Ndingathanda ukwabelana ngamava am okudibanisa uthungelwano kumagumbi amathathu akude ngokwejografi, ngalinye lisebenzisa iirotha ezine-OpenWRT njengesango, kwinethiwekhi enye eqhelekileyo. Xa ukhetha indlela yokudibanisa uthungelwano phakathi kwe-L3 kunye nomzila we-subnet kunye ne-L2 kunye nokudibanisa, xa zonke iindawo zenethiwekhi ziza kuba kwi-subnet enye, ukhetho lwanikezelwa kwindlela yesibini, enzima kakhulu ukuyiqwalasela, kodwa ibonelela ngamathuba amakhulu, ekubeni ukusetyenziswa okusekuhleni kobuchwepheshe kwacwangciswa kuthungelwano oluyilwa i-Wake-on-Lan kunye ne-DLNA.
Icandelo 1: Imvelaphi
Iprotokholi ekhethiweyo yokuphumeza lo msebenzi ekuqaleni yayi OpenVPN, kuba, okokuqala, inokwenza isixhobo sempompo esinokongezwa kwibhulorho ngaphandle kweengxaki, kwaye okwesibini, OpenVPN Ixhasa i-TCP, eyayibalulekile, kuba akukho nanye kwezi flethi yayinedilesi ye-IP ekhethekileyo. Bendingenakukwazi ukusebenzisa i-STUN kuba i-ISP yam, ngesizathu esithile, ivala uqhagamshelo lwe-UDP olungenayo kwiinethiwekhi zayo. I-TCP indivumele ukuba ndithumele i-port yeseva yeVPN kwi-VPS eqeshiweyo kusetyenziswa i-SSH. Nangona le ndlela idala i-overhead enkulu, njengoko idatha ibethelwe kabini, bendingafuni ukuhlanganisa i-VPS kwinethiwekhi yam yabucala, njengoko kwakukho umngcipheko wokuba abantu besithathu bayilawule. Ke ngoko, ukuba nesixhobo esinjalo kwinethiwekhi yam yasekhaya bekungathandeki kakhulu, ngoko ke ndagqiba ekubeni ndihlawule i-overhead enkulu yokhuseleko.
Ukuze ndithumele izibuko kwi-router apho iseva yayicetywe ukuba ithunyelwe khona, ndisebenzise inkqubo ye-sshtunnel. Andiyi kungena kwiinkcukacha zoqwalaselo lwayo—kulula kakhulu. Ndiza kuphawula nje ukuba injongo yayo yayikukuthumela izibuko le-TCP 1194 ukusuka kwi-router ukuya kwi-VPS. Okulandelayo, ndayilungiselela iseva. OpenVPN Kwisixhobo se-tap0, esasiqhagamshelwe kwi-br-lan bridge. Emva kokuvavanya uqhagamshelo kwiseva esandula ukwenziwa kwi-laptop yam, kwacaca ukuba ingcamango yokudlulisela izibuko isebenzile, kwaye i-laptop yam yayililungu lenethiwekhi ye-router, nangona yayingeyonxalenye yayo ngokwasemzimbeni.
Into eseleyo yayikukusasaza iidilesi ze-IP kwiiflethi ezahlukeneyo ukuze zingangqubani kwaye zilungiselele ii-routers njenge OpenVPN-abathengi.
Ezi dilesi ze-IP zerotha zilandelayo kunye noluhlu lweseva ye-DHCP zikhethiwe:
- 192.168.10.1 ngoluhlu 192.168.10.2 - 192.168.10.80 yomncedisi
- 192.168.10.100 ngoluhlu 192.168.10.101 - 192.168.10.149 kwi-router kwiflethi enguNombolo 2
- 192.168.10.150 ngoluhlu 192.168.10.151 - 192.168.10.199 kwi-router kwiflethi enguNombolo 3
Kwakuyimfuneko nokuba ezi dilesi zinikwe ii-routers zabathengi. OpenVPN-server, ngokongeza umgca olandelayo kuqwalaselo lwayo:
ifconfig-pool-persist /etc/openvpn/ipp.txt 0kwaye ukongeza le migca ilandelayo kwifayile /etc/openvpn/ipp.txt:
flat1_id 192.168.10.100
flat2_id 192.168.10.150
apho i-flat1_id kunye ne-flat2_id zingamagama esixhobo achazwe xa kudalwa izatifikethi zokunxibelelana OpenVPN
Emva koko, ii-routers zacwangciswa OpenVPN- abathengi, izixhobo ze-tap0 kuzo zombini zongezwa kwi-br-lan bridge. Ngeli xesha, yonke into yayibonakala ilungile, njengoko zonke iinethiwekhi ezintathu zazinokubonana kwaye zisebenza njengeyunithi enye. Nangona kunjalo, kwavela iinkcukacha ezingathandekiyo: ngamanye amaxesha izixhobo zazifumana idilesi ye-IP kwi-router engalunganga, kunye nazo zonke iziphumo ezalandelayo. Ngesizathu esithile, i-router kwenye yeeflethi ayizange iphendule kwi-DHCPDISCOVER ngexesha, kwaye isixhobo safumana idilesi engalunganga. Ndaqonda ukuba kufuneka ndihluze izicelo ezinjalo kwi-tap0 kwi-router nganye, kodwa njengoko kwavela, ii-iptables azinakusebenza nesixhobo ukuba siyinxalenye ye-bridge, ngoko ke kwakufuneka ndisebenzise ii-ebtables. Ngelishwa, i-firmware yam ayizange iyifake, ngoko ke kwafuneka ndiphinde ndakhe imifanekiso yesixhobo ngasinye. Emva kokwenza oku nokongeza imigca elandelayo kwi-/etc/rc.local kwi-router nganye, ingxaki yasonjululwa:
ebtables -A INPUT --in-interface tap0 --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -A INPUT --in-interface tap0 --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP
ebtables -A FORWARD --out-interface tap0 --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -A FORWARD --out-interface tap0 --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP
Olu lungelelwaniso lwathatha iminyaka emithathu.
Icandelo 2: Ukwazi WireGuard
Kutshanje, kuye kwakho intetho eyandayo kwi-intanethi malunga WireGuard, ndiyithanda indlela elula yokumisela, isantya esiphezulu sokudlulisa idatha, i-ping ephantsi kunye nokhuseleko olufanayo. Ukukhangela ulwazi olongezelelweyo ngayo kutyhile ukuba ayixhasi inkxaso ye-bridge member okanye ye-TCP protocol, nto leyo eyandenza ndakholelwa ukuba akukho ndlela zimbi. OpenVPN kum ayikabikho. Ngoko ndazibekela ecaleni ukwazi WireGuard.
Kwiintsuku ezimbalwa ezidlulileyo, iindaba zasasazeka ngezixhobo ezinxulumene ne-IT ngandlela thile WireGuard ekugqibeleni iya kufakwa kwi-kernel Linux, ukuqala ngenguqulelo 5.6. Amanqaku eendaba, njengesiqhelo, anconywa WireGuardNdiphinde ndangena ekufuneni iindlela zokutshintsha izinto ezindala ezilungileyo OpenVPNNgeli xesha ndidibene . Yathetha ngokwenza itonela ye-Ethernet ngaphezulu kwe-L3 usebenzisa i-GRE. Eli nqaku landinika ithemba. Kwahlala kungacacanga ukuba wenzeni ngeprotocol ye-UDP. Ukukhangela kwandikhokelela kumanqaku malunga nokusebenzisa i-socat ngokubambisana ne-tunnel ye-SSH ukuhambisa i-port ye-UDP, nangona kunjalo, baqaphele ukuba le ndlela isebenza kuphela kwimodi yokudibanisa enye, oko kukuthi, umsebenzi wabathengi abaninzi be-VPN awuyi kuba yinto engenakwenzeka. Ndeza nombono wokufaka iseva yeVPN kwiVPS kunye nokuseta i-GRE kubathengi, kodwa njengoko kwavelayo, i-GRE ayixhasi ukubethelwa, okuya kukhokelela kwinto yokuba ukuba umntu wesithathu ufumana ukufikelela kumncedisi. , zonke iitrafikhi phakathi kothungelwano lwam ziya kuba sezandleni zabo, ezingandifanelanga kwaphela.
Kwakhona, isigqibo senziwe ngokuthanda ukubethelwa okungafunekiyo, ngokusebenzisa i-VPN ngaphezulu kwe-VPN usebenzisa le nkqubo ilandelayo:
Inqanaba 1 VPN:
VPS kuyinto umncedisi ngedilesi yangaphakathi 192.168.30.1
MC kuyinto umxhasi I-VPS enedilesi yangaphakathi 192.168.30.2
IMK2 kuyinto umxhasi I-VPS enedilesi yangaphakathi 192.168.30.3
IMK3 kuyinto umxhasi I-VPS enedilesi yangaphakathi 192.168.30.4
Inqanaba lesibini leVPN:
MC kuyinto umncedisi ngedilesi yangaphandle 192.168.30.2 kunye nangaphakathi 192.168.31.1
IMK2 kuyinto umxhasi MC ngedilesi 192.168.30.2 kwaye ine IP yangaphakathi 192.168.31.2
IMK3 kuyinto umxhasi MC ngedilesi 192.168.30.2 kwaye ine IP yangaphakathi 192.168.31.3
* MC -i-router-server kwigumbi loku-1, IMK2 -router kwiflethi 2, IMK3 -router kwiflethi 3
* Ukucwangciswa kwesixhobo kupapashwa kwi-spoiler ekupheleni kwenqaku.
Kwaye ke, iipings zisebenza phakathi kwe-network nodes 192.168.31.0/24, lixesha lokuqhubela phambili ukuseta i-tunnel ye-GRE. Ngaphambi koku, ukuze ungaphulukani nokufikelela kwii-routers, kuyafaneleka ukuseta iitonela ze-SSH ukuqhubela phambili i-port 22 ukuya kwi-VPS, ukwenzela ukuba, umzekelo, i-router esuka kwindlu yesi-10022 iya kufumaneka kwi-port 2 ye-VPS, kunye i-router ukusuka kwindlu ye-11122 iya kufumaneka kwi-port 3 i-router ukusuka kwindlu XNUMX. Kungcono ukuqwalasela ukuhanjiswa usebenzisa i-sshtunnel efanayo, ekubeni iya kubuyisela i-tunnel ukuba iyasilela.
Itonela iqwalaselwe, ungaqhagamshela kwi-SSH ngezibuko eligqithiselweyo:
ssh root@МОЙ_VPS -p 10022Okulandelayo kufuneka ukhubaze OpenVPN:
/etc/init.d/openvpn stopNgoku makhe sisete itonela ye-GRE kwi-router ukusuka kwindlu yesi-2:
ip link add grelan0 type gretap remote 192.168.31.1 local 192.168.31.2
ip link set grelan0 up
Kwaye yongeza ujongano olwenziweyo kwibhulorho:
brctl addif br-lan grelan0
Masenze inkqubo efanayo kwirutha yeseva:
ip link add grelan0 type gretap remote 192.168.31.2 local 192.168.31.1
ip link set grelan0 up
Kwaye wongeza ujongano olwenziweyo kwibhulorho:
brctl addif br-lan grelan0
ukuqala ukusuka kulo mzuzu, iipings ziqala ngempumelelo ukuya kwinethiwekhi entsha kwaye mna, ngokwaneliseka, ndiye kusela ikofu. Emva koko, ukuvavanya indlela umsebenzi womnatha osebenza ngayo kwelinye icala lomgca, ndizama ukungena kwi-SSH kwenye yeekhompyuter ezikwiflethi yesi-2, kodwa umxhasi we-ssh uyabanda ngaphandle kokwenza igama eliyimfihlo. Ndizama ukuqhagamshela kule khompyutha nge telnet kwizibuko 22 kwaye ndibona umgca apho ndinokuqonda ukuba uxhulumaniso luyasekwa, umncedisi we-SSH uyaphendula, kodwa ngenxa yesizathu esithile ayifuni ukuba ndingene. kwi.
$ telnet 192.168.10.110 22
SSH-2.0-OpenSSH_8.1
Ndizama ukudibanisa kuyo ngeVNC kwaye ndibone isikrini esimnyama. Ndiyaziqinisekisa ukuba ingxaki ikwikhompyuter ekude, kuba ndiyakwazi ukudibanisa ngokulula kwi-router ukusuka kule ndlu usebenzisa idilesi yangaphakathi. Nangona kunjalo, ndigqibe kwelokuba ndiqhagamshele kwi-SSH yale khompyuter nge-router kwaye ndothuswa kukufumanisa ukuba uqhagamshelo luphumelele, kwaye ikhompyuter ekude isebenza ngokwesiqhelo, kodwa nayo ayinakuqhagamshelwa kwikhompyuter yam.
Ndikhupha isixhobo se-grelan0 kwibhulorho ndize ndisisebenzise OpenVPN Kwi-router eflethini yesi-2, ndiqinisekisile ukuba inethiwekhi isebenza kakuhle kwakhona kwaye uqhagamshelo belungawi. Ndikhangela, ndifumene iiforam apho abantu babekhalaza ngemiba efanayo, nalapho bacebiswa ukuba baphakamise i-MTU. Akuzange kube kudala. Nangona kunjalo, de i-MTU yabekwa phezulu ngokwaneleyo—izixhobo ze-gretap ezingama-7000—ndafumana uqhagamshelo lwe-TCP oluphantsi okanye isantya sokudlulisa esiphantsi. Ngenxa ye-MTU ephezulu ye-gretap, i-MTU yoqhagamshelo WireGuard Amanqanaba okuqala nawesibini amiselwe kwi-8000 kunye ne-7500 ngokulandelanayo.
Ndenze ukuseta okufanayo kwi-router ukusuka kwindlu yesi-3, umahluko kuphela kukuba i-interface ye-gretap yesibini ebizwa ngokuba yi-grelan1 yongezwa kwi-router yomncedisi, nayo yongezwa kwibhulorho ye-br-lan.
Yonke into iyasebenza. Ngoku ungabeka indibano yegretap kwisiqalo. Yale:
Ndibeke le migca kwi/etc/rc.local kwi-router ekwindlu yesi-2:
ip link add grelan0 type gretap remote 192.168.31.1 local 192.168.31.2
ip link set dev grelan0 mtu 7000
ip link set grelan0 up
brctl addif br-lan grelan0
Yongeza oku ku-/etc/rc.local kwi-router ekwindlu yesi-3:
ip link add grelan0 type gretap remote 192.168.31.1 local 192.168.31.3
ip link set dev grelan0 mtu 7000
ip link set grelan0 up
brctl addif br-lan grelan0
Kwaye kwi-router yeseva:
ip link add grelan0 type gretap remote 192.168.31.2 local 192.168.31.1
ip link set dev grelan0 mtu 7000
ip link set grelan0 up
brctl addif br-lan grelan0
ip link add grelan1 type gretap remote 192.168.31.3 local 192.168.31.1
ip link set dev grelan1 mtu 7000
ip link set grelan1 up
brctl addif br-lan grelan1
Emva kokuqalisa kwakhona ii-routers zabathengi, ndifumanise ukuba ngesizathu esithile babengaqhagamshelani neseva. Emva kokunxibelelana ne-SSH yabo (ngethamsanqa, bendikhe ndayilungiselela i-sshtunnel yoku), ndifumanise ukuba WireGuard Ngesizathu esithile, idala indlela yesiphelo, kodwa ayilunganga. Umzekelo, kwi-192.168.30.2, itafile yendlela ichaze indlela nge-pppoe-wan interface, oko kukuthi, nge-intanethi, nangona indlela eya kuyo bekufanele ukuba iqondiswe nge-wg0 interface. Emva kokucima le ndlela, uqhagamshelo lubuyiselwe. Ndingayifumana naphi na imiyalelo yokuba ndingayinyanzela njani WireGuard Andikwazanga ukuphepha ukwenza ezi ndlela. Ngaphezu koko, bendingaqondi nokuba olu yayiluphawu lwe-OpenWRT okanye lwe- WireGuardNgaphandle kokuchitha ixesha elininzi ndicinga ngengxaki, ndongeze nje umgca kwiskripthi se-timer-loop kuzo zombini ii-routers ezicime le ndlela:
route del 192.168.30.2
Ukuqulunqa
Ukulahlwa ngokupheleleyo OpenVPN Andikakwenzi oku okwangoku, njengoko ngamanye amaxesha kufuneka ndiqhagamshelane nenethiwekhi entsha kwi-laptop okanye kwifowuni, kwaye ukuseta isixhobo se-gretap kuzo akunakwenzeka. Nangona kunjalo, nangona kunjalo, ndifumene ithuba kwisantya sokudlulisa idatha phakathi kweeflethi, kwaye ukusebenzisa i-VNC, umzekelo, ngoku akukho ngxaki. I-Ping yehlile kancinci kodwa yazinza ngakumbi:
Sebenzisa OpenVPN:
[r0ck3r@desktop ~]$ ping -c 20 192.168.10.110
PING 192.168.10.110 (192.168.10.110) 56(84) bytes of data.
64 bytes from 192.168.10.110: icmp_seq=1 ttl=64 time=133 ms
...
64 bytes from 192.168.10.110: icmp_seq=20 ttl=64 time=125 ms
--- 192.168.10.110 ping statistics ---
20 packets transmitted, 20 received, 0% packet loss, time 19006ms
rtt min/avg/max/mdev = 124.722/126.152/136.907/3.065 ms
Sebenzisa WireGuard:
[r0ck3r@desktop ~]$ ping -c 20 192.168.10.110
PING 192.168.10.110 (192.168.10.110) 56(84) bytes of data.
64 bytes from 192.168.10.110: icmp_seq=1 ttl=64 time=124 ms
...
64 bytes from 192.168.10.110: icmp_seq=20 ttl=64 time=124 ms
--- 192.168.10.110 ping statistics ---
20 packets transmitted, 20 received, 0% packet loss, time 19003ms
rtt min/avg/max/mdev = 123.954/124.423/126.708/0.675 ms
Ichaphazeleka ngakumbi nge-ping ephezulu kwi-VPS, emalunga ne-61.5 ms
Nangona kunjalo, isantya sinyuke kakhulu. Ngoko ke, kwiflethi ene-router-server, ndinesantya soqhagamshelo lwe-intanethi se-30 Mbps, kwaye kwezinye iiflethi yi-5 Mbps. Ngaphezu koko, ngexesha lokusetyenziswa OpenVPN Andikwazanga ukufikelela kwisantya sokudluliselwa kwedatha phakathi kweenethiwekhi ezingaphezulu kwe-3,8 Mbps ngokwee-iperf readings, ngelixa WireGuard "wayipompa" ukuya kuthi ga kwi-5 Mbit/sec efanayo.
Isimo WireGuard kwi-VPS[Interface]
Address = 192.168.30.1/24
ListenPort = 51820
PrivateKey = <ЗАКРЫТЫЙ_КЛЮЧ_ДЛЯ_VPS>
[Umhlobo]
Isitshixo Sikawonkewonke = <VPN_1_MS_PUBLIC_KEY>
I-AllowedIPs = 192.168.30.2/32
[Umhlobo]
Isitshixo Sikawonkewonke = <VPN_2_MK2_PUBLIC_KEY>
I-AllowedIPs = 192.168.30.3/32
[Umhlobo]
Isitshixo Sikawonkewonke = <VPN_2_MK3_PUBLIC_KEY>
I-AllowedIPs = 192.168.30.4/32
Isimo WireGuard kwi-MS (yongezwe kwi-/etc/config/network)
#VPN первого уровня - клиент
config interface 'wg0'
option proto 'wireguard'
list addresses '192.168.30.2/24'
option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_1_МС'
option auto '1'
option mtu '8000'
config wireguard_wg0
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_1_VPS'
option endpoint_port '51820'
option route_allowed_ips '1'
option persistent_keepalive '25'
list allowed_ips '192.168.30.0/24'
option endpoint_host 'IP_АДРЕС_VPS'
#VPN второго уровня - сервер
config interface 'wg1'
option proto 'wireguard'
option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_2_МС'
option listen_port '51821'
list addresses '192.168.31.1/24'
option auto '1'
option mtu '7500'
config wireguard_wg1
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_2_МК2'
list allowed_ips '192.168.31.2'
config wireguard_wg1ip link add grelan0 type gretap remote 192.168.31.1 local 192.168.31.3
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_2_МК3'
list allowed_ips '192.168.31.3'
Isimo WireGuard kwi-MK2 (yongezwe kwi-/etc/config/network)
#VPN первого уровня - клиент
config interface 'wg0'
option proto 'wireguard'
list addresses '192.168.30.3/24'
option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_1_МК2'
option auto '1'
option mtu '8000'
config wireguard_wg0
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_1_VPS'
option endpoint_port '51820'
option persistent_keepalive '25'
list allowed_ips '192.168.30.0/24'
option endpoint_host 'IP_АДРЕС_VPS'
#VPN второго уровня - клиент
config interface 'wg1'
option proto 'wireguard'
option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_2_МК2'
list addresses '192.168.31.2/24'
option auto '1'
option listen_port '51821'
option mtu '7500'
config wireguard_wg1
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_2_МС'
option endpoint_host '192.168.30.2'
option endpoint_port '51821'
option persistent_keepalive '25'
list allowed_ips '192.168.31.0/24'
Isimo WireGuard kwi-MK3 (yongezwe kwi-/etc/config/network)
#VPN первого уровня - клиент
config interface 'wg0'
option proto 'wireguard'
list addresses '192.168.30.4/24'
option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_1_МК3'
option auto '1'
option mtu '8000'
config wireguard_wg0
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_1_VPS'
option endpoint_port '51820'
option persistent_keepalive '25'
list allowed_ips '192.168.30.0/24'
option endpoint_host 'IP_АДРЕС_VPS'
#VPN второго уровня - клиент
config interface 'wg1'
option proto 'wireguard'
option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_2_МК3'
list addresses '192.168.31.3/24'
option auto '1'
option listen_port '51821'
option mtu '7500'
config wireguard_wg1
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_2_МС'
option endpoint_host '192.168.30.2'
option endpoint_port '51821'
option persistent_keepalive '25'
list allowed_ips '192.168.31.0/24'
Kwiindlela ezichazwe kwi-VPN yenqanaba lesibini, ndibonisa abathengi bam WireGuard Izibuko 51821. Oku akufuneki kube yimfuneko, njengoko umthengi eza kuqalisa uqhagamshelo oluvela kuyo nayiphi na izibuko yasimahla, engenamalungelo, kodwa ndikwenze ngale ndlela ukuze ndikwazi ukwala zonke iikhonkco ezingenayo kwi-wg0 interfaces yazo zonke ii-routers, ngaphandle kweekhonkco ze-UDP ezingenayo kwizibuko 51821.
Ndiyathemba ukuba eli nqaku liya kuba luncedo kumntu.
PS Kwakhona, ndifuna ukwabelana ngeskripthi sam esindithumelela isaziso sePUSH kwifowuni yam kwisicelo seWirePusher xa isixhobo esitsha sivela kwinethiwekhi yam. Nali ikhonkco kwiscript: .
EZINTSHA: Isimo OpenVPN-amaseva kunye nabathengi
OpenVPN-umncedisi
client-to-client
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/vpn-server.crt
dh /etc/openvpn/server/dh.pem
key /etc/openvpn/server/vpn-server.key
dev tap
ifconfig-pool-persist /etc/openvpn/ipp.txt 0
keepalive 10 60
proto tcp4
server-bridge 192.168.10.1 255.255.255.0 192.168.10.80 192.168.10.254
status /var/log/openvpn-status.log
verb 3
comp-lzoOpenVPN-umthengi
client
tls-client
dev tap
proto tcp
remote VPS_IP 1194 # Change to your router's External IP
resolv-retry infinite
nobind
ca client/ca.crt
cert client/client.crt
key client/client.key
dh client/dh.pem
comp-lzo
persist-tun
persist-key
verb 3 Ndisebenzise i-easy-rsa ukwenza izatifikethi
umthombo: www.habr.com
