Kuv xav qhia kuv qhov kev paub dhau los ntawm kev sib txuas cov tes hauj lwm hauv peb qhov chaw nyob deb nroog, txhua tus uas siv OpenWRT routers ua lub rooj vag, rau hauv ib qho kev sib koom tes. Thaum xaiv ib txoj hauv kev los sib txuas cov tes hauj lwm ntawm L3 nrog subnet routing thiab L2 nrog bridging, thaum tag nrho cov network nodes yuav nyob rau hauv tib lub subnet, nyiam yog muab rau tus thib ob txoj kev, uas yog nyuaj rau configure, tab sis muab lub sij hawm ntau dua, txij li thaum lub pob tshab siv thev naus laus zis tau npaj rau hauv lub network tsim Wake-on-Lan thiab DLNA.
Ntu 1: Keeb Kwm
OpenVPN tau raug xaiv los ua tus txheej txheem rau kev siv txoj haujlwm no, txij li thawj zaug, nws tuaj yeem tsim cov khoom siv kais dej uas tuaj yeem ntxiv rau tus choj yam tsis muaj teeb meem, thiab qhov thib ob, OpenVPN txhawb nqa kev ua haujlwm dhau TCP raws tu qauv, uas tseem ceeb heev, vim tsis muaj dab tsi. ntawm cov chav tsev muaj qhov chaw nyob IP nplooj siab, thiab kuv tsis tuaj yeem siv STUN, txij li kuv tus kws kho mob rau qee qhov laj thawj thaiv cov kev sib txuas UDP los ntawm lawv cov tes hauj lwm, thaum TCP raws tu qauv tso cai rau kuv xa mus rau VPN server chaw nres nkoj mus xauj VPS siv SSH. Yog lawm, txoj hauv kev no ua rau muaj kev thauj khoom loj, txij li cov ntaub ntawv tau muab zais ob zaug, tab sis kuv tsis xav qhia VPS rau hauv kuv lub network ntiag tug, vim tias tseem muaj kev pheej hmoo ntawm cov neeg thib peb tau txais kev tswj hwm nws, yog li ntawd, muaj cov cuab yeej zoo li no. ntawm kuv lub tsev network yog qhov tsis xav tau thiab nws tau txiav txim siab them nyiaj rau kev ruaj ntseg nrog nyiaj siv ua haujlwm loj.
Txhawm rau xa qhov chaw nres nkoj ntawm lub router uas nws tau npaj los xa cov neeg rau zaub mov, sshtunnel program tau siv. Kuv yuav tsis piav qhia txog qhov tsis sib xws ntawm nws qhov kev teeb tsa - nws tau ua tiav yooj yim heev, Kuv tsuas yog yuav nco ntsoov tias nws txoj haujlwm yog xa mus rau TCP chaw nres nkoj 1194 los ntawm router mus rau VPS. Tom ntej no, OpenVPN neeg rau zaub mov tau teeb tsa ntawm lub cuab yeej tap0, uas tau txuas nrog tus choj br-lan. Tom qab kuaj xyuas qhov kev sib txuas rau cov neeg siv khoom tsim tshiab los ntawm lub laptop, nws tau pom tseeb tias lub tswv yim ntawm kev xa mus rau qhov chaw nres nkoj tau tsim nyog thiab kuv lub laptop tau dhau los ua tswv cuab ntawm router lub network, txawm hais tias nws tsis yog lub cev hauv nws.
Tsuas muaj ib qho me me uas yuav tsum tau ua: nws yog qhov tsim nyog los faib IP chaw nyob hauv cov tsev sib txawv kom lawv tsis sib haum xeeb thiab teeb tsa cov routers li OpenVPN cov neeg siv khoom.
Cov nram qab no router IP chaw nyob thiab DHCP server ranges raug xaiv:
- 192.168.10.1 nrog ntau yam 192.168.10.2 - 192.168.10.80 rau lub server
- 192.168.10.100 nrog ntau yam 192.168.10.101 - 192.168.10.149 rau lub router hauv chav tsev No. 2
- 192.168.10.150 nrog ntau yam 192.168.10.151 - 192.168.10.199 rau lub router hauv chav tsev No. 3
Nws kuj tseem yuav tsum tau muab cov chaw nyob raws nraim rau cov neeg siv khoom routers ntawm OpenVPN server los ntawm kev ntxiv cov kab rau nws qhov kev teeb tsa:
ifconfig-pool-persist /etc/openvpn/ipp.txt 0thiab ntxiv cov kab hauv qab no rau cov ntaub ntawv /etc/openvpn/ipp.txt:
flat1_id 192.168.10.100
flat2_id 192.168.10.150
qhov twg flat1_id thiab flat2_id yog cov cuab yeej npe teev thaum tsim daim ntawv pov thawj rau kev txuas rau OpenVPN
Tom ntej no, OpenVPN cov neeg siv khoom tau teeb tsa ntawm lub routers, tap0 li ntawm ob qho tib si tau ntxiv rau tus choj br-lan. Nyob rau theem no, txhua yam zoo li zoo li tag nrho peb lub network tuaj yeem pom ib leeg thiab ua haujlwm ib leeg. Txawm li cas los xij, cov ntsiab lus tsis txaus siab tshwm sim: qee zaum cov cuab yeej tuaj yeem tau txais IP chaw nyob tsis yog los ntawm lawv lub router, nrog rau tag nrho cov txiaj ntsig tom qab. Rau qee qhov laj thawj, lub router hauv ib lub tsev tsis muaj sijhawm los teb rau DHCPDISCOVER raws sijhawm thiab lub cuab yeej tau txais qhov chaw nyob uas tsis tau npaj tseg. Kuv pom tau hais tias kuv yuav tsum tau lim cov kev thov no hauv tap0 ntawm txhua lub routers, tab sis raws li nws tau muab tawm, iptables tsis tuaj yeem ua haujlwm nrog lub cuab yeej yog tias nws yog ib feem ntawm tus choj thiab ebtables yuav tsum tuaj rau kuv pab. Ua rau kuv tu siab, nws tsis nyob hauv kuv lub firmware thiab kuv yuav tsum rov tsim kho cov duab rau txhua lub cuab yeej. Los ntawm kev ua qhov no thiab ntxiv cov kab no rau /etc/rc.local ntawm txhua lub router, qhov teeb meem tau daws:
ebtables -A INPUT --in-interface tap0 --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -A INPUT --in-interface tap0 --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP
ebtables -A FORWARD --out-interface tap0 --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -A FORWARD --out-interface tap0 --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP
Qhov kev teeb tsa no tau siv sijhawm peb xyoos.
Part 2: Qhia WireGuard
Tsis ntev los no, cov neeg hauv Is Taws Nem tau pib tham txog WireGuard, qhuas qhov yooj yim ntawm nws cov teeb tsa, kev sib kis ceev ceev, qis ping nrog kev ruaj ntseg zoo sib xws. Kev tshawb nrhiav cov ntaub ntawv ntxiv txog nws ua kom pom tseeb tias tsis ua haujlwm ua tus choj txuas lossis ua haujlwm dhau TCP raws tu qauv tau txais kev txhawb nqa los ntawm nws, uas ua rau kuv xav tias tseem tsis muaj lwm txoj hauv kev rau OpenVPN rau kuv. Yog li kuv tso tawm kom paub WireGuard.
Ob peb hnub dhau los, xov xwm tshaj tawm thoob plaws cov peev txheej ib txoj hauv kev lossis lwm yam ntsig txog IT uas WireGuard thaum kawg yuav suav nrog hauv Linux ntsiav, pib nrog version 5.6. Cov ntawv xov xwm, zoo li ib txwm, qhuas WireGuard. Kuv rov poob rau hauv kev tshawb nrhiav txoj hauv kev los hloov qhov zoo qub OpenVPN. Lub sijhawm no kuv tau khiav mus . Nws tham txog kev tsim Ethernet qhov hla L3 siv GRE. Zaj lus no muab kev cia siab rau kuv. Nws tseem tsis tau paub meej tias yuav ua li cas nrog UDP raws tu qauv. Kev tshawb nrhiav coj kuv mus rau cov lus hais txog kev siv socat ua ke nrog SSH qhov rau xa mus rau UDP chaw nres nkoj, txawm li cas los xij, lawv tau sau tseg tias txoj hauv kev no tsuas yog ua haujlwm hauv ib qho kev sib txuas, uas yog, kev ua haujlwm ntawm ntau tus neeg siv VPN yuav ua tsis tau. Kuv tuaj nrog lub tswv yim ntawm kev txhim kho VPN neeg rau zaub mov ntawm VPS thiab teeb tsa GRE rau cov neeg siv khoom, tab sis raws li nws tau muab tawm, GRE tsis txhawb kev encryption, uas yuav ua rau qhov tseeb tias yog tias peb tog tau nkag mus rau lub server. , tag nrho cov tsheb khiav ntawm kuv cov tes hauj lwm yuav nyob rau hauv lawv txhais tes, uas tsis haum kuv kiag li.
Ib zaug ntxiv, qhov kev txiav txim siab tau ua nyob rau hauv kev pom zoo ntawm redundant encryption, los ntawm kev siv VPN hla VPN siv cov txheej txheem hauv qab no:
Qib XNUMX VPN:
VPS nws yog neeg rau zaub mov nrog qhov chaw nyob sab hauv 192.168.30.1
MS nws yog tus neeg siv khoom VPS nrog qhov chaw nyob sab hauv 192.168.30.2
MK2 nws yog tus neeg siv khoom VPS nrog qhov chaw nyob sab hauv 192.168.30.3
MK3 nws yog tus neeg siv khoom VPS nrog qhov chaw nyob sab hauv 192.168.30.4
Qib thib ob VPN:
MS nws yog neeg rau zaub mov nrog qhov chaw nyob sab nraud 192.168.30.2 thiab sab hauv 192.168.31.1
MK2 nws yog tus neeg siv khoom MS nrog qhov chaw nyob 192.168.30.2 thiab muaj tus IP sab hauv 192.168.31.2
MK3 nws yog tus neeg siv khoom MS nrog qhov chaw nyob 192.168.30.2 thiab muaj tus IP sab hauv 192.168.31.3
* MS - router-server hauv chav tsev 1, MK2 - router hauv chav tsev 2, MK3 - router hauv chav tsev 3
* Kev teeb tsa cov cuab yeej raug luam tawm hauv qhov spoiler thaum kawg ntawm tsab xov xwm.
Thiab yog li ntawd, pings tab tom khiav ntawm lub network nodes 192.168.31.0/24, nws yog lub sijhawm txav mus los teeb tsa GRE qhov. Ua ntej no, txhawm rau kom tsis txhob plam kev nkag mus rau routers, nws tsim nyog teeb tsa SSH tunnels xa mus rau chaw nres nkoj 22 mus rau VPS, yog li ntawd, piv txwv li, router los ntawm chav tsev 10022 yuav nkag tau rau ntawm qhov chaw nres nkoj 2 ntawm VPS, thiab cov routers. router los ntawm chav tsev 11122 yuav nkag tau rau ntawm qhov chaw nres nkoj 3 router los ntawm chav tsev XNUMX. Nws yog qhov zoo tshaj rau kev teeb tsa kev xa mus siv tib lub sshtunnel, vim nws yuav rov qab los ntawm qhov av yog tias nws ua tsis tiav.
Lub qhov tau teeb tsa, koj tuaj yeem txuas rau SSH ntawm qhov chaw nres nkoj xa mus:
ssh root@МОЙ_VPS -p 10022Tom ntej no koj yuav tsum lov tes taw OpenVPN:
/etc/init.d/openvpn stopTam sim no cia peb teeb tsa GRE qhov ntawm lub router los ntawm chav tsev 2:
ip link add grelan0 type gretap remote 192.168.31.1 local 192.168.31.2
ip link set grelan0 up
Thiab ntxiv cov tsim interface rau tus choj:
brctl addif br-lan grelan0
Cia peb ua cov txheej txheem zoo sib xws ntawm lub server router:
ip link add grelan0 type gretap remote 192.168.31.2 local 192.168.31.1
ip link set grelan0 up
Thiab tseem ntxiv cov tsim interface rau tus choj:
brctl addif br-lan grelan0
pib ntawm lub sijhawm no, pings pib ua tiav mus rau lub network tshiab thiab kuv, nrog kev txaus siab, mus haus kas fes. Tom qab ntawd, txhawm rau ntsuas seb lub network ua haujlwm li cas ntawm lwm qhov kawg ntawm kab, kuv sim SSH rau hauv ib qho ntawm cov khoos phis tawj hauv chav tsev 2, tab sis tus neeg siv khoom ssh khov yam tsis tau hais kom tus password. Kuv tab tom sim txuas rau lub khoos phis tawj no ntawm telnet ntawm qhov chaw nres nkoj 22 thiab kuv pom ib txoj kab uas kuv tuaj yeem nkag siab tias qhov kev sib txuas tau tsim, SSH server tau teb, tab sis rau qee yam nws tsuas yog tsis ua rau kuv nkag mus. hauv.
$ telnet 192.168.10.110 22
SSH-2.0-OpenSSH_8.1
Kuv tab tom sim txuas rau nws ntawm VNC thiab pom lub vijtsam dub. Kuv ntseeg kuv tus kheej tias qhov teeb meem yog nrog lub khoos phis tawj tej thaj chaw deb, vim tias kuv tuaj yeem txuas tau yooj yim mus rau router los ntawm chav tsev no siv qhov chaw nyob sab hauv. Txawm li cas los xij, kuv txiav txim siab txuas mus rau SSH ntawm lub khoos phis tawj no los ntawm router thiab kuv xav tsis thoob thaum pom tias kev sib txuas ua tiav, thiab lub khoos phis tawj tej thaj chaw deb ua haujlwm zoo ib txwm, tab sis nws kuj tsis tuaj yeem txuas rau kuv lub computer.
Kuv tshem lub grelan0 ntaus ntawv los ntawm tus choj thiab khiav OpenVPN ntawm lub router hauv chav tsev 2 thiab xyuas kom meej tias lub network ua haujlwm raws li xav tau dua thiab kev sib txuas tsis poob. Los ntawm kev tshawb nrhiav kuv tuaj hla cov rooj sab laj uas tib neeg tsis txaus siab txog cov teeb meem tib yam, uas lawv tau qhia kom tsa MTU. Tsis tau hais sai dua li ua tiav. Txawm li cas los xij, kom txog thaum MTU tau teeb tsa siab txaus - 7000 rau cov khoom siv gretap, txawm tias poob TCP kev sib txuas lossis kev hloov pauv qis tau pom. Vim lub siab MTU rau gretap, MTUs rau Txheej 8000 thiab Txheej 7500 WireGuard kev sib txuas tau teem rau XNUMX thiab XNUMX raws li.
Kuv tau ua ib qho kev teeb tsa zoo sib xws ntawm lub router los ntawm chav tsev 3, nrog qhov sib txawv tsuas yog tias qhov thib ob gretap interface npe hu ua grelan1 tau ntxiv rau lub server router, uas kuj tau ntxiv rau br-lan choj.
Txhua yam ua haujlwm. Tam sim no koj tuaj yeem muab lub rooj sib txoos gretap rau hauv kev pib. Rau qhov no:
Kuv muab cov kab no tso rau hauv /etc/rc.local ntawm lub router hauv chav tsev 2:
ip link add grelan0 type gretap remote 192.168.31.1 local 192.168.31.2
ip link set dev grelan0 mtu 7000
ip link set grelan0 up
brctl addif br-lan grelan0
Ntxiv qhov no rau /etc/rc.local ntawm lub router hauv chav tsev 3:
ip link add grelan0 type gretap remote 192.168.31.1 local 192.168.31.3
ip link set dev grelan0 mtu 7000
ip link set grelan0 up
brctl addif br-lan grelan0
Thiab ntawm lub server router:
ip link add grelan0 type gretap remote 192.168.31.2 local 192.168.31.1
ip link set dev grelan0 mtu 7000
ip link set grelan0 up
brctl addif br-lan grelan0
ip link add grelan1 type gretap remote 192.168.31.3 local 192.168.31.1
ip link set dev grelan1 mtu 7000
ip link set grelan1 up
brctl addif br-lan grelan1
Tom qab rebooting tus neeg siv khoom routers, kuv pom tias vim qee qhov lawv tsis txuas rau lub server. Tau txuas nrog lawv SSH (zoo hmoo, kuv tau teeb tsa sshtunnel yav dhau los rau qhov no), nws tau pom tias vim li cas WireGuard tau tsim txoj hauv kev rau qhov kawg, tab sis nws tsis raug. Yog li, rau 192.168.30.2, cov lus qhia tau qhia ib txoj hauv kev los ntawm pppoe-wan interface, uas yog, los ntawm Is Taws Nem, txawm hais tias txoj kev mus rau nws yuav tsum tau dhau los ntawm wg0 interface. Tom qab rho tawm txoj kev no, qhov kev sib txuas tau rov qab los. Kuv nrhiav tsis tau cov lus qhia nyob qhov twg ntawm yuav ua li cas yuam WireGuard tsis txhob tsim cov kev no. Ntxiv mus, kuv tsis tau nkag siab txawm tias qhov no yog qhov tshwj xeeb ntawm OpenWRT lossis WireGuard nws tus kheej. Tsis tas yuav daws qhov teeb meem no ntev ntev, kuv tsuas yog ntxiv ib kab rau ob lub routers hauv ib lub sijhawm uas tau tshem tawm txoj kev no:
route del 192.168.30.2
Xaus rau
Kuv tseem tsis tau ua tiav qhov kev tso tseg ntawm OpenVPN, vim qee zaum kuv yuav tsum txuas mus rau lub network tshiab los ntawm lub laptop lossis xov tooj, thiab teeb tsa lub cuab yeej gretap rau lawv feem ntau ua tsis tau, tab sis txawm li cas los xij, kuv tau txais txiaj ntsig zoo hauv kev nrawm. ntawm cov ntaub ntawv hloov chaw ntawm cov tsev thiab, piv txwv li, siv VNC tsis yooj yim dua. Ping txo qis me ntsis, tab sis tau ruaj khov dua:
Thaum siv OpenVPN:
[r0ck3r@desktop ~]$ ping -c 20 192.168.10.110
PING 192.168.10.110 (192.168.10.110) 56(84) bytes of data.
64 bytes from 192.168.10.110: icmp_seq=1 ttl=64 time=133 ms
...
64 bytes from 192.168.10.110: icmp_seq=20 ttl=64 time=125 ms
--- 192.168.10.110 ping statistics ---
20 packets transmitted, 20 received, 0% packet loss, time 19006ms
rtt min/avg/max/mdev = 124.722/126.152/136.907/3.065 ms
Thaum siv WireGuard:
[r0ck3r@desktop ~]$ ping -c 20 192.168.10.110
PING 192.168.10.110 (192.168.10.110) 56(84) bytes of data.
64 bytes from 192.168.10.110: icmp_seq=1 ttl=64 time=124 ms
...
64 bytes from 192.168.10.110: icmp_seq=20 ttl=64 time=124 ms
--- 192.168.10.110 ping statistics ---
20 packets transmitted, 20 received, 0% packet loss, time 19003ms
rtt min/avg/max/mdev = 123.954/124.423/126.708/0.675 ms
Nws cuam tshuam ntau dua los ntawm qhov siab ping rau VPS, uas yog kwv yees li 61.5 ms
Txawm li cas los xij, qhov ceev tau nce ntau. Yog li, nyob rau hauv ib chav tsev nrog ib tug neeg rau zaub mov router kuv muaj ib tug Internet kev twb kev txuas ceev ntawm 30 Mbit / sec, thiab nyob rau hauv lwm qhov chaw nws yog 5 Mbit / sec. Tib lub sijhawm, thaum siv OpenVPN, kuv tsis tuaj yeem ua tiav cov ntaub ntawv hloov pauv ceev ntawm cov tes hauj lwm ntau dua 3,8 Mbit / sec raws li kev nyeem ntawv iperf, thaum WireGuard "boosted" nws mus rau tib 5 Mbit / sec.
WireGuard configuration ntawm VPS[Interface]
Address = 192.168.30.1/24
ListenPort = 51820
PrivateKey = <ЗАКРЫТЫЙ_КЛЮЧ_ДЛЯ_VPS>
[Peer]
PublicKey = <ОТКРЫТЫЙ_КЛЮЧ_VPN_1_МС>
AllowedIPs = 192.168.30.2/32
[Peer]
PublicKey = <ОТКРЫТЫЙ_КЛЮЧ_VPN_2_МК2>
AllowedIPs = 192.168.30.3/32
[Peer]
PublicKey = <ОТКРЫТЫЙ_КЛЮЧ_VPN_2_МК3>
AllowedIPs = 192.168.30.4/32
WireGuard configuration ntawm MS (ntxiv rau /etc/config/network)
#VPN первого уровня - клиент
config interface 'wg0'
option proto 'wireguard'
list addresses '192.168.30.2/24'
option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_1_МС'
option auto '1'
option mtu '8000'
config wireguard_wg0
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_1_VPS'
option endpoint_port '51820'
option route_allowed_ips '1'
option persistent_keepalive '25'
list allowed_ips '192.168.30.0/24'
option endpoint_host 'IP_АДРЕС_VPS'
#VPN второго уровня - сервер
config interface 'wg1'
option proto 'wireguard'
option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_2_МС'
option listen_port '51821'
list addresses '192.168.31.1/24'
option auto '1'
option mtu '7500'
config wireguard_wg1
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_2_МК2'
list allowed_ips '192.168.31.2'
config wireguard_wg1ip link add grelan0 type gretap remote 192.168.31.1 local 192.168.31.3
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_2_МК3'
list allowed_ips '192.168.31.3'
WireGuard configuration ntawm MK2 (ntxiv rau /etc/config/network)
#VPN первого уровня - клиент
config interface 'wg0'
option proto 'wireguard'
list addresses '192.168.30.3/24'
option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_1_МК2'
option auto '1'
option mtu '8000'
config wireguard_wg0
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_1_VPS'
option endpoint_port '51820'
option persistent_keepalive '25'
list allowed_ips '192.168.30.0/24'
option endpoint_host 'IP_АДРЕС_VPS'
#VPN второго уровня - клиент
config interface 'wg1'
option proto 'wireguard'
option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_2_МК2'
list addresses '192.168.31.2/24'
option auto '1'
option listen_port '51821'
option mtu '7500'
config wireguard_wg1
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_2_МС'
option endpoint_host '192.168.30.2'
option endpoint_port '51821'
option persistent_keepalive '25'
list allowed_ips '192.168.31.0/24'
WireGuard configuration ntawm MK3 (ntxiv rau /etc/config/network)
#VPN первого уровня - клиент
config interface 'wg0'
option proto 'wireguard'
list addresses '192.168.30.4/24'
option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_1_МК3'
option auto '1'
option mtu '8000'
config wireguard_wg0
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_1_VPS'
option endpoint_port '51820'
option persistent_keepalive '25'
list allowed_ips '192.168.30.0/24'
option endpoint_host 'IP_АДРЕС_VPS'
#VPN второго уровня - клиент
config interface 'wg1'
option proto 'wireguard'
option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_2_МК3'
list addresses '192.168.31.3/24'
option auto '1'
option listen_port '51821'
option mtu '7500'
config wireguard_wg1
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_2_МС'
option endpoint_host '192.168.30.2'
option endpoint_port '51821'
option persistent_keepalive '25'
list allowed_ips '192.168.31.0/24'
Hauv cov txheej txheem piav qhia rau qib thib ob VPN, Kuv taw tes rau WireGuard cov neeg siv khoom mus rau qhov chaw nres nkoj 51821. Hauv txoj kev xav, qhov no tsis tsim nyog, txij li tus neeg siv yuav tsim kev sib txuas los ntawm txhua qhov chaw nres nkoj dawb, tab sis kuv tau ua kom nws muaj peev xwm txwv tsis pub. tag nrho cov kev sib txuas tuaj ntawm wg0 interfaces ntawm tag nrho cov routers tshwj tsis yog cov khoom siv UDP txuas rau chaw nres nkoj 51821.
Kuv vam tias tsab xov xwm yuav muaj txiaj ntsig rau ib tus neeg.
PS Tsis tas li ntawd, kuv xav qhia kuv tsab ntawv uas xa kuv PUSH ceeb toom rau kuv lub xov tooj hauv daim ntawv thov WirePusher thaum lub cuab yeej tshiab tshwm hauv kuv lub network. Nov yog qhov txuas rau tsab ntawv: .
Hloov tshiab: Configuration ntawm OpenVPN server thiab cov neeg siv khoom
OpenVPN server
client-to-client
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/vpn-server.crt
dh /etc/openvpn/server/dh.pem
key /etc/openvpn/server/vpn-server.key
dev tap
ifconfig-pool-persist /etc/openvpn/ipp.txt 0
keepalive 10 60
proto tcp4
server-bridge 192.168.10.1 255.255.255.0 192.168.10.80 192.168.10.254
status /var/log/openvpn-status.log
verb 3
comp-lzoOpenVPN tus neeg siv khoom
client
tls-client
dev tap
proto tcp
remote VPS_IP 1194 # Change to your router's External IP
resolv-retry infinite
nobind
ca client/ca.crt
cert client/client.crt
key client/client.key
dh client/dh.pem
comp-lzo
persist-tun
persist-key
verb 3
Kuv siv yooj yim-rsa los tsim daim ntawv pov thawj
Tau qhov twg los: www.hab.com