rancher安装Openvpn

4,151 阅读2分钟

背景:

为什么要安装vpn,因为vpn能帮我们打通网络,极大的方便我们开发调试和运行维护,不用把所有的内部端口都暴露到外面主机上。挂上vpn,就可以进行本机调试和开发。

1.安装vpn

从应用商店搜索vpn,如下图

选择OpenVPN for Rancher with "Rancher local" authentication 这个,也就是第四个,点击详情进去

2.服务端配置vpn

启动完之后,修改服务端配置,

点击右上角【升级】按钮,

一定要记得修改,AUTHRANCHERLOCALURL 这个后面会验证用户名和密码需要用到。将http[s]://hostname[:port] 改成自己访问rancher的地址,然后点击升级

3.客户端配置

客户端新建配置文件rancher_product.ovpn,内容如下

remote 118.191.2.218 1194clientdev tunproto tcpremote-randomresolv-retry infinitecipher AES-128-CBCauth SHA1nobindlink-mtu 1500persist-keypersist-tuncomp-lzoverb 3auth-user-passauth-retry interactns-cert-type server<ca>-----BEGIN CERTIFICATE-----MIIEmzCCA4OgAwIBAgIJANYjZIooTEHeMA0GCSqGSIb3DQEBCwUAMIGPMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQUwxEzARBgNVBAcTCkJpcm1pbmdoYW0xDTALBgNVBAoTBEFDTUUxCzAJBgNVBAsTAklUMRAwDgYDVQQDEwdBQ01FIENBMRAwDgYDVQQpEwdFYXN5UlNBMR4wHAYJKoZIhvcNAQkBFg9mb29AZXhhbXBsZS5jb20wHhcNMjAwMzA5MDczOTU5WhcNMzAwMzA3MDczOTU5WjCBjzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkFMMRMwEQYDVQQHEwpCaXJtaW5naGFtMQ0wCwYDVQQKEwRBQ01FMQswCQYDVQQLEwJJVDEQMA4GA1UEAxMHQUNNRSBDQTEQMA4GA1UEKRMHRWFzeVJTQTEeMBwGCSqGSIb3DQEJARYPZm9vQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx/ua+3SFRCmSjHti5B/fspH4GfpfWiNrJmcDoLjm42hDIEkVbdXvHBuCeJF9jak31u7PsVtn9nAbAD+9GLZaC/92jiYvDDuu6p0Dw7xy8l0Q8mZu67zMjS29ofd9PEqAps6fJ3GR1J4LGrAner6oAgAMfop3CGmMAxWKtXCRLFILUoFrH9Zt+eEubb6wnIidlDHBCaFzU55ru0Pb16W/9IKT7k15UFiKCfbMc/4iH3WIi0GS+Z3mEztQDlOciogx5LXntTRXMlc/M15dB8uz9AZAdqQnUAGXQ3NNgVeUC+1cfh94jSyFzSQ5iCGvr6dmERm+6hIgD2n086wKn0DxtwIDAQABo4H3MIH0MB0GA1UdDgQWBBQOoMICoTXLuswJjjpIr6QpFDN3RTCBxAYDVR0jBIG8MIG5gBQOoMICoTXLuswJjjpIr6QpFDN3RaGBlaSBkjCBjzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkFMMRMwEQYDVQQHEwpCaXJtaW5naGFtMQ0wCwYDVQQKEwRBQ01FMQswCQYDVQQLEwJJVDEQMA4GA1UEAxMHQUNNRSBDQTEQMA4GA1UEKRMHRWFzeVJTQTEeMBwGCSqGSIb3DQEJARYPZm9vQGV4YW1wbGUuY29tggkA1iNkiihMQd4wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEACRwZqpNxswkVPfSnWMbe5Gdsq8ZYSGSFJVpSD+NZ9y4LVGAZKcKWzax2ifUVBTGUjU1VWrC6ufx58SD63vpJ+T1/kx3SJ5TH41zEUmCVEITfFFcl9e6qhzx1YA1zuJ6OfvX5XGNAqUFkqY6jxDUVh8OAYJWWqxbiME9FtQSCwCaPRqPWePoaLb2Vczueu7MI9RdcGqFCDgGgiv9OVZldERsDwqsEpVEJXXAmWs/ZhR4MmKhO5Hz5yei9ysfrP5ZnN6XxSURpY5kv7HWFloE4lJgJhQ6n3ul+BMObE+oI6KZB1hX+u20RJ/SpSyEew4o7OR/tttznE6hNS5THPJtELQ==-----END CERTIFICATE-----</ca>

配置完之后导入tunnelblick

4.验证

启动客户端tunnelblick

点击链接,连接成功之后,日志显示

2020-03-16 16:28:24.021898 MANAGEMENT: >STATE:1584347304,CONNECTED,SUCCESS,10.43.0.6,118.190.1.218,1194,192.168.13.115,637132020-03-16 16:28:24.175641 *Tunnelblick: Could not determine this computer's apparent public IP address before the connection was completed2020-03-16 16:28:24.246528 *Tunnelblick: DNS address 169.254.169.250 is being routed through the VPN2020-03-16 16:28:27.869402 *Tunnelblick: process-network-changes: A system configuration change was ignored2020-03-16 16:46:34.715189 *Tunnelblick: process-network-changes: A system configuration change was ignored2020-03-16 16:51:18.458545 *Tunnelblick: process-network-changes: A system configuration change was ignored

打开终端验证一下网络是否联通,

说明已经连接了,大功告成