Trenutno imam jedan openvpn server koji mi služi samo da onaj ko se nakači na njega dobije drugu public IP adresu. pa sa tom ip adresom sam dao pristup na portovima 21 i 3306 na web serveru.
E sad imam potrebe da podesim neki monitoring, što bi značilo da sve ove moje "Standalone" servere povežem uz pomoć openvpn u jednu mrežu, pa bih iskoristio isti openvpn server.
Ovaj koji trenutno imam je ovakav setup
port 1194
proto udp
dev tun
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
cipher AES-256-CBC
comp-lzo
persist-key
persist-tun
status openvpn-status.log
log-append /var/log/openvpn.log
verb 3
explicit-exit-notify 1
proto udp
dev tun
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/server.crt
key /etc/openvpn/easy-rsa/keys/server.key
dh /etc/openvpn/easy-rsa/keys/dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
tls-auth /etc/openvpn/easy-rsa/keys/ta.key 0
cipher AES-256-CBC
comp-lzo
persist-key
persist-tun
status openvpn-status.log
log-append /var/log/openvpn.log
verb 3
explicit-exit-notify 1
A pored toga iptables je
# iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
Ako iskopiram .conf fajl i promenim
port 1195
server u 10.10.0.0 255.25.255.0
server u 10.10.0.0 255.25.255.0
Za ovaj setup možda bridge?
server-bridge 10.10.0.4 255.255.255.0 10.10.0.50 10.10.0.100
I da se klijenti vide međusobno
client-to-client
izgenerišem nove ključeve...
Je l' grešim negde? Da li mi treba neki dodatno rule u iptables pored
# iptables -t nat -A POSTROUTING -s 10.10.0.0/24 -o eth0 -j MASQUERADE