ocserv vpn服务器搭建

更新数据源

1 2	apt-get update

安装ocserv服务端

1	apt-get install ocserv

开启数据转发

编辑sysctl.conf,取消 net.ipv4.ip_forward=1的注释，并重新加载sysctl.conf文件
vim /etc/sysctl.conf
net.ipv4.ip_forward=1
# 保存文件并退出
sysctl -p


配置iptable nat
iptables -t nat -A POSTROUTING -j MASQUERADE
# 如果报错请先安装iptable,安装命令如下
apt-get install iptable

配置本地用户认证

# 新建用户名存储文件，本地用户认证会读取此文件中的内容
cd /etc/ocserv
touch ocpasswd
# 修改ocserv配置文件，认证方式为本地认证，读取文件为ocpasswd
vim /etc/ocserv/ocserv.conf
auth = "plain[passwd=/etc/ocserv/ocpasswd]"
# 重启ocserv
systemctl restart ocserv
# 将ocserv配置为开机启动
systemctl enable ocserv

配置数据分流或全局代理

# 修改ocserv.conf配置文件
# 修改端口
tcp-port = 443 // 默认为443
udp-port = 443 // 默认为443
# 修改用户连接后获取的IP地址段
ipv4-network = 192.168.1.0 //默认配置，可自定义
ipv4-netmask = 255.255.255.0 //默认配置，可自定义
# 配置分流IP段，no-route:表示不走VPN的网段，route: 表示走VPN的网段
# 此处我配置为大陆网段走本地，其他走VPN，地址段统计时间为2022-05-20
no-route = 1.64.0.0/11
no-route = 1.112.0.0/13
no-route = 1.176.0.0/12
no-route = 1.192.0.0/12
no-route = 14.0.0.0/11
no-route = 14.96.0.0/11
no-route = 14.128.0.0/11
no-route = 14.192.0.0/11
no-route = 27.0.0.0/10
no-route = 27.96.0.0/11
no-route = 27.128.0.0/11
no-route = 27.176.0.0/12
no-route = 27.192.0.0/11
no-route = 27.224.0.0/14
no-route = 36.0.0.0/10
no-route = 36.96.0.0/11
no-route = 36.128.0.0/10
no-route = 36.192.0.0/11
no-route = 36.240.0.0/12
no-route = 39.0.0.0/16
no-route = 39.64.0.0/11
no-route = 39.96.0.0/12
no-route = 39.128.0.0/10
no-route = 40.72.0.0/15
no-route = 40.124.0.0/14
no-route = 42.0.0.0/13
no-route = 42.48.0.0/12
no-route = 42.80.0.0/12
no-route = 42.96.0.0/11
no-route = 42.128.0.0/9
no-route = 43.224.0.0/11
no-route = 45.65.16.0/20
no-route = 45.112.0.0/12
no-route = 45.248.0.0/13
no-route = 47.92.0.0/14
no-route = 47.96.0.0/11
no-route = 49.0.0.0/9
no-route = 49.128.0.0/11
no-route = 49.192.0.0/10
no-route = 52.80.0.0/14
no-route = 54.222.0.0/15
no-route = 58.0.0.0/9
no-route = 58.128.0.0/11
no-route = 58.192.0.0/11
no-route = 58.240.0.0/12
no-route = 59.32.0.0/11
no-route = 59.64.0.0/11
no-route = 59.96.0.0/12
no-route = 59.144.0.0/12
no-route = 59.160.0.0/11
no-route = 59.192.0.0/10
no-route = 60.0.0.0/11
no-route = 60.48.0.0/12
no-route = 60.160.0.0/11
no-route = 60.192.0.0/10
no-route = 61.0.0.0/10
no-route = 61.80.0.0/13
no-route = 61.128.0.0/10
no-route = 61.224.0.0/11
no-route = 91.234.36.0/24
no-route = 101.0.0.0/9
no-route = 101.128.0.0/11
no-route = 101.192.0.0/12
no-route = 101.224.0.0/11
no-route = 106.0.0.0/9
no-route = 106.224.0.0/12
no-route = 110.0.0.0/9
no-route = 110.144.0.0/12
no-route = 110.160.0.0/11
no-route = 110.192.0.0/10
no-route = 111.0.0.0/10
no-route = 111.64.0.0/11
no-route = 111.112.0.0/12
no-route = 111.128.0.0/10
no-route = 111.192.0.0/11
no-route = 111.224.0.0/12
no-route = 112.0.0.0/9
no-route = 112.128.0.0/12
no-route = 112.192.0.0/14
no-route = 112.224.0.0/11
no-route = 113.0.0.0/9
no-route = 113.128.0.0/12
no-route = 113.192.0.0/10
no-route = 114.16.0.0/12
no-route = 114.48.0.0/12
no-route = 114.64.0.0/10
no-route = 114.128.0.0/12
no-route = 114.192.0.0/10
no-route = 115.0.0.0/8
no-route = 116.0.0.0/8
no-route = 117.128.0.0/10
no-route = 118.16.0.0/12
no-route = 118.64.0.0/10
no-route = 118.128.0.0/9
no-route = 119.0.0.0/9
no-route = 119.128.0.0/10
no-route = 119.224.0.0/11
no-route = 120.0.0.0/10
no-route = 120.64.0.0/11
no-route = 120.128.0.0/12
no-route = 120.192.0.0/10
no-route = 121.0.0.0/9
no-route = 121.192.0.0/10
no-route = 122.0.0.0/7
no-route = 124.0.0.0/8
no-route = 125.0.0.0/9
no-route = 125.160.0.0/11
no-route = 125.192.0.0/10
no-route = 137.59.59.0/24
no-route = 137.59.88.0/22
no-route = 139.0.0.0/11
no-route = 139.128.0.0/9
no-route = 140.64.0.0/12
no-route = 140.128.0.0/12
no-route = 140.192.0.0/10
no-route = 144.0.0.0/13
no-route = 144.12.0.0/16
no-route = 144.48.0.0/13
no-route = 144.123.0.0/16
no-route = 144.255.0.0/16
no-route = 146.196.0.0/17
no-route = 150.0.0.0/16
no-route = 150.96.0.0/11
no-route = 150.128.0.0/12
no-route = 150.192.0.0/10
no-route = 152.104.128.0/17
no-route = 153.0.0.0/10
no-route = 153.96.0.0/11
no-route = 157.0.0.0/16
no-route = 157.18.0.0/16
no-route = 157.61.0.0/16
no-route = 157.112.0.0/12
no-route = 157.144.0.0/12
no-route = 157.255.0.0/16
no-route = 159.226.0.0/16
no-route = 160.19.0.0/16
no-route = 160.20.48.0/22
no-route = 160.202.0.0/16
no-route = 160.238.64.0/22
no-route = 161.207.0.0/16
no-route = 162.105.0.0/16
no-route = 163.0.0.0/10
no-route = 163.96.0.0/11
no-route = 163.128.0.0/10
no-route = 163.192.0.0/11
no-route = 164.52.0.0/17
no-route = 166.111.0.0/16
no-route = 167.139.0.0/16
no-route = 167.189.0.0/16
no-route = 167.220.244.0/22
no-route = 168.160.0.0/16
no-route = 170.179.0.0/16
no-route = 171.0.0.0/9
no-route = 171.192.0.0/11
no-route = 175.0.0.0/9
no-route = 175.128.0.0/10
no-route = 180.64.0.0/10
no-route = 180.128.0.0/9
no-route = 182.0.0.0/8
no-route = 183.0.0.0/10
no-route = 183.64.0.0/11
no-route = 183.128.0.0/9
no-route = 192.124.154.0/24
no-route = 192.140.128.0/17
no-route = 195.78.82.0/23
no-route = 202.0.0.0/9
no-route = 202.128.0.0/10
no-route = 202.192.0.0/11
no-route = 203.0.0.0/8
no-route = 210.0.0.0/10
no-route = 210.64.0.0/11
no-route = 210.160.0.0/11
no-route = 210.192.0.0/11
no-route = 211.64.0.0/13
no-route = 211.80.0.0/12
no-route = 211.96.0.0/13
no-route = 211.136.0.0/13
no-route = 211.144.0.0/12
no-route = 211.160.0.0/13
no-route = 216.250.108.0/22
no-route = 218.0.0.0/9
no-route = 218.160.0.0/11
no-route = 218.192.0.0/10
no-route = 219.64.0.0/11
no-route = 219.128.0.0/11
no-route = 219.192.0.0/10
no-route = 220.96.0.0/11
no-route = 220.128.0.0/9
no-route = 221.0.0.0/11
no-route = 221.96.0.0/11
no-route = 221.128.0.0/9
no-route = 222.0.0.0/8
no-route = 223.0.0.0/11
no-route = 223.64.0.0/10
no-route = 223.128.0.0/9
# 保存退出，重启ocserv

注意

# ocserv.conf 默认包含route内容，如果配置为no-route方式，需更改为以下方式，
# no-route 和 route不能共存，且路由表最多限制200条
no-route = 10.0.0.0/8
no-route = 172.16.0.0/12
no-route = 192.168.1.0/16

# ocserv.conf 变更后必须重启ocserv服务，不然配置无法生效
systemctl start ocserv //启动ocserv
systemctl restart ocserv //重启ocserv
systemctl status ocserv //查看ocserv状态
systemctl enable ocserv //加入开机启动
systemctl disable ocserv //关闭开机启动