose/raw/refs/heads/main/openvpn-ui/docker-compose.yml -O docker-compose.yml |
| | chmod a+x fw-rules.sh |
| | </cli> |
| | - 編輯 .env 設定管理者帳號密碼 <cli> |
| | vi .env |
| | </cli>{{repo>https://github.com/tryweb/docker-compose/raw/refs/heads/main/openvpn-ui/.env.example}} |
| | - 啟動服務 <cli> |
| | docker compose up -d |
| | </cli> |
| | |
| | ===== 登入管理介面進行設定 ===== |
| | * Exp. http://192.168.1.8:8080 \\ {{:tech:螢幕擷取畫面_2026-01-13_110017.png?400|}} |
| | * 設定 server |
| | * 修改 Port -> 443, Proto -> TCP |
| | * Push Route (Your Home subnet), Push Redirect-gateway (#註記掉避免所有流量都往 vpn 走), Custom Option Three (增加需要走 vpn 的網段路由) |
| | * ++看相關畫面| \\ {{:tech:螢幕擷取畫面_2026-01-13_110059.png|}} \\ {{:tech:螢幕擷取畫面_2026-01-13_110447.png|}} \\ {{:tech:螢幕擷取畫面_2026-01-13_110539.png|}} \\ {{:tech:螢幕擷取畫面_2026-01-13_110629.png|}}++ |
| | * 設定 client |
| | * 修改 Connection Address (改成實際對外 Domain Name 或 IP), Connection Port -> 443, Proto -> tcp |
| | * Redirect Gateway (#註記掉避免所有流量都往 vpn 走) |
| | * ++看相關畫面| \\ {{:tech:螢幕擷取畫面_2026-01-13_110715.png|}} \\ {{:tech:螢幕擷取畫面_2026-01-13_110919.png|}}++ |
| | * 設定憑證預設資料 |
| | * 修改 EASYRSA_REQ_COUNTRY -> TW, EASYRSA_REQ_PROVINCE -> TW, EASYRSA_REQ_CITY-> Taipei |
| | * EASYRSA_REQ_ORG (自己的公司), EASYRSA_REQ_EMAIL (自己的Email), EASYRSA_REQ_OU (自己的部門) |
| | * ++看相關畫面| \\ {{:tech:螢幕擷取畫面_2026-01-13_111005.png|}} \\ {{:tech:螢幕擷取畫面_2026-01-13_111137.png|}}++ |
| | * 重啟容器讓設定生效 \\ {{:tech:螢幕擷取畫面_2026-01-13_111241.png?1000|}} |
| | |
| | ==== 建立 VPN 用戶憑證 ==== |
| | * {{:tech:螢幕擷取畫面_2026-01-13_111311.png?1000|}} |
| | * 輸入用戶相關資訊 Exp. Name -> Jonathan, Client Email -> [email protected] |
| | * ++看相關畫面| \\ {{:tech:螢幕擷取畫面_2026-01-13_111503.png|}}++ |
| | * 下載用戶連線憑證 |
| | * ++看相關畫面| \\ {{:tech:螢幕擷取畫面_2026-01-13_111553.png|}} \\ {{:tech:螢幕擷取畫面_2026-01-13_111635.png|}}++ |
| | |
| | ==== 查看用戶連線狀態 ===== |
| | * {{:tech:螢幕擷取畫面_2026-01-13_122011.png?1000|}} |
| | |
| | ===== 參考網址 ===== |
| | * https://github.com/d3vilh/openvpn-ui |
| |
| {{tag>openvpn}} | {{tag>openvpn}} |
| |