Comments (13)
压缩包,QQ群下载吧,上传不了。。。
from anylink.
启动anylink的第二步systemctl start anylink后,再设置一下开机自启systemctl enable anylink
from anylink.
防火墙开放的第二步关闭firewalld的正确命令为:
systemctl stop firewalld # 临时关闭防火墙
systemctl disable firewalld # 永久关闭防火墙
from anylink.
教程有二处错误。需要更正。不然会无法启动 和 无法访问管理WEB页面
1、自签证书:
楼主的教程自生成证书会有一定机率不能使用(下面有推荐使用SSL自动申请教程)。按着做就可以了。
但是。将证书copy到服务端使用和客户端使用没写明白。同时客户端证书生成用这个方法可行。所以还是做一下。
比方:证书生成在root文件夹下
#服务端 证书(自签可有一定机率启动不了)
cp vpn_cert.key vpn_cert.pem /usr/local/anylink-deploy/conf/
#客户端 证书(可用)
cp root.crt /usr/local/anylink-deploy/conf/files/
推荐:
强烈建议使用SSL 自动申请功能。服务端不要用自签证证书
https://owo.misaka.rest/acme-1key/
Acme.sh 一键申请证书脚本及说明
PS:如果之前用自签SSL启动不了。然后换上自动申请SSL也启用不了。重装直接用自动申请的。解决。
2、防火墙要关。楼主写错了,楼上是对的。请永久关闭防火墙。不然无法访问。访问时要加https://
# 永久关闭防火墙
systemctl disable firewalld
这一步要重启,如果不想重启,要加多一步
# 临时关闭防火墙
systemctl stop firewalld
3、日志
#日志有一定机率是写入不成功。建议用绝对地址
log_path = "/usr/local/anylink-deploy/log" # 添加日志文件路径
这样你就可以正常用了。修证教程。
以上本人总结经验和规坑指南。多次已成功。
from anylink.
@sunteta 确定日志路径,根本启动不了,注释掉日志相关参数,就可以了 版本是0.7.4
MASQUERADE all -- 192.168.10.0/24 0.0.0.0/0
ServerCfg: &{Conf:/app/conf/server.toml Profile:./conf/profile.xml ServerAddr::443 ServerDTLSAddr::4433 ServerDTLS:false AdminAddr::8800 ProxyProtocol:false DbType:mysql DbSource:anylink:curdboy@tcp(10.1.251.93:3306)/anylink?charset=utf8 CertFile:./conf/ssl/tmt167.top.cer CertKey:./conf/ssl/tmt167.top.key FilesPath:./conf/files LogPath:/data/anylink/log LogLevel:info Pprof:false Issuer:xxxxxxxxxxx AdminUser:root AdminPass:$2a$10$EdYE67dPE83dDOjc1o0vpOfSPwph5wQvLW5MujCnXmuhfEQkYt10. JwtSecret:XxiyfnR9HgtWEAYdTRjZSy2uzMEIKdrXbBYiD_f8QD-10v93e_8oW5vqq3Go9FTTamuLTIIY LinkMode:tun Ipv4Master:eth0 Ipv4CIDR:192.168.10.0/24 Ipv4Gateway:192.168.10.1 Ipv4Start:192.168.10.100 Ipv4End:192.168.10.200 IpLease:1209600 MaxClient:100 MaxUserClient:3 DefaultGroup:one CstpKeepalive:20 CstpDpd:30 MobileKeepalive:40 MobileDpd:50 SessionTimeout:3600 AuditInterval:-1}
panic: open /data/anylink/log/anylink.log: no such file or directory
#ls -ld /data/anylink/log/
drwxr-xr-x 2 root root 6 Jul 7 15:05 /data/anylink/log/
目录是存在得,应该有bug
from anylink.
from anylink.
@jiaxinonly
/data/anylink/log/ # 就是手动创建得日志存储目录
from anylink.
那你检查一下是否是相对路径与绝对路径的问题
from anylink.
配置文件用得绝对路径
..........
#日志目录,为空写入标准输出
#log_path = "./log"
log_path = "/data/anylink/log
log_level = "info"
pprof = false
.....
from anylink.
你用相对路径试试
from anylink.
没用
:20 CstpDpd:30 MobileKeepalive:40 MobileDpd:50 SessionTimeout:3600 AuditInterval:-1}
panic: open log/anylink.log: no such file or directory
goroutine 1 [running]:
github.com/bjdgyc/anylink/base.(*logWriter).newFile(0xc000117710)
/anylink/server/base/log.go:63 +0xa7
github.com/bjdgyc/anylink/base.initLog()
/anylink/server/base/log.go:76 +0x131
github.com/bjdgyc/anylink/base.Start()
/anylink/server/base/start.go:6 +0x25
main.main()
/anylink/server/main.go:28 +0x6f
[root@Docker-App /data/anylink 16:19:24]
#ls log/anylink.log
log/anylink.log
[root@Docker-App /data/anylink 16:19:49]
#grep conf/
anylink.db files/ profile.xml server.toml ssl/
[root@Docker-App /data/anylink 16:19:49]
#grep log conf/server.toml
log_path = "./log"
#log_path = "/data/anylink/log"
log_level = "debug"
from anylink.
我也来补一下防火墙规则的坑,红帽系的防火墙规则永久保存是需要依赖rc.local的。
先为rc.local赋予开机执行权chmod a+x rc.local
再将规则保存到iptables-save > /etc/iptables.conf这个文件里
最后在rc.local写入iptables-restore < /etc/iptables.conf 即可完成防火墙持久化操作
还有,Linux状态下的所有二进制的脚本以及程序包都需要先授予执行权才可以使其能够开机自启。
chmod +x 脚本名
from anylink.
[Tue Jul 25 10:40:51 EDT 2023] Your cert is in: /root/.acme.sh/it-nmg.cn/it-nmg.cn.cer
[Tue Jul 25 10:40:51 EDT 2023] Your cert key is in: /root/.acme.sh/it-nmg.cn/it-nmg.cn.key
[Tue Jul 25 10:40:51 EDT 2023] The intermediate CA cert is in: /root/.acme.sh/it-nmg.cn/ca.cer
[Tue Jul 25 10:40:51 EDT 2023] And the full chain certs is there: /root/.acme.sh/it-nmg.cn/fullchain.cer
请问我用asme 生成的证书,对应server配置文件
cert_file = "./conf/vpn_cert.pem"
cert_key = "./conf/vpn_cert.key"
应该用那两个?
服务端证书用asme脚本,客户端证书root.crt的还是按照这个原文来生成吗?
还望大佬指点以下 万分感觉。
from anylink.
Related Issues (20)
- 希望可以在用户组的“权限控制“页面中添加和“路由设置”一样的编辑模式
- link_tun.go:20: [Fatal] open tun err: no such device HOT 2
- affected/package: 无法编译出主程序二进制文件 HOT 1
- Gmail QR Code無正常顯示 HOT 3
- 客户端连接报tunnel negotiation failed 401 Unauthorized HOT 6
- [docker] 创建镜像并配置好证书,用户, 客户端可以远程连接,但无法访问内网 HOT 1
- affected/package: 安全性方面增加频率控制
- affected/package: 0.12.1 使用建议
- 在线用户能否增加姓名显示 HOT 2
- 是否可以增对配置的导入导出功能,方便备份
- 希望增加用户流量统计功能
- 希望增加自定义接口名称的前缀的功能
- anylink支持能否增加支持【accept-challenge】消息,先输入密码,验证成功后再次输入TOTP验证码
- 希望可以增加企业微信的机器人发送通知.
- 功能性改进-添加防爆破功能增强安全性 HOT 1
- 不使用docker,编译server报错main.go:19:12: pattern ui: no matching files found HOT 1
- docke 容器部署,vpn能连接上,但是只能访问到docker容器的ip地址,其他地址无法访问到 HOT 2
- 失败登录的打印来源ip
- affected/package: 审计日志中用户访问日志希望能支持icmp协议访问的记录
- affected/package: 希望可以增加用户可自定义修改自己的登陆密码
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from anylink.