为了方便公司的系统管理人员使用 Linux 连接GFW VPN,在本文中,我们将介绍如何使用命令来安装配置 SoftEther VPN 客户端。
此教程稍微有点复杂,可以参考简化版
声明
1.下载客户端
1.1 下载并解压
wget https://github.com/aicochow/vpn/releases/download/latest/vpnclient-linux.tar.gz
tar -xzvf vpnclient-linux.tar.gz
1.2 编译
cd vpnserver/
printf '1\n1\n1\n' | make
1.3 移动文件并修改权限
cd ../
sudo mv vpnclient/ /usr/local/
cd /usr/local
sudo chown -R root:root vpnclient
cd vpnclient
sudo chmod 600 *
sudo chmod 700 vpncmd
sudo chmod 700 vpnclient
2.创建服务并启用
2.1 创建服务
sudo vim /etc/systemd/system/vpnclient.service
vpnclient.service的内容如下:
[Unit]
Description=SoftEther VPN Client
After=network.target network-online.target
[Service]
ExecStart=/usr/local/vpnclient/vpnclient start
ExecStop=/usr/local/vpnclient/vpnclient stop
Type=forking
RestartSec=3s
[Install]
WantedBy=multi-user.target
2.2 使用 systemctl 命令启动并启用该服务。
sudo systemctl start vpnclient
sudo systemctl enable vpnclient
3.客户端配置
3.1 使用 vpncmd 来设置客户端。
sudo ./vpncmd
vpncmd command - SoftEther VPN Command Line Management Utility
SoftEther VPN Command Line Management Utility (vpncmd command)
Version 4.34 Build 9745 (English)
Compiled 2020/04/05 23:39:56 by buildsan at crosswin
Copyright (c) SoftEther VPN Project. All Rights Reserved.
By using vpncmd program, the following can be achieved.
1. Management of VPN Server or VPN Bridge
2. Management of VPN Client
3. Use of VPN Tools (certificate creation and Network Traffic Speed Test Tool)
Select 1, 2 or 3: 2
输入 2 来配置客户端设置
Specify the host name or IP address of the computer that the destination VPN Client is operating on.
If nothing is input and Enter is pressed, connection will be made to localhost (this computer).
Hostname of IP Address of Destination:
不用输入任何东西,直接 enter
显示连接上了localhost
Connected to VPN Client “localhost”.
VPN Client>
导入配置文件
VPN Client>AccountImport ./sample.vpn
显示导入成功
AccountImport command - Import VPN Connection Setting The VPN Connection Setting “tkjp” has been imported. The command completed successfully.
设置用户名
VPN Client>AccountUsernameSet tkjp
提示输入用户名
AccountUsernameSet command - Set User Name of User to Use Connection of VPN Connection Setting
Connecting User Name:
输入从GFW VPN申请的账号
设置密码
VPN Client>AccountPasswordSet tkjp
AccountPasswordSet command - Set User Authentication Type of VPN Connection Setting to Password Authentication
Please enter the password. To cancel press the Ctrl+D key.
Password: *******
Confirm input: *******
输入从GFW VPN申请的密码
Specify standard or radius: standard
输入
standard
4.连接 VPN
4.1 连接服务器
VPN Client>AccountConnect tkjp
显示如下:
AccountConnect command - Start Connection to VPN Server using VPN Connection Setting The command completed successfully.
退出客户端设置
VPN Client>exit
4.2 获取 IP 并修改路由表
从 VPN 服务器 获取 IP
sudo dhclient vpn_vpn
前提:4.1连接成功
修改路由设置
例:
| VPN 服务器 ip | 本地 Gateway |
|---|---|
| 133.175.166.36 | 192.168.11.1 |
sudo ip route add 133.175.166.36 via 192.168.11.1
sudo ip route del default via 192.168.11.1
查看路由设置,显示如下:
# ip r
default via 192.168.30.1 dev vpn_vpn
133.175.166.36 via 192.168.11.1 dev enp0s3
192.168.30.0/24 dev vpn_vpn proto kernel scope link src 192.168.30.15
如果路由表没有下面的设置
default via 192.168.30.1 dev vpn_vpn
需要手动添加路由设置
sudo ip route add default via 192.168.30.1