Enviado em 11/08/2020 - 16:49h
Ola colegas.
management localhost 1196 /etc/openvpn/server/management-password
dev tun
proto udp
port 1194
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/server.crt
key /etc/openvpn/server/server.key
dh /etc/openvpn/server/dh.pem
tls-crypt /etc/openvpn/server/tc.key
crl-verify /etc/openvpn/server/crl.pem
ecdh-curve secp384r1
topology subnet
server 10.30.30.0 255.255.255.0
push "route 192.168.80.0 255.255.255.0"
;push "redirect-gateway local def1 bypass-dhcp"
push "redirect-gateway local def1"
push "remote-gateway vpn_server_ip"
push "dhcp-option DNS 192.168.80.4"
push "dhcp-option DOMAIN wollny.com.br"
client-to-client
keepalive 1800 3600
remote-cert-tls client
tls-version-min 1.2
cipher AES-256-CBC
auth SHA512
;compress lz4-v2
;push "compress lz4-v2"
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn-status.log
log /var/log/openvpn.log
;log-append /var/log/openvpn.log
explicit-exit-notify 1
;syslog
verb 5
client
dev tun
proto udp
remote myserver.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
tls-version-min 1.2
auth SHA512
ns-cert-type server
cipher AES-256-CBC
comp-lzo
verb 3
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
</key>
<tls-crypt>
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-crypt>
cat /lib/systemd/system/openvpn-iptables.service
[Unit]
Before=network.target
[Service]
Type=oneshot
ExecStart=/sbin/iptables -A INPUT -i enp2s0 -m state --state NEW -p udp --dport 1194 -j ACCEPT
ExecStart=/sbin/iptables -A INPUT -i tun+ -j ACCEPT
ExecStart=/sbin/iptables -A FORWARD -i tun+ -j ACCEPT
ExecStart=/sbin/iptables -A FORWARD -i tun+ -o enp2s0 -m state --state RELATED,ESTABLISHED -j ACCEPT
ExecStart=/sbin/iptables -A FORWARD -i tun+ -o enp2s0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
ExecStart=/sbin/iptables -A FORWARD -i enp2s0 -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
ExecStart=/sbin/iptables -A FORWARD -i enp2s0 -o tun+ -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
ExecStart=/sbin/iptables -A FORWARD -i tun+ -s 10.30.30.0/24 -d 0.0.0.0/0 -j ACCEPT
ExecStart=/sbin/iptables -A FORWARD -i tun+ -s 10.30.30.0/24 -d 0.0.0.0/0 -m conntrack --ctstate NEW -j ACCEPT
ExecStart=/sbin/iptables -t nat -A POSTROUTING -s 10.30.30.0/24 -o enp2s0 -j MASQUERADE
ExecStart=/sbin/iptables -A OUTPUT -o tun+ -j ACCEPT
ExecStop=/sbin/iptables -D INPUT -i enp2s0 -m state --state NEW -p udp --dport 1194 -j ACCEPT
ExecStop=/sbin/iptables -D INPUT -i tun+ -j ACCEPT
ExecStop=/sbin/iptables -D FORWARD -i tun+ -j ACCEPT
ExecStop=/sbin/iptables -D FORWARD -i tun+ -o enp2s0 -m state --state RELATED,ESTABLISHED -j ACCEPT
ExecStop=/sbin/iptables -D FORWARD -i tun+ -o enp2s0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
ExecStop=/sbin/iptables -D FORWARD -i enp2s0 -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
ExecStop=/sbin/iptables -D FORWARD -i enp2s0 -o tun+ -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
ExecStop=/sbin/iptables -D FORWARD -i tun+ -s 10.30.30.0/24 -d 0.0.0.0/0 -j ACCEPT
ExecStop=/sbin/iptables -D FORWARD -i tun+ -s 10.30.30.0/24 -d 0.0.0.0/0 -m conntrack --ctstate NEW -j ACCEPT
ExecStop=/sbin/iptables -t nat -D POSTROUTING -s 10.30.30.0/24 -o enp2s0 -j MASQUERADE
ExecStop=/sbin/iptables -D OUTPUT -o tun+ -j ACCEPT
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
Atenção a quem posta conteúdo de dicas, scripts e tal (1)
Manutenção de sistemas Linux Debian e derivados com apt-get, apt, aptitude e dpkg
Melhorando o tempo de boot do Fedora e outras distribuições
Como instalar as extensões Dash To Dock e Hide Top Bar no Gnome 45/46
Como Atualizar Fedora 39 para 40
Instalar Google Chrome no Debian e derivados
Consertando o erro do Sushi e Wayland no Opensuse Leap 15
Instalar a última versão do PostgreSQL no Lunix mantendo atualizado
Flathub na sua distribuição Linux e comandos básicos de gerenciamento
iso de sistema 32 bit em atividade (4)
Lançado Ubuntu 24.04 Final (0)
ASRock H310CM-HG4 vs Linux (11)