- 2014-11-19 0:55
- 短網址
- 字型大小
-
Pritunl:簡易搭建個人VPN
一 直以來安裝 VPN 服務、提供全局加密代理,是租用VPS(虛擬主機)的一個重要用途,無奈各種命令行操作和複雜繁瑣的設置過程,讓小白們望而卻步。特別是當這種技術被廣泛 運用到翻牆手段中後,國家防火牆 GFW(Great Fire Wall)就通過智能識別判定,加大了對境外 VPN 伺服器的限制和干擾:例如搭建最簡單但安全性能較之最薄弱 PPTP 方式的 VPN 鏈接,很早就遭到聯通和電信等 ISP 服務商的封殺;前年十八大之後,沒有採用混淆技術的 Openvpn 也被干擾很難使用,因此讓更多的初級用戶轉向其他翻牆手段,或者購買商業付費服務。
那麼有沒有一種簡單有效的VPN方式,一方面能有一個相對簡單的途徑,易於初級用戶迅速搭建 VPN 服務;另一方面有能抵禦 GFW 的干擾,提供穩定有效的代理服務呢?最近我們找到一款免費開源的 VPN 平台軟體— Pritunl,非常符合上述兩個要求。
訪問它的官網,界面非常美觀簡潔,它採用 OpenVPN 代理方式,一方面提供了 API 供高級開發者使用,同時還針對不同平台和不同 VPS 供應商(包括 DigitalOcean和AWS)提供了詳盡的安裝使用說明,同時我們根據官網上提供的測試發現,此款產品竟然具備圖形化界面,方便了初級用戶的使用,官方稱其能在數分鐘內完成搭建過程,這大大的降低了使用門檻。同時,它還提供每月2.5美元的高級會員服務,提供更加強大的功能,我們將在後面予以描述。
搬瓦工作虛擬主機
上 面已經提到,官網教程中已經為 DigitalOcean 等虛擬主機服務商提供了詳細的安裝方法,但我們認為如果僅僅是搭建一個 VPN 伺服器提供代理服務,那麼上述主機中價格最低的 DigitalOcean 最低配的主機每月 5美元的租賃費用還是過高,512M的記憶體也有浪費之嫌。因此這裡,我們使用最近非常火熱的搬瓦工(BandwagonHost)主機作為本次測試的 VPS。
搬瓦工之所以這麼火熱,就是因為它低配主機的廉價,非常符合國人搭建代理服務的需求。我們這裡選用的是一款記憶體64M的單核主機,年費才3.99美元,平均每個月的開銷才2元人民幣,1.5G的硬碟和每月100G的流量也完全滿足我們需求。它支持信用卡和 Paypal付款,目前有兩個美國機房,一個地處東海岸的 Florida 州,一個地處西海岸的 Arizona 州(推薦)。
價格的便宜不意味著服務的縮水,它帶有一個強大的後台管理面板 KiwiVM,可以設置 Two-factor authentication 加強安全性,甚至還可以通過面板直接安裝 OpenVPN服務。
系 統默認安裝的 CentOS系統,又有編譯安裝過程太蛋疼,首先通過 KiwiVM 面板重新安裝我們更加熟悉的 Ubuntu 12.04 32位系統,然後甚至都不需要使用 Putty ,直接使用面板中的 RootShell-Interactive 就可以進入命令行:
配置環境
1. VPS供應商:Bandwagon Host;
2. VPS配置:1.5G硬碟,單核處理器 64M記憶體,每月100G流量;
3. 伺服器系統:Ubuntu 12.04 32位系統;
4. 客戶端系統:Windows7 64位系統
一、安裝 Pritunl
| 1
2 3 4 5 6 7 8 9 10 11 |
apt-get update #首先更新軟體源
apt-get install -y python-software-properties #安裝add-apt-repository工具包
add-apt-repository ppa:pritunl/ppa #添加軟體源
apt-get update #更新
apt-get install -y pritunl #安裝 pritunl
apt-get upgrade -y #當新版本發布時用此命令進行更新 |
二、設置 Pritunl
在瀏覽器中輸入:https://<Server_Address>:9700/,注意用自己 VPS 的IP地址進行替換:
正常情況就應該出現 Pritunl 的登陸界面,默認的用戶名和密碼都是「Admin」;
進入「Users」選項卡,點擊「Add Organization」輸入名稱後添加組;
點擊「Add User」命令輸入名稱後在組下添加用戶;
繼續點擊「Servers」選項卡,點擊「Add Server」輸入名稱後添加伺服器;
然後點擊「Attach Oranization」,將剛新建的組添加到伺服器中;
最後點擊「Start Server」運行服務,結束設置環節。
三、客戶端的設置
到 OpenVPN 官網上下載 Windows 平台的桌面客戶端並安裝;
進入 Pritunl 設置界面,點擊「Users」選項卡,點擊用戶名右側的圖標下載 OpenVPN 的 Profile設置文件壓縮檔,裡面包含密鑰;
用加壓縮軟體將其解壓,並將 Profile 文件拷貝到 Open configuration file directory目錄中;
以管理員身份運行 OpenVPN(如果用一般用戶運行可能會出現無法翻牆的情況),使用配置好的情景鏈接伺服器,成功!
四、其它
1. Pritunl 還提供每個月2.5美元的高級服務,主要功能是提供每個用戶產生的流量並以圖形化界面反應,如果不是商業運用,這個功能應該和個人用戶聯繫不大,效果如下圖:
2.上述教程是以Ubuntu 12.04作為伺服器端系統,以Windows平台作為客戶端系統的,其它系統的安裝和設置過程請參見官方教程;
3.Pritunl為保證安全性還提供了兩步認證( Two-step authenticatioon);
4. Pritunl作為VPN服務搭建工具最大的優勢就是圖形化和簡約化,甚至針對目前較為流行的低價主機服務商 DigitalOcean 開發了API介面,能夠迅速完成伺服器端的搭建和維護。
5. 上面提到過 Pritunl 採用的 OpenVPN 模式在十八大之後遭遇到一段時間的干擾和屏蔽,但以目前的情況來看鏈接非常穩定速度也很好,但此款應用剛剛推出,不知道在大規模使用後情況會不會出現逆 轉,但這一點也妨礙原來高高在上的VPN 搭建過程正逐步向簡單化,圖形化和普及化方向發展的趨勢,在這方面,Pritunl給了我們一個很好的啟示和榜樣,希望日後類似的應用越來越廣泛。
本文鏈接:Pritunl:簡易搭建個人VPN
美博園文章均為「原創 - 首發」,請尊重辛勞撰寫,轉載請以上面完整鏈接註明來源!
軟體著作權歸原作者!個別轉載文,本站會註明為轉載。
網 友 留 言
6條評論 in “Pritunl:簡易搭建個人VPN”這裡是你留言評論的地方
這是搭建嗎?哄人
Lantern-1.5.11
https://github.com/getlantern/lantern/releases
(常)
@Andrzeja
更新很快,1.5.12也發布了,謝謝:藍燈 Lantern - v1.5.12(2014-11-22) - 美博園
Twister 0.9.26.1
Update : 4 hours ago
https://github.com/dryabov/twister-webkit/releases/
(美博園)
@Andrzeja
已經發布,謝謝:Twister(龍捲風) P2P社群網路 v0.9.26(20141121) - 美博園
TrueCryptⓇ
Final Release Repository
https://www.grc.com/misc/truecrypt/truecrypt.htm
"Yes . . . TrueCrypt is still safe to use.
Although the disappearance of the TrueCrypt site, whose ever-presence the Internet community long ago grew to take for granted, shocked and surprised many, it clearly came as no surprise to the developers who maintained the site and its namesake code for the past ten years. An analysis of the extensive changes made to TrueCrypt's swan song v7.2 release, and to the code's updated v3.1 license, shows that this departure, which was unveiled without preamble, was in fact quite well planned.
For reasons that remain a titillating source of hypothesis, intrigue and paranoia, TrueCrypt's developers chose not to graciously turn their beloved creation over to a wider Internet development community, but rather, as has always been their right granted by TrueCrypt's longstanding license, to attempt to kill it off by creating a dramatically neutered 7.2 version that can only be used to view, but no longer to create new, TrueCrypt volumes.
Then, leveraging the perverse and wrongheaded belief that software whose support was just cancelled renders it immediately untrustworthy, they attempted to foreclose on TrueCrypt's current and continued use by warning the industry that future problems would remain unrepaired. This being said of the latest 7.1a version of the code that has been used by millions, without change, since its release in February of 2012, more than 27 months before. Suddenly, for no disclosed reason, we should no longer trust it?
The mistake these developers made was in believing that
they still 「owned」 TrueCrypt, and that it was theirs to kill.
But that's not the way the Internet works. Having created something of such enduring value, which inherently requires significant trust and buy-in, they are rightly unable to now take it back. They might be done with it, but the rest of us are not.
The developers' jealousy is perhaps made more understandable by examining the code they have created. It is truly lovely. It is beautifully constructed. It is amazing work to be deeply proud of. Creating something of TrueCrypt's size and complexity, and holding it together as they did across the span of a decade, is a monumental and truly impressive feat of discipline. So it is entirely understandable when they imply, as quoted below, that they don't trust anyone else to completely understand and maintain their creation as they have. Indeed, it will not be easy. They might look at the coding nightmare atrocity that OpenSSL became over the same span of time and think: 「Better to kill off our perfect creation than turn it over to others and have it become that.」
Those who believe that there is something suddenly 「wrong」 with TrueCrypt because its creators have decided they no longer have so much to give are misguided.
TrueCrypt's creators may well be correct. TrueCrypt may never be as pure and perfect as it is at this moment, today—in the form they created and perfected. Their true final version, 7.1a, may be the pinnacle of this story. So anyone would and should be proud to use and to continue to use this beautiful tool as it is today.
TrueCrypt's formal code audit will continue as planned. Then the code will be forked, the product's license restructured, and it will evolve. The name will be changed because the developers wish to preserve the integrity of the name they have built. They won't allow their name to continue without them. But the world will get some future version, that runs on future operating systems, and future mass storage systems.
There will be continuity . . . as an interesting new chapter of Internet lore is born.
................................................."
(美博園)