Makemake au e kaʻana like i koʻu ʻike no ka hoʻohui ʻana i nā ʻupena i ʻekolu mau keʻena mamao, e hoʻohana ana kēlā me kēia mea i nā mea ala ala me OpenWRT ma ke ʻano he ʻīpuka, i loko o kahi pūnaewele maʻamau. Ke koho ʻana i kahi ala no ka hoʻohui ʻana i nā ʻupena ma waena o L3 me ka subnet routing a me L2 me ka bridging, i ka wā e noho ai nā nodes pūnaewele āpau i ka subnet hoʻokahi, hāʻawi ʻia ka makemake i ke ala ʻelua, ʻoi aku ka paʻakikī o ka hoʻonohonoho ʻana, akā hāʻawi i nā manawa hou aku, no ka mea. Ua hoʻolālā ʻia ka hoʻohana ʻana i nā ʻenehana i ka pūnaewele i hana ʻia ʻo Wake-on-Lan a me DLNA.
Māhele 1: Kāpae
Ua koho mua ʻia ʻo OpenVPN ma ke ʻano he protocol no ka hoʻokō ʻana i kēia hana, no ka mea, ʻo ka mea mua, hiki iā ia ke hana i kahi mea paʻi hiki ke hoʻohui ʻia i ke alahaka me ka ʻole o nā pilikia, a ʻo ka lua, kākoʻo ʻo OpenVPN i ka hana ma luna o ka protocol TCP, he mea nui hoʻi ia, no ka mea. ʻAʻohe o nā keʻena i hoʻolaʻa i ka IP address, a ʻaʻole hiki iaʻu ke hoʻohana iā STUN, no ka mea, no kekahi kumu e hoʻopaʻa ai kaʻu ISP i nā pilina UDP e komo mai ana mai kā lākou pūnaewele, ʻoiai ua ʻae ka protocol TCP iaʻu e hoʻouna i ke awa kikowaena VPN ma ka hoʻolimalima VPS me ka hoʻohana ʻana iā SSH. ʻAe, hāʻawi kēia ala i kahi ukana nui, no ka mea ua hoʻopili ʻia ka ʻikepili i ʻelua manawa, akā ʻaʻole wau makemake e hoʻokomo i ka VPS i kaʻu pūnaewele pilikino, no ka mea, aia nō ka pilikia o nā poʻe ʻekolu e loaʻa ai ka mana ma luna o ia mea, no laila, loaʻa iā ia kahi mea. ʻAʻole makemake nui ʻia ma ka pūnaewele home a ua hoʻoholo ʻia e uku no ka palekana me kahi overhead nui.
No ka hoʻokuʻu ʻana i ke awa ma ke alalai kahi i hoʻolālā ʻia e kau i ke kikowaena, ua hoʻohana ʻia ka polokalamu sshtunnel. ʻAʻole wau e wehewehe i ka paʻakikī o kāna hoʻonohonoho - hana maʻalahi kēia, ʻike wale wau ʻo kāna hana ʻo ia ka hoʻouna ʻana i ke awa TCP 1194 mai ke alalai i ka VPS. A laila, ua hoʻonohonoho ʻia ka server OpenVPN ma ka tap0 device, i hoʻopili ʻia i ke alahaka br-lan. Ma hope o ka nānā ʻana i ka pili ʻana i ka server hou i hana ʻia mai ka pona, ua maopopo ka manaʻo o ka hoʻouna ʻana i ke awa i hōʻoia ʻia ʻo ia iho a ua lilo kaʻu pona i lālā o ka pūnaewele o ke alalai, ʻoiai ʻaʻole ia i loko o ke kino.
Ua mau ka mea liʻiliʻi: pono ia e puʻunaue i nā leka uila IP ma nā keʻena like ʻole i kūʻē ʻole lākou a hoʻonohonoho i nā mea ala e like me nā mea kūʻai aku OpenVPN.
Ua koho ʻia nā helu IP router a me nā pae kikowaena DHCP:
- 192.168.10.1 me ka laulā 192.168.10.2 - 192.168.10.80 no ke kikowaena
- 192.168.10.100 me ka laulā 192.168.10.101 - 192.168.10.149 no ka mea alalai ma ke keena No. 2
- 192.168.10.150 me ka laulā 192.168.10.151 - 192.168.10.199 no ka mea alalai ma ke keena No. 3
Pono nō hoʻi e hāʻawi pololei i kēia mau ʻōlelo i nā mea hoʻokele o ka OpenVPN server ma ka hoʻohui ʻana i ka laina i kāna hoʻonohonoho:
ifconfig-pool-persist /etc/openvpn/ipp.txt 0a hoʻohui i kēia mau laina i ka faila /etc/openvpn/ipp.txt:
flat1_id 192.168.10.100
flat2_id 192.168.10.150
kahi flat1_id a me flat2_id nā inoa mea i kuhikuhi ʻia i ka wā e hana ai i nā palapala hōʻoia no ka hoʻopili ʻana iā OpenVPN
A laila, ua hoʻonohonoho ʻia nā mea kūʻai aku OpenVPN ma nā mea ala, ua hoʻohui ʻia nā mea tap0 ma nā mea ʻelua i ke alahaka br-lan. I kēia manawa, ua kūpono nā mea a pau, no ka mea, ʻike nā pūnaewele ʻekolu i kekahi i kekahi a hana holoʻokoʻa. Eia nō naʻe, ua ʻike ʻia kahi kikoʻī ʻoluʻolu ʻole: i kekahi manawa hiki i nā polokalamu ke loaʻa kahi IP address ʻaʻole mai kā lākou alalai, me nā hopena a pau e hiki mai ana. No kekahi kumu, ʻaʻohe manawa o ka mea alalai ma kekahi o nā keʻena e pane i ka DHCPDISCOVER i ka manawa a loaʻa i ka hāmeʻa ka helu hewa. Ua ʻike wau he pono iaʻu e kānana i kēlā mau noi ma tap0 ma kēlā me kēia o nā mea ala, akā e like me ka mea i ʻike ʻia, ʻaʻole hiki i nā iptables ke hana me kahi mea hana inā he ʻāpana ia o ke alahaka a e hele mai nā ebtables e hoʻopakele iaʻu. I koʻu mihi, ʻaʻole i loko o kaʻu firmware a pono wau e kūkulu hou i nā kiʻi no kēlā me kēia mea. Ma ka hana ʻana i kēia a hoʻohui i kēia mau laina i /etc/rc.local o kēlā me kēia router, ua hoʻoholo ʻia ka pilikia:
ebtables -A INPUT --in-interface tap0 --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -A INPUT --in-interface tap0 --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP
ebtables -A FORWARD --out-interface tap0 --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -A FORWARD --out-interface tap0 --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP
Ua mau kēia hoʻonohonoho no ʻekolu makahiki.
Mahele 2: Hoʻolauna WireGuard
I kēia mau lā, ke kamaʻilio nui nei ka Pūnaewele e pili ana iā WireGuard, mahalo i ka maʻalahi o kāna hoʻonohonoho ʻana, ka wikiwiki hoʻololi kiʻekiʻe, ka ping haʻahaʻa me ka palekana like. ʻO ka ʻimi ʻana i ka ʻike hou aʻe e pili ana i ia mea i maopopo ʻaʻole i kākoʻo ʻia ka hana ma ke ʻano he lālā alahaka a i ʻole hana ma ka protocol TCP e kākoʻo ʻia e ia, a ua manaʻo wau ʻaʻohe mea ʻē aʻe i OpenVPN noʻu. No laila ua haʻalele wau i ka ʻike iā WireGuard.
I kekahi mau lā i hala aku nei, hoʻolaha ʻia ka nūhou ma o nā kumuwaiwai i kekahi ala a i ʻole e pili ana i ka IT e hoʻokomo hope ʻia ʻo WireGuard i ka kernel Linux, e hoʻomaka ana me ka mana 5.6. ʻO nā ʻatikala nūhou, e like me nā manawa a pau, hoʻomaikaʻi iā WireGuard. Ua komo hou au i ka ʻimi ʻana i nā ala e pani ai i ka OpenVPN kahiko maikaʻi. I kēia manawa ua holo au i loko . Ua kamaʻilio e pili ana i ka hana ʻana i kahi kaila Ethernet ma luna o L3 me ka hoʻohana ʻana iā GRE. Hāʻawi kēia ʻatikala iaʻu i ka manaʻolana. ʻAʻole maopopo ka mea e hana ai me ka protocol UDP. ʻO ka huli ʻana i alakaʻi iaʻu i nā ʻatikala e pili ana i ka hoʻohana ʻana i ka socat i hui pū me kahi tunnel SSH e hoʻouna i kahi awa UDP, akā naʻe, ua ʻike lākou he hana wale kēia ala ma ke ʻano pili hoʻokahi, ʻo ia ka mea hiki ʻole i nā mea kūʻai aku VPN he nui. Ua hele mai au me ka manaʻo e hoʻonohonoho i kahi kikowaena VPN ma VPS, a hoʻonohonoho i ka GRE no nā mea kūʻai aku, akā e like me ka mea i ʻike ʻia, ʻaʻole kākoʻo ʻo GRE i ka hoʻopunipuni, e alakaʻi i ka ʻoiaʻiʻo inā loaʻa nā ʻaoʻao ʻekolu i ke kikowaena. Aia nā kaʻa a pau ma waena o kaʻu mau pūnaewele i ko lākou lima i kūpono ʻole iaʻu.
Eia hou, ua hoʻoholo ʻia ka hoʻoholo no ka hoʻopiʻi hou ʻana, ma o ka hoʻohana ʻana iā VPN ma VPN e like me ka hoʻolālā aʻe:
Papa XNUMX VPN:
VPS he kikowaena me ka helu kūloko 192.168.30.1
MS he mea kūʻai VPS me ka helu kūloko 192.168.30.2
MK2 he mea kūʻai VPS me ka helu kūloko 192.168.30.3
MK3 he mea kūʻai VPS me ka helu kūloko 192.168.30.4
Lae XNUMX VPN:
MS he kikowaena me ka helu waho 192.168.30.2 a me loko 192.168.31.1
MK2 he mea kūʻai MS me ka helu wahi 192.168.30.2 a he IP kūloko o 192.168.31.2
MK3 he mea kūʻai MS me ka helu wahi 192.168.30.2 a he IP kūloko o 192.168.31.3
* MS - ka mea hoʻohana router ma ke keʻena 1, MK2 - ke alalai ma ke keʻena 2, MK3 - ke alalai ma ke keʻena 3
* Hoʻopuka ʻia ka hoʻonohonoho ʻana o nā hāmeʻa ma ka mea hao ma ka hope o ka ʻatikala.
A no laila, pings ma waena o nā nodes o ka pūnaewele 192.168.31.0/24 hele, ʻo ia ka manawa e neʻe ai i ka hoʻonohonoho ʻana i ka tunnel GRE. Ma mua o kēlā, i ʻole e nalowale i ke komo ʻana i nā mea hoʻokele, pono e hoʻonohonoho i nā tunnels SSH e hoʻouna i ke awa 22 i ka VPS, no laila, no ka laʻana, e loaʻa kahi router mai ke keʻena 10022 ma ke awa 2 o ka VPS, a me kahi e loaʻa ana ka mea hoʻokele mai ke keʻena 11122 ma ke awa 3 o ka VPS. router mai ke keʻena XNUMX. ʻOi aku ka maikaʻi o ka hoʻonohonoho ʻana i ka hoʻouna ʻana me ka sshtunnel like, no ka mea e hoʻihoʻi ia i ka tunnel inā hāʻule.
Hoʻonohonoho ʻia ka tunnel, hiki iā ʻoe ke hoʻopili iā SSH ma o ke awa i hoʻouna ʻia:
ssh root@МОЙ_VPS -p 10022A laila, hoʻopau i ka OpenVPN:
/etc/init.d/openvpn stopI kēia manawa, e hoʻonohonoho kāua i kahi tunnel GRE ma ke alalai mai ke keʻena 2:
ip link add grelan0 type gretap remote 192.168.31.1 local 192.168.31.2
ip link set grelan0 up
A hoʻohui i ka interface i hana ʻia i ke alahaka:
brctl addif br-lan grelan0
E hana kāua i kahi kaʻina hana like ma ka mea hoʻokele kikowaena:
ip link add grelan0 type gretap remote 192.168.31.2 local 192.168.31.1
ip link set grelan0 up
A, e hoʻohui pū i ka interface i hana ʻia i ke alahaka:
brctl addif br-lan grelan0
e hoʻomaka ana mai kēia manawa, hoʻomaka nā pings e hele maikaʻi i ka pūnaewele hou a ʻo wau, me ka hauʻoli, hele wau e inu kofe. A laila, e ʻike i ke ʻano o ka hana ʻana o ka pūnaewele ma ka ʻaoʻao ʻē aʻe o ka uea, hoʻāʻo wau e SSH i loko o kekahi o nā kamepiula ma ke keʻena 2, akā paʻa ka mea kūʻai aku ssh me ka ʻole o ka koi ʻana iaʻu i kahi ʻōlelo huna. Ke ho'āʻo nei au e hoʻohui i kēia kamepiula ma o telnet ma ke awa 22 a ʻike i kahi laina e hiki ai iā ʻoe ke hoʻomaopopo i ka hoʻokumu ʻia ʻana o ka pilina, ke pane mai nei ka server SSH, akā no kekahi kumu ʻaʻole ia e hāʻawi iaʻu e komo.
$ telnet 192.168.10.110 22
SSH-2.0-OpenSSH_8.1
Ke hoʻāʻo nei au e hoʻopili iā ia ma o VNC a ʻike wau i kahi pale ʻeleʻele. Ke hōʻoiaʻiʻo nei wau iaʻu iho aia ka mea i ka kamepiula mamao, no ka mea hiki iaʻu ke hoʻopili maʻalahi i ke alalai mai kēia keʻena me ka hoʻohana ʻana i ka helu kūloko. Eia naʻe, hoʻoholo wau e SSH i loko o kēia kamepiula ma o ke alalai a kāhāhā wau i ka ʻike ʻana ua kūleʻa ka pilina a hana maikaʻi ke kamepiula mamao akā ʻaʻole hiki ke hoʻopili i kaʻu kamepiula.
Lawe au i ka mea grelan0 mai ke alahaka a hoʻomaka i ka OpenVPN ma ke alalai ma ke keʻena 2 a hōʻoia i ka hana hou ʻana o ka pūnaewele a ʻaʻole e hāʻule nā pilina. Ke ʻimi nei, ʻike au i nā ʻaha kūkā kahi e hoʻopiʻi ai ka poʻe e pili ana i nā pilikia like, kahi e ʻōlelo ʻia ai lākou e hāpai i ka MTU. ʻAʻole i ʻōlelo koke ʻia. Eia nō naʻe, a hiki i ka manawa i hoʻonoho ʻia ai ka MTU i kahi waiwai nui o 7000 no nā polokalamu gretap, ʻike ʻia ka haʻalele ʻana i nā pilina TCP a i ʻole nā hoʻouna lohi. Ma muli o ka MTU kiʻekiʻe no ka gretap, ua hoʻonohonoho ʻia nā MTU no nā pilina WireGuard o ka pae mua a me ka lua i 8000 a me 7500.
Ua hana au i kahi hoʻonohonoho like ma ke alalai mai ke keʻena 3, me ka ʻokoʻa wale nō ʻo ka lua o ka gretap interface i kapa ʻia ʻo grelan1 i hoʻohui ʻia i ka router server, i hoʻohui pū ʻia i ke alahaka br-lan.
Ke hana nei nā mea a pau. I kēia manawa hiki iā ʻoe ke hoʻokomo i ka hui gretap i autoload. No kēia:
Kau i kēia mau laina ma /etc/rc.local ma ke alalai ma ke keʻena 2:
ip link add grelan0 type gretap remote 192.168.31.1 local 192.168.31.2
ip link set dev grelan0 mtu 7000
ip link set grelan0 up
brctl addif br-lan grelan0
Hoʻohui ʻia kēia i /etc/rc.local ma ke alalai ma ke keʻena 3:
ip link add grelan0 type gretap remote 192.168.31.1 local 192.168.31.3
ip link set dev grelan0 mtu 7000
ip link set grelan0 up
brctl addif br-lan grelan0
A ma ka mea alalai kikowaena:
ip link add grelan0 type gretap remote 192.168.31.2 local 192.168.31.1
ip link set dev grelan0 mtu 7000
ip link set grelan0 up
brctl addif br-lan grelan0
ip link add grelan1 type gretap remote 192.168.31.3 local 192.168.31.1
ip link set dev grelan1 mtu 7000
ip link set grelan1 up
brctl addif br-lan grelan1
Ma hope o ka hoʻihoʻi hou ʻana i nā mea hoʻokele o ka mea kūʻai aku, ʻike wau no kekahi kumu ʻaʻole lākou i pili i ke kikowaena. Ke hoʻohui nei i kā lākou SSH (ʻoluʻolu, ua hoʻonohonoho mua wau i ka sshtunnel no kēia), ua ʻike ʻia ʻo WireGuard no kekahi kumu e hana i kahi ala no ka hopena, ʻoiai ʻaʻole pololei. No laila, no 192.168.30.2, ua kuhikuhi ʻia ka papa kuhikuhi ma ka papa kuhikuhi ma o ka pppoe-wan interface, ʻo ia hoʻi, ma o ka Pūnaewele, ʻoiai ʻo ke ala e hele ai i kuhikuhi ʻia ma o ka interface wg0. Ma hope o ka holoi ʻana i kēia ala, ua hoʻihoʻi ʻia ka pilina. ʻAʻole hiki iaʻu ke ʻike i nā ʻōlelo aʻoaʻo ma nā wahi āpau e pili ana i ka hoʻoikaika ʻana iā WireGuard ʻaʻole e hana i kēia mau ala. Eia kekahi, ʻaʻole wau i maopopo inā he hiʻohiʻona kēia o OpenWRT, a i ʻole WireGuard ponoʻī. Me ka ʻole o ka hoʻoponopono ʻana i kēia pilikia no ka manawa lōʻihi, ua hoʻohui wale au i nā mea hoʻokele ʻelua i kahi palapala i hoʻopaʻa ʻia e kahi manawa, kahi laina i kāpae i kēia ala:
route del 192.168.30.2
Loaʻa i luna
ʻAʻole i loaʻa iaʻu ka hōʻole piha ʻana iā OpenVPN, no ka mea, i kekahi manawa pono wau e hoʻopili i kahi pūnaewele hou mai kahi pona a kelepona paha, a ʻo ka hoʻonohonoho ʻana i kahi mea gretap ma luna o lākou he mea hiki ʻole, akā naʻe, loaʻa iaʻu kahi pōmaikaʻi i ka hoʻoili ʻikepili. ʻO ka wikiwiki ma waena o nā hale noho a, no ka laʻana, ʻaʻole i maʻalahi ka hoʻohana ʻana iā VNC. Ua emi iki ka ping, akā ua ʻoi aku ka paʻa:
Ke hoʻohana nei iā OpenVPN:
[r0ck3r@desktop ~]$ ping -c 20 192.168.10.110
PING 192.168.10.110 (192.168.10.110) 56(84) bytes of data.
64 bytes from 192.168.10.110: icmp_seq=1 ttl=64 time=133 ms
...
64 bytes from 192.168.10.110: icmp_seq=20 ttl=64 time=125 ms
--- 192.168.10.110 ping statistics ---
20 packets transmitted, 20 received, 0% packet loss, time 19006ms
rtt min/avg/max/mdev = 124.722/126.152/136.907/3.065 ms
Ke hoʻohana nei i ka WireGuard:
[r0ck3r@desktop ~]$ ping -c 20 192.168.10.110
PING 192.168.10.110 (192.168.10.110) 56(84) bytes of data.
64 bytes from 192.168.10.110: icmp_seq=1 ttl=64 time=124 ms
...
64 bytes from 192.168.10.110: icmp_seq=20 ttl=64 time=124 ms
--- 192.168.10.110 ping statistics ---
20 packets transmitted, 20 received, 0% packet loss, time 19003ms
rtt min/avg/max/mdev = 123.954/124.423/126.708/0.675 ms
Hoʻopilikia nui ʻia e ka ping kiʻekiʻe i VPS ma kahi o 61.5ms
Eia naʻe, ua piʻi nui ka wikiwiki. No laila, i loko o kahi keʻena me kahi router-server, loaʻa iaʻu kahi wikiwiki pili pūnaewele o 30 Mbps, a ma nā hale ʻē aʻe, 5 Mbps. I ka manawa like, i ka hoʻohana ʻana iā OpenVPN, ʻaʻole hiki iaʻu ke hoʻokō i ka helu hoʻoili data ma waena o nā pūnaewele ʻoi aku ma mua o 3,8 Mbps e like me iperf, ʻoiai ʻo WireGuard "pumi" iā ia a hiki i ka 5 Mbps like.
Hoʻonohonoho WireGuard ma VPS[Interface]
Address = 192.168.30.1/24
ListenPort = 51820
PrivateKey = <ЗАКРЫТЫЙ_КЛЮЧ_ДЛЯ_VPS>
[Peer]
PublicKey = <ОТКРЫТЫЙ_КЛЮЧ_VPN_1_МС>
AllowedIPs = 192.168.30.2/32
[Peer]
PublicKey = <ОТКРЫТЫЙ_КЛЮЧ_VPN_2_МК2>
AllowedIPs = 192.168.30.3/32
[Peer]
PublicKey = <ОТКРЫТЫЙ_КЛЮЧ_VPN_2_МК3>
AllowedIPs = 192.168.30.4/32
Hoʻonohonoho WireGuard ma MS (hoʻohui ʻia i /etc/config/network)
#VPN первого уровня - клиент
config interface 'wg0'
option proto 'wireguard'
list addresses '192.168.30.2/24'
option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_1_МС'
option auto '1'
option mtu '8000'
config wireguard_wg0
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_1_VPS'
option endpoint_port '51820'
option route_allowed_ips '1'
option persistent_keepalive '25'
list allowed_ips '192.168.30.0/24'
option endpoint_host 'IP_АДРЕС_VPS'
#VPN второго уровня - сервер
config interface 'wg1'
option proto 'wireguard'
option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_2_МС'
option listen_port '51821'
list addresses '192.168.31.1/24'
option auto '1'
option mtu '7500'
config wireguard_wg1
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_2_МК2'
list allowed_ips '192.168.31.2'
config wireguard_wg1ip link add grelan0 type gretap remote 192.168.31.1 local 192.168.31.3
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_2_МК3'
list allowed_ips '192.168.31.3'
Hoʻonohonoho WireGuard ma MK2 (hoʻohui ʻia i /etc/config/network)
#VPN первого уровня - клиент
config interface 'wg0'
option proto 'wireguard'
list addresses '192.168.30.3/24'
option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_1_МК2'
option auto '1'
option mtu '8000'
config wireguard_wg0
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_1_VPS'
option endpoint_port '51820'
option persistent_keepalive '25'
list allowed_ips '192.168.30.0/24'
option endpoint_host 'IP_АДРЕС_VPS'
#VPN второго уровня - клиент
config interface 'wg1'
option proto 'wireguard'
option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_2_МК2'
list addresses '192.168.31.2/24'
option auto '1'
option listen_port '51821'
option mtu '7500'
config wireguard_wg1
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_2_МС'
option endpoint_host '192.168.30.2'
option endpoint_port '51821'
option persistent_keepalive '25'
list allowed_ips '192.168.31.0/24'
Hoʻonohonoho WireGuard ma MK3 (hoʻohui ʻia i /etc/config/network)
#VPN первого уровня - клиент
config interface 'wg0'
option proto 'wireguard'
list addresses '192.168.30.4/24'
option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_1_МК3'
option auto '1'
option mtu '8000'
config wireguard_wg0
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_1_VPS'
option endpoint_port '51820'
option persistent_keepalive '25'
list allowed_ips '192.168.30.0/24'
option endpoint_host 'IP_АДРЕС_VPS'
#VPN второго уровня - клиент
config interface 'wg1'
option proto 'wireguard'
option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_2_МК3'
list addresses '192.168.31.3/24'
option auto '1'
option listen_port '51821'
option mtu '7500'
config wireguard_wg1
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_2_МС'
option endpoint_host '192.168.30.2'
option endpoint_port '51821'
option persistent_keepalive '25'
list allowed_ips '192.168.31.0/24'
Ma nā hoʻonohonoho i ho'ākākaʻia no ka VPN paeʻelua, ke kuhikuhi nei au i ka port 51821 i nā mea kūʻai WireGuard. Ma ke kumumanaʻo,ʻaʻole pono kēia, no ka mea, e hoʻokumu ka mea kūʻai i kahi pilina mai kekahi awa kūʻokoʻaʻole, akā, ua hana wau i mea e hiki ai i nā pilina komo. hiki ke hōʻole ʻia ma nā ʻaoʻao wg0 o nā mea ala āpau, koe naʻe nā pilina UDP e komo mai ana ma ke awa 51821.
Manaʻo wau e pono ka ʻatikala i kekahi.
PS Eia kekahi, makemake wau e kaʻana like i kaʻu palapala e hoʻouna mai iaʻu i kahi leka PUSH i kaʻu kelepona ma ka noi WirePusher ke ʻike ʻia kahi mea hou ma kaʻu pūnaewele. Eia kahi loulou i ka palapala: .
Kiʻi hou: OpenVPN kikowaena a me nā mea kūʻai aku hoʻonohonoho
OpenVPN kikowaena
client-to-client
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/vpn-server.crt
dh /etc/openvpn/server/dh.pem
key /etc/openvpn/server/vpn-server.key
dev tap
ifconfig-pool-persist /etc/openvpn/ipp.txt 0
keepalive 10 60
proto tcp4
server-bridge 192.168.10.1 255.255.255.0 192.168.10.80 192.168.10.254
status /var/log/openvpn-status.log
verb 3
comp-lzoOpenVPN mea kūʻai
client
tls-client
dev tap
proto tcp
remote VPS_IP 1194 # Change to your router's External IP
resolv-retry infinite
nobind
ca client/ca.crt
cert client/client.crt
key client/client.key
dh client/dh.pem
comp-lzo
persist-tun
persist-key
verb 3
Ua hoʻohana au i ka easy-rsa e hana i nā palapala hōʻoia.
Source: www.habr.com