Ou te fia faʻasoa atu loʻu poto masani i le tuʻufaʻatasia o fesoʻotaʻiga i totonu o fale mautotogi mamao e tolu, e faʻaogaina e taʻitasi alalaupapa OpenWRT e fai ma faitotoʻa, i totonu o fesoʻotaʻiga masani e tasi. Pe a filifilia se metotia mo le tuʻufaʻatasia o fesoʻotaʻiga i le va o le L3 ma le subnet routing ma le L2 faʻatasi ai ma le faʻapipiʻiina, pe a oʻo uma nodes fesoʻotaʻiga i le laiga tutusa, na tuʻuina atu le filifiliga i le auala lona lua, lea e sili atu ona faigata ona faʻatulagaina, ae maua ai avanoa sili atu, talu ai o le fa'aogaina manino o tekinolosi sa fuafuaina i le feso'ota'iga o lo'o fausia Wake-on-Lan ma DLNA.
Vaega 1: Talaaga
OpenVPN na filifilia muamua e avea ma tulafono mo le faʻatinoina o lenei galuega, talu ai, muamua, e mafai ona fatuina se masini tapuni e mafai ona faʻaopoopo i le alalaupapa e aunoa ma ni faʻafitauli, ma lona lua, OpenVPN lagolagoina le faʻagaioiga i luga o le TCP protocol, lea e taua foi, aua e leai se tasi. o fale mautotogi sa i ai se tuatusi IP tuuto, ma sa le mafai ona ou faʻaogaina le STUN, talu ai o laʻu kamupani mo nisi mafuaaga e poloka ai fesoʻotaʻiga UDP ulufale mai a latou fesoʻotaʻiga, ae o le TCP protocol na faʻatagaina aʻu e tuʻuina atu le VPN server port i le mautotogi VPS faʻaaoga SSH. Ioe, o lenei auala e maua ai se uta tele, talu ai o faʻamaumauga e faʻailoga faalua, ae ou te leʻi manaʻo e faʻafeiloaʻi se VPS i laʻu fesoʻotaʻiga tumaoti, talu ai o loʻo i ai pea se tulaga lamatia o isi vaega e maua le puleaina, o le mea lea, o loʻo i ai sea masini. i luga o laʻu upega tafaʻilagi sa matua le manaʻomia ma na filifili ai le totogi mo le puipuiga ma le tele o luga.
Ina ia tuʻuina atu le taulaga i luga o le router lea na fuafua e faʻapipiʻi ai le server, na faʻaaogaina le polokalame sshtunnel. O le a ou le faʻamatalaina le lavelave o lona faʻatulagaina - e fai lava si faigofie, o le a ou matauina o lana galuega o le tuʻuina atu lea o le TCP port 1194 mai le router i le VPS. O le isi, o le OpenVPN server na faʻapipiʻiina i luga o le masini tap0, lea na fesoʻotaʻi i le alalaupapa br-lan. I le siakiina o le fesoʻotaʻiga i le server fou na faia mai le komepiuta, na manino ai o le manatu o le faʻasalalauina o le taulaga na faʻamaonia ma o laʻu komepiuta na avea ma sui o le fesoʻotaʻiga a le router, e ui lava e leʻi i ai faaletino.
E naʻo le tasi le mea itiiti na totoe e fai: e tatau ona tufatufa atu tuatusi IP i fale mautotogi eseese ina ia latou le feteʻenaʻi ma faʻapipiʻi le au taʻavale e pei o OpenVPN tagata faʻatau.
O tuatusi IP o lo'o taua i lalo ma le DHCP server ranges na filifilia:
- 192.168.10.1 ma le lautele 192.168.10.2 - 192.168.10.80 mo le server
- 192.168.10.100 ma le lautele 192.168.10.101 - 192.168.10.149 mo le router i le fale mautotogi Nu. 2
- 192.168.10.150 ma le lautele 192.168.10.151 - 192.168.10.199 mo le router i le fale mautotogi Nu. 3
Sa tatau foʻi ona tuʻuina tonu atu nei tuatusi i tagata faʻasalalau o le OpenVPN server e ala i le faʻaopoopoina o le laina i lona faʻatulagaga:
ifconfig-pool-persist /etc/openvpn/ipp.txt 0ma faʻaopoopo laina nei i le /etc/openvpn/ipp.txt faila:
flat1_id 192.168.10.100
flat2_id 192.168.10.150
lea o le flat1_id ma le flat2_id o igoa o le masini ua fa'amaoti mai pe a fai tusi pasi mo le feso'ota'i i OpenVPN
O le isi, OpenVPN tagata faʻatau na faʻapipiʻiina i luga o alalaupapa, tap0 masini i luga uma e lua na faʻaopoopoina i le alalaupapa br-lan. I lenei laʻasaga, na foliga mai o loʻo lelei mea uma ona o fesoʻotaʻiga uma e tolu e mafai ona vaʻaia e le tasi le isi ma galulue faʻatasi. Ae ui i lea, o se faʻamatalaga e le manaia tele na aliaʻe: o nisi taimi e mafai e masini ona maua se tuatusi IP e le mai le latou alalaupapa, faatasi ai ma taunuuga uma e sosoo ai. Mo nisi mafuaʻaga, o le router i se tasi o fale mautotogi e leʻi maua se taimi e tali atu ai i le DHCPDISCOVER i le taimi ma na maua e le masini se tuatusi e leʻi faʻamoemoeina. Na ou iloa e tatau ona ou faamamaina ia talosaga i le tap0 i luga o taʻavale taʻitasi, ae o le mea na tupu, e le mafai e iptables ona galue ma le masini pe a fai o se vaega o se alalaupapa ma e tatau ona oʻo mai ebtables e fesoasoani ia te aʻu. I loʻu faanoanoaga, e leʻi i totonu o laʻu firmware ma e tatau ona ou toe fausia ata mo masini taʻitasi. I le faia o lenei mea ma faʻaopoopo laina nei i /etc/rc.local o router taʻitasi, na foia ai le faʻafitauli:
ebtables -A INPUT --in-interface tap0 --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -A INPUT --in-interface tap0 --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP
ebtables -A FORWARD --out-interface tap0 --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -A FORWARD --out-interface tap0 --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP
O lenei faatulagaga na tumau mo le tolu tausaga.
Vaega 2: Fa'ailoaina WireGuard
Talu ai nei, o tagata i luga o le Initaneti ua amata ona talanoa e uiga i WireGuard, faʻamemelo i le faigofie o lona faʻatulagaina, maualuga le saoasaoa o fesoʻotaʻiga, maualalo ping ma faʻatusatusa le saogalemu. O le su'esu'eina o nisi fa'amatalaga e uiga i lea mea na manino ai e le o galue o se tagata alalaupapa po'o le galue i luga o le TCP protocol na lagolagoina e ia, lea na mafua ai ona ou manatu e leai lava se isi mea e sui ai OpenVPN mo a'u. O lea na ou tolopo ai le masani i WireGuard.
I ni nai aso talu ai, o tala fou na salalau atu i punaoa i se tasi auala poʻo se isi e fesoʻotaʻi ma IT o le WireGuard o le a iu lava ina aofia i le fatu Linux, amata i le version 5.6. Talafou tala, pei o taimi uma, viia WireGuard. Na ou toe oso i le sailiga mo auala e sui ai le OpenVPN tuai lelei. O le taimi lea na ou oso ai i totonu . Na talanoa e uiga i le fatuina o se alalaupapa Ethernet i luga ole L3 faʻaaoga GRE. O lenei tusiga na ou maua ai le faamoemoe. Na tumau pea le le manino pe o le a le mea e fai i le UDP protocol. O le suʻesuʻega na taʻitaʻia aʻu i tala e uiga i le faʻaogaina o socat faʻatasi ma se SSH tunnel e tuʻuina atu ai se taulaga UDP, peitaʻi, na latou maitauina o lenei auala e naʻo le tasi le fesoʻotaʻiga mode, o lona uiga, o le galuega a le tele o tagata VPN o le a le mafai. Na ou sau ma le manatu o le faʻapipiʻiina o se VPN server i luga o le VPS ma faʻatutuina le GRE mo tagata faʻatau, ae o le mea na tupu, e le lagolagoina e le GRE faʻamatalaga, lea o le a taʻitaʻia ai le mea moni pe a maua e isi vaega le avanoa i le server. , o fefaʻatauaiga uma i le va o aʻu fesoʻotaʻiga o le a i totonu o latou lima, e leʻi fetaui ma aʻu.
O le isi, na faia le faʻaiʻuga mo le faʻailoga faʻailoga, e ala i le faʻaaogaina VPN i luga ole VPN e faʻaaoga ai le polokalame lenei:
Laasaga XNUMX VPN:
VPS o server ma tuatusi totonu 192.168.30.1
MS o tagata o tausia VPS ma tuatusi totonu 192.168.30.2
MK2 o tagata o tausia VPS ma tuatusi totonu 192.168.30.3
MK3 o tagata o tausia VPS ma tuatusi totonu 192.168.30.4
VPN tulaga lua:
MS o server ma tuatusi fafo 192.168.30.2 ma totonu 192.168.31.1
MK2 o tagata o tausia MS fa'atasi ai ma le tuatusi 192.168.30.2 ma o lo'o iai se IP totonu 192.168.31.2
MK3 o tagata o tausia MS fa'atasi ai ma le tuatusi 192.168.30.2 ma o lo'o iai se IP totonu 192.168.31.3
* MS — router-server i fale mautotogi 1, MK2 - router i le fale mautotogi 2, MK3 - router ile fale mautotogi 3
* O faʻatonuga o masini o loʻo faʻasalalau i le faʻaleagaina i le faaiuga o le tusiga.
Ma o lea, pings o loʻo tamoʻe i le va o nodes network 192.168.31.0/24, ua oʻo i le taimi e faʻagasolo ai i le faʻatulagaina o se alalaupapa GRE. Aʻo leʻi faia lenei mea, ina ia aua neʻi leiloa le avanoa i tagata taʻavale, e aoga le faʻatulagaina o SSH tunnels e tuʻuina atu le taulaga 22 i le VPS, ina ia, mo se faʻataʻitaʻiga, o le router mai le fale mautotogi 10022 o le a mafai ona maua i luga o le taulaga 2 o le VPS, ma le router mai le fale mautotogi 11122 o le a mafai ona maua i luga o le taulaga 3 router mai le fale mautotogi XNUMX. E sili ona lelei le faʻatulagaina o le faʻafeiloaʻi e faʻaaoga ai le sshtunnel tutusa, talu ai o le a toe faʻafoʻisia le alavai pe a le manuia.
Ua faʻatulagaina le alavai, e mafai ona e faʻafesoʻotaʻi i le SSH e ala i le tuʻuina atu:
ssh root@МОЙ_VPS -p 10022Le isi e tatau ona e tapeina OpenVPN:
/etc/init.d/openvpn stopSeʻi o tatou faʻatulagaina se GRE tunnel i luga o le router mai le fale 2:
ip link add grelan0 type gretap remote 192.168.31.1 local 192.168.31.2
ip link set grelan0 up
Ma faʻaopoopo le atinaʻe na faia i le alalaupapa:
brctl addif br-lan grelan0
Sei o tatou faia se faiga faapena i luga o le router router:
ip link add grelan0 type gretap remote 192.168.31.2 local 192.168.31.1
ip link set grelan0 up
Ma faʻaopoopo foi le atinaʻe na faia i le alalaupapa:
brctl addif br-lan grelan0
amata mai i le taimi nei, pings amata ona alu manuia i le fesoʻotaʻiga fou ma o aʻu, ma le faamalieina, alu e inu kofe. Ma, e iloilo pe faʻapefea ona galue le fesoʻotaʻiga i le isi pito o le laina, ou te taumafai e SSH i se tasi o komepiuta i le fale mautotogi 2, ae faʻamalo le ssh client e aunoa ma le faʻamalosia mo se faʻaupuga. O loʻo ou taumafai e faʻafesoʻotaʻi i lenei komepiuta e ala i le telnet i luga o le taulaga 22 ma ou vaʻai i se laina e mafai ona ou malamalama ai o loʻo faʻavaeina le fesoʻotaʻiga, o loʻo tali mai le SSH server, ae mo nisi mafuaʻaga e le faʻaosofia ai aʻu e saini. i totonu.
$ telnet 192.168.10.110 22
SSH-2.0-OpenSSH_8.1
O loʻo ou taumafai e faʻafesoʻotaʻi i ai e ala i le VNC ma vaʻai i se lanu uliuli. Ou te faʻamaonia aʻu lava o le faʻafitauli o loʻo i le komepiuta mamao, aua e faigofie ona ou faʻafesoʻotaʻi i le router mai lenei fale mautotogi e faʻaaoga ai le tuatusi totonu. Ae ui i lea, ou te filifili e faʻafesoʻotaʻi le SSH o lenei komepiuta e ala i le router ma ou te ofo i le mauaina o le fesoʻotaʻiga manuia, ma o le komepiuta mamao e galue masani, ae e le mafai foi ona fesoʻotaʻi i laʻu komepiuta.
Ou te aveese le masini grelan0 mai le alalaupapa ma tamoe OpenVPN i luga o le alalaupapa i le fale mautotogi 2 ma ia mautinoa o loʻo galue le fesoʻotaʻiga e pei ona faʻamoemoeina ma e le paʻu le fesoʻotaʻiga. E ala i le su'esu'ega, ou te sau ai i fono e faitio ai tagata i ia lava fa'afitauli, lea e fautuaina ai i latou e sii le MTU. E le'i leva ona fai atu. Ae peita'i, se'ia lava le maualuga o le MTU - 7000 mo masini gretap, a le o le pa'u o feso'ota'iga TCP po'o le maualalo o tau fa'aliliu na matauina. Ona o le maualuga MTU mo gretap, o le MTUs mo Layer 8000 ma Layer 7500 WireGuard fesoʻotaʻiga na seti i le XNUMX ma le XNUMX i le faasologa.
Na ou faia se seti faapena i luga o le router mai le fale mautotogi 3, ma na o le pau lava le eseesega o le lona lua o le gretap interface e igoa ia grelan1 na faaopoopo i le router router, lea na faaopoopo foi i le alalaupapa br-lan.
O loʻo galue mea uma. Ole taimi nei e mafai ona e tu'u le fa'apotopotoga gretap ile amataga. Mo lenei:
Na ou tuʻuina nei laina i /etc/rc.local i luga o le router i le fale mautotogi 2:
ip link add grelan0 type gretap remote 192.168.31.1 local 192.168.31.2
ip link set dev grelan0 mtu 7000
ip link set grelan0 up
brctl addif br-lan grelan0
Faʻaopoopo lenei mea i /etc/rc.local i luga o le router i le fale mautotogi 3:
ip link add grelan0 type gretap remote 192.168.31.1 local 192.168.31.3
ip link set dev grelan0 mtu 7000
ip link set grelan0 up
brctl addif br-lan grelan0
Ma i luga o le router router:
ip link add grelan0 type gretap remote 192.168.31.2 local 192.168.31.1
ip link set dev grelan0 mtu 7000
ip link set grelan0 up
brctl addif br-lan grelan0
ip link add grelan1 type gretap remote 192.168.31.3 local 192.168.31.1
ip link set dev grelan1 mtu 7000
ip link set grelan1 up
brctl addif br-lan grelan1
Ina ua uma ona toe faʻafou le aufailaʻau kalani, na ou iloa ai mo nisi mafuaʻaga latou te le o fesoʻotaʻi i le server. I le fesoʻotaʻi atu i la latou SSH (lelei, na ou faʻatulagaina muamua le sshtunnel mo lenei mea), na iloa ai o WireGuard mo nisi mafuaʻaga na faia ai se auala mo le pito, ae e le saʻo. O lea la, mo le 192.168.30.2, o le laulau ala na faʻaalia ai se auala e ala i le pppoe-wan interface, o lona uiga, e ala i le Initaneti, e ui lava o le auala i ai e tatau ona faʻaogaina i le wg0 interface. Ina ua uma ona tape lenei auala, na toe faʻaleleia le fesoʻotaʻiga. Sa le mafai ona ou mauaina ni faatonuga i soo se mea pe faʻafefea ona faʻamalosia WireGuard e aua le faia nei auala. E le gata i lea, ou te leʻi malamalama pe o se vaega lea o OpenWRT poʻo WireGuard lava ia. A aunoa ma le taulimaina o lenei faʻafitauli mo se taimi umi, na ou faʻaopoopoina se laina i auala uma e lua i se faʻasologa taimi na tapeina ai lenei auala:
route del 192.168.30.2
Faʻaopoopo i luga
Ou te leʻi ausia lava le lafoaia atoatoa o OpenVPN, talu ai o nisi taimi ou te manaʻomia le faʻafesoʻotaʻi i se fesoʻotaʻiga fou mai se komepiuta feaveaʻi poʻo se telefoni, ma faʻapipiʻi se masini gretap i luga oi latou e masani lava e le mafai, ae e ui i lea, na ou maua se avanoa i le saoasaoa. o le fa'aliliuina o fa'amatalaga i le va o fale mautotogi ma, mo se fa'ata'ita'iga, o le fa'aaogaina o le VNC ua le toe fa'alavelave. Na fa'aitiitia teisi le Ping, ae na atili mautu:
A faʻaaoga OpenVPN:
[r0ck3r@desktop ~]$ ping -c 20 192.168.10.110
PING 192.168.10.110 (192.168.10.110) 56(84) bytes of data.
64 bytes from 192.168.10.110: icmp_seq=1 ttl=64 time=133 ms
...
64 bytes from 192.168.10.110: icmp_seq=20 ttl=64 time=125 ms
--- 192.168.10.110 ping statistics ---
20 packets transmitted, 20 received, 0% packet loss, time 19006ms
rtt min/avg/max/mdev = 124.722/126.152/136.907/3.065 ms
Pe a faʻaaogaina WireGuard:
[r0ck3r@desktop ~]$ ping -c 20 192.168.10.110
PING 192.168.10.110 (192.168.10.110) 56(84) bytes of data.
64 bytes from 192.168.10.110: icmp_seq=1 ttl=64 time=124 ms
...
64 bytes from 192.168.10.110: icmp_seq=20 ttl=64 time=124 ms
--- 192.168.10.110 ping statistics ---
20 packets transmitted, 20 received, 0% packet loss, time 19003ms
rtt min/avg/max/mdev = 123.954/124.423/126.708/0.675 ms
E sili atu ona afaina i le maualuga ping i le VPS, lea e tusa ma le 61.5 ms
Ae ui i lea, ua matua faateleina le saoasaoa. O lea la, i totonu o se fale mautotogi ma se router router o loʻo i ai laʻu fesoʻotaʻiga Initaneti i le 30 Mbit / sec, ma i isi fale e 5 Mbit / sec. I le taimi lava e tasi, aʻo ou faʻaogaina le OpenVPN, sa le mafai ona ou ausia se saoasaoa o fesoʻotaʻiga i le va o fesoʻotaʻiga e sili atu i le 3,8 Mbit/sec e tusa ai ma faitauga iperf, ae o le WireGuard na "faʻateleina" i le 5 Mbit / sec tutusa.
WireGuard faʻatulagaina ile VPS[Interface]
Address = 192.168.30.1/24
ListenPort = 51820
PrivateKey = <ЗАКРЫТЫЙ_КЛЮЧ_ДЛЯ_VPS>
[Peer]
PublicKey = <ОТКРЫТЫЙ_КЛЮЧ_VPN_1_МС>
AllowedIPs = 192.168.30.2/32
[Peer]
PublicKey = <ОТКРЫТЫЙ_КЛЮЧ_VPN_2_МК2>
AllowedIPs = 192.168.30.3/32
[Peer]
PublicKey = <ОТКРЫТЫЙ_КЛЮЧ_VPN_2_МК3>
AllowedIPs = 192.168.30.4/32
WireGuard configuration i MS (faʻaopoopo i /etc/config/network)
#VPN первого уровня - клиент
config interface 'wg0'
option proto 'wireguard'
list addresses '192.168.30.2/24'
option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_1_МС'
option auto '1'
option mtu '8000'
config wireguard_wg0
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_1_VPS'
option endpoint_port '51820'
option route_allowed_ips '1'
option persistent_keepalive '25'
list allowed_ips '192.168.30.0/24'
option endpoint_host 'IP_АДРЕС_VPS'
#VPN второго уровня - сервер
config interface 'wg1'
option proto 'wireguard'
option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_2_МС'
option listen_port '51821'
list addresses '192.168.31.1/24'
option auto '1'
option mtu '7500'
config wireguard_wg1
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_2_МК2'
list allowed_ips '192.168.31.2'
config wireguard_wg1ip link add grelan0 type gretap remote 192.168.31.1 local 192.168.31.3
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_2_МК3'
list allowed_ips '192.168.31.3'
Faiga WireGuard i MK2 (faʻaopoopo i /etc/config/network)
#VPN первого уровня - клиент
config interface 'wg0'
option proto 'wireguard'
list addresses '192.168.30.3/24'
option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_1_МК2'
option auto '1'
option mtu '8000'
config wireguard_wg0
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_1_VPS'
option endpoint_port '51820'
option persistent_keepalive '25'
list allowed_ips '192.168.30.0/24'
option endpoint_host 'IP_АДРЕС_VPS'
#VPN второго уровня - клиент
config interface 'wg1'
option proto 'wireguard'
option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_2_МК2'
list addresses '192.168.31.2/24'
option auto '1'
option listen_port '51821'
option mtu '7500'
config wireguard_wg1
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_2_МС'
option endpoint_host '192.168.30.2'
option endpoint_port '51821'
option persistent_keepalive '25'
list allowed_ips '192.168.31.0/24'
Faiga WireGuard i MK3 (faʻaopoopo i /etc/config/network)
#VPN первого уровня - клиент
config interface 'wg0'
option proto 'wireguard'
list addresses '192.168.30.4/24'
option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_1_МК3'
option auto '1'
option mtu '8000'
config wireguard_wg0
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_1_VPS'
option endpoint_port '51820'
option persistent_keepalive '25'
list allowed_ips '192.168.30.0/24'
option endpoint_host 'IP_АДРЕС_VPS'
#VPN второго уровня - клиент
config interface 'wg1'
option proto 'wireguard'
option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_2_МК3'
list addresses '192.168.31.3/24'
option auto '1'
option listen_port '51821'
option mtu '7500'
config wireguard_wg1
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_2_МС'
option endpoint_host '192.168.30.2'
option endpoint_port '51821'
option persistent_keepalive '25'
list allowed_ips '192.168.31.0/24'
I faʻamatalaga faʻamatalaina mo le tulaga lua VPN, ou te faʻasino atu WireGuard tagata faʻatau i le taulaga 51821. I le talitonuga, e le manaʻomia lenei mea, talu ai o le a faʻavaeina e le kalani se fesoʻotaʻiga mai soʻo se taulaga e leai se totogi, ae na ou faia ina ia mafai ai ona faʻasaina. feso'ota'iga uma e o'o mai i luga o feso'ota'iga wg0 o ta'avale uma se'i vagana ai feso'ota'iga UDP o lo'o o'o mai ile taulaga 51821.
Ou te faʻamoemoe o le a aoga le tusiga i se tasi.
SALA E le gata i lea, ou te manaʻo e faʻasoa laʻu tusitusiga e tuʻuina mai ia te aʻu se faʻamatalaga PUSH i laʻu telefoni i le WirePusher talosaga pe a faʻaalia se masini fou i luga o laʻu fesoʻotaʻiga. O le feso'ota'iga lea i le tusitusiga: .
FAAFOUGA: Fa'atonuga o le OpenVPN server ma tagata fa'atau
OpenVPN server
client-to-client
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/vpn-server.crt
dh /etc/openvpn/server/dh.pem
key /etc/openvpn/server/vpn-server.key
dev tap
ifconfig-pool-persist /etc/openvpn/ipp.txt 0
keepalive 10 60
proto tcp4
server-bridge 192.168.10.1 255.255.255.0 192.168.10.80 192.168.10.254
status /var/log/openvpn-status.log
verb 3
comp-lzoOpenVPN tagata fa'atau
client
tls-client
dev tap
proto tcp
remote VPS_IP 1194 # Change to your router's External IP
resolv-retry infinite
nobind
ca client/ca.crt
cert client/client.crt
key client/client.key
dh client/dh.pem
comp-lzo
persist-tun
persist-key
verb 3
Sa ou faʻaogaina faigofie-rsa e faʻatupu tusi faamaonia
puna: www.habr.com