Ọ ga-amasị m ịkekọrịta ahụmịhe m nke ijikọ netwọkụ n'ime ụlọ atọ dịpụrụ adịpụ, nke ọ bụla n'ime ha na-eji ndị njem OpenWRT dị ka ọnụ ụzọ ámá, n'ime otu netwọkụ nkịtị. Mgbe ị na-ahọrọ usoro maka ijikọta netwọk n'etiti L3 na subnet routing na L2 na bridging, mgbe niile netwọk ọnụ ga-abụ na otu subnet, mmasị e nyere nke abụọ usoro, nke siri ike hazi, ma na-enye ohere ka ukwuu, ebe ọ bụ na E mere atụmatụ iji teknụzụ mee ihe n'ụzọ doro anya na netwọk a na-emepụta Wake-on-Lan na DLNA.
Akụkụ 1: ndabere
Usoro a họọrọ iji mejuputa ọrụ a bụ na mbụ OpenVPN, n'ihi na, nke mbụ, ọ nwere ike ịmepụta ngwaọrụ ọkpọkọ nke enwere ike itinye na akwa mmiri ahụ n'enweghị nsogbu ọ bụla, na nke abụọ, OpenVPN Ọ na-akwado TCP, nke dịkwa mkpa, ebe ọ bụ na ọ dịghị otu n'ime ụlọ ndị ahụ nwere adreesị IP raara onwe ya nye. Enweghị m ike iji STUN n'ihi na ISP m, n'ihi ihe ụfọdụ, na-egbochi njikọ UDP na-abata na netwọk ya. TCP nyere m ohere izipu ọdụ ụgbọ mmiri sava VPN na VPS a gbaziri agbaziri site na iji SSH. Ọ bụ ezie na ụzọ a na-emepụta nnukwu ego, ebe ọ bụ na data ahụ na-ezochi ya ugboro abụọ, achọghị m itinye VPS na netwọk nkeonwe m, ebe enwere ihe egwu nke ndị ọzọ ga-achịkwa ya. Ya mere, inwe ngwaọrụ dị otú ahụ na netwọk ụlọ m abụghị ihe a na-achọsi ike, ya mere ekpebiri m ịkwụ nnukwu ego maka nchekwa.
Iji ziga ọdụ ụgbọ mmiri dị na rawụta ebe a chọrọ itinye sava ahụ, ejiri m mmemme sshtunnel. Agaghị m abanye na nkọwa nke nhazi ya - ọ dị mfe. Aga m aghọta na ebumnuche ya bụ ibugharị ọdụ ụgbọ mmiri TCP 1194 site na rawụta gaa na VPS. Na-esote, ahaziri m sava ahụ. OpenVPN Na ngwaọrụ tap0, nke ejikọtara na akwa mmiri br-lan. Mgbe m nwalechara njikọ na sava ọhụrụ e mepụtara site na laptọọpụ m, o doro anya na echiche mbugharị ọdụ ụgbọ mmiri arụọla ọrụ, laptọọpụ m aghọọla onye otu netwọk rawụta ahụ, ọ bụ ezie na ọ bụghị akụkụ ya n'anụ ahụ.
Naanị ihe fọdụrụ bụ ikesa adreesị IP n'ụlọ dị iche iche ka ha ghara ịkpaghasị ma hazie rawụta dịka OpenVPN-ndị ahịa.
Ahọpụtara adreesị IP nke rawụta na nso nsonye DHCP:
- 192.168.10.1 na nso nso 192.168.10.2 - 192.168.10.80 maka ihe nkesa
- 192.168.10.100 na nso nso 192.168.10.101 - 192.168.10.149 maka rawụta na ulo No. 2
- 192.168.10.150 na nso nso 192.168.10.151 - 192.168.10.199 maka rawụta na ulo No. 3
Ọ dịkwa mkpa ịnye adreesị ndị a nye ndị na-ahụ maka rawụta ndị ahịa. OpenVPN-server, site na ịgbakwunye ahịrị na-esonụ na nhazi ya:
ifconfig-pool-persist /etc/openvpn/ipp.txt 0ma tinye ahịrị ndị a na faịlụ /etc/openvpn/ipp.txt:
flat1_id 192.168.10.100
flat2_id 192.168.10.150
ebe flat1_id na flat2_id bụ aha ngwaọrụ akọwapụtara mgbe a na-emepụta asambodo maka ijikọ na OpenVPN
Mgbe nke ahụ gasịrị, a haziri routers ahụ OpenVPN- ndị ahịa, ngwaọrụ tap0 dị na ha abụọ ka etinyere na akwa br-lan. N'oge a, ihe niile yiri ka ọ dị mma, ebe netwọk atọ ahụ nwere ike ịhụ ibe ha ma rụọ ọrụ dị ka otu unit. Agbanyeghị, nkọwa na-adịghị mma pụtara: mgbe ụfọdụ ngwaọrụ ga-enweta adreesị IP site na rawụta na-ezighi ezi, yana ihe niile na-esi na ya pụta. N'ihi ihe ụfọdụ, rawụta dị n'otu n'ime ụlọ ndị ahụ azaghị DHCPDISCOVER n'oge, ngwaọrụ ahụ wee nweta adreesị na-ezighi ezi. Aghọtara m na achọrọ m nzacha arịrịọ ndị dị otú ahụ na tap0 na rawụta ọ bụla, mana dịka o si pụta, iptables enweghị ike ịrụ ọrụ na ngwaọrụ ma ọ bụrụ na ọ bụ akụkụ nke akwa, yabụ achọrọ m iji ebtables. N'ụzọ dị mwute, firmware m etinyeghị ya, yabụ aghaghị m iwughachi onyonyo maka ngwaọrụ ọ bụla. Mgbe m mere nke a ma tinye ahịrị ndị a na /etc/rc.local na rawụta ọ bụla, edoziri nsogbu ahụ:
ebtables -A INPUT --in-interface tap0 --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -A INPUT --in-interface tap0 --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP
ebtables -A FORWARD --out-interface tap0 --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -A FORWARD --out-interface tap0 --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP
Nhazi a were afọ atọ.
Nkebi nke Abụọ: Ịmata Ihe WireGuard
N'oge na-adịbeghị anya, okwu gbasara ya na-abawanye ụba n'ịntanetị. WireGuard, na-enwe mmasị na mfe nhazi ya, ọsọ mbufe dị elu, obere ping, na nchekwa yiri ya. Nchọta maka ozi ndị ọzọ gbasara ya gosiri na ọ naghị akwado nkwado bridge member ma ọ bụ TCP protocol, nke mere ka m chee na ọ dịghị ihe ọzọ. OpenVPN maka m, ọ ka nọghị ebe ahụ. Ya mere, egbuola m oge ịmata ihe WireGuard.
Ụbọchị ole na ole gara aga, akụkọ gbasara site na akụrụngwa metụtara IT n'otu ụzọ ma ọ bụ ọzọ nke WireGuard a ga-etinye ya n'ime kernel n'ikpeazụ Linuxmalite na ụdị 5.6. Dịka ọ dị na mbụ, e toro akụkọ akụkọ WireGuardM tinyere onwe m ọzọ n'ịchọ ụzọ m ga-esi dochie ndị ochie dị mma OpenVPNOge a, m zutere . Ọ na-ekwu maka ịmepụta ọwara Ethernet n'elu L3 iji GRE. Isiokwu a mere ka m nwee olileanya. Ọ ka edobeghị ihe a ga-eme na protocol UDP. Nchọgharị ahụ mere ka m nweta akụkọ gbasara iji socat na njikọ SSH na-ebugharị ọdụ ụgbọ mmiri UDP, Otú ọ dị, ha kwuru na usoro a na-arụ ọrụ naanị n'otu ọnọdụ njikọ, ya bụ, ọrụ nke ọtụtụ ndị ahịa VPN agaghị ekwe omume. Abịara m n'echiche nke ịwụnye ihe nkesa VPN na VPS na ịtọlite GRE maka ndị ahịa, ma dị ka ọ tụgharịrị, GRE anaghị akwado izo ya ezo, nke ga-eduga n'eziokwu na ọ bụrụ na ndị ọzọ nweta ohere ịnweta ihe nkesa ahụ. , All traffic between my networks will be in their hands , which didn’t suit me at all.
Ọzọkwa, e mere mkpebi ahụ maka nkwado nzuzo nzuzo, site na iji VPN n'elu VPN site na iji atụmatụ ndị a:
VPN Ọkwa XNUMX:
VPS Ọ bụ ihe nkesa nwere adreesị ime 192.168.30.1
MC Ọ bụ onye ahịa VPS nwere adreesị ime 192.168.30.2
MK2 Ọ bụ onye ahịa VPS nwere adreesị ime 192.168.30.3
MK3 Ọ bụ onye ahịa VPS nwere adreesị ime 192.168.30.4
VPN larịị nke abụọ:
MC Ọ bụ ihe nkesa nwere adreesị mpụga 192.168.30.2 na nke ime 192.168.31.1
MK2 Ọ bụ onye ahịa MC nwere adreesị 192.168.30.2 ma nwee IP 192.168.31.2
MK3 Ọ bụ onye ahịa MC nwere adreesị 192.168.30.2 ma nwee IP 192.168.31.3
* MC - ihe nkesa rawụta na ụlọ 1, MK2 - rawụta n'ime ụlọ 2, MK3 - router n'ime ụlọ 3
* A na-ebipụta nhazi ngwaọrụ na onye na-emebi ihe na njedebe nke akụkọ ahụ.
Ya mere, pings na-agba ọsọ n'etiti oghere netwọk 192.168.31.0/24, ọ bụ oge ịkwaga n'ihu na ịtọ ntọala GRE. Tupu nke a, ka ị ghara ịlanarị ndị na-anya ụgbọ ala, ọ bara uru ịtọlite SSH tunnels iji zipu ọdụ ụgbọ mmiri 22 na VPS, nke mere na, dịka ọmụmaatụ, rawụta sitere na ụlọ 10022 ga-enweta na ọdụ ụgbọ mmiri 2 nke VPS, yana router si na ụlọ 11122 ga-enweta na ọdụ ụgbọ mmiri 3 rawụta site na ụlọ XNUMX. Ọ kachasị mma ịhazi ebugharị site na iji otu sshtunnel, ebe ọ ga-eweghachi ọwara ahụ ma ọ bụrụ na ọ daa.
A haziri ọwara ahụ, ị nwere ike jikọọ na SSH site na ọdụ ụgbọ mmiri ebufere:
ssh root@МОЙ_VPS -p 10022Ọzọ ị kwesịrị gbanyụọ OpenVPN:
/etc/init.d/openvpn stopUgbu a, ka anyị guzobe ọwara GRE na rawụta site na ụlọ 2:
ip link add grelan0 type gretap remote 192.168.31.1 local 192.168.31.2
ip link set grelan0 up
Ma tinye interface emepụtara na akwa mmiri:
brctl addif br-lan grelan0
Ka anyị mee otu usoro ahụ na rawụta nkesa:
ip link add grelan0 type gretap remote 192.168.31.2 local 192.168.31.1
ip link set grelan0 up
Ma tinyekwa interface emepụtara na akwa mmiri:
brctl addif br-lan grelan0
malite n'oge a, pings na-amalite ịga nke ọma na netwọk ọhụrụ na m, na afọ ojuju, na-aga ịṅụ kọfị. Mgbe ahụ, iji nyochaa otú netwọk ahụ si arụ ọrụ na njedebe nke ọzọ nke ahịrị ahụ, m na-agbalị ịbanye SSH n'ime otu kọmputa dị na ụlọ 2, mana onye ahịa ssh na-atụgharị na-enweghị mkpa maka paswọọdụ. Ana m agbalị ijikọ na kọmpụta a site na telnet na ọdụ ụgbọ mmiri 22 wee hụ ahịrị nke m nwere ike ịghọta na njikọ ahụ na-eguzobe, ihe nkesa SSH na-aza, mana n'ihi ihe ụfọdụ ọ naghị eme ka m banye. n'ime.
$ telnet 192.168.10.110 22
SSH-2.0-OpenSSH_8.1
Ana m agbalị ijikọ ya site na VNC wee hụ ihuenyo ojii. M kwenye onwe m na nsogbu ahụ bụ na kọmputa dịpụrụ adịpụ, n'ihi na m nwere ike jikọọ na rawụta ngwa ngwa site na ụlọ a site na iji adreesị ime. Otú ọ dị, ekpebiri m ijikọ na SSH nke kọmputa a site na rawụta ma ọ tụrụ m n'anya ịhụ na njikọ ahụ na-aga nke ọma, na kọmputa dịpụrụ adịpụ na-arụ ọrụ nke ọma, ma ọ nweghịkwa ike jikọọ na kọmputa m.
Ewere m ngwaọrụ grelan0 n'ime àkwà mmiri wee gbaa ya OpenVPN N'elu rawụta dị n'ụlọ elu nke abụọ, ekwenyesiri m ike na netwọk ahụ na-arụ ọrụ nke ọma ọzọ, njikọ anaghịkwa ada ada. Mgbe m na-achọ ihe, ahụrụ m ebe ndị mmadụ na-eme mkpesa banyere otu nsogbu ahụ, ebe a gwara ha ka ha bulie MTU. Ozugbo e kwuru ya, emechara m ya. Agbanyeghị, ruo mgbe e debere MTU nke ọma—7000 maka ngwaọrụ gretap—ahụla m njikọ TCP dara ma ọ bụ obere ọsọ mbufe. N'ihi nnukwu MTU maka gretap, MTU maka njikọ WireGuard E debere ọkwa nke mbụ na nke abụọ na 8000 na 7500 n'otu n'otu.
Emere m ntọala yiri nke ahụ na rawụta site na ụlọ 3, naanị ihe dị iche bụ na agbakwunyere interface gretap nke abụọ aha ya bụ grelan1 na rawụta nkesa, nke agbakwunyere na akwa br-lan.
Ihe niile na-arụ ọrụ. Ugbu a ị nwere ike itinye mgbakọ gretap na mmalite. Maka nke a:
Etinyere m ahịrị ndị a na /etc/rc.local na rawụta na ụlọ 2:
ip link add grelan0 type gretap remote 192.168.31.1 local 192.168.31.2
ip link set dev grelan0 mtu 7000
ip link set grelan0 up
brctl addif br-lan grelan0
Agbakwunyere nke a na /etc/rc.local na rawụta na ulo 3:
ip link add grelan0 type gretap remote 192.168.31.1 local 192.168.31.3
ip link set dev grelan0 mtu 7000
ip link set grelan0 up
brctl addif br-lan grelan0
Na na ihe nkesa rawụta:
ip link add grelan0 type gretap remote 192.168.31.2 local 192.168.31.1
ip link set dev grelan0 mtu 7000
ip link set grelan0 up
brctl addif br-lan grelan0
ip link add grelan1 type gretap remote 192.168.31.3 local 192.168.31.1
ip link set dev grelan1 mtu 7000
ip link set grelan1 up
brctl addif br-lan grelan1
Mgbe m megharịrị router ndị ahịa, achọpụtara m na n'ihi ihe ụfọdụ ha anaghị ejikọ na sava ahụ. Mgbe m jikọtara na SSH ha (ọ dabara nke ọma, edobere m sshtunnel maka nke a na mbụ), achọpụtara m nke ahụ WireGuard Maka ihe ụfọdụ, ọ na-emepụta ụzọ maka njedebe, mana ọ ezighi ezi. Dịka ọmụmaatụ, maka 192.168.30.2, tebụl ụzọ ahụ kwuru ụzọ site na njikọ pppoe-wan, ya bụ, site na ịntanetị, ọ bụ ezie na ụzọ gaa na ya kwesịrị ịbụ nke e si na njikọ wg0 duru. Mgbe ehichapụchara ụzọ a, njikọ ahụ weghachiri. Enwere m ike ịchọta ntuziaka ebe ọ bụla gbasara otu esi amanye WireGuard Enweghị m ike izere imepụta ụzọ ndị a. Ọzọkwa, aghọtaghị m ma nke a bụ atụmatụ nke OpenWRT ma ọ bụ nke WireGuardN'etinyeghị oge dị ukwuu n'ịchọpụta nsogbu ahụ, etinyere m ahịrị na edemede dabere na oge na rawụta abụọ ahụ wepụrụ ụzọ a:
route del 192.168.30.2
Na-agbakọta elu
Ọjụjụ zuru oke OpenVPN Emebeghị m nke a, ebe ọ bụ na mgbe ụfọdụ m na-achọ ijikọ na netwọk ọhụrụ site na laptọọpụ ma ọ bụ ekwentị, ịtọlitekwa ngwaọrụ gretap na ha agaghị ekwe omume. Agbanyeghị, n'agbanyeghị nke a, enwetala m uru na ọsọ mbufe data n'etiti ụlọ, dịka ọmụmaatụ, iji VNC enweghị nsogbu ugbu a. Ping ebelatala ntakịrị mana ọ ka kwụsiri ike:
Mgbe ị na-eji OpenVPN:
[r0ck3r@desktop ~]$ ping -c 20 192.168.10.110
PING 192.168.10.110 (192.168.10.110) 56(84) bytes of data.
64 bytes from 192.168.10.110: icmp_seq=1 ttl=64 time=133 ms
...
64 bytes from 192.168.10.110: icmp_seq=20 ttl=64 time=125 ms
--- 192.168.10.110 ping statistics ---
20 packets transmitted, 20 received, 0% packet loss, time 19006ms
rtt min/avg/max/mdev = 124.722/126.152/136.907/3.065 ms
Mgbe ị na-eji WireGuard:
[r0ck3r@desktop ~]$ ping -c 20 192.168.10.110
PING 192.168.10.110 (192.168.10.110) 56(84) bytes of data.
64 bytes from 192.168.10.110: icmp_seq=1 ttl=64 time=124 ms
...
64 bytes from 192.168.10.110: icmp_seq=20 ttl=64 time=124 ms
--- 192.168.10.110 ping statistics ---
20 packets transmitted, 20 received, 0% packet loss, time 19003ms
rtt min/avg/max/mdev = 123.954/124.423/126.708/0.675 ms
Ọ na-emetụta ping dị elu na VPS, nke dị ihe dịka 61.5 ms
Agbanyeghị, ọsọ ya amụbaala nke ukwuu. Ya mere, n'ime ụlọ nwere sava rawụta, enwere m ọsọ njikọ ịntanetị nke 30 Mbps, ebe n'ụlọ ndị ọzọ ọ bụ 5 Mbps. Ọzọkwa, n'oge eji ya. OpenVPN Enweghị m ike iru ọsọ mbufe data n'etiti netwọk karịrị 3,8 Mbps dịka ọgụgụ iperf si dị, ebe WireGuard "Kpọm" ya ruo otu 5 Mbit/sekọnd ahụ.
Nhazi WireGuard na VPS[Interface]
Address = 192.168.30.1/24
ListenPort = 51820
PrivateKey = <ЗАКРЫТЫЙ_КЛЮЧ_ДЛЯ_VPS>
[Ọgbọ]
Igodo Ọha = <VPN_1_MS_PUBLIC_KEY>
AllowedIPs = 192.168.30.2/32
[Ọgbọ]
Igodo Ọha = <VPN_2_MK2_PUBLIC_KEY>
AllowedIPs = 192.168.30.3/32
[Ọgbọ]
Igodo Ọha = <VPN_2_MK3_PUBLIC_KEY>
AllowedIPs = 192.168.30.4/32
Nhazi WireGuard na MS (agbakwunyere na /etc/config/network)
#VPN первого уровня - клиент
config interface 'wg0'
option proto 'wireguard'
list addresses '192.168.30.2/24'
option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_1_МС'
option auto '1'
option mtu '8000'
config wireguard_wg0
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_1_VPS'
option endpoint_port '51820'
option route_allowed_ips '1'
option persistent_keepalive '25'
list allowed_ips '192.168.30.0/24'
option endpoint_host 'IP_АДРЕС_VPS'
#VPN второго уровня - сервер
config interface 'wg1'
option proto 'wireguard'
option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_2_МС'
option listen_port '51821'
list addresses '192.168.31.1/24'
option auto '1'
option mtu '7500'
config wireguard_wg1
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_2_МК2'
list allowed_ips '192.168.31.2'
config wireguard_wg1ip link add grelan0 type gretap remote 192.168.31.1 local 192.168.31.3
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_2_МК3'
list allowed_ips '192.168.31.3'
Nhazi WireGuard na MK2 (agbakwunyere na /etc/config/network)
#VPN первого уровня - клиент
config interface 'wg0'
option proto 'wireguard'
list addresses '192.168.30.3/24'
option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_1_МК2'
option auto '1'
option mtu '8000'
config wireguard_wg0
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_1_VPS'
option endpoint_port '51820'
option persistent_keepalive '25'
list allowed_ips '192.168.30.0/24'
option endpoint_host 'IP_АДРЕС_VPS'
#VPN второго уровня - клиент
config interface 'wg1'
option proto 'wireguard'
option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_2_МК2'
list addresses '192.168.31.2/24'
option auto '1'
option listen_port '51821'
option mtu '7500'
config wireguard_wg1
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_2_МС'
option endpoint_host '192.168.30.2'
option endpoint_port '51821'
option persistent_keepalive '25'
list allowed_ips '192.168.31.0/24'
Nhazi WireGuard na MK3 (agbakwunyere na /etc/config/network)
#VPN первого уровня - клиент
config interface 'wg0'
option proto 'wireguard'
list addresses '192.168.30.4/24'
option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_1_МК3'
option auto '1'
option mtu '8000'
config wireguard_wg0
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_1_VPS'
option endpoint_port '51820'
option persistent_keepalive '25'
list allowed_ips '192.168.30.0/24'
option endpoint_host 'IP_АДРЕС_VPS'
#VPN второго уровня - клиент
config interface 'wg1'
option proto 'wireguard'
option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_2_МК3'
list addresses '192.168.31.3/24'
option auto '1'
option listen_port '51821'
option mtu '7500'
config wireguard_wg1
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_2_МС'
option endpoint_host '192.168.30.2'
option endpoint_port '51821'
option persistent_keepalive '25'
list allowed_ips '192.168.31.0/24'
Na nhazi akọwara maka VPN nke ọkwa nke abụọ, m na-egosi ndị ahịa m WireGuard Ọdụ ụgbọ mmiri 51821. Nke a ekwesịghị ịdị mkpa, ebe ọ bụ na onye ahịa ga-ejikọ site na ọdụ ụgbọ mmiri ọ bụla na-enweghị ihe ùgwù, mana emere m ya n'ụzọ a ka m wee jụ njikọ niile na-abata na njikọ wg0 nke rawụta niile, belụsọ maka njikọ UDP na-abata na ọdụ ụgbọ mmiri 51821.
Enwere m olileanya na isiokwu ahụ ga-aba uru nye mmadụ.
PS Ọzọkwa, achọrọ m ikesa edemede m nke na-ezitere m ọkwa PUSH na ekwentị m na ngwa WirePusher mgbe ngwaọrụ ọhụrụ pụtara na netwọk m. Nke a bụ njikọ nke ederede: .
Melite: Nhazi OpenVPN- sava na ndị ahịa
OpenVPN- ihe nkesa
client-to-client
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/vpn-server.crt
dh /etc/openvpn/server/dh.pem
key /etc/openvpn/server/vpn-server.key
dev tap
ifconfig-pool-persist /etc/openvpn/ipp.txt 0
keepalive 10 60
proto tcp4
server-bridge 192.168.10.1 255.255.255.0 192.168.10.80 192.168.10.254
status /var/log/openvpn-status.log
verb 3
comp-lzoOpenVPN-onye ahịa
client
tls-client
dev tap
proto tcp
remote VPS_IP 1194 # Change to your router's External IP
resolv-retry infinite
nobind
ca client/ca.crt
cert client/client.crt
key client/client.key
dh client/dh.pem
comp-lzo
persist-tun
persist-key
verb 3 Eji m Easy-rsa mepụta asambodo
isi: www.habr.com
