ProHoster > Blog > Ulamuliro > Kusintha kuchokera ku OpenVPN pa WireGuard kuphatikiza ma network kukhala netiweki imodzi ya L2

Kusintha kuchokera ku OpenVPN pa WireGuard kuphatikiza ma network kukhala netiweki imodzi ya L2

Kusintha kuchokera ku OpenVPN pa WireGuard kuphatikiza ma network kukhala netiweki imodzi ya L2

Ndikufuna kugawana zomwe ndakumana nazo pakuphatikiza maukonde m'zipinda zitatu zakutali, iliyonse yomwe imagwiritsa ntchito ma routers okhala ndi OpenWRT ngati chipata, kukhala netiweki imodzi wamba. Posankha njira yophatikizira maukonde pakati pa L3 ndi subnet routing ndi L2 ndi bridging, pomwe node zonse za netiweki zidzakhala mu subnet yomweyo, zokonda zidaperekedwa ku njira yachiwiri, yomwe ndi yovuta kuyikonza, koma imapereka mwayi wokulirapo, popeza Kugwiritsa ntchito bwino matekinoloje kunakonzedwa mu netiweki yomwe idapangidwa Wake-on-Lan ndi DLNA.

Gawo 1: Mbiri

Ndondomeko yomwe idasankhidwa kuti igwire ntchito iyi poyamba inali OpenVPN, chifukwa, choyamba, imatha kupanga chipangizo chopopera chomwe chingawonjezedwe pa mlatho popanda vuto lililonse, ndipo chachiwiri, OpenVPN Imathandizira TCP, yomwe inalinso yofunika, chifukwa palibe nyumba iliyonse yomwe inali ndi adilesi yapadera ya IP. Sindinathe kugwiritsa ntchito STUN chifukwa ISP yanga, pazifukwa zina, imaletsa kulumikizana kwa UDP komwe kumabwera kuchokera ku ma netiweki ake. TCP yandilola kutumiza doko la seva ya VPN ku VPS yobwereka pogwiritsa ntchito SSH. Ngakhale njira iyi imapanga overhead yayikulu, popeza detayo imasungidwa kawiri, sindinkafuna kuphatikiza VPS mu netiweki yanga yachinsinsi, chifukwa panali chiopsezo chakuti anthu ena azitha kuilamulira. Chifukwa chake, kukhala ndi chipangizo chotere pa netiweki yanga yakunyumba kunali kosafunikira kwenikweni, choncho ndinaganiza zolipira overhead yayikulu kuti nditetezeke.

Kuti nditumize doko pa rauta komwe seva idakonzedwa kuti igwiritsidwe ntchito, ndidagwiritsa ntchito pulogalamu ya sshtunnel. Sindinganene zambiri za kasinthidwe kake—ndi kosavuta. Ndingodziwa kuti cholinga chake chinali kutumiza TCP port 1194 kuchokera pa rauta kupita ku VPS. Kenako, ndidakonza seva. OpenVPN Pa chipangizo cha tap0, chomwe chinali cholumikizidwa ku mlatho wa br-lan. Nditayesa kulumikizana ndi seva yatsopano kuchokera pa laputopu yanga, zinaonekeratu kuti lingaliro la kutumiza madoko lagwira ntchito, ndipo laputopu yanga inali membala wa netiweki ya rauta, ngakhale kuti sinali gawo lake lenileni.

Chokhacho chomwe chinatsala chinali kugawa ma IP address m'nyumba zosiyanasiyana kuti asakangane ndikusintha ma routers ngati OpenVPN-makasitomala.
Ma adilesi a IP a rauta ndi ma seva a DHCP adasankhidwa:

  • 192.168.10.1 ndi range 192.168.10.2 - 192.168.10.80 kwa seva
  • 192.168.10.100 ndi range 192.168.10.101 - 192.168.10.149 kwa rauta mu nyumba No. 2
  • 192.168.10.150 ndi range 192.168.10.151 - 192.168.10.199 kwa rauta mu nyumba No. 3

Zinalinso zofunikira kupatsa maadiresi awa kwa ma router a kasitomala. OpenVPN-server, powonjezera mzere wotsatira pa kasinthidwe kake:

ifconfig-pool-persist /etc/openvpn/ipp.txt 0

ndikuwonjezera mizere yotsatirayi ku fayilo /etc/openvpn/ipp.txt:

flat1_id 192.168.10.100
flat2_id 192.168.10.150

kumene flat1_id ndi flat2_id ndi mayina a chipangizo omwe atchulidwa popanga satifiketi yolumikizira ku OpenVPN

Kenako, ma routers adakonzedwa OpenVPN- makasitomala, zida za tap0 pazonse ziwiri zinawonjezedwa ku mlatho wa br-lan. Pakadali pano, chilichonse chinkaoneka bwino, chifukwa ma network onse atatu amatha kuwonana ndikugwira ntchito ngati gawo limodzi. Komabe, tsatanetsatane wosasangalatsa unabuka: nthawi zina zida zimalandira adilesi ya IP kuchokera ku rauta yolakwika, zomwe zinatsatira. Pazifukwa zina, rauta yomwe ili mu nyumba imodzi sinayankhe DHCPDISCOVER pakapita nthawi, ndipo chipangizocho chinalandira adilesi yolakwika. Ndinazindikira kuti ndikufunika kusefa zopempha zotere mu tap0 pa rauta iliyonse, koma monga momwe zidakhalira, iptables sizingagwire ntchito ndi chipangizo ngati ndi gawo la mlatho, kotero ndimayenera kugwiritsa ntchito ebtables. Tsoka ilo, firmware yanga sinayiphatikizepo, kotero ndinayenera kumanganso zithunzi za chipangizo chilichonse. Nditachita izi ndikuwonjezera mizere yotsatirayi ku /etc/rc.local pa rauta iliyonse, vutoli linathetsedwa:

ebtables -A INPUT --in-interface tap0 --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -A INPUT --in-interface tap0 --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP
ebtables -A FORWARD --out-interface tap0 --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -A FORWARD --out-interface tap0 --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP

Kusintha kumeneku kunatenga zaka zitatu.

Gawo 2: Kudziwana WireGuard

Posachedwapa, pa intaneti pakhala nkhani zambiri zokhudza WireGuard, poyamikira kusavuta kwake kukonzedwa, liwiro lake losamutsa deta, ping yotsika, komanso chitetezo chofanana. Kufufuza zambiri zowonjezera za izi kunavumbula kuti sizikuthandizira thandizo la membala wa mlatho kapena protocol ya TCP, zomwe zinandipangitsa kukhulupirira kuti palibe njira ina. OpenVPN kwa ine sichinafikebe. Kotero ndinayimitsa kaye kudziwa WireGuard.

Masiku angapo apitawo, nkhani zinafalikira kudzera m'zinthu zokhudzana ndi IT mwanjira ina kuti WireGuard potsiriza idzaphatikizidwa mu kernel Linux, kuyambira ndi mtundu 5.6. Nkhani za m'nkhani, monga mwa nthawi zonse, zinayamikiridwa WireGuardNdinayambanso kufunafuna njira zosinthira zakale zabwino OpenVPNNthawi ino ndinakumana ndi nkhaniyi. Idalankhula za kupanga ngalande ya Ethernet pa L3 pogwiritsa ntchito GRE. Nkhaniyi inandipatsa chiyembekezo. Sizikudziwikabe chochita ndi protocol ya UDP. Kufufuzako kunanditsogolera ku nkhani zokhudzana ndi kugwiritsa ntchito socat molumikizana ndi msewu wa SSH kuti upititse patsogolo doko la UDP, komabe, adawona kuti njirayi imagwira ntchito munjira imodzi yolumikizirana, ndiko kuti, ntchito yamakasitomala angapo a VPN sizingatheke. Ndidabwera ndi lingaliro lakuyika seva ya VPN pa VPS ndikukhazikitsa GRE kwa makasitomala, koma zidapezeka kuti GRE sichigwirizana ndi kubisa, zomwe zingapangitse kuti ngati anthu ena apeza mwayi wopeza seva. , magalimoto onse pakati pa maukonde anga adzakhala m'manja mwawo, zomwe sizinandigwirizane nazo konse.

Apanso, chigamulocho chinapangidwa mokomera kubisa kosafunikira, pogwiritsa ntchito VPN pa VPN pogwiritsa ntchito dongosolo ili:

Gawo XNUMX VPN:
VPS ndi Seva ndi adilesi yamkati 192.168.30.1
MS ndi kasitomala VPS yokhala ndi adilesi yamkati 192.168.30.2
MK2 ndi kasitomala VPS yokhala ndi adilesi yamkati 192.168.30.3
MK3 ndi kasitomala VPS yokhala ndi adilesi yamkati 192.168.30.4

Mulingo Wachiwiri wa VPN:
MS ndi Seva ndi adilesi yakunja 192.168.30.2 ndi mkati 192.168.31.1
MK2 ndi kasitomala MS ndi adilesi 192.168.30.2 ndipo ali mkati IP 192.168.31.2
MK3 ndi kasitomala MS ndi adilesi 192.168.30.2 ndipo ali mkati IP 192.168.31.3

* MS - seva ya router mu nyumba 1, MK2 - rauta mu nyumba 2, MK3 - rauta mu nyumba 3
* Kukonzekera kwa chipangizo kumasindikizidwa mu spoiler kumapeto kwa nkhaniyo.

Ndipo kotero, ma pings akuyenda pakati pa node za netiweki 192.168.31.0/24, ndi nthawi yoti mupitirize kukhazikitsa njira ya GRE. Izi zisanachitike, kuti musataye mwayi wopeza ma routers, ndikofunikira kukhazikitsa masinthidwe a SSH kuti apititse patsogolo doko 22 kupita ku VPS, kotero kuti, mwachitsanzo, rauta yochokera ku nyumba 10022 ipezeka pa doko 2 la VPS, ndi rauta kuchokera ku nyumba 11122 ipezeka pa doko 3 rauta kuchokera ku nyumba XNUMX. Ndi bwino kukonza kutumiza pogwiritsa ntchito sshtunnel yomweyo, chifukwa idzabwezeretsanso ngalandeyo ngati ikulephera.

Msewuwo wakonzedwa, mutha kulumikizana ndi SSH kudzera padoko lotumizidwa:

ssh root@МОЙ_VPS -p 10022

Kenako muyenera kuletsa OpenVPN:

/etc/init.d/openvpn stop

Tsopano tiyeni tikhazikitse msewu wa GRE pa rauta kuchokera ku nyumba 2:

ip link add grelan0 type gretap remote 192.168.31.1 local 192.168.31.2
ip link set grelan0 up

Ndipo onjezani mawonekedwe opangidwa pamlatho:

brctl addif br-lan grelan0

Tiyeni tichitenso chimodzimodzi pa router ya seva:

ip link add grelan0 type gretap remote 192.168.31.2 local 192.168.31.1
ip link set grelan0 up

Komanso onjezani mawonekedwe opangidwa ku mlatho:

brctl addif br-lan grelan0

kuyambira nthawi ino, pings akuyamba bwino kupita maukonde latsopano ndipo ine, ndi kukhutitsidwa, kupita kumwa khofi. Kenako, kuti ndiwone momwe netiweki ikugwirira ntchito kumbali ina ya mzerewo, ndimayesa SSH mu imodzi mwamakompyuta omwe ali munyumba 2, koma kasitomala wa ssh amaundana osafunsa mawu achinsinsi. Ndikuyesera kulumikiza kompyuta iyi kudzera pa telnet pa doko 22 ndipo ndikuwona mzere womwe ndimatha kumvetsetsa kuti kulumikizana kukukhazikitsidwa, seva ya SSH ikuyankha, koma pazifukwa zina sizimandipangitsa kuti ndilembetse. mu.

$ telnet 192.168.10.110 22
SSH-2.0-OpenSSH_8.1

Ndikuyesera kulumikiza izo kudzera pa VNC ndikuwona chophimba chakuda. Ndimadzitsimikizira ndekha kuti vuto lili ndi kompyuta yakutali, chifukwa ndimatha kulumikizana mosavuta ndi rauta kuchokera mnyumba muno pogwiritsa ntchito adilesi yamkati. Komabe, ndasankha kulumikiza ku SSH ya kompyutayi kudzera pa rauta ndipo ndikudabwa kupeza kuti kugwirizanako kukuyenda bwino, ndipo kompyuta yakutali imagwira ntchito bwino, koma siyingagwirizane ndi kompyuta yanga.

Ndimatulutsa chipangizo cha grelan0 pa mlatho ndikuchiyendetsa OpenVPN Pa rauta mu nyumba yachiwiri, ndinatsimikiza kuti netiweki ikugwiranso ntchito bwino ndipo maulumikizidwe sakutsika. Pofufuza, ndinapeza malo ochezera pomwe anthu anali kudandaula za mavuto omwewo, komanso komwe analangizidwa kuti akweze MTU. Nthawi yomweyo ndinachita. Komabe, mpaka MTU itayikidwa pamwamba mokwanira—7000 pazida za gretap—ndinakumana ndi maulumikizidwe a TCP otsika kapena ma transfer speed otsika. Chifukwa cha MTU yayikulu ya gretap, MTU yolumikizira WireGuard Gawo loyamba ndi lachiwiri linayikidwa pa 8000 ndi 7500 motsatana.

Ndidapanganso kukhazikitsidwa kofananako pa rauta kuchokera ku nyumba 3, kusiyana kokhako kunali kuti mawonekedwe achiwiri a gretap otchedwa grelan1 adawonjezedwa pa seva rauta, yomwe idawonjezedwanso pa mlatho wa br-lan.

Zonse zikuyenda. Tsopano mutha kuyika msonkhano wa gretap poyambira. Za ichi:

Ndinayika mizere iyi /etc/rc.local pa rauta mu nyumba 2:

ip link add grelan0 type gretap remote 192.168.31.1 local 192.168.31.2
ip link set dev grelan0 mtu 7000
ip link set grelan0 up
brctl addif br-lan grelan0

Onjezani izi ku /etc/rc.local pa rauta mu nyumba 3:

ip link add grelan0 type gretap remote 192.168.31.1 local 192.168.31.3
ip link set dev grelan0 mtu 7000
ip link set grelan0 up
brctl addif br-lan grelan0

Ndipo pa seva ya router:

ip link add grelan0 type gretap remote 192.168.31.2 local 192.168.31.1
ip link set dev grelan0 mtu 7000
ip link set grelan0 up
brctl addif br-lan grelan0

ip link add grelan1 type gretap remote 192.168.31.3 local 192.168.31.1
ip link set dev grelan1 mtu 7000
ip link set grelan1 up
brctl addif br-lan grelan1

Nditayambitsanso ma router a kasitomala, ndinapeza kuti pazifukwa zina sanali kulumikizana ndi seva. Nditalumikiza ku SSH yawo (mwamwayi, ndinali nditakonza kale sshtunnel ya izi), ndinapeza kuti WireGuard Pazifukwa zina, imapanga njira yolowera kumapeto, koma sizolondola. Mwachitsanzo, pa 192.168.30.2, tebulo la njira linatchula njira yodutsa mu mawonekedwe a pppoe-wan, mwachitsanzo, kudzera pa intaneti, ngakhale njira yoloweramo iyenera kuyendetsedwa kudzera mu mawonekedwe a wg0. Pambuyo pochotsa njira iyi, kulumikizana kunabwezeretsedwa. Kodi ndingapeze malangizo kulikonse momwe ndingakakamizire? WireGuard Sindingathe kupewa kupanga njira izi. Komanso, sindinamvetse ngati izi zinali mbali ya OpenWRT kapena ya WireGuardPopanda kuthera nthawi yambiri ndikupeza vutoli, ndangowonjezera mzere ku script ya timer-loop pa ma rauta onse awiri omwe adachotsa njira iyi:

route del 192.168.30.2

Kuphatikizidwa

Kukanidwa kotheratu OpenVPN Sindinakwaniritse izi, chifukwa nthawi zina ndimafunika kulumikiza netiweki yatsopano kuchokera pa laputopu kapena foni, ndipo kukhazikitsa chipangizo cha gretap pa iwo nthawi zambiri sikungatheke. Komabe, ngakhale zili choncho, ndapeza mwayi wogwiritsa ntchito liwiro losamutsa deta pakati pa nyumba, ndipo kugwiritsa ntchito VNC, mwachitsanzo, tsopano kuli kosavuta. Ping yachepa pang'ono koma yakhala yokhazikika:

Mukamagwiritsa ntchito OpenVPN:

[r0ck3r@desktop ~]$ ping -c 20 192.168.10.110
PING 192.168.10.110 (192.168.10.110) 56(84) bytes of data.
64 bytes from 192.168.10.110: icmp_seq=1 ttl=64 time=133 ms
...
64 bytes from 192.168.10.110: icmp_seq=20 ttl=64 time=125 ms

--- 192.168.10.110 ping statistics ---
20 packets transmitted, 20 received, 0% packet loss, time 19006ms
rtt min/avg/max/mdev = 124.722/126.152/136.907/3.065 ms

Mukamagwiritsa ntchito WireGuard:

[r0ck3r@desktop ~]$ ping -c 20 192.168.10.110
PING 192.168.10.110 (192.168.10.110) 56(84) bytes of data.
64 bytes from 192.168.10.110: icmp_seq=1 ttl=64 time=124 ms
...
64 bytes from 192.168.10.110: icmp_seq=20 ttl=64 time=124 ms
--- 192.168.10.110 ping statistics ---
20 packets transmitted, 20 received, 0% packet loss, time 19003ms
rtt min/avg/max/mdev = 123.954/124.423/126.708/0.675 ms

Zimakhudzidwa kwambiri ndi ping yapamwamba ku VPS, yomwe ili pafupifupi 61.5 ms

Komabe, liwiro lawonjezeka kwambiri. Chifukwa chake, mu nyumba yokhala ndi seva ya rauta, ndili ndi liwiro lolumikizira intaneti la 30 Mbps, ndipo m'nyumba zina ndi 5 Mbps. Komanso, mukamagwiritsa ntchito OpenVPN Sindinathe kupeza liwiro losamutsa deta pakati pa ma network opitilira 3,8 Mbps malinga ndi ziwerengero za iperf, pomwe WireGuard "ndinaipompa" mpaka 5 Mbit/sekondi yomweyo.

Kukhazikika WireGuard pa VPS[Interface]
Address = 192.168.30.1/24
ListenPort = 51820
PrivateKey = <ЗАКРЫТЫЙ_КЛЮЧ_ДЛЯ_VPS>

[Mnzake]
Chifungulo Cha Anthu Onse = <VPN_1_MS_PUBLIC_KEY>
AllowedIPs = 192.168.30.2/32

[Mnzake]
Chifungulo Cha Anthu Onse = <VPN_2_MK2_PUBLIC_KEY>
AllowedIPs = 192.168.30.3/32

[Mnzake]
Chifungulo Cha Anthu Onse = <VPN_2_MK3_PUBLIC_KEY>
AllowedIPs = 192.168.30.4/32

Kukhazikika WireGuard pa MS (yowonjezedwa ku /etc/config/network)

#VPN первого уровня - клиент
config interface 'wg0'
        option proto 'wireguard'
        list addresses '192.168.30.2/24'
        option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_1_МС'
        option auto '1'
        option mtu '8000'

config wireguard_wg0
        option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_1_VPS'
        option endpoint_port '51820'
        option route_allowed_ips '1'
        option persistent_keepalive '25'
        list allowed_ips '192.168.30.0/24'
        option endpoint_host 'IP_АДРЕС_VPS'

#VPN второго уровня - сервер
config interface 'wg1'
        option proto 'wireguard'
        option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_2_МС'
        option listen_port '51821'
        list addresses '192.168.31.1/24'
        option auto '1'
        option mtu '7500'

config wireguard_wg1
        option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_2_МК2'
        list allowed_ips '192.168.31.2'

config wireguard_wg1ip link add grelan0 type gretap remote 192.168.31.1 local 192.168.31.3

        option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_2_МК3'
        list allowed_ips '192.168.31.3'

Kukhazikika WireGuard pa MK2 (yowonjezedwa ku /etc/config/network)

#VPN первого уровня - клиент
config interface 'wg0'
        option proto 'wireguard'
        list addresses '192.168.30.3/24'
        option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_1_МК2'
        option auto '1'
        option mtu '8000'

config wireguard_wg0
        option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_1_VPS'
        option endpoint_port '51820'
        option persistent_keepalive '25'
        list allowed_ips '192.168.30.0/24'
        option endpoint_host 'IP_АДРЕС_VPS'

#VPN второго уровня - клиент
config interface 'wg1'
        option proto 'wireguard'
        option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_2_МК2'
        list addresses '192.168.31.2/24'
        option auto '1'
        option listen_port '51821'
        option mtu '7500'

config wireguard_wg1
        option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_2_МС'
        option endpoint_host '192.168.30.2'
        option endpoint_port '51821'
        option persistent_keepalive '25'
        list allowed_ips '192.168.31.0/24'

Kukhazikika WireGuard pa MK3 (yowonjezedwa ku /etc/config/network)

#VPN первого уровня - клиент
config interface 'wg0'
        option proto 'wireguard'
        list addresses '192.168.30.4/24'
        option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_1_МК3'
        option auto '1'
        option mtu '8000'

config wireguard_wg0
        option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_1_VPS'
        option endpoint_port '51820'
        option persistent_keepalive '25'
        list allowed_ips '192.168.30.0/24'
        option endpoint_host 'IP_АДРЕС_VPS'

#VPN второго уровня - клиент
config interface 'wg1'
        option proto 'wireguard'
        option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_2_МК3'
        list addresses '192.168.31.3/24'
        option auto '1'
        option listen_port '51821'
        option mtu '7500'

config wireguard_wg1
        option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_2_МС'
        option endpoint_host '192.168.30.2'
        option endpoint_port '51821'
        option persistent_keepalive '25'
        list allowed_ips '192.168.31.0/24'

Mu makonzedwe omwe afotokozedwa a VPN ya mlingo wachiwiri, ndikuwonetsa kwa makasitomala WireGuard Doko 51821. Izi siziyenera kukhala zofunikira, chifukwa kasitomala adzakhazikitsa kulumikizana kuchokera ku doko lililonse laulere, lopanda mwayi, koma ndachita izi mwanjira iyi kuti ndithe kukana kulumikizana konse komwe kukubwera pa ma interface a wg0 a ma rauta onse, kupatula kulumikizana kwa UDP komwe kukubwera ku doko 51821.

Ndikukhulupirira kuti nkhaniyi ithandiza munthu wina.

PS Komanso, ndikufuna kugawana zolemba zanga zomwe zimanditumizira chidziwitso cha PUSH ku foni yanga mu pulogalamu ya WirePusher pomwe chida chatsopano chikawonekera pa netiweki yanga. Nawu ulalo wa script: github.com/r0ck3r/device_discover.

LIPOTI: Kukhazikika OpenVPN-maseva ndi makasitomala

OpenVPN- seva

client-to-client

ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/vpn-server.crt
dh /etc/openvpn/server/dh.pem
key /etc/openvpn/server/vpn-server.key

dev tap
ifconfig-pool-persist /etc/openvpn/ipp.txt 0
keepalive 10 60
proto tcp4
server-bridge 192.168.10.1 255.255.255.0 192.168.10.80 192.168.10.254
status /var/log/openvpn-status.log
verb 3
comp-lzo

OpenVPN-kasitomala

client
tls-client
dev tap
proto tcp
remote VPS_IP 1194 # Change to your router's External IP
resolv-retry infinite
nobind

ca client/ca.crt
cert client/client.crt
key client/client.key
dh client/dh.pem

comp-lzo
persist-tun
persist-key
verb 3

Ndinagwiritsa ntchito Easy-rsa kupanga satifiketi

Source: www.habr.com

Gulani kuchititsa kodalirika kwamasamba okhala ndi chitetezo cha DDoS, ma seva a VPS VDS Gulani malo odalirika osungira mawebusayiti okhala ndi chitetezo cha DDoS, ma seva a VPS VDS | ProHoster