Debian 搭建 OpenVPN 服务器

步骤 1. 在我们安装任何软件之前，通过apt在终端中运行以下命令来确保您的系统是最新的很重要：

sudo apt update
sudo apt upgrade

步骤 2. Debian 安装 OpenVPN 服务器。
现在我们使用以下命令从GitHub下载脚本安装程序 OpenVPN 服务器curl：

curl -O https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh

下载后，对脚本执行权限，然后运行它：

chmod +x openvpn-install.sh
sudo ./openvpn-install.sh

系统将提示您输入一些信息：

Welcome to the OpenVPN installer!
The git repository is available at: https://github.com/angristan/openvpn-install

I need to ask you a few questions before starting the setup.
You can leave the default options and just press enter if you are ok with them.

I need to know the IPv4 address of the network interface you want OpenVPN listening to.
Unless your server is behind NAT, it should be your public IPv4 address.
IP address:

系统会询问我们是否要启用默认禁用的 IPv6：

Checking for IPv6 connectivity...

Your host appears to have IPv6 connectivity.

Do you want to enable IPv6 support (NAT)? [y/n]: y

默认情况下，OpenVPN 使用端口 1194，如果要使用特定端口，请按 2，然后按：

What port do you want OpenVPN to listen to?
1) Default: 1194
2) Custom
3) Random [49152-65535]
Port choice [1-3]: 1

接下来，设置 OpenVPN 将使用的协议：

What protocol do you want OpenVPN to use?
UDP is faster. Unless it is not available, you shouldn't use TCP.
1) UDP
2) TCP
Protocol [1-2]: 2

现在您必须选择一个 DNS 提供商：

What DNS resolvers do you want to use with the VPN?
1) Current system resolvers (from /etc/resolv.conf)
2) Self-hosted DNS Resolver (Unbound)
3) Cloudflare (Anycast: worldwide)
4) Quad9 (Anycast: worldwide)
5) Quad9 uncensored (Anycast: worldwide)
6) FDN (France)
7) DNS.WATCH (Germany)
8) OpenDNS (Anycast: worldwide)
9) Google (Anycast: worldwide)
10) Yandex Basic (Russia)
11) AdGuard DNS (Anycast: worldwide)
12) NextDNS (Anycast: worldwide)
13) Custom
DNS [1-12]: 9

现在系统会询问您是否要使用压缩。您将在那里被告知不建议这样做，但这是您的选择：

Do you want to use compression? It is not recommended since the VORACLE attack make use of it.
Enable compression? [y/n]: n

如果您真的知道如何操作 OpenVPN，您可以自定义加密选项。如果你不这样做，不要这样做：

Do you want to customize encryption settings?
Unless you know what you're doing, you should stick with the default parameters provided by the script.
Note that whatever you choose, all the choices presented in the script are safe. (Unlike OpenVPN's defaults)
See https://github.com/angristan/openvpn-install#security-and-encryption to learn more.

Customize encryption settings? [y/n]: n

然后整个安装过程将开始。之后，添加一个新客户端，您将看到以下输出屏幕，您必须在其中定义客户端名称：

Okay, that was all I needed. We are ready to setup your OpenVPN server now.
You will be able to generate a client at the end of the installation.
Press any key to continue...

Tell me a name for the client.
The name must consist of alphanumeric character. It may also include an underscore or a dash.
Client name: idroot

接下来，系统会询问您是否要使用密码保护配置文件：

Do you want to protect the configuration file with a password?
(e.g. encrypt the private key with a password)
1) Add a passwordless client
2) Use a password for the client
Select an option [1-2]: 1

最后，您将被告知该过程已成功：

Client idroot added.

The configuration file has been written to /home/user/idroot.ovpn.
Download the .ovpn file and import it in your OpenVPN client.

完成设置安装后，您需要做的是下载文件并将其复制到客户端，以便它可以从连接管理器的 GUI 或通过终端使用以下命令进行连接：idroot.ovpn

本文作者为Mr.Wu，转载请注明，尊守博主劳动成果！

由于经常折腾代码，可能会导致个别文章内容显示错位或者别的 BUG 影响阅读;
如发现请在该文章下留言告知于我，thank you !

OpenVPN