-
Notifications
You must be signed in to change notification settings - Fork 833
UDPspeeder openvpn config guide
wangyu- edited this page Feb 25, 2018
·
26 revisions
./speederv2 -s -l0.0.0.0:8855 -r 127.0.0.1:7777 -f20:10
assume server ip is 45.66.77.88
./speederv2 -c -l0.0.0.0:3333 -r 45.66.77.88:8855 -f20:10
client
dev tun100
proto udp
remote 127.0.0.1 3333
resolv-retry infinite
nobind
persist-key
persist-tun
ca /root/add-on/openvpn/ca.crt
cert /root/add-on/openvpn/client.crt
key /root/add-on/openvpn/client.key
keepalive 3 20
verb 3
mute 20
comp-lzo no
fragment 1200 ##### very important you can turn it up a bit. but, the lower the safer
mssfix 1200 ##### very important
sndbuf 2000000 ##### important
rcvbuf 2000000 ##### important
txqueuelen 4000 ##### suggested
local 0.0.0.0
port 7777
proto udp
dev tun
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
server 10.222.2.0 255.255.255.0
ifconfig 10.222.2.1 10.222.2.6
client-to-client
duplicate-cn
keepalive 10 60
max-clients 50
persist-key
persist-tun
status /etc/openvpn/openvpn-status.log
verb 3
mute 20
comp-lzo no
fragment 1200 ##### very important you can turn it up a bit. but, the lower the safer
mssfix 1200 ##### very important
sndbuf 2000000 ##### important
rcvbuf 2000000 ##### important
txqueuelen 4000 ##### suggested
run:
#enable ip forward:
echo 1 >/proc/sys/net/ipv4/ip_forward
#setup SNAT rule:
iptables -t nat -A POSTROUTING -s 10.222.0.0/16 ! -d 10.222.0.0/16 -j MASQUERADE
add following line to the end of you OpenVPN config:
redirect-gateway def1
route 44.55.66.77 255.255.255.255 net_gateway # change 44.55.66.77 to your server ip
- add route exception by running:
ip route add 44.55.66.77 via x.x.x.x ## change 44.55.66.77 to your server ip, x.x.x.x to you gateway
for example, run ip route
, if the output is:
default via 192.168.200.1 dev eth0 metric 202
192.168.100.0/24 dev wlan0 proto kernel scope link src 192.168.100.1
192.168.200.0/24 dev eth0 proto kernel scope link src 192.168.200.205 metric 202
then x.x.x.x should be 192.168.200.1
- add route exception by running:
ip route add 0.0.0.0/1 via x.x.x.x dev tun100 # chang x.x.x.x to the P-to-P dest address
ip route add 128.0.0.0/1 via x.x.x.x dev tun100
for example if you ifconfig
output is:
tun100 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.222.2.6 P-t-P:10.222.2.5 Mask:255.255.255.255
inet6 addr: fe80::6742:d620:f5f:5a4c/64 Scope:Link
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
then x.x.x.x should be 10.222.2.5
You can also use tinyfecVPN,a lightweight VPN with UDPspeeder's function built-in:
https://github.com/wangyu-/tinyfecVPN/wiki/redirect-all-traffic-through-tinyfecVPN