vpn-setup
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseVPN Setup
VPN搭建
Configure secure VPN tunnels for remote access and site connectivity.
为远程访问和站点连接配置安全VPN隧道。
WireGuard
WireGuard
bash
undefinedbash
undefinedGenerate keys
Generate keys
wg genkey | tee privatekey | wg pubkey > publickey
wg genkey | tee privatekey | wg pubkey > publickey
Server config (/etc/wireguard/wg0.conf)
Server config (/etc/wireguard/wg0.conf)
[Interface]
Address = 10.0.0.1/24
ListenPort = 51820
PrivateKey = <server-private-key>
[Peer]
PublicKey = <client-public-key>
AllowedIPs = 10.0.0.2/32
[Interface]
Address = 10.0.0.1/24
ListenPort = 51820
PrivateKey = <server-private-key>
[Peer]
PublicKey = <client-public-key>
AllowedIPs = 10.0.0.2/32
Enable
Enable
wg-quick up wg0
systemctl enable wg-quick@wg0
undefinedwg-quick up wg0
systemctl enable wg-quick@wg0
undefinedOpenVPN
OpenVPN
bash
undefinedbash
undefinedInstall
Install
apt install openvpn easy-rsa
apt install openvpn easy-rsa
Generate certificates
Generate certificates
cd /etc/openvpn/easy-rsa
./easyrsa init-pki
./easyrsa build-ca
./easyrsa gen-req server nopass
./easyrsa sign-req server server
./easyrsa gen-dh
undefinedcd /etc/openvpn/easy-rsa
./easyrsa init-pki
./easyrsa build-ca
./easyrsa gen-req server nopass
./easyrsa sign-req server server
./easyrsa gen-dh
undefinedAWS Site-to-Site VPN
AWS Site-to-Site VPN
bash
aws ec2 create-vpn-gateway --type ipsec.1
aws ec2 create-customer-gateway \
--type ipsec.1 \
--bgp-asn 65000 \
--public-ip <on-prem-ip>
aws ec2 create-vpn-connection \
--type ipsec.1 \
--customer-gateway-id cgw-xxx \
--vpn-gateway-id vgw-xxxbash
aws ec2 create-vpn-gateway --type ipsec.1
aws ec2 create-customer-gateway \
--type ipsec.1 \
--bgp-asn 65000 \
--public-ip <on-prem-ip>
aws ec2 create-vpn-connection \
--type ipsec.1 \
--customer-gateway-id cgw-xxx \
--vpn-gateway-id vgw-xxxBest Practices
最佳实践
- Use WireGuard for modern deployments
- Implement MFA for VPN access
- Regular key rotation
- Monitor VPN connections
- Segment VPN access by role
- 现代部署优先使用WireGuard
- 为VPN访问启用MFA
- 定期轮换密钥
- 监控VPN连接
- 按角色划分VPN访问权限
Related Skills
相关技能
- zero-trust - Modern access patterns
- ssl-tls-management - Certificate management
- 零信任 - 现代访问模式
- SSL/TLS 管理 - 证书管理