OpenVPN listens on both TCP and UDP ports

OpenVPN listens on TCP and UDP ports at the same time

background

The company uses dynamic dial-up to access the Internet and does not have a fixed external address. Therefore, VPN is mapped to the Intranet. Because UDP is blocked at the firewall layer, the TCP port is enabled after the OpenVPN is deployed

Implementation method

1. Configuration file

Make a copy of /etc/openvpn/server.conf, for example, /etc/openvpn/tcp.

• Change the protocol to TCP: proto TCP
• The IP address is changed slightly. For example, all the places that were 10.8.0.x are changed to 10.8.1.x

2. Modify the firewall

Then modify iptables and add A NAT rule -a POSTROUTING -s 10.8.1.0/24 -o eth0 -j MASQUERADE. Iptables -t NAT -A POSTROUTING -S 10.8.1.0/24 -o eth0 -j MASQUERADE

3. Start the process

 /usr/sbin/openvpn --cd /etc/openvpn/ --config tcp.conf
Copy the code

4. Add startup

/etc/systemd/system/[email protected]

[Unit]
Description=OpenVPN Robust And Highly Flexible Tunneling Application On %I
After=network.target

[Service]
Type=notify
PrivateTmp=true
ExecStart=/usr/sbin/openvpn --cd /etc/openvpn/ --config tcp.conf

[Install]
WantedBy=multi-user.target
Copy the code

Reload the service and add it to enable startup

systemctl daemon-reload
systemctl restart openvpntcp@server
systemctl enable openvpntcp@server
systemctl  list-unit-files |grep openvpntcp
Copy the code

Client OVPN configuration

The generated client configuration only needs to change udp to TCP. If there are two remote packets, the remote packets represent load balancing. If one remote packet fails to be connected, the remote packets automatically connect to the other one

client
proto tcp
remote x.x.x.x 11111
remote x.x.x.x 12222 
......
Copy the code

Related articles