HIS/vpn-net-set: README.md annotate

annotate README.md @ 0:ebdb0cecebc0 default tip

新增

author	Pluto <meokcin@gmail.com>
date	Sun, 01 Sep 2024 16:38:41 +0800
parents
children

rev	line source
0 ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	1 <center> <h1>逸景医院VPN组网建设方案</h1> </center>
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	2
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	3 # 一、选型
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	4 ## 1. ~~物理线路组网~~
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	5 ## 2. ~~开放公网IP~~
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	6 > ~~经过评估此方案安全性无法保证~~
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	7 > ~~院内网络安全设备暂无防火墙、入侵检测设备等，无法有效保障网络数据的安全~~
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	8 ## 3. VPN组网
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	9 ### 3.1 ~~主院区建设VPN服务器~~
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	10 > ~~放弃原因：理由如 2 ，需要开放公网IP~~
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	11 ### 3.2 云服务器搭建私有VPN
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	12 #### 3.2.1 服务器选型
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	13 腾讯云服务器（理由：便宜）
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	14 后续为保证稳定性建议搭建集群，保证在一台服务器宕机的时候，不会导致业务中断
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	15
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	16 # 二、搭建（OpenVPN）
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	17 > 目前市场上的企业选用VPN类型有IPSec、SSL VPN、Wiregrud、OpenVPN等
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	18 > 这里选择OpenVPN的理由是操作相对简单，客户端友好。资料全面。易于排查问题。
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	19 > 注意：VPN仅可以搭建在国内云服务器上，不要存在搭建国际网络信道的可能。
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	20 ## 脚本搭建OpenVPN
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	21 ### 1. 更新系统
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	22 1. Debian/Ubuntu
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	23 ```
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	24 sudo apt update && sudo apt -y upgrade
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	25 ```
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	26 2. RedHat/Centos 8-9
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	27 ```
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	28 sudo dnf update -y
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	29 ```
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	30 ### 2. 执行脚本安装
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	31 1. 远程下载脚本
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	32 ```
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	33 wget -O openvpn.sh https://fox.aliait.org/projects/HIS/repos/vpn-net-set/raw/openvpn-install.sh
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	34 ```
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	35 2. 通过SFTP上传脚本
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	36 3. 新建一个文件```vim openvpn.sh``` 然后打开文件 [openvpn-install.sh](https://fox.aliait.org/projects/HIS/repos/vpn-net-set/browse/openvpn-install.sh)，复制其中的内容粘贴进去。
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	37 4. 安装
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	38 1. 使用默认选项自动安装
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	39 ```
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	40 sudo bash openvpn.sh --auto
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	41 ```
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	42 2. 使用自定义选型进行安装
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	43 ```
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	44 sudo bash openvpn.sh
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	45 ```
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	46 5. 你可以自定义以下选项：VPN 服务器的域名，协议 (TCP/UDP) 和端口，VPN 客户端的 DNS 服务器以及第一个客户端的名称。
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	47
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	48 请为 VPN 打开所选的 TCP 或 UDP 端口。
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	49
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	50 <details>
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	51 <summary>
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	52 高级：使用自定义选项自动安装。
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	53 </summary>
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	54
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	55 高级用户可以使用自定义选项自动安装 OpenVPN，方法是提供一个 Bash "here document" 作为安装脚本的输入。此方法还可用于在安装后提供输入以管理用户。
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	56
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	57 首先，使用自定义选项以交互方式安装 OpenVPN，并写下你对脚本的所有输入值。
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	58
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	59 ```bash
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	60 sudo bash openvpn.sh
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	61 ```
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	62
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	63 如需删除 OpenVPN，请再次运行脚本并选择适当的选项。
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	64
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	65 然后使用你的输入值创建自定义安装命令。例如：
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	66
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	67 ```bash
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	68 sudo bash openvpn.sh <<ANSWERS
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	69 n
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	70 1
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	71 1194
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	72 2
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	73 client
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	74 y
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	75 ANSWERS
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	76 ```
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	77
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	78 注：安装选项可能会在脚本的未来版本中发生变化。
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	79 </details>
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	80
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	81 ### 3.下一步
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	82
ebdb0cecebc0 新增 Pluto <meokcin@gmail.com> parents: diff changeset	83 安装完成后，你可以再次运行脚本来管理用户或者卸载 OpenVPN。

Mercurial > HIS > vpn-net-set

annotate README.md @ 0:ebdb0cecebc0 default tip