Настройка выхода в интернет через VPS провайдера при помощи OpenVPN на Armbian (часть 2).

Порядок действий: Armbian на базе Debian 12 apt update apt install ifupdown isc-dhcp-client mc hostapd dnsmasq iptables openvpn mcedit /etc/network/interfaces # The loopback network interface auto lo iface lo inet loopback auto end0 iface end0 inet dhcp auto wlan0 iface wlan0 inet static address netmask nmcli con nmcli con del && systemctl disable --now NetworkManager && systemctl restart networking /etc/dnsmasq.d/ interface=wlan0 log-dhcp log-queries log-facility=/var/log/dnsmasq/ dhcp-leasefile=/var/log/dnsmasq/ # DNS cache-size=50000 no-negcache server= server= # DHCP dhcp-authoritative # WLAN0 dhcp-range=interface:vlan1,,,48h dhcp-option=interface:vlan1,1, dhcp-option=interface:vlan1,option:dns-server, dhcp-option=interface:vlan1,option:router, mkdir /var/log/dnsmasq/ chown dnsmasq:root /var/log/dnsmasq/ chmod 770 /var/log/dnsmasq/ systemctl enable dnsmasq mcedit /etc/default/hostapd DAEMON_CONF=“/etc/hostapd/“ mcedit /etc/hostapd/ interface=wlan0 driver=nl80211 logger_syslog=-1 logger_syslog_level=2 logger_stdout=-1 logger_stdout_level=2 macaddr_acl=1 ssid=ZV_PUTIN hw_mode=g channel=6 macaddr_acl=0 auth_algs=1 ieee80211n=1 wmm_enabled=1 eap_server=0 eap_message=hello eapol_key_index_workaround=0 own_ip_addr= wpa=2 wpa_passphrase=Qwe12345 wpa_key_mgmt=WPA-PSK wpa_pairwise=CCMP TKIP rsn_pairwise=CCMP systemctl unmask hostapd systemctl enable hostapd mcedit /etc/openvpn/client/ client remote IP-адрес OVPN-сервера port 1194 proto tcp dev tun persist-key persist-tun verb 3 auth-nocache auth SHA512 cipher AES-256-GCM cp /lib/systemd/system/[email protected] /lib/systemd/system/openvpn-client@ systemctl daemon-reload mcedit /etc/sysctl.d/ # Network = 1 = 1 = 1 = 1073741824 = 1073741824 = 1048576 16777216 1073741824 = 1048576 16777216 1073741824 = 30 = 30 = 20 = 1048576 16770216 1073741824 = 1 sysctl -p --system mkdir /etc/iptables/ mcedit /etc/iptables/ *nat :PREROUTING ACCEPT :OUTPUT ACCEPT :POSTROUTING ACCEPT -A POSTROUTING -o tun0 -j MASQUERADE -A POSTROUTING -o end0 -j MASQUERADE COMMIT *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT #lo -A INPUT -i lo -j ACCEPT #icmp -A INPUT -p icmp --icmp-type any -j ACCEPT -A INPUT -i wlan0 -j ACCEPT #Доступ извне для себя -A INPUT -i end0 -p tcp --dport 22 -j ACCEPT -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i wlan0 -o tun0 -j ACCEPT -A FORWARD -i tun0 -o wlan0 -j ACCEPT -A FORWARD -i wlan0 -o end0 -j ACCEPT -A FORWARD -i end0 -o wlan0 -j ACCEPT -A INPUT -j DROP -A FORWARD -j DROP COMMIT mkdir /root/scripts mcedit /root/scripts/ #!/bin/bash /usr/sbin/iptables-restore ЗнакНеравенстваМеньше /etc/iptables/ chmod x /root/scripts/ crontab -e @reboot /root/scripts/ curl Если маршрут по умолчанию не редиректится автоматом: mcedit /root/scripts/ #!/bin/bash if systemctl is-active --quiet openvpn-client@; then echo “VPN работает!“ curl && echo else systemctl start openvpn-client@ sleep 1 if systemctl is-active --quiet openvpn-client@; then echo “VPN запущен!“ ip route add via ip route del default ip route add default via curl && echo fi fi mcedit /root/scripts/ #!/bin/bash if systemctl is-active --quiet openvpn-client@; then systemctl stop openvpn-client@ sleep 1 if ! systemctl is-active --quiet openvpn-client@; then echo “VPN остановлен!“ ip route del via ip route add default via curl && echo fi else echo “VPN не запущен!“ curl && echo fi chmod x /root/scripts/ chmod x /root/scripts/