Useful VPN features
I didn’t want to write an article about setting up vpn, because there are thousands of them without me on the Internet - choose taste and color.
Just wanted to remind just a few simple things that cause a lot of misunderstandings and questions. I understand that the article does not pull, but I really want to reach you, and there are no other ways in runet.
Even at the old point it is often possible to upgrade or deliver the desired package. For example, for my old Zyxel Keenetic Ultra there was an unofficial update that contains a lot of useful things, including the openvpn client. For your point, there may also be a firmware - w3bsit3-dns.com is our everything, there are firmwares literally for anything. If you have set up all the points for working with Vpn, then life as a whole is already becoming much easier. If so many do, then again the problem is minimized.
')
You only need to know the address of the subnet you want to go through VPN - then you update the list of these networks on your VPN server, the client only receives and starts to drive the necessary traffic through VPN. The rest goes directly. This is important - I saw a bunch of instructions, after following which you chase 100% of the traffic through a VPN - this is slow, expensive, and you hardly wanted it.
For some reason, many believe that VPN on mobile devices works on the “all or nothing” principle. No, it is not, even on stubs - you can also drive only the necessary traffic through VPN.
I would also like to add that for reasons unknown to me, everyone forgot about the torus, which also helps in similar tasks, and currently works quickly and stably.
As a home solution, I use the Google Compute Engine, where on the server at the lowest cost I have an openvpn server running. Of course, you can choose any other hosting and vpn server.
The clients for this server are raised on a point (the native client in the delivery point), on the laptop (there are clients for every taste and color) and on the phone (Android, the standard client for some reason refused to read the config, but the client from Arne Schwabe immediately started ). It works just fine, no complaints. And I am much more confident in the security and durability of a personal server than any free or even paid. Again, I think that it will always be available, there is no reason to believe the opposite (well, except that the huge range of Google addresses gets into the block, but changing the server's IP address is pretty easy).
Just in case, I will add my client setup - of course, without keys. The server and clients were raised in the evening, despite the fact that this is my first experience deploying opnvpn, and in fact I am engaged in the development.
Configure the client (certificates can be added directly to the configuration file to feed it calmly to the phone or point):
Setting up the server is almost default - like I added only pushy there - so that only the necessary resources go through VPN:
I wanted to add links to the OpenVPN setup, but there are really too many such articles, and they are without any problems, and there is under each distribution kit.
You stay here, you all the best, good mood and health. It's only the beginning.
UPD. You may find this list of IP addresses useful.
Just wanted to remind just a few simple things that cause a lot of misunderstandings and questions. I understand that the article does not pull, but I really want to reach you, and there are no other ways in runet.
1. VPN client can be installed on almost any access point
Even at the old point it is often possible to upgrade or deliver the desired package. For example, for my old Zyxel Keenetic Ultra there was an unofficial update that contains a lot of useful things, including the openvpn client. For your point, there may also be a firmware - w3bsit3-dns.com is our everything, there are firmwares literally for anything. If you have set up all the points for working with Vpn, then life as a whole is already becoming much easier. If so many do, then again the problem is minimized.
')
2. VPN allows you to selectively drive traffic
You only need to know the address of the subnet you want to go through VPN - then you update the list of these networks on your VPN server, the client only receives and starts to drive the necessary traffic through VPN. The rest goes directly. This is important - I saw a bunch of instructions, after following which you chase 100% of the traffic through a VPN - this is slow, expensive, and you hardly wanted it.
3. Mobile devices
For some reason, many believe that VPN on mobile devices works on the “all or nothing” principle. No, it is not, even on stubs - you can also drive only the necessary traffic through VPN.
4. Thor
I would also like to add that for reasons unknown to me, everyone forgot about the torus, which also helps in similar tasks, and currently works quickly and stably.
Example
As a home solution, I use the Google Compute Engine, where on the server at the lowest cost I have an openvpn server running. Of course, you can choose any other hosting and vpn server.
The clients for this server are raised on a point (the native client in the delivery point), on the laptop (there are clients for every taste and color) and on the phone (Android, the standard client for some reason refused to read the config, but the client from Arne Schwabe immediately started ). It works just fine, no complaints. And I am much more confident in the security and durability of a personal server than any free or even paid. Again, I think that it will always be available, there is no reason to believe the opposite (well, except that the huge range of Google addresses gets into the block, but changing the server's IP address is pretty easy).
Just in case, I will add my client setup - of course, without keys. The server and clients were raised in the evening, despite the fact that this is my first experience deploying opnvpn, and in fact I am engaged in the development.
Configure the client (certificates can be added directly to the configuration file to feed it calmly to the phone or point):
Client setup
client dev tun proto udp remote YOUR_SERVER_IP 1194 resolv-retry infinite nobind persist-key persist-tun verb 3 <ca> PUT YOUR CA CERTIFICATE HERE </ca> <cert> PUT YOUR CERTIFICATE HERE </cert> <key> PUT YOUR PRIVATE KEY CERTIFICATE HERE </key> key-direction 1 <tls-auth> PUT YOUR STATIC KEY CERTIFICATE HERE </tls-auth> Setting up the server is almost default - like I added only pushy there - so that only the necessary resources go through VPN:
the fluffs look like this
push "route xxxx 255.255.255.255"
push "route xxx0 255.255.255.0"
push "route xxx0 255.255.255.0"
I wanted to add links to the OpenVPN setup, but there are really too many such articles, and they are without any problems, and there is under each distribution kit.
You stay here, you all the best, good mood and health. It's only the beginning.
UPD. You may find this list of IP addresses useful.
Source: https://habr.com/ru/post/353648/
All Articles