全球主机交流论坛
标题:
ocserv一键脚本(用证书登录)
[打印本页]
作者:
金关村村长
时间:
2024-3-2 00:47
标题:
ocserv一键脚本(用证书登录)
本帖最后由 金关村村长 于 2024-3-2 01:08 编辑
version_check(){
version=`cat /etc/debian_version`
tmp=${version: 0: 1}
if [ "$tmp" -gt "1" ];then
echo $version
echo 'only support debian_version >= 10'
exit
fi
}
install_ocserv(){
apt update -y
apt upgrade -y
apt install iptables -y
apt install ocserv -y
}
edit_conf(){
echo -n "Server Address " > /etc/ocserv/server.address
echo -n $1 >> /etc/ocserv/server.address
echo ":3389(Port MUST Not Blocked)" >> /etc/ocserv/server.address
curl -o /etc/ocserv/ocserv.conf https://raw.githubusercontent.com/theshy2023/ocserv_one_key/main/ocserv.conf
}
edit_iptables(){
echo "net.core.default_qdisc=fq" >> /etc/sysctl.conf
echo "net.ipv4.tcp_congestion_control=bbr" >> /etc/sysctl.conf
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE
iptables -A FORWARD -s 192.168.1.0/24 -j ACCEPT
}
do_mkcert(){
rm -f mkcert-v*-linux-amd64
curl -JLO "https://dl.filippo.io/mkcert/latest?for=linux/amd64"
chmod +x mkcert-v*-linux-amd64
sudo cp mkcert-v*-linux-amd64 /usr/local/bin/mkcert
mkcert -key-file /etc/ocserv/private.key -cert-file /etc/ocserv/public.crt $1
}
create_ca(){
rm -rf $1
mkdir $1
apt install gnutls-bin
curl -o $1/ca-cert.cfg https://raw.githubusercontent.com/theshy2023/ocserv_one_key/main/ca-cert.cfg
curl -o $1/client-cert.cfg https://raw.githubusercontent.com/theshy2023/ocserv_one_key/main/client-cert.cfg
certtool --generate-privkey --outfile $1/ca-privkey.pem
certtool --generate-self-signed --load-privkey $1/ca-privkey.pem --template $1/ca-cert.cfg --outfile $1/ca-cert.pem
certtool --generate-privkey --outfile $1/client-privkey.pem
certtool --generate-certificate --load-privkey $1/client-privkey.pem --load-ca-certificate $1/ca-cert.pem --load-ca-privkey $1/ca-privkey.pem --template $1/client-cert.cfg --outfile $1/client-cert.pem
}
create_client_p12(){
certtool --to-p12 --load-privkey $1/client-privkey.pem --load-certificate $1/client-cert.pem --pkcs-cipher 3des-pkcs12 --outfile $1/client.p12 --outder
}
version_check
ssl_dir=/etc/ocserv/ssl_dir
public_ip=`curl ipv4.icanhazip.com`
echo "Your Ipv4:"
echo -e "\e[31m$public_ip\e[0m"
install_ocserv
do_mkcert $public_ip
create_ca $ssl_dir
create_client_p12 $ssl_dir
edit_conf
edit_iptables
systemctl restart ocserv
systemctl status ocserv
复制代码
https://raw.githubusercontent.com/theshy2023/ocserv_one_key/main/login_with_self_sigh_cert.sh
复制代码
window11证书管理可以搜索证书然后就会进入用户管理证书 然后在个人 证书下面
复制代码
安装证书前把旧证书删除 并且退出anyconnect client或者安装完成之后重启anyconnect client
将证书从Linux下载到本地
用windows power shell执行以下代码
scp
[email protected]
:/etc/ocserv/ssl_dir/client.p12 ./
复制代码
将下载下来的p12证书也可以传输到iPhone手机上 比如通过邮件发送或者qq发送
iPhone安装证书的时候要通过share给anyconnect去import 不能直接安装
作者:
maxkvm
时间:
2024-3-2 03:42
Centos的脚本呢?
作者:
hcyme
时间:
2024-3-2 05:11
ocserv搭建
作者:
Lshe
时间:
2024-3-2 12:14
没多大用处,分流IP只能一百条
而且不支持中转
欢迎光临 全球主机交流论坛 (https://91ai.net/)
Powered by Discuz! X3.4