我最初在 Pi 上设置了 OpenVPN使用 PiVPN因为官方的指南/教程对我来说似乎有点太技术化了。
现在,我想扩展 VPN 功能。
目标:
有点类似于他们在政策部分中描述的内容。只不过我已经有一个“正在运行”的 OpenVPN 服务器实例和一些客户端。
为了简单起见,请参阅下表,它应该可以阐明我的意图:
╔══════════╦══════════════════╦═════════════════════════════╦════════════════╗
║ Class ║ Virtual IP Range ║ Allowed LAN Access ║ Common Names ║
╠══════════╬══════════════════╬═════════════════════════════╬════════════════╣
║ Regular ║ 10.8.0.0/24 ║ Custom service at 10.66.4.4 ║ Custom service ║
║ Advanced ║ 10.8.1.0/24 ║ Entire 10.66.4.0/24 subnet ║ Advanced ║
╚══════════╩══════════════════╩═════════════════════════════╩════════════════╝
其中“定制服务”是提供某些电话服务的本地服务器。
我该如何配置我的服务器(OpenVPN 服务器配置文件)来实现上述结果?
如果可能的话,我希望保持客户端配置不变。
我不太关心虚拟 IP 范围——如果有必要,这些值可能会改变。
我的当前配置如下:
dev tun
proto udp
port 42917
ca /etc/ca.crt
cert /etc/xxx.crt
key /etc/xxx.key
dh none
topology subnet
server 10.8.0.0 255.255.255.0
# Set your primary domain name server address for clients
push "dhcp-option DNS 10.8.0.1"
push "block-outside-dns"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
keepalive 1800 3600
remote-cert-tls client
tls-version-min 1.2
tls-crypt /etc/ta.key
cipher AES-256-CBC
auth SHA256
user nobody
group nogroup
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
status-version 3
syslog
verb 3
#DuplicateCNs allow access control on a less-granular, per user basis.
#Remove # if you will manage access by user instead of device.
#duplicate-cn
# Generated for use by PiVPN.io