Задать вопрос
@LAG_LAGbI4

Какой параметр в openvpn отвечает за «интернет через vpn»?

Какой параметр в openvpn отвечает за "интернет через vpn"? т.е. посылать весь трафик через vpn, или использовать только прописанные маршруты.
  • Вопрос задан
  • 2843 просмотра
Подписаться 1 Простой Комментировать
Решения вопроса 1
sashkets
@sashkets
Прекратил отвечать после 24.02.2022
openvpn.conf
client-config-dir /etc/openvpn/ccd

в ccd создаем кастомный файл по имени ключа и там раздаем маршруты/днс какие нужно

push "route 185.104.44.2 255.255.255.255"
push "route 192.168.4.0 255.255.255.0"
push "dhcp-option DNS 192.168.4.5"

при соединении они отдаются клиенту (см лог)
Ответ написан
Пригласить эксперта
Ответы на вопрос 1
adem_145
@adem_145
Увлекаюсь музыкой и программированием
port 2235
proto tcp

# "dev tun" will create a routed IP tunnel,
# "dev tap" will create an ethernet tunnel.
# Use "dev tap0" if you are ethernet bridging
# and have precreated a tap0 virtual interface
# and bridged it with your ethernet interface.
# If you want to control access policies
# over the VPN, you must create firewall
# rules for the the TUN/TAP interface.
# On non-Windows systems, you can give
# an explicit unit number, such as tun0.
# On Windows, use "dev-node" for this.
# On most systems, the VPN will not function
# unless you partially or fully disable
# the firewall for the TUN/TAP interface.
;dev tap
dev tun

# Windows needs the TAP-Win32 adapter name
# from the Network Connections panel if you
# have more than one. On XP SP2 or higher,
# you may need to selectively disable the

ca ca.crt
cert server.crt
key server.key # This file should be kept secret

dh dh2048.pem

# Configure server mode and supply a VPN subnet
# for OpenVPN to draw client addresses from.
# The server will take 10.8.0.1 for itself,
# the rest will be made available to clients.
# Each client will be able to reach the server
# on 10.8.0.1. Comment this line out if you are
# ethernet bridging. See the man page for more info.
server 10.8.0.0 255.255.255.0

# Maintain a record of client <-> virtual IP address
# associations in this file. If OpenVPN goes down or
# is restarted, reconnecting clients can be assigned
# the same virtual IP address from the pool that was
# previously assigned.
ifconfig-pool-persist /var/log/openvpn/ipp.txt

# If enabled, this directive will configure
# all clients to redirect their default
# network gateway through the VPN, causing
# all IP traffic such as web browsing and
# and DNS lookups to go through the VPN
# (The OpenVPN server machine may need to NAT
# or bridge the TUN/TAP interface to the internet
# in order for this to work properly).
push "redirect-gateway def1 bypass-dhcp" #это за интернет

# Certain Windows-specific network settings
# can be pushed to clients, such as DNS
# or WINS server addresses. CAVEAT:
# openvpn.net/faq.html#dhcpcaveats
# The addresses below refer to the public
# DNS servers provided by opendns.com.
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"

# Uncomment this directive to allow different
# clients to be able to "see" each other.
# By default, clients will only see the server.
# To force clients to only see the server, you
# will also need to appropriately firewall the
# server's TUN/TAP interface.
;client-to-client

keepalive 10 120

# For extra security beyond that provided
# by SSL/TLS, create an "HMAC firewall"
# to help block DoS attacks and UDP port flooding.
#
# Generate with:
# openvpn --genkey --secret ta.key
#
# The server and each client must have
# a copy of this key.
# The second parameter should be '0'
# on the server and '1' on the clients.
tls-auth ta.key 0 # This file is secret
key-direction 0

cipher AES-256-CBC
auth SHA256

# Enable compression on the VPN link and push the
# option to the client (v2.4+ only, for earlier
# versions see below)
;compress lz4-v2
;push "compress lz4-v2"

# For compression compatible with older clients use comp-lzo
# If you enable it here, you must also
# enable it in the client config file.
;comp-lzo

# The maximum number of concurrently connected
# clients we want to allow.
max-clients 15

user nobody
group nogroup

persist-key
persist-tun

status /var/log/openvpn/openvpn-status.log

verb 3

mute 20
Ответ написан
Ваш ответ на вопрос

Войдите, чтобы написать ответ

Похожие вопросы