Ọ ga-amasị m ịkekọrịta ahụmịhe m nke ijikọ netwọkụ n'ime ụlọ atọ dịpụrụ adịpụ, nke ọ bụla n'ime ha na-eji ndị njem OpenWRT dị ka ọnụ ụzọ ámá, n'ime otu netwọkụ nkịtị. Mgbe ị na-ahọrọ usoro maka ijikọta netwọk n'etiti L3 na subnet routing na L2 na bridging, mgbe niile netwọk ọnụ ga-abụ na otu subnet, mmasị e nyere nke abụọ usoro, nke siri ike hazi, ma na-enye ohere ka ukwuu, ebe ọ bụ na E mere atụmatụ iji teknụzụ mee ihe n'ụzọ doro anya na netwọk a na-emepụta Wake-on-Lan na DLNA.
Akụkụ 1: ndabere
A na-ahọrọ OpenVPN na mbụ dị ka protocol maka imejuputa ọrụ a, ebe ọ bụ na, nke mbụ, ọ nwere ike ịmepụta ngwaọrụ mgbata nke nwere ike ịgbakwunye na akwa mmiri n'enweghị nsogbu, na nke abụọ, OpenVPN na-akwado ọrụ n'elu usoro TCP, nke dịkwa mkpa, n'ihi na ọ dịghị nke ọ bụla. nke ụlọ ahụ nwere adreesị IP raara onwe ya nye, enweghị m ike iji STUN, ebe ọ bụ na onye na-enye m n'ihi ihe ụfọdụ na-egbochi njikọ UDP na-abata na netwọk ha, ebe usoro TCP nyere m ohere ibugharị ọdụ ụgbọ mmiri VPN na VPS gbazite site na iji SSH. Ee, ụzọ a na-enye nnukwu ibu, ebe ọ bụ na ezoro ezo data ugboro abụọ, ma achọghị m ịmebata VPS n'ime netwọk nke onwe m, ebe ọ bụ na a ka nwere ihe ize ndụ nke ndị ọzọ na-achịkwa ya, ya mere, inwe ngwaọrụ dị otú ahụ. na netwọk ụlọ m bụ ihe na-adịghị mma na e kpebiri ịkwụ ụgwọ maka nchekwa na nnukwu ego.
Iji zipu ọdụ ụgbọ mmiri na rawụta nke e zubere ibunye ihe nkesa ahụ, a na-eji mmemme sshtunnel mee ihe. Agaghị m akọwa mgbagwoju anya nke nhazi ya - a na-eme ya nke ọma, m ga-achọpụta na ọrụ ya bụ ibugharị ọdụ ụgbọ mmiri TCP 1194 site na rawụta gaa na VPS. Na-esote, ahaziri ihe nkesa OpenVPN na ngwaọrụ tap0, nke ejikọrọ na akwa br-lan. N'ịlele njikọ na ihe nkesa emepụtara ọhụrụ site na laptọọpụ, ọ bịara doo anya na echiche nke mbugharị ọdụ ụgbọ mmiri ziri ezi na laptọọpụ m ghọrọ onye so na netwọk nke rawụta, n'agbanyeghị na ọ bụghị n'anụ ahụ.
Ọ bụ naanị otu obere ihe fọdụrụ ime: ọ dị mkpa ikesa adreesị IP n'ime ụlọ dị iche iche ka ha ghara esemokwu ma hazie ndị na-anya ụgbọ ala dị ka ndị ahịa OpenVPN.
Ahọpụtara adreesị IP nke rawụta na nso nsonye DHCP:
- 192.168.10.1 na nso nso 192.168.10.2 - 192.168.10.80 maka ihe nkesa
- 192.168.10.100 na nso nso 192.168.10.101 - 192.168.10.149 maka rawụta na ulo No. 2
- 192.168.10.150 na nso nso 192.168.10.151 - 192.168.10.199 maka rawụta na ulo No. 3
Ọ dịkwa mkpa ịnye ndị ahịa ihe nkesa OpenVPN adreesị ndị a kpọmkwem site na ịgbakwunye ahịrị na nhazi ya:
ifconfig-pool-persist /etc/openvpn/ipp.txt 0ma tinye ahịrị ndị a na faịlụ /etc/openvpn/ipp.txt:
flat1_id 192.168.10.100
flat2_id 192.168.10.150
ebe flat1_id na flat2_id bụ aha ngwaọrụ akọwapụtara mgbe ị na-eke asambodo maka ijikọ na OpenVPN
Na-esote, ahaziri ndị ahịa OpenVPN na ndị na-anya ụgbọ mmiri, ngwaọrụ tap0 dị na abụọ agbakwunyere na akwa br-lan. N'oge a, ihe niile yiri ka ọ dị mma dịka netwọk atọ ahụ nwere ike ịhụ ibe ha ma rụọ ọrụ dịka otu. Agbanyeghị, nkọwa na-adịghị mma pụtara: mgbe ụfọdụ ngwaọrụ nwere ike ịnweta adreesị IP ọ bụghị site na rawụta ha, yana nsonaazụ niile na-esote. N'ihi ihe ụfọdụ, onye rawụta n'otu n'ime ụlọ enweghị oge iji zaghachi DHCPISCOVER n'oge na ngwaọrụ ahụ nwetara adreesị na-abụghị nke e bu n'obi. Achọpụtara m na achọrọ m nyochaa arịrịọ ndị dị otú ahụ na tap0 na nke ọ bụla n'ime ndị na-akwọ ụgbọ mmiri, ma dị ka ọ tụgharịrị, iptables enweghị ike iji ngwaọrụ ahụ rụọ ọrụ ma ọ bụrụ na ọ bụ akụkụ nke àkwà mmiri na ebtables ga-abịara m enyemaka. Ọ na-ewute m, ọ bụghị na firmware m na m ga-ewughachi ihe oyiyi maka ngwaọrụ ọ bụla. Site n'ime nke a na ịgbakwunye ahịrị ndị a na /etc/rc.local nke rawụta ọ bụla, edozila nsogbu ahụ:
ebtables -A INPUT --in-interface tap0 --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -A INPUT --in-interface tap0 --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP
ebtables -A FORWARD --out-interface tap0 --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -A FORWARD --out-interface tap0 --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP
Nhazi a were afọ atọ.
Akụkụ 2: Ewebata WireGuard
N'oge na-adịbeghị anya, ndị mmadụ na Ịntanetị amalitela ikwu okwu banyere WireGuard, na-enwe mmasị na ịdị mfe nke nhazi ya, ọsọ ọsọ dị elu, ping dị ala na nchekwa yiri ya. Ịchọ maka ozi ndị ọzọ gbasara ya mere ka o doo anya na ọ bụghị ịrụ ọrụ dị ka onye na-akwa mmiri ma ọ bụ na-arụ ọrụ na TCP protocol kwadoro ya, nke mere ka m chee na ọ dịghị ụzọ ọzọ maka OpenVPN maka m. Yabụ na m kwụsịrị ịmara WireGuard.
Ụbọchị ole na ole gara aga, akụkọ gbasara n'ofe akụrụngwa n'otu ụzọ ma ọ bụ ọzọ metụtara IT na WireGuard ga-emesị tinye ya na Linux kernel, malite na ụdị 5.6. Akụkọ akụkọ, dị ka mgbe niile, toro WireGuard. Abanyekwara m ọzọ na ịchọ ụzọ m ga-esi dochie ezigbo OpenVPN ochie. Oge a m gbabara n'ime . Ọ na-ekwu maka ịmepụta ọwara Ethernet n'elu L3 iji GRE. Isiokwu a mere ka m nwee olileanya. Ọ ka edobeghị ihe a ga-eme na protocol UDP. Nchọgharị ahụ mere ka m nweta akụkọ gbasara iji socat na njikọ SSH na-ebugharị ọdụ ụgbọ mmiri UDP, Otú ọ dị, ha kwuru na usoro a na-arụ ọrụ naanị n'otu ọnọdụ njikọ, ya bụ, ọrụ nke ọtụtụ ndị ahịa VPN agaghị ekwe omume. Abịara m n'echiche nke ịwụnye ihe nkesa VPN na VPS na ịtọlite GRE maka ndị ahịa, ma dị ka ọ tụgharịrị, GRE anaghị akwado izo ya ezo, nke ga-eduga n'eziokwu na ọ bụrụ na ndị ọzọ nweta ohere ịnweta ihe nkesa ahụ. , All traffic between my networks will be in their hands , which didn’t suit me at all.
Ọzọkwa, e mere mkpebi ahụ maka nkwado nzuzo nzuzo, site na iji VPN n'elu VPN site na iji atụmatụ ndị a:
VPN Ọkwa XNUMX:
VPS Ọ bụ ihe nkesa nwere adreesị ime 192.168.30.1
MC Ọ bụ onye ahịa VPS nwere adreesị ime 192.168.30.2
MK2 Ọ bụ onye ahịa VPS nwere adreesị ime 192.168.30.3
MK3 Ọ bụ onye ahịa VPS nwere adreesị ime 192.168.30.4
VPN larịị nke abụọ:
MC Ọ bụ ihe nkesa nwere adreesị mpụga 192.168.30.2 na nke ime 192.168.31.1
MK2 Ọ bụ onye ahịa MC nwere adreesị 192.168.30.2 ma nwee IP 192.168.31.2
MK3 Ọ bụ onye ahịa MC nwere adreesị 192.168.30.2 ma nwee IP 192.168.31.3
* MC - ihe nkesa rawụta na ụlọ 1, MK2 - rawụta n'ime ụlọ 2, MK3 - router n'ime ụlọ 3
* A na-ebipụta nhazi ngwaọrụ na onye na-emebi ihe na njedebe nke akụkọ ahụ.
Ya mere, pings na-agba ọsọ n'etiti oghere netwọk 192.168.31.0/24, ọ bụ oge ịkwaga n'ihu na ịtọ ntọala GRE. Tupu nke a, ka ị ghara ịlanarị ndị na-anya ụgbọ ala, ọ bara uru ịtọlite SSH tunnels iji zipu ọdụ ụgbọ mmiri 22 na VPS, nke mere na, dịka ọmụmaatụ, rawụta sitere na ụlọ 10022 ga-enweta na ọdụ ụgbọ mmiri 2 nke VPS, yana router si na ụlọ 11122 ga-enweta na ọdụ ụgbọ mmiri 3 rawụta site na ụlọ XNUMX. Ọ kachasị mma ịhazi ebugharị site na iji otu sshtunnel, ebe ọ ga-eweghachi ọwara ahụ ma ọ bụrụ na ọ daa.
A haziri ọwara ahụ, ị nwere ike jikọọ na SSH site na ọdụ ụgbọ mmiri ebufere:
ssh root@МОЙ_VPS -p 10022Ọzọ ị ga-ewepụ OpenVPN:
/etc/init.d/openvpn stopUgbu a, ka anyị guzobe ọwara GRE na rawụta site na ụlọ 2:
ip link add grelan0 type gretap remote 192.168.31.1 local 192.168.31.2
ip link set grelan0 up
Ma tinye interface emepụtara na akwa mmiri:
brctl addif br-lan grelan0
Ka anyị mee otu usoro ahụ na rawụta nkesa:
ip link add grelan0 type gretap remote 192.168.31.2 local 192.168.31.1
ip link set grelan0 up
Ma tinyekwa interface emepụtara na akwa mmiri:
brctl addif br-lan grelan0
malite n'oge a, pings na-amalite ịga nke ọma na netwọk ọhụrụ na m, na afọ ojuju, na-aga ịṅụ kọfị. Mgbe ahụ, iji nyochaa otú netwọk ahụ si arụ ọrụ na njedebe nke ọzọ nke ahịrị ahụ, m na-agbalị ịbanye SSH n'ime otu kọmputa dị na ụlọ 2, mana onye ahịa ssh na-atụgharị na-enweghị mkpa maka paswọọdụ. Ana m agbalị ijikọ na kọmpụta a site na telnet na ọdụ ụgbọ mmiri 22 wee hụ ahịrị nke m nwere ike ịghọta na njikọ ahụ na-eguzobe, ihe nkesa SSH na-aza, mana n'ihi ihe ụfọdụ ọ naghị eme ka m banye. n'ime.
$ telnet 192.168.10.110 22
SSH-2.0-OpenSSH_8.1
Ana m agbalị ijikọ ya site na VNC wee hụ ihuenyo ojii. M kwenye onwe m na nsogbu ahụ bụ na kọmputa dịpụrụ adịpụ, n'ihi na m nwere ike jikọọ na rawụta ngwa ngwa site na ụlọ a site na iji adreesị ime. Otú ọ dị, ekpebiri m ijikọ na SSH nke kọmputa a site na rawụta ma ọ tụrụ m n'anya ịhụ na njikọ ahụ na-aga nke ọma, na kọmputa dịpụrụ adịpụ na-arụ ọrụ nke ọma, ma ọ nweghịkwa ike jikọọ na kọmputa m.
M na-ewepụ ngwaọrụ grelan0 na akwa mmiri ma na-agba ọsọ OpenVPN na rawụta na ụlọ 2 ma jide n'aka na netwọk ahụ na-arụ ọrụ dịka a na-atụ anya ya ọzọ na njikọ adịghị ada. Site n'ịchọgharị m na-ahụ forums ebe ndị mmadụ na-eme mkpesa banyere otu nsogbu ahụ, ebe a na-adụ ha ọdụ ka ha bulie MTU. Ekwughi ekwu bụ emeghị eme. Agbanyeghị, ruo mgbe edobere MTU zuru oke - 7000 maka ngwaọrụ gretap, ma ọ bụ tụbara njikọ TCP ma ọ bụ ọnụego mbufe dị ala ka hụrụ. N'ihi nnukwu MTU maka gretap, MTU maka Layer 8000 na Layer 7500 WireGuard njikọ ka edobere na XNUMX na XNUMX n'otu n'otu.
Emere m ntọala yiri nke ahụ na rawụta site na ụlọ 3, naanị ihe dị iche bụ na agbakwunyere interface gretap nke abụọ aha ya bụ grelan1 na rawụta nkesa, nke agbakwunyere na akwa br-lan.
Ihe niile na-arụ ọrụ. Ugbu a ị nwere ike itinye mgbakọ gretap na mmalite. Maka nke a:
Etinyere m ahịrị ndị a na /etc/rc.local na rawụta na ụlọ 2:
ip link add grelan0 type gretap remote 192.168.31.1 local 192.168.31.2
ip link set dev grelan0 mtu 7000
ip link set grelan0 up
brctl addif br-lan grelan0
Agbakwunyere nke a na /etc/rc.local na rawụta na ulo 3:
ip link add grelan0 type gretap remote 192.168.31.1 local 192.168.31.3
ip link set dev grelan0 mtu 7000
ip link set grelan0 up
brctl addif br-lan grelan0
Na na ihe nkesa rawụta:
ip link add grelan0 type gretap remote 192.168.31.2 local 192.168.31.1
ip link set dev grelan0 mtu 7000
ip link set grelan0 up
brctl addif br-lan grelan0
ip link add grelan1 type gretap remote 192.168.31.3 local 192.168.31.1
ip link set dev grelan1 mtu 7000
ip link set grelan1 up
brctl addif br-lan grelan1
Mgbe ịmaliteghachi ndị na-anya ụgbọ ala ndị ahịa, achọpụtara m na n'ihi ihe ụfọdụ ha anaghị ejikọta na ihe nkesa. N'ịbụ ndị jikọtara na SSH ha (ọ dabara nke ọma, m na-ahazibu sshtunnel maka nke a), achọpụtara na WireGuard n'ihi ihe ụfọdụ na-emepụta ụzọ maka njedebe njedebe, ma ọ bụ ezighi ezi. Yabụ, maka 192.168.30.2, tebụl ụzọ ahụ gosipụtara ụzọ site na interface pppoe-wan, ya bụ, site na ịntanetị, n'agbanyeghị na ụzọ ya kwesịrị isi na interface wg0 gafere. Mgbe ihichapụ ụzọ a, eweghachiri njikọ ahụ. Enweghị m ike ịchọta ntụziaka ebe ọ bụla maka otu esi amanye WireGuard ka ọ ghara ịmepụta ụzọ ndị a. Ọzọkwa, aghọtaghị m ma nke a bụ akụkụ nke OpenWRT ma ọ bụ WireGuard n'onwe ya. Na-enweghị nsogbu a ogologo oge, agbakwunyere m otu ahịrị na ndị na-anya ụgbọ mmiri abụọ na edemede oge nke kpochapụrụ ụzọ a:
route del 192.168.30.2
Na-agbakọta elu
Enwetabeghị m ịhapụ OpenVPN kpamkpam, ebe ọ bụ na m na-achọ mgbe ụfọdụ iji jikọọ na netwọk ọhụrụ site na laptọọpụ ma ọ bụ ekwentị, na ịtọlite gretap ngwaọrụ na ha anaghị ekwe omume, ma n'agbanyeghị nke a, enwere m uru na ọsọ ọsọ. ịnyefe data n'etiti ụlọ na, dịka ọmụmaatụ, iji VNC adịghịzi adị mma. Ping belatara ntakịrị, mana ọ kwụsiri ike karị:
Mgbe ị na-eji OpenVPN:
[r0ck3r@desktop ~]$ ping -c 20 192.168.10.110
PING 192.168.10.110 (192.168.10.110) 56(84) bytes of data.
64 bytes from 192.168.10.110: icmp_seq=1 ttl=64 time=133 ms
...
64 bytes from 192.168.10.110: icmp_seq=20 ttl=64 time=125 ms
--- 192.168.10.110 ping statistics ---
20 packets transmitted, 20 received, 0% packet loss, time 19006ms
rtt min/avg/max/mdev = 124.722/126.152/136.907/3.065 ms
Mgbe ị na-eji WireGuard:
[r0ck3r@desktop ~]$ ping -c 20 192.168.10.110
PING 192.168.10.110 (192.168.10.110) 56(84) bytes of data.
64 bytes from 192.168.10.110: icmp_seq=1 ttl=64 time=124 ms
...
64 bytes from 192.168.10.110: icmp_seq=20 ttl=64 time=124 ms
--- 192.168.10.110 ping statistics ---
20 packets transmitted, 20 received, 0% packet loss, time 19003ms
rtt min/avg/max/mdev = 123.954/124.423/126.708/0.675 ms
Ọ na-emetụta ping dị elu na VPS, nke dị ihe dịka 61.5 ms
Agbanyeghị, ọsọ ahụ abawanyela nke ukwuu. Ya mere, n'ime ụlọ nwere rawụta nkesa, enwere m ọsọ njikọ Ịntanetị nke 30 Mbit / sec, na n'ime ụlọ ndị ọzọ ọ bụ 5 Mbit / sec. N'otu oge ahụ, mgbe m na-eji OpenVPN, enweghị m ike ịnweta ọsọ ọsọ data n'etiti netwọk karịa 3,8 Mbit / sec dị ka akwụkwọ ọgụgụ iperf si dị, ebe WireGuard "gbaliri" ya na otu 5 Mbit / sk.
Nhazi WireGuard na VPS[Interface]
Address = 192.168.30.1/24
ListenPort = 51820
PrivateKey = <ЗАКРЫТЫЙ_КЛЮЧ_ДЛЯ_VPS>
[Peer]
PublicKey = <ОТКРЫТЫЙ_КЛЮЧ_VPN_1_МС>
AllowedIPs = 192.168.30.2/32
[Peer]
PublicKey = <ОТКРЫТЫЙ_КЛЮЧ_VPN_2_МК2>
AllowedIPs = 192.168.30.3/32
[Peer]
PublicKey = <ОТКРЫТЫЙ_КЛЮЧ_VPN_2_МК3>
AllowedIPs = 192.168.30.4/32
Nhazi WireGuard na MS (agbakwunyere na /etc/config/network)
#VPN первого уровня - клиент
config interface 'wg0'
option proto 'wireguard'
list addresses '192.168.30.2/24'
option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_1_МС'
option auto '1'
option mtu '8000'
config wireguard_wg0
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_1_VPS'
option endpoint_port '51820'
option route_allowed_ips '1'
option persistent_keepalive '25'
list allowed_ips '192.168.30.0/24'
option endpoint_host 'IP_АДРЕС_VPS'
#VPN второго уровня - сервер
config interface 'wg1'
option proto 'wireguard'
option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_2_МС'
option listen_port '51821'
list addresses '192.168.31.1/24'
option auto '1'
option mtu '7500'
config wireguard_wg1
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_2_МК2'
list allowed_ips '192.168.31.2'
config wireguard_wg1ip link add grelan0 type gretap remote 192.168.31.1 local 192.168.31.3
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_2_МК3'
list allowed_ips '192.168.31.3'
Nhazi WireGuard na MK2 (agbakwunyere na /etc/config/network)
#VPN первого уровня - клиент
config interface 'wg0'
option proto 'wireguard'
list addresses '192.168.30.3/24'
option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_1_МК2'
option auto '1'
option mtu '8000'
config wireguard_wg0
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_1_VPS'
option endpoint_port '51820'
option persistent_keepalive '25'
list allowed_ips '192.168.30.0/24'
option endpoint_host 'IP_АДРЕС_VPS'
#VPN второго уровня - клиент
config interface 'wg1'
option proto 'wireguard'
option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_2_МК2'
list addresses '192.168.31.2/24'
option auto '1'
option listen_port '51821'
option mtu '7500'
config wireguard_wg1
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_2_МС'
option endpoint_host '192.168.30.2'
option endpoint_port '51821'
option persistent_keepalive '25'
list allowed_ips '192.168.31.0/24'
Nhazi WireGuard na MK3 (agbakwunyere na /etc/config/network)
#VPN первого уровня - клиент
config interface 'wg0'
option proto 'wireguard'
list addresses '192.168.30.4/24'
option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_1_МК3'
option auto '1'
option mtu '8000'
config wireguard_wg0
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_1_VPS'
option endpoint_port '51820'
option persistent_keepalive '25'
list allowed_ips '192.168.30.0/24'
option endpoint_host 'IP_АДРЕС_VPS'
#VPN второго уровня - клиент
config interface 'wg1'
option proto 'wireguard'
option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_2_МК3'
list addresses '192.168.31.3/24'
option auto '1'
option listen_port '51821'
option mtu '7500'
config wireguard_wg1
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_2_МС'
option endpoint_host '192.168.30.2'
option endpoint_port '51821'
option persistent_keepalive '25'
list allowed_ips '192.168.31.0/24'
Na nhazi ndị a kọwara maka VPN nke abụọ, m na-atụ ndị ahịa WireGuard aka n'ọdụ ụgbọ mmiri 51821. Na tiori, nke a adịghị mkpa, ebe ọ bụ na onye ahịa ahụ ga-eme ka njikọ site na ọdụ ụgbọ mmiri ọ bụla na-enweghị ohere, ma m mere ya ka o wee kwe omume igbochi. Njikọ niile na-abata na wg0 interfaces nke ndị na-anya ụgbọ ala niile ma e wezụga njikọ UDP na-abata na ọdụ ụgbọ mmiri 51821.
Enwere m olileanya na isiokwu ahụ ga-aba uru nye mmadụ.
PS Ọzọkwa, achọrọ m ikesa edemede m nke na-ezitere m ọkwa PUSH na ekwentị m na ngwa WirePusher mgbe ngwaọrụ ọhụrụ pụtara na netwọk m. Nke a bụ njikọ nke ederede: .
Melite: Nhazi nke sava OpenVPN na ndị ahịa
Ihe nkesa mepere emepe
client-to-client
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/vpn-server.crt
dh /etc/openvpn/server/dh.pem
key /etc/openvpn/server/vpn-server.key
dev tap
ifconfig-pool-persist /etc/openvpn/ipp.txt 0
keepalive 10 60
proto tcp4
server-bridge 192.168.10.1 255.255.255.0 192.168.10.80 192.168.10.254
status /var/log/openvpn-status.log
verb 3
comp-lzoOpenVPN ahịa
client
tls-client
dev tap
proto tcp
remote VPS_IP 1194 # Change to your router's External IP
resolv-retry infinite
nobind
ca client/ca.crt
cert client/client.crt
key client/client.key
dh client/dh.pem
comp-lzo
persist-tun
persist-key
verb 3
Eji m Easy-rsa mepụta asambodo
isi: www.habr.com