Порядок действий:
Armbian на базе Debian 12
apt update
apt install ifupdown isc-dhcp-client mc hostapd dnsmasq iptables openvpn
mcedit /etc/network/interfaces
# The loopback network interface
auto lo
iface lo inet loopback
auto end0
iface end0 inet dhcp
auto wlan0
iface wlan0 inet static
address
netmask
nmcli con
nmcli con del && systemctl disable --now NetworkManager && systemctl restart networking
/etc/dnsmasq.d/
interface=wlan0
log-dhcp
log-queries
log-facility=/var/log/dnsmasq/
dhcp-leasefile=/var/log/dnsmasq/
# DNS
cache-size=50000
no-negcache
server=
server=
# DHCP
dhcp-authoritative
# WLAN0
dhcp-range=interface:vlan1,,,48h
dhcp-option=interface:vlan1,1,
dhcp-option=interface:vlan1,option:dns-server,
dhcp-option=interface:vlan1,option:router,
mkdir /var/log/dnsmasq/
chown dnsmasq:root /var/log/dnsmasq/
chmod 770 /var/log/dnsmasq/
systemctl enable dnsmasq
mcedit /etc/default/hostapd
DAEMON_CONF=“/etc/hostapd/“
mcedit /etc/hostapd/
interface=wlan0
driver=nl80211
logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2
macaddr_acl=1
ssid=ZV_PUTIN
hw_mode=g
channel=6
macaddr_acl=0
auth_algs=1
ieee80211n=1
wmm_enabled=1
eap_server=0
eap_message=hello
eapol_key_index_workaround=0
own_ip_addr=
wpa=2
wpa_passphrase=Qwe12345
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP TKIP
rsn_pairwise=CCMP
systemctl unmask hostapd
systemctl enable hostapd
mcedit /etc/openvpn/client/
client
remote IP-адрес OVPN-сервера
port 1194
proto tcp
dev tun
persist-key
persist-tun
verb 3
auth-nocache
auth SHA512
cipher AES-256-GCM
cp /lib/systemd/system/
[email protected] /lib/systemd/system/openvpn-client@
systemctl daemon-reload
mcedit /etc/sysctl.d/
# Network
= 1
= 1
= 1
= 1073741824
= 1073741824
= 1048576 16777216 1073741824
= 1048576 16777216 1073741824
= 30
= 30
= 20
= 1048576 16770216 1073741824
= 1
sysctl -p --system
mkdir /etc/iptables/
mcedit /etc/iptables/
*nat
:PREROUTING ACCEPT
:OUTPUT ACCEPT
:POSTROUTING ACCEPT
-A POSTROUTING -o tun0 -j MASQUERADE
-A POSTROUTING -o end0 -j MASQUERADE
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
#lo
-A INPUT -i lo -j ACCEPT
#icmp
-A INPUT -p icmp --icmp-type any -j ACCEPT
-A INPUT -i wlan0 -j ACCEPT
#Доступ извне для себя
-A INPUT -i end0 -p tcp --dport 22 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i wlan0 -o tun0 -j ACCEPT
-A FORWARD -i tun0 -o wlan0 -j ACCEPT
-A FORWARD -i wlan0 -o end0 -j ACCEPT
-A FORWARD -i end0 -o wlan0 -j ACCEPT
-A INPUT -j DROP
-A FORWARD -j DROP
COMMIT
mkdir /root/scripts
mcedit /root/scripts/
#!/bin/bash
/usr/sbin/iptables-restore ЗнакНеравенстваМеньше /etc/iptables/
chmod x /root/scripts/
crontab -e
@reboot /root/scripts/
curl
Если маршрут по умолчанию не редиректится автоматом:
mcedit /root/scripts/
#!/bin/bash
if systemctl is-active --quiet openvpn-client@; then
echo “VPN работает!“
curl && echo
else
systemctl start openvpn-client@
sleep 1
if systemctl is-active --quiet openvpn-client@; then
echo “VPN запущен!“
ip route add via
ip route del default
ip route add default via
curl && echo
fi
fi
mcedit /root/scripts/
#!/bin/bash
if systemctl is-active --quiet openvpn-client@; then
systemctl stop openvpn-client@
sleep 1
if ! systemctl is-active --quiet openvpn-client@; then
echo “VPN остановлен!“
ip route del via
ip route add default via
curl && echo
fi
else
echo “VPN не запущен!“
curl && echo
fi
chmod x /root/scripts/
chmod x /root/scripts/