vpn大师

热门范文 2019-10-17 08:47:15 热门范文

小中大

手机查看

[摘要]vpn大师篇1:好用的免费VPNhttp: www sbear cn archives 159VPN提供商：linkideo地点：英国带宽：128KB s用户名：自己注册密码：自己注册VPN服务器IP：pptp1 linkideo com注册地址：http: www linkideo com s

【www.shanpow.com--热门范文】

vpn大师篇1:好用的免费VPN

http://www.sbear.cn/archives/159VPN提供商：linkideo地点：英国带宽：128KB/s用户名：自己注册密码：自己注册VPN服务器IP：pptp1.linkideo.com注册地址：http://www.linkideo.com/sign-up备注：适合访问国外网站。
VPN提供商：Relakks地点：瑞典带宽：16MB/s用户名：自己注册密码：自己注册VPN服务器IP：pptp.relakks.com注册地址：https://www.relakks.com/register.php备注：只提供30天的免费服务，但可以修改MAC地址无限试用。详细参考Relakks——高速免费的无限制VPN代理
VPN提供商：Prairie Dog VPN地点：香港带宽：位置用户名：随机分配密码：随机分配VPN服务器IP：61.238.150.146注册地址：http://www.pdog-vpn.com/freeaccount.php备注：香港的VPN，我这里速度很快，Ping才50。注册过程，点击上面地址，填入邮箱，收邮件获取用户名和密码。

vpn大师篇2:试用报告，这些免费VPN值得推荐！附获奖名单

大家留言好积极，整理了一下，大概不下20种
原来你们都是有故事的人儿啊~
经过整理试用后，下面这些免费的VPN还不错，推荐给大家
按照之前的规则，入选的这些VPN，谁最先在上篇文章下留言推荐，就算谁中奖
每个获奖用户的信息会在对应的VPN推荐下公示
奖品和领奖方式在最后
1、蓝灯(Lantern)
中奖用户：风油精
优点：各平台客户端齐全，连Ubuntu都有，跪了；
不用注册就能用
缺点：每月只有800M免费流量，偶尔用用还行；
不能手动挑选线路；
速度一般，twitter和facebook没问题，油管360p有点费劲 2、赛风
中奖用户：04:30"
优点：客户端各平台都有
无需注册就能用
线路可选择
缺点：速度一般，油管720p吃力，twitter无压力
iOS有时间限制
3、迅达加速器
中奖用户：冰魂
优点：不用注册，有免费账号直接可用
每天0点—18点免费
速度还行，720勉强带的动
缺点：只有windows客户端
免费账号有流量限制，达到限制就提示691错误
连接成功后60分钟断一次
4、自由门（freegate）
中奖用户：杨少军
优点：不用注册
缺点：windows端速度较慢，油管加载页面都要很久
iOS端给五星好评才会获取永久免费
不过iSO上的速度好很多，油管360P可看
5、SuperVPN（iOS）
中奖用户：哈哈
优点：免注册
免费服务器可选（美国、日本、德国）
缺点：速度一般，twitter无压力，油管360P可看
五星好评送两天VIP
小编推荐：
VPN大师—iOS
（非VPN Master）
优点：速度可以，油管480P可看
缺点：需要手机号码注册，注册完有一天免费试用
去APP给五星好评，就会变成永久免费用户
超人VPN（iOS）
优点：无需注册
直接永久免费用户
速度还行，油管480P可看
其实iOS上有很多类似的VPN
只要在APP Store搜索VPN，评价多而且高的那些基本都是给五星评价就能永久免费，都是这么刷出来的
好啦，再次恭喜上面的中奖小伙伴
奖品：天行VPN包月套餐
领奖方法：在本篇文章下面留言，小编会把账号和密码发给你
领奖期限：48小时，截止9月26日（下礼拜一）下午5点，过时不候哦
另外：
chrome上有什么好用的、有趣的、提高工作效率的插件，也可以在文章下面留言推荐，入选的同样有奖品哦

vpn大师篇3:虚拟专用网VPN

一是自己正好在做这个实验，顺手就发出来了。
二是有的伙伴正好要用到，发出来给这部分朋友作为参考学习
三.帮助一些没有基础，想要转行的朋友，尽快适应企业的技术要求。
发表文章，看上去很简单，其实从写到发表，没有四个小时搞不定，发的比较慢，希望大家能够见谅。

言归正传，我们来看看VPN的搭建

VPN直译就是虚拟专用通道，是提供给企业之间或者个人与公司之间安全数据传输的隧道，OpenVPN无疑是Linux下开源VPN的先锋，提供了良好的性能和友好的用户GUI。
OpenVPN允许参与建立VPN的单点使用预设的私钥，第三方证书，或者用户名/密码来进行身份验证。它大量使用了OpenSSL加密库，以及SSLv3/TLSv1协议。OpenVPN能在Linux、xBSD、Mac OS X与Windows 2000/XP上运行。虚拟专用网VPNopenvpn实现SSL VPN最终实现vpnclient可以与vpnserver后端的内网主机通信
==============================================================项目拓扑：内网主机 vpnserver vpnclient 192.168.2.0/24 192.168.2.250 20.20.20.2 20.20.20.1 ==============================================================在内网主机上指定网关：
[root@intra_host ~]# ip route delRTNETLINK answers: No such process[root@intra_host ~]# ip route add dev eth0 default via 192.168.2.250[root@intra_host ~]# ip route192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.25 169.254.0.0/16 dev eth0 scope link default via 192.168.2.250 dev eth0 VNP Server配置：一、添加内、外网接口地址
[root@vpnserver ~]# ip addr show eth02: eth0:mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:16:3e:2e:3d:b1 brd ff:ff:ff:ff:ff:ff inet 192.168.2.250/24 brd 192.168.2.255 scope global eth0[root@vpnserver ~]# ip addr show eth13: eth1:mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:16:3e:2e:3d:11 brd ff:ff:ff:ff:ff:ff inet 20.20.20.1/24 brd 20.20.20.255 scope global eth1[root@vpnserver ~]# ip route192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.250 20.20.20.0/24 dev eth1 proto kernel scope link src 20.20.20.1 169.254.0.0/16 dev eth1 scope link[root@vpnserver ~]# echo 1 > /proc/sys/net/ipv4/ip_forward 二、VPN Server配置
－－－－－－生成用于身份验证和加密通信的相关证书文件－－－－－－
vpnserver：私钥证书 CA的证书vpnclient：私钥证书 CA的证书[root@vpnserver OpenVPN]# rpm -ivh lzo2-2.02-3.el5.rf.i386.rpm //用于数据压缩warning: lzo2-2.02-3.el5.rf.i386.rpm: Header V3 DSA signature: NOKEY, key ID 6b8d79e6Preparing... ########################################### [100%] 1:lzo2 ########################################### [100%][root@vpnserver OpenVPN]# rpm -ivh openvpn-2.0.9-1.el5.rf.i386.rpm warning: openvpn-2.0.9-1.el5.rf.i386.rpm: Header V3 DSA signature: NOKEY, key ID 6b8d79e6Preparing... ########################################### [100%] 1:openvpn ########################################### [100%][root@vpnserver OpenVPN]# ==CA服务器配置并为vpnserver和vpnclient签名==生成CA私钥和证书文件：=================================================================================[root@vpnserver OpenVPN]# cd /usr/share/doc/openvpn-2.0.9/easy-rsa/[root@vpnserver easy-rsa]# ls2.0 build-key build-req make-crl revoke-fullbuild-ca build-key-pass build-req-pass openssl.cnf sign-reqbuild-dh build-key-pkcs12 clean-all README varsbuild-inter build-key-server list-crl revoke-crt Windows[root@vpnserver easy-rsa]# chmod +x *[root@vpnserver easy-rsa]# vim vars //修改配置文件，主要是方便下面执行./build-ca脚本时，选择方便[root@vpnserver easy-rsa]# tail -n 5 vars export KEY_COUNTRY=CNexport KEY_PROVINCE=BJexport KEY_CITY=BJexport KEY_ORG="openvpn-tianyun"export KEY_EMAIL="[email protected]"[root@vpnserver easy-rsa]# source vars NOTE: when you run ./clean-all, I will be doing a rm -rf on /usr/share/doc/openvpn-2.0.9/easy-rsa/keys[root@vpnserver easy-rsa]# ./clean-all [root@vpnserver easy-rsa]# ./build-ca //生成ca私钥和证书Generating a 1024 bit RSA private key..........................++++++...........++++++writing new private key to "ca.key"-----You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter ".", the field will be left blank.-----Country Name (2 letter code) [CN]:State or Province Name (full name) [BJ]:Locality Name (eg, city) [BJ]:Organization Name (eg, company) [OpenVPN-ROOT]:Organizational Unit Name (eg, section) []:Common Name (eg, your name or your server"s hostname) []: ca.tianyun.comEmail Address [[email protected]]:[root@vpnserver easy-rsa]# ls //查看生成了keys目录2.0 build-key-pass clean-all README Windowsbuild-ca build-key-pkcs12 keys revoke-crtbuild-dh build-key-server list-crl revoke-fullbuild-inter build-req make-crl sign-reqbuild-key build-req-pass openssl.cnf vars[root@vpnserver easy-rsa]# ls keys/ca.crt ca.key index.txt serial生成vpnserver的私钥和证书：=================================================================================[root@vpnserver easy-rsa]# ./build-key-server //执行此脚本，要添加usage: build-key-server [root@vpnserver easy-rsa]# ./build-key-server vpnserverGenerating a 1024 bit RSA private key..................................................++++++.........................++++++writing new private key to "vpnserver.key"-----You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter ".", the field will be left blank.-----Country Name (2 letter code) [CN]:State or Province Name (full name) [BJ]:Locality Name (eg, city) [BJ]:Organization Name (eg, company) [openvpn-tianyun]:Organizational Unit Name (eg, section) []:Common Name (eg, your name or your server"s hostname) []:vpnserver.tianyun.comEmail Address [[email protected]]:Please enter the following "extra" attributesto be sent with your certificate requestA challenge password []:An optional company name []:Using configuration from /usr/share/doc/openvpn-2.0.9/easy-rsa/openssl.cnfCheck that the request matches the signatureSignature okThe Subject"s Distinguished Name is as followscountryName :PRINTABLE:"CN"stateOrProvinceName :PRINTABLE:"BJ"localityName :PRINTABLE:"BJ"organizationName :PRINTABLE:"openvpn-tianyun"commonName :PRINTABLE:"vpnserver.tianyun.com"emailAddress :IA5STRING:"[email protected]"Certificate is to be certified until Jun 29 04:03:05 2023 GMT (3650 days)Sign the certificate? [y/n]:y1 out of 1 certificate requests certified, commit? [y/n]yWrite out database with 1 new entriesData Base Updated[root@vpnserver easy-rsa]# ls keys/01.pem index.txt serial vicvpnserver.csrca.crt index.txt.attr serial.old vicvpnserver.keyca.key index.txt.old vicvpnserver.crt为每一个client生成的私钥和证书：
生成Client的密钥和证书，在openvpn中，这种配置方法是每一个登陆的VPN客户端需要有一个证书，每个证书在同一时刻只能供一个客户端连接（如果有两个机器安装相同证书，同时拨服务器，都能拨上，但是只有第一个拨上的才能连通网络）。所以需要建立许多份证书。=================================================================================[root@vpnserver easy-rsa]# ./build-key client1Generating a 1024 bit RSA private key............................++++++...................++++++writing new private key to "client1.key"-----You are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter ".", the field will be left blank.-----Country Name (2 letter code) [CN]:State or Province Name (full name) [BJ]:Locality Name (eg, city) [BJ]:Organization Name (eg, company) [OpenVPN-ROOT]:Organizational Unit Name (eg, section) []:Common Name (eg, your name or your server"s hostname) []: client1.tianyun.comEmail Address [[email protected]]:Please enter the following "extra" attributesto be sent with your certificate requestA challenge password []:An optional company name []:Using configuration from /usr/share/doc/openvpn-2.0.9/easy-rsa/openssl.cnfCheck that the request matches the signatureSignature okThe Subject"s Distinguished Name is as followscountryName :PRINTABLE:"CN"stateOrProvinceName :PRINTABLE:"BJ"localityName :PRINTABLE:"BJ"organizationName :PRINTABLE:"OpenVPN-ROOT"commonName :PRINTABLE:"client1.tianyun.com"emailAddress :IA5STRING:"[email protected]"Certificate is to be certified until Nov 6 11:38:59 2022 GMT (3650 days)Sign the certificate? [y/n]:y1 out of 1 certificate requests certified, commit? [y/n]yWrite out database with 1 new entriesData Base Updated[root@vpnserver easy-rsa]# ls keys/01.pem client1.crt index.txt.attr serial.old02.pem client1.csr index.txt.attr.old vicvpnserver.crtca.crt client1.key index.txt.old vicvpnserver.csrca.key index.txt serial vicvpnserver.key将证书和私钥分发给相应的客户端主机：[root@vpnserver easy-rsa]# pwd/usr/share/doc/openvpn-2.0.9/easy-rsa[root@vpnserver easy-rsa]# ./build-dh Generating DH parameters, 1024 bit long safe prime, generator 2This is going to take a long time...........+...+.........................+.........+........................+.........................+..........+....................+........................+...........................+..................................+................................................+.............+............................+.................................+..+............+................................................................+.........................+...........................+....................+.......................+.....................................+.................................................+...........................+........................................+...........+..............................+....................................+......+.......................................................................................................+..............................................+.................+....................................+.......................................................++*++*++*配置vpn server端
[root@vpnserver keys]# pwd/usr/share/doc/openvpn-2.0.9/easy-rsa/keys[root@vpnserver keys]# cp ca.crt vpnserver.crt vpnserver.key /etc/openvpn/[root@vpnserver keys]# ls /etc/openvpn/ca.crt vpnserver.crt vpnserver.key[root@vpnserver easy-rsa]# ./build-dh Generating DH parameters, 1024 bit long safe prime, generator 2This is going to take a long time.............................................................+.......+.....................+......................................++*++*++*[root@vpnserver easy-rsa]# cp keys/dh1024.pem /etc/openvpn/[root@vpnserver ~]# cp /usr/share/doc/openvpn-2.0.9/sample-config-files/server.conf /etc/openvpn/ //openvpn server配置文件[root@vpnserver ~]# vim /etc/openvpn/server.conf [root@vpnserver ~]# grep "^[^#]" /etc/openvpn/server.conf local 20.20.20.1port 1194proto udpdev tapca ca.crtcert vpnserver.crtkey vpnserver.key dh dh1024.pemserver 10.8.0.0 255.255.255.0#配置VPN使用的网段，OpenVPN会自动提供基于该网段的DHCP服务，但不能和任何一方的局域网段重复，保证唯一server端ip默认会设为.1的地址ifconfig-pool-persist ipp.txt# 维持一个客户端和virtual IP的对应表，以方便客户端重新连接可以获得同样的IP;server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100push "route 192.168.2.0 255.255.255.0"
# 为客户端创建对应的路由,以另其通达公司网内部服务器但记住，公司网内部服务器也需要有可用路由返回到客户端;client-config-dir ccd;route 192.168.40.128 255.255.255.248;client-config-dir ccd;route 10.9.0.0 255.255.255.252;learn-address ./script;push "redirect-gateway";push "dhcp-option DNS 10.8.0.1";push "dhcp-option WINS 10.8.0.1";client-to-clientduplicate-cnkeepalive 10 120# 设置服务端检测的间隔和超时时间每10秒ping一次，如果120秒没有回应则认为对方已经down;tls-auth ta.key 0 # This file is secret;cipher BF-CBC # Blowfish (default);cipher AES-128-CBC # AES;cipher DES-EDE3-CBC # Triple-DEScomp-lzo# 使用lzo压缩的通讯,服务端和客户端都必须配置max-clients 100user nobodygroup nobodypersist-keypersist-tun# 重启时仍保留一些状态status openvpn-status.loglog openvpn.logverb 3# 设置日志要记录的级别。0只记录错误信息。4能记录普通的信息。5和6在连接出现问题时能帮助调试。9是极端的，所有信息都会显示，甚至连包头等信息都显示（像tcpdump）mute 20# 相同信息的数量，如果连续出现20条相同的信息，将不记录到日志中。[root@vpnserver ~]# service openvpn start正在启动 openvpn： [确定][root@vpnserver ~]# chkconfig openvpn on[root@vpnserver ~]# ip addr show dev tap04: tap0:mtu 1500 qdisc pfifo_fast qlen 100 link/ether e2:93:9e:d2:00:2c brd ff:ff:ff:ff:ff:ff inet 10.8.0.1/24 brd 10.8.0.255 scope global tap0[root@vpnserver ~]# ip route192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.250 10.8.0.0/24 dev tap0 proto kernel scope link src 10.8.0.1 20.20.20.0/24 dev eth1 proto kernel scope link src 20.20.20.1 169.254.0.0/16 dev eth1 scope link－－－－－－－－－－－配置vpn client端－－－－－－－－－－－－[root@vpnclient ~]# ip addr add dev eth0 20.20.20.2/24[root@vpnclient ~]# ip addr show eth02: eth0:mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:24:1d:39:8e:d9 brd ff:ff:ff:ff:ff:ff inet 20.20.20.2/24 scope global eth0[root@vpnclient ~]# ip route20.20.20.0/24 dev eth0 proto kernel scope link src 20.20.20.2 192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 169.254.0.0/16 dev eth0 scope link [root@vpnclient OpenVPN]# rpm -ivh lzo2-2.02-3.el5.rf.i386.rpm warning: lzo2-2.02-3.el5.rf.i386.rpm: Header V3 DSA signature: NOKEY, key ID 6b8d79e6Preparing... ########################################### [100%] 1:lzo2 ########################################### [100%][root@vpnclient OpenVPN]# rpm -ivh openvpn-2.0.9-1.el5.rf.i386.rpm warning: openvpn-2.0.9-1.el5.rf.i386.rpm: Header V3 DSA signature: NOKEY, key ID 6b8d79e6Preparing... ########################################### [100%] 1:openvpn ########################################### [100%]在修改配置文件前，先把client1.key client1.crt拷到本机[root@vpnclient openvpn]# cd /etc/openvpn/[root@vpnclient openvpn]# ls c* //复制三个文件到该目录ca.crt client1.crt client1.key[root@vpnclient OpenVPN]# cp /usr/share/doc/openvpn-2.0.9/sample-config-files/client.conf /etc/openvpn/[root@vpnclient OpenVPN]# vi /etc/openvpn/client.conf [root@vpnclient OpenVPN]# grep "^[^#]" /etc/openvpn/client.conf clientdev tap;dev-node MyTapproto udpremote 20.20.20.1 1194 //拨号地址;remote-randomnobinduser nobodygroup nobodypersist-keypersist-tun;http-proxy-retry # retry on connection failures;http-proxy [proxy server] [proxy port #];mute-replay-warningsca ca.crtcert client1.crtkey client1.key;ns-cert-type server;tls-auth ta.key 1;cipher xcomp-lzoverb 3mute 20[root@vpnclient ~]# service openvpn restart正在关闭openvpn： [确定]正在启动 openvpn： [确定][root@vpnclient ~]# chkconfig openvpn on[root@vpnclient ~]# ip addr1: lo:mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo2: eth0:mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:24:1d:39:8e:d9 brd ff:ff:ff:ff:ff:ff inet 20.20.20.2/8 brd 20.255.255.255 scope global eth0 inet 20.20.20.2/24 brd 20.20.20.255 scope global eth03: virbr0:mtu 1500 qdisc noqueue link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr05: tap0:mtu 1500 qdisc pfifo_fast qlen 100 link/ether de:a2:1e:12:e7:6a brd ff:ff:ff:ff:ff:ff inet 10.8.0.2/24 brd 10.8.0.255 scope global tap0[root@vpnclient ~]# ip route192.168.2.0/24 via 10.8.0.1 dev tap0 10.8.0.0/24 dev tap0 proto kernel scope link src 10.8.0.2 20.20.20.0/24 dev eth0 proto kernel scope link src 20.20.20.2 192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 169.254.0.0/16 dev eth0 scope link 20.0.0.0/8 dev eth0 proto kernel scope link src 20.20.20.2
,multicast,up,lower_up>,multicast,up,lower_up>,multicast,up,lower_up>,up,lower_up>,multicast,up,lower_up>,multicast,up,lower_up>,multicast,up,lower_up>,multicast,up,lower_up>