OpenVPN

از ویکی پارس پویش
پرش به: ناوبری, جستجو

محتویات

  • Download Openvpn & Lzo from

http://dag.wieers.com/packages/

  • Install this rpms
  • copy configuration file in /etc/openvpn/client.conf
  • service openvpn start

Adjusting this service with allow all ips pass from the tunnel or do not

  • nano /usr/local/sbin/cache_vpn 
#!/bin/bash
if [ "$1" = "VPN" ] ; then
       iptables -t mangle -A OUTPUT -p tcp --dport 80 -j MARK --set-mark 1
else
       iptables -t mangle -D OUTPUT -p tcp --dport 80 -j MARK --set-mark 1
       iptables -t mangle -D OUTPUT -p tcp --dport 80 -j MARK --set-mark 1
       iptables -t mangle -D OUTPUT -p tcp --dport 80 -j MARK --set-mark 1
       iptables -t mangle -D OUTPUT -p tcp --dport 80 -j MARK --set-mark 1
       iptables -t mangle -D OUTPUT -p tcp --dport 80 -j MARK --set-mark 1
fi
  • cd /usr/local/sbin
  • chmod a+x cache_vpn
  • nano /usr/local/sbin/setup_vpn_routes 
#!/bin/bash
ip route add default via < ip of tunnel> table 11
  • cd /usr/local/sbin
  • chmod a+x setup_vpn_routes
  • add this lines in client.conf 
 up-delay
 up "/usr/local/sbin/setup_vpn_routes"


  • add this lines in /etc/rc.local 
ip rule add fwmark 1 table 11
ip route flush cache


  • nano /var/www/html/openvpn/index.html 
  <html>
<body>
<form method=POST>
<input type=submit name="vpn" value="VPN">
<input type=submit name="no_vpn" value="NO_VPN">


<?php
if(isset($_REQUEST["vpn"]))
{
       run("VPN");
}
else if (isset($_REQUEST["no_vpn"]))
{
       run("NO_VPN");
}
function run($arg)
{
       $ret=system("sudo /usr/local/sbin/cache_vpn {$arg}");
       if($ret==0)
               print "Successfully Changed to {$arg}";
       else
               print "Error Occured";
}
?>
</body>
</html>

Adjusting openvpn is for passing a defined ip range from tunnel

  • alias an valid ip on NIC
  • add this lines in /etc/squid/squid.conf 
acl nofilter src <range of ip>
http_access allow  nofilter 
tcp_outgoing_address <valid ip > nofilter
  • add this lines in /etc/rc.local 
ip rule add from <valid ip > table N(number)
ip route flush cache

adjusting this service is for the time when users must set proxy to pass from tunnel

  • alias an valid ip on NIC
  • alias an ip on NIC for proxy
  • add this lines in /etc/squid/squid.conf 
acl openvpn myip <proxy ip > 
tcp_outgoing_address <valid ip > openvpn
  • add this line in router 
ip route <proxy ip > 255.255.255.0 <ethenet 0>
برگرفته از «http://wiki.parspooyesh.com/index.php?title=OpenVPN&oldid=214»
ابزارهای شخصی

گویش‌ها
فضاهای نام
عملکردها
گشتن
جعبه‌ابزار