Makemake au e kaʻana like i koʻu ʻike no ka hoʻohui ʻana i nā ʻupena i ʻekolu mau keʻena mamao, e hoʻohana ana kēlā me kēia mea i nā mea ala ala me OpenWRT ma ke ʻano he ʻīpuka, i loko o kahi pūnaewele maʻamau. Ke koho ʻana i kahi ala no ka hoʻohui ʻana i nā ʻupena ma waena o L3 me ka subnet routing a me L2 me ka bridging, i ka wā e noho ai nā nodes pūnaewele āpau i ka subnet hoʻokahi, hāʻawi ʻia ka makemake i ke ala ʻelua, ʻoi aku ka paʻakikī o ka hoʻonohonoho ʻana, akā hāʻawi i nā manawa hou aku, no ka mea. Ua hoʻolālā ʻia ka hoʻohana ʻana i nā ʻenehana i ka pūnaewele i hana ʻia ʻo Wake-on-Lan a me DLNA.
Māhele 1: Kāpae
ʻO ke kaʻina hana i koho mua ʻia e hoʻokō i kēia hana OpenVPN, no ka mea, ʻo ka mea mua, hiki iā ia ke hana i kahi mea piula wai e hiki ke hoʻohui ʻia i ke alahaka me ka ʻole o nā pilikia, a ʻo ka lua, OpenVPN Kākoʻo ia i ka TCP, he mea nui hoʻi ia, ʻoiai ʻaʻohe o nā hale noho i loaʻa kahi helu IP i hoʻolaʻa ʻia. ʻAʻole hiki iaʻu ke hoʻohana iā STUN no ka mea, no kekahi kumu, ua ālai kaʻu ISP i nā pilina UDP e hiki mai ana mai kāna mau pūnaewele. Ua ʻae ʻo TCP iaʻu e hoʻouna i ke awa kikowaena VPN i ka VPS i hoʻolimalima ʻia me ka hoʻohana ʻana i ka SSH. ʻOiai ʻo kēia ʻano hana e hana i kahi overhead koʻikoʻi, ʻoiai ua hoʻopāpālua ʻia ka ʻikepili, ʻaʻole au makemake e hoʻohui i ka VPS i loko o kaʻu pūnaewele pilikino, no ka mea, aia kahi pilikia o nā ʻaoʻao ʻekolu e loaʻa ka mana ma luna o ia mea. No laila, ʻo ka loaʻa ʻana o ia ʻano mea ma kaʻu pūnaewele home he mea makemake ʻole ʻia, no laila ua hoʻoholo wau e uku i kahi overhead koʻikoʻi no ka palekana.
No ka hoʻouna ʻana i ke awa ma ke alalai kahi i hoʻolālā ʻia ai ke kikowaena e hoʻolaha ʻia, ua hoʻohana au i ka polokalamu sshtunnel. ʻAʻole au e komo i nā kikoʻī o kona hoʻonohonoho ʻana—he maʻalahi loa ia. E hoʻomaopopo wale au ʻo kāna kumu ka hoʻouna ʻana i ke awa TCP 1194 mai ke alalai i ka VPS. A laila, ua hoʻonohonoho au i ke kikowaena. OpenVPN Ma ka hāmeʻa tap0, i hoʻopili ʻia i ke alahaka br-lan. Ma hope o ka hoʻāʻo ʻana i ka pilina i ke kikowaena i hana hou ʻia mai kaʻu kamepiula lawe lima, ua maopopo ua holo pono ka manaʻo hoʻouna puka, a ua lilo kaʻu kamepiula lawe lima i lālā o ka pūnaewele o ka router, ʻoiai ʻaʻole ia he ʻāpana kino o ia mea.
ʻO ka mea wale nō i koe e hana ai, ʻo ia ke hāʻawi i nā helu wahi IP ma nā hale noho like ʻole i ʻole lākou e hakakā a hoʻonohonoho i nā mea hoʻokele e like me OpenVPN-nā mea kūʻai aku.
Ua koho ʻia nā helu IP router a me nā pae kikowaena DHCP:
- 192.168.10.1 me ka laulā 192.168.10.2 - 192.168.10.80 no ke kikowaena
- 192.168.10.100 me ka laulā 192.168.10.101 - 192.168.10.149 no ka mea alalai ma ke keena No. 2
- 192.168.10.150 me ka laulā 192.168.10.151 - 192.168.10.199 no ka mea alalai ma ke keena No. 3
He mea pono nō hoʻi e hāʻawi i kēia mau helu wahi i nā mea hoʻopili mea kūʻai aku. OpenVPN-server, ma ka hoʻohui ʻana i kēia laina i kāna hoʻonohonoho ʻana:
ifconfig-pool-persist /etc/openvpn/ipp.txt 0a hoʻohui i kēia mau laina i ka faila /etc/openvpn/ipp.txt:
flat1_id 192.168.10.100
flat2_id 192.168.10.150
kahi ʻo flat1_id a me flat2_id nā inoa hāmeʻa i kuhikuhi ʻia i ka wā e hana ana i nā palapala hōʻoia no ka hoʻopili ʻana i OpenVPN
A laila, ua hoʻonohonoho ʻia nā routers OpenVPN- nā mea kūʻai aku, ua hoʻohui ʻia nā polokalamu tap0 ma nā mea ʻelua i ke alahaka br-lan. I kēia manawa, ua maikaʻi nā mea āpau, ʻoiai hiki i nā pūnaewele ʻekolu ke ʻike kekahi i kekahi a hana ma ke ʻano he ʻāpana hoʻokahi. Eia nō naʻe, ua puka mai kahi kikoʻī maikaʻi ʻole: i kekahi manawa e loaʻa i nā polokalamu kahi helu IP mai ka router hewa, me nā hopena āpau e hiki mai ana. No kekahi kumu, ʻaʻole i pane ka router ma kekahi o nā hale noho iā DHCPDISCOVER i ka manawa, a ua loaʻa i ka hāmeʻa ka helu wahi hewa. Ua ʻike au he pono iaʻu ke kānana i kēlā mau noi ma tap0 ma kēlā me kēia router, akā i ka hopena, ʻaʻole hiki i nā iptables ke hana me kahi hāmeʻa inā he ʻāpana ia o kahi alahaka, no laila pono wau e hoʻohana i nā ebtables. Minamina, ʻaʻole i hoʻokomo kaʻu firmware iā ia, no laila pono wau e kūkulu hou i nā kiʻi no kēlā me kēia hāmeʻa. Ma hope o ka hana ʻana i kēia a me ka hoʻohui ʻana i nā laina aʻe i /etc/rc.local ma kēlā me kēia router, ua hoʻoponopono ʻia ka pilikia:
ebtables -A INPUT --in-interface tap0 --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -A INPUT --in-interface tap0 --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP
ebtables -A FORWARD --out-interface tap0 --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -A FORWARD --out-interface tap0 --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP
Ua mau kēia hoʻonohonoho no ʻekolu makahiki.
Māhele 2: Ke Hoʻomaopopo ʻana WireGuard
I kēia mau lā i hala iho nei, ua nui ka kamaʻilio ʻana ma ka Pūnaewele e pili ana i ka WireGuard, mahalo i kona maʻalahi o ka hoʻonohonoho ʻana, ka wikiwiki hoʻoili kiʻekiʻe, ka ping haʻahaʻa, a me ka palekana like. Ua hōʻike ʻia kahi ʻimi no ka ʻike hou aku e pili ana iā ia ʻaʻole ia e kākoʻo i ke kākoʻo o ka lālā alahaka a i ʻole ke kākoʻo protocol TCP, kahi i alakaʻi iaʻu e manaʻoʻiʻo ʻaʻohe koho ʻē aʻe. OpenVPN noʻu ʻaʻole ia ma laila. No laila ke hoʻopaneʻe nei au i ka ʻike ʻana WireGuard.
I kekahi mau lā i hala aku nei, ua pālahalaha ka nūhou ma o nā kumuwaiwai e pili ana i ka IT ma kekahi ʻano a i ʻole WireGuard e hoʻokomo hope ʻia i loko o ka kernel Linux, e hoʻomaka ana me ka mana 5.6. Ua mahalo ʻia nā ʻatikala nūhou, e like me nā manawa a pau WireGuardUa komo hou au i ka ʻimi ʻana i nā ala e pani ai i ka mea kahiko maikaʻi OpenVPNI kēia manawa ua holo au i loko . Ua kamaʻilio e pili ana i ka hana ʻana i kahi kaila Ethernet ma luna o L3 me ka hoʻohana ʻana iā GRE. Hāʻawi kēia ʻatikala iaʻu i ka manaʻolana. ʻAʻole maopopo ka mea e hana ai me ka protocol UDP. ʻO ka huli ʻana i alakaʻi iaʻu i nā ʻatikala e pili ana i ka hoʻohana ʻana i ka socat i hui pū me kahi tunnel SSH e hoʻouna i kahi awa UDP, akā naʻe, ua ʻike lākou he hana wale kēia ala ma ke ʻano pili hoʻokahi, ʻo ia ka mea hiki ʻole i nā mea kūʻai aku VPN he nui. Ua hele mai au me ka manaʻo e hoʻonohonoho i kahi kikowaena VPN ma VPS, a hoʻonohonoho i ka GRE no nā mea kūʻai aku, akā e like me ka mea i ʻike ʻia, ʻaʻole kākoʻo ʻo GRE i ka hoʻopunipuni, e alakaʻi i ka ʻoiaʻiʻo inā loaʻa nā ʻaoʻao ʻekolu i ke kikowaena. Aia nā kaʻa a pau ma waena o kaʻu mau pūnaewele i ko lākou lima i kūpono ʻole iaʻu.
Eia hou, ua hoʻoholo ʻia ka hoʻoholo no ka hoʻopiʻi hou ʻana, ma o ka hoʻohana ʻana iā VPN ma VPN e like me ka hoʻolālā aʻe:
Papa XNUMX VPN:
VPS he kikowaena me ka helu kūloko 192.168.30.1
MS he mea kūʻai VPS me ka helu kūloko 192.168.30.2
MK2 he mea kūʻai VPS me ka helu kūloko 192.168.30.3
MK3 he mea kūʻai VPS me ka helu kūloko 192.168.30.4
Lae XNUMX VPN:
MS he kikowaena me ka helu waho 192.168.30.2 a me loko 192.168.31.1
MK2 he mea kūʻai MS me ka helu wahi 192.168.30.2 a he IP kūloko o 192.168.31.2
MK3 he mea kūʻai MS me ka helu wahi 192.168.30.2 a he IP kūloko o 192.168.31.3
* MS - ka mea hoʻohana router ma ke keʻena 1, MK2 - ke alalai ma ke keʻena 2, MK3 - ke alalai ma ke keʻena 3
* Hoʻopuka ʻia ka hoʻonohonoho ʻana o nā hāmeʻa ma ka mea hao ma ka hope o ka ʻatikala.
A no laila, pings ma waena o nā nodes o ka pūnaewele 192.168.31.0/24 hele, ʻo ia ka manawa e neʻe ai i ka hoʻonohonoho ʻana i ka tunnel GRE. Ma mua o kēlā, i ʻole e nalowale i ke komo ʻana i nā mea hoʻokele, pono e hoʻonohonoho i nā tunnels SSH e hoʻouna i ke awa 22 i ka VPS, no laila, no ka laʻana, e loaʻa kahi router mai ke keʻena 10022 ma ke awa 2 o ka VPS, a me kahi e loaʻa ana ka mea hoʻokele mai ke keʻena 11122 ma ke awa 3 o ka VPS. router mai ke keʻena XNUMX. ʻOi aku ka maikaʻi o ka hoʻonohonoho ʻana i ka hoʻouna ʻana me ka sshtunnel like, no ka mea e hoʻihoʻi ia i ka tunnel inā hāʻule.
Hoʻonohonoho ʻia ka tunnel, hiki iā ʻoe ke hoʻopili iā SSH ma o ke awa i hoʻouna ʻia:
ssh root@МОЙ_VPS -p 10022A laila pono ʻoe e hoʻopau OpenVPN:
/etc/init.d/openvpn stopI kēia manawa, e hoʻonohonoho kāua i kahi tunnel GRE ma ke alalai mai ke keʻena 2:
ip link add grelan0 type gretap remote 192.168.31.1 local 192.168.31.2
ip link set grelan0 up
A hoʻohui i ka interface i hana ʻia i ke alahaka:
brctl addif br-lan grelan0
E hana kāua i kahi kaʻina hana like ma ka mea hoʻokele kikowaena:
ip link add grelan0 type gretap remote 192.168.31.2 local 192.168.31.1
ip link set grelan0 up
A, e hoʻohui pū i ka interface i hana ʻia i ke alahaka:
brctl addif br-lan grelan0
e hoʻomaka ana mai kēia manawa, hoʻomaka nā pings e hele maikaʻi i ka pūnaewele hou a ʻo wau, me ka hauʻoli, hele wau e inu kofe. A laila, e ʻike i ke ʻano o ka hana ʻana o ka pūnaewele ma ka ʻaoʻao ʻē aʻe o ka uea, hoʻāʻo wau e SSH i loko o kekahi o nā kamepiula ma ke keʻena 2, akā paʻa ka mea kūʻai aku ssh me ka ʻole o ka koi ʻana iaʻu i kahi ʻōlelo huna. Ke ho'āʻo nei au e hoʻohui i kēia kamepiula ma o telnet ma ke awa 22 a ʻike i kahi laina e hiki ai iā ʻoe ke hoʻomaopopo i ka hoʻokumu ʻia ʻana o ka pilina, ke pane mai nei ka server SSH, akā no kekahi kumu ʻaʻole ia e hāʻawi iaʻu e komo.
$ telnet 192.168.10.110 22
SSH-2.0-OpenSSH_8.1
Ke hoʻāʻo nei au e hoʻopili iā ia ma o VNC a ʻike wau i kahi pale ʻeleʻele. Ke hōʻoiaʻiʻo nei wau iaʻu iho aia ka mea i ka kamepiula mamao, no ka mea hiki iaʻu ke hoʻopili maʻalahi i ke alalai mai kēia keʻena me ka hoʻohana ʻana i ka helu kūloko. Eia naʻe, hoʻoholo wau e SSH i loko o kēia kamepiula ma o ke alalai a kāhāhā wau i ka ʻike ʻana ua kūleʻa ka pilina a hana maikaʻi ke kamepiula mamao akā ʻaʻole hiki ke hoʻopili i kaʻu kamepiula.
Lawe au i ka hāmeʻa grelan0 mai loko mai o ke alahaka a holo iā ia OpenVPN Ma ke ala hele ma ka hale noho 2, ua hōʻoia wau e hana pono ana ka pūnaewele a ʻaʻole i emi nā pilina. I ka ʻimi ʻana, ua ʻike au i nā ʻaha kūkā kahi e hoʻopiʻi ai ka poʻe e pili ana i nā pilikia like, a kahi i ʻōlelo ʻia ai lākou e hoʻokiʻekiʻe i ka MTU. ʻAʻole i ʻōlelo koke ʻia ma mua o ka hana ʻana. Eia naʻe, a hiki i ka hoʻonohonoho ʻana o ka MTU i ke kiʻekiʻe kūpono—7000 no nā mea gretap—ua ʻike au i ka hāʻule ʻana o nā pilina TCP a i ʻole nā wikiwiki hoʻoili haʻahaʻa. Ma muli o ke kiʻekiʻe o ka MTU no gretap, ʻo ka MTU no nā pilina WireGuard Ua hoʻonohonoho ʻia nā pae mua a me ka lua ma 8000 a me 7500.
Ua hana au i kahi hoʻonohonoho like ma ke alalai mai ke keʻena 3, me ka ʻokoʻa wale nō ʻo ka lua o ka gretap interface i kapa ʻia ʻo grelan1 i hoʻohui ʻia i ka router server, i hoʻohui pū ʻia i ke alahaka br-lan.
Ke hana nei nā mea a pau. I kēia manawa hiki iā ʻoe ke hoʻokomo i ka hui gretap i autoload. No kēia:
Kau i kēia mau laina ma /etc/rc.local ma ke alalai ma ke keʻena 2:
ip link add grelan0 type gretap remote 192.168.31.1 local 192.168.31.2
ip link set dev grelan0 mtu 7000
ip link set grelan0 up
brctl addif br-lan grelan0
Hoʻohui ʻia kēia i /etc/rc.local ma ke alalai ma ke keʻena 3:
ip link add grelan0 type gretap remote 192.168.31.1 local 192.168.31.3
ip link set dev grelan0 mtu 7000
ip link set grelan0 up
brctl addif br-lan grelan0
A ma ka mea alalai kikowaena:
ip link add grelan0 type gretap remote 192.168.31.2 local 192.168.31.1
ip link set dev grelan0 mtu 7000
ip link set grelan0 up
brctl addif br-lan grelan0
ip link add grelan1 type gretap remote 192.168.31.3 local 192.168.31.1
ip link set dev grelan1 mtu 7000
ip link set grelan1 up
brctl addif br-lan grelan1
Ma hope o ka hoʻomaka hou ʻana i nā routers client, ua ʻike au no kekahi kumu ʻaʻole lākou e pili ana i ke kikowaena. Ma hope o ka hoʻopili ʻana i kā lākou SSH (mahalo, ua hoʻonohonoho mua wau i ka sshtunnel no kēia), ua ʻike au WireGuard No kekahi kumu, hana ia i kahi ala no ka hopena, akā hewa ia. No ka laʻana, no 192.168.30.2, ua kuhikuhi ka papa ala i kahi ala ma o ka interface pppoe-wan, ʻo ia hoʻi, ma o ka pūnaewele, ʻoiai ua kuhikuhi ʻia ke ala i laila ma o ka interface wg0. Ma hope o ka holoi ʻana i kēia ala, ua hoʻihoʻi ʻia ka pilina. Hiki iaʻu ke loaʻa nā kuhikuhi ma nā wahi āpau e pili ana i ka hoʻoikaika ʻana WireGuard ʻAʻole hiki iaʻu ke pale aku i ka hana ʻana i kēia mau ala. Eia kekahi, ʻaʻole maopopo iaʻu inā he hiʻohiʻona kēia o OpenWRT a i ʻole o ka WireGuardMe ka hoʻolilo ʻole ʻana i ka manawa nui e noʻonoʻo ai i ka pilikia, ua hoʻohui wale wau i kahi laina i ka script i hoʻokumu ʻia i ka manawa ma nā mea hoʻokele ʻelua i holoi i kēia ala:
route del 192.168.30.2
Loaʻa i luna
Hōʻole piha OpenVPN ʻAʻole au i hoʻokō i kēia, no ka mea, pono wau e hoʻopili i kahi pūnaewele hou mai kahi kamepiula lawe lima a kelepona paha i kekahi manawa, a ʻo ka hoʻonohonoho ʻana i kahi mea gretap ma luna o lākou he mea hiki ʻole. Eia naʻe, me kēia, ua loaʻa iaʻu kahi pōmaikaʻi i ka wikiwiki o ka hoʻoili ʻikepili ma waena o nā hale noho, a ʻo ka hoʻohana ʻana iā VNC, no ka laʻana, ua maʻalahi i kēia manawa. Ua emi iki ka Ping akā ua ʻoi aku ka paʻa:
Ke hoʻohana nei OpenVPN:
[r0ck3r@desktop ~]$ ping -c 20 192.168.10.110
PING 192.168.10.110 (192.168.10.110) 56(84) bytes of data.
64 bytes from 192.168.10.110: icmp_seq=1 ttl=64 time=133 ms
...
64 bytes from 192.168.10.110: icmp_seq=20 ttl=64 time=125 ms
--- 192.168.10.110 ping statistics ---
20 packets transmitted, 20 received, 0% packet loss, time 19006ms
rtt min/avg/max/mdev = 124.722/126.152/136.907/3.065 ms
Ke hoʻohana nei WireGuard:
[r0ck3r@desktop ~]$ ping -c 20 192.168.10.110
PING 192.168.10.110 (192.168.10.110) 56(84) bytes of data.
64 bytes from 192.168.10.110: icmp_seq=1 ttl=64 time=124 ms
...
64 bytes from 192.168.10.110: icmp_seq=20 ttl=64 time=124 ms
--- 192.168.10.110 ping statistics ---
20 packets transmitted, 20 received, 0% packet loss, time 19003ms
rtt min/avg/max/mdev = 123.954/124.423/126.708/0.675 ms
Hoʻopilikia nui ʻia e ka ping kiʻekiʻe i VPS ma kahi o 61.5ms
Eia nō naʻe, ua piʻi nui ka wikiwiki. No laila, ma ke keʻena me ka router-server, he 30 Mbps kaʻu wikiwiki o ka pilina pūnaewele, a ma nā keʻena ʻē aʻe he 5 Mbps. Eia kekahi, i ka wā e hoʻohana ai. OpenVPN ʻAʻole hiki iaʻu ke hoʻokō i ka wikiwiki o ka hoʻoili ʻikepili ma waena o nā pūnaewele ʻoi aku ma mua o 3,8 Mbps e like me nā heluhelu iperf, ʻoiai WireGuard "hoʻonui" iā ia i ka 5 Mbit/kekona like.
Kauoa WireGuard ma VPS[Interface]
Address = 192.168.30.1/24
ListenPort = 51820
PrivateKey = <ЗАКРЫТЫЙ_КЛЮЧ_ДЛЯ_VPS>
[Nānā]
Kī Lehulehu = <VPN_1_MS_PUBLIC_KEY>
ʻAe ʻia nā IP = 192.168.30.2/32
[Nānā]
Kī Lehulehu = <VPN_2_MK2_PUBLIC_KEY>
ʻAe ʻia nā IP = 192.168.30.3/32
[Nānā]
Kī Lehulehu = <VPN_2_MK3_PUBLIC_KEY>
ʻAe ʻia nā IP = 192.168.30.4/32
Kauoa WireGuard ma MS (i hoʻohui ʻia i /etc/config/network)
#VPN первого уровня - клиент
config interface 'wg0'
option proto 'wireguard'
list addresses '192.168.30.2/24'
option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_1_МС'
option auto '1'
option mtu '8000'
config wireguard_wg0
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_1_VPS'
option endpoint_port '51820'
option route_allowed_ips '1'
option persistent_keepalive '25'
list allowed_ips '192.168.30.0/24'
option endpoint_host 'IP_АДРЕС_VPS'
#VPN второго уровня - сервер
config interface 'wg1'
option proto 'wireguard'
option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_2_МС'
option listen_port '51821'
list addresses '192.168.31.1/24'
option auto '1'
option mtu '7500'
config wireguard_wg1
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_2_МК2'
list allowed_ips '192.168.31.2'
config wireguard_wg1ip link add grelan0 type gretap remote 192.168.31.1 local 192.168.31.3
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_2_МК3'
list allowed_ips '192.168.31.3'
Kauoa WireGuard ma MK2 (i hoʻohui ʻia i /etc/config/network)
#VPN первого уровня - клиент
config interface 'wg0'
option proto 'wireguard'
list addresses '192.168.30.3/24'
option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_1_МК2'
option auto '1'
option mtu '8000'
config wireguard_wg0
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_1_VPS'
option endpoint_port '51820'
option persistent_keepalive '25'
list allowed_ips '192.168.30.0/24'
option endpoint_host 'IP_АДРЕС_VPS'
#VPN второго уровня - клиент
config interface 'wg1'
option proto 'wireguard'
option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_2_МК2'
list addresses '192.168.31.2/24'
option auto '1'
option listen_port '51821'
option mtu '7500'
config wireguard_wg1
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_2_МС'
option endpoint_host '192.168.30.2'
option endpoint_port '51821'
option persistent_keepalive '25'
list allowed_ips '192.168.31.0/24'
Kauoa WireGuard ma MK3 (i hoʻohui ʻia i /etc/config/network)
#VPN первого уровня - клиент
config interface 'wg0'
option proto 'wireguard'
list addresses '192.168.30.4/24'
option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_1_МК3'
option auto '1'
option mtu '8000'
config wireguard_wg0
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_1_VPS'
option endpoint_port '51820'
option persistent_keepalive '25'
list allowed_ips '192.168.30.0/24'
option endpoint_host 'IP_АДРЕС_VPS'
#VPN второго уровня - клиент
config interface 'wg1'
option proto 'wireguard'
option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_2_МК3'
list addresses '192.168.31.3/24'
option auto '1'
option listen_port '51821'
option mtu '7500'
config wireguard_wg1
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_2_МС'
option endpoint_host '192.168.30.2'
option endpoint_port '51821'
option persistent_keepalive '25'
list allowed_ips '192.168.31.0/24'
Ma nā hoʻonohonoho i wehewehe ʻia no ka VPN pae lua, ke kuhikuhi aku nei au i nā mea kūʻai aku WireGuard ʻAwa 51821. ʻAʻole pono kēia, no ka mea, e hoʻokumu ka mea kūʻai aku i kahi pilina mai kekahi awa manuahi a ʻaʻohe pono, akā ua hana wau i kēia ala i hiki iaʻu ke hōʻole i nā pilina e komo mai ana ma nā interfaces wg0 o nā mea hoʻohele āpau, koe wale nō nā pilina UDP e komo mai ana i ka awa 51821.
Manaʻo wau e pono ka ʻatikala i kekahi.
PS Eia kekahi, makemake wau e kaʻana like i kaʻu palapala e hoʻouna mai iaʻu i kahi leka PUSH i kaʻu kelepona ma ka noi WirePusher ke ʻike ʻia kahi mea hou ma kaʻu pūnaewele. Eia kahi loulou i ka palapala: .
Kiʻi hou: Kauoa OpenVPN-nā kikowaena a me nā mea kūʻai aku
OpenVPN-server
client-to-client
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/vpn-server.crt
dh /etc/openvpn/server/dh.pem
key /etc/openvpn/server/vpn-server.key
dev tap
ifconfig-pool-persist /etc/openvpn/ipp.txt 0
keepalive 10 60
proto tcp4
server-bridge 192.168.10.1 255.255.255.0 192.168.10.80 192.168.10.254
status /var/log/openvpn-status.log
verb 3
comp-lzoOpenVPN-mea kūʻai aku
client
tls-client
dev tap
proto tcp
remote VPS_IP 1194 # Change to your router's External IP
resolv-retry infinite
nobind
ca client/ca.crt
cert client/client.crt
key client/client.key
dh client/dh.pem
comp-lzo
persist-tun
persist-key
verb 3 Ua hoʻohana au i ka easy-rsa e hana i nā palapala hōʻoia.
Source: www.habr.com
