Skip to content

UDPspeeder openvpn config guide

wangyu- edited this page Feb 25, 2018 · 26 revisions

UDPspeeder + openvpn config guide

image_vpn

UDPspeeder command

run at server side

./speederv2 -s -l0.0.0.0:8855 -r 127.0.0.1:7777 -f20:10

run at client side

assume server ip is 45.66.77.88

./speederv2 -c -l0.0.0.0:3333 -r 45.66.77.88:8855 -f20:10

openvpn config

client side config

client
dev tun100
proto udp

remote 127.0.0.1 3333
resolv-retry infinite 
nobind 
persist-key 
persist-tun  

ca /root/add-on/openvpn/ca.crt
cert /root/add-on/openvpn/client.crt
key /root/add-on/openvpn/client.key

keepalive 3 20
verb 3
mute 20

comp-lzo no

fragment 1200       ##### very important    you can turn it up a bit. but, the lower the safer
mssfix 1200         ##### very important

sndbuf 2000000      ##### important
rcvbuf 2000000      ##### important
txqueuelen 4000     ##### suggested

server side config

local 0.0.0.0
port 7777 
proto udp
dev tun 

ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem

server 10.222.2.0 255.255.255.0 
ifconfig 10.222.2.1 10.222.2.6

client-to-client
duplicate-cn 
keepalive 10 60 

max-clients 50

persist-key
persist-tun

status /etc/openvpn/openvpn-status.log

verb 3
mute 20  

comp-lzo no

fragment 1200       ##### very important    you can turn it up a bit. but, the lower the safer
mssfix 1200         ##### very important

sndbuf 2000000      ##### important
rcvbuf 2000000      ##### important
txqueuelen 4000     ##### suggested

Addtional steps to transparently redirect traffic

at server side

run:

#enable ip forward:
echo 1 >/proc/sys/net/ipv4/ip_forward

#setup SNAT rule:
iptables -t nat -A POSTROUTING -s 10.222.0.0/16 ! -d 10.222.0.0/16 -j MASQUERADE

at client side(easiest way)

add following line to the end of you OpenVPN config:

redirect-gateway def1
route 44.55.66.77 255.255.255.255 net_gateway    # change 44.55.66.77 to your server ip

at client side, another choice

  1. add route exception by running:
ip route add 44.55.66.77 via x.x.x.x   ## change 44.55.66.77 to your server ip, x.x.x.x to you gateway

for example, run ip route, if the output is:

root@raspberrypi:/home/pi# ip route
default via 192.168.200.1 dev eth0  metric 202
192.168.100.0/24 dev wlan0  proto kernel  scope link  src 192.168.100.1
192.168.200.0/24 dev eth0  proto kernel  scope link  src 192.168.200.205  metric 202

then you gateway is 192.168.200.1

  1. add route exception by running:
ip route add 0.0.0.0/1 via x.x.x.x dev tun100   # chang x.x.x.x to the P-to-P dest address
ip route add 128.0.0.0/1 via x.x.x.x dev tun100

for example if you ifconfig output is:

 tun100    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.222.2.6  P-t-P:10.222.2.5  Mask:255.255.255.255
          inet6 addr: fe80::6742:d620:f5f:5a4c/64 Scope:Link
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1

then x.x.x.x should be 10.222.2.5

Other Info

You can also use tinyfecVPN,a lightweight VPN with UDPspeeder's function built-in:

https://github.com/wangyu-/tinyfecVPN/wiki/redirect-all-traffic-through-tinyfecVPN