free
/
freedombone
關注 1
收藏 0
複製 0
程式碼 問題 0 合併請求 0 版本發佈 0 Wiki 活動
瀏覽代碼

vpn on tcp

Bob Mottram 7 年之前
父節點
63df10c225
當前提交
10da38da0c
共有 2 個檔案被更改,包括 10 行新增6 行删除
分割檢視 顯示文件統計
  1. 8
    2
      src/freedombone-app-vpn
  2. 2
    4
      src/freedombone-utils-firewall

+ 8
- 2
src/freedombone-app-vpn 查看文件 

@@ -122,7 +122,7 @@ function restore_remote_vpn {
122 122
123 123 
 function remove_vpn {
124 124 
     systemctl stop openvpn
125 
-    apt-get -yq remove --purge fastd openvpn easy-rsa
125 
+    apt-get -yq remove --purge fastd openvpn easy-rsa stunnel4
126 126 
     if [ -d /etc/openvpn ]; then
127 127 
         rm -rf /etc/openvpn
128 128 
     fi
 
@@ -206,6 +206,9 @@ function create_user_vpn_key {
206 206 
     sed -i 's|key client.key|;key client.key|g' $user_vpn_cert_file
207 207 
     sed -i 's|tls-auth ta.key|;tls-auth ta.key|g' $user_vpn_cert_file
208 208
209 
+    sed -i 's|;proto tcp|proto tcp|g' $user_vpn_cert_file
210 
+    sed -i 's|proto udp|;proto udp|g' $user_vpn_cert_file
211 
+
209 212 
     echo '<ca>' >> $user_vpn_cert_file
210 213 
     cat /etc/openvpn/ca.crt >> $user_vpn_cert_file
211 214 
     echo '</ca>' >> $user_vpn_cert_file
 
@@ -239,7 +242,7 @@ function remove_user_vpn {
239 242 
 }
240 243
241 244 
 function install_vpn {
242 
-    apt-get -yq install fastd openvpn easy-rsa
245 
+    apt-get -yq install fastd openvpn easy-rsa stunnel4
243 246
244 247 
     if [ ! -f /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz ]; then
245 248 
         echo $'Example openvpn server config not found'
 
@@ -257,6 +260,9 @@ function install_vpn {
257 260 
     sed -i 's|;group no.*|group vpn|g' /etc/openvpn/server.conf
258 261 
     sed -i 's|;max-clients.*|max-clients 2|g' /etc/openvpn/server.conf
259 262
263 
+    sed -i 's|;proto tcp|proto tcp|g' /etc/openvpn/server.conf
264 
+    sed -i 's|proto udp|;proto udp|g' /etc/openvpn/server.conf
265 
+
260 266 
     echo 1 > /proc/sys/net/ipv4/ip_forward
261 267 
     sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
262 268 
     sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf

+ 2
- 4
src/freedombone-utils-firewall 查看文件 

@@ -111,8 +111,7 @@ function enable_ipv6 {
111 111 
 }
112 112
113 113 
 function firewall_disable_vpn {
114 
-    iptables -D INPUT -i ${FIREWALL_EIFACE} -m state --state NEW -p udp --dport 1194 -j ACCEPT
115 
-    iptables -D INPUT -p tcp --dport 1194 -j ACCEPT
114 
+    iptables -D INPUT -i ${FIREWALL_EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT
116 115 
     iptables -D INPUT -i tun+ -j ACCEPT
117 116 
     iptables -D FORWARD -i tun+ -j ACCEPT
118 117 
     iptables -D FORWARD -i tun+ -o ${FIREWALL_EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
 
@@ -125,8 +124,7 @@ function firewall_disable_vpn {
125 124 
 }
126 125
127 126 
 function firewall_enable_vpn {
128 
-    iptables -A INPUT -i ${FIREWALL_EIFACE} -m state --state NEW -p udp --dport 1194 -j ACCEPT
129 
-    iptables -A INPUT -p tcp --dport 1194 -j ACCEPT
127 
+    iptables -A INPUT -i ${FIREWALL_EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT
130 128 
     iptables -A INPUT -i tun+ -j ACCEPT
131 129 
     iptables -A FORWARD -i tun+ -j ACCEPT
132 130 
     iptables -A FORWARD -i tun+ -o ${FIREWALL_EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT