mode server tls-server dev tap proto udp port 1176 ifconfig 172.31.27.1 255.255.255.0 ifconfig-pool 172.31.27.100 172.31.27.254 255.255.255.0 ca /etc/openvpn/easy-rsa/keys/ca.crt cert /etc/openvpn/easy-rsa/keys/server.crt key /etc/openvpn/easy-rsa/keys/server.key dh /etc/openvpn/easy-rsa/keys/dh2048.pem tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0 push "route 172.31.24.0 255.255.255.0 172.31.27.1" client-to-client client-config-dir /etc/openvpn/easy-rsa/ccd log-append /var/log/openvpn status /var/run/openvpn/vpn.status 10 keepalive 10 120 user nobody group nogroup comp-lzo verb 3 persist-key persist-tun cipher AES-256-CBC auth SHA512 tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-DHE-R$ script-security 2 up /etc/openvpn/script_up.sh ================================================= klient =============================================== client tls-client dev tap proto udp port 1176 remote 94.142.236.130 ca /etc/openvpn/hlkancl/ca.crt cert /etc/openvpn/hlkancl/cert.crt key /etc/openvpn/hlkancl/key.key tls-auth /etc/openvpn/hlkancl/ta.key 1 cipher AES-256-CBC auth SHA512 tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-DHE-RSA-WITH-AES-128-CBC-SHA:T$ user nobody group nogroup log-append /var/log/openvpn.log keepalive 10 120 comp-lzo verb 3 persist-key persist-tun ========================================== server route table ================================== Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.100.1 0.0.0.0 UG 0 0 0 eth1 172.31.24.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 172.31.25.0 172.31.27.3 255.255.255.0 UG 0 0 0 tap0 172.31.26.0 172.31.27.3 255.255.255.0 UG 0 0 0 tap0 172.31.27.0 0.0.0.0 255.255.255.0 U 0 0 0 tap0 172.31.28.0 172.31.27.4 255.255.255.0 UG 0 0 0 tap0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 ============================================= klient route table ================================= Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.100.1 0.0.0.0 UG 0 0 0 eth1 172.31.24.0 172.31.27.1 255.255.255.0 UG 0 0 0 tap0 172.31.27.0 0.0.0.0 255.255.255.0 U 0 0 0 tap0 172.31.28.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1