// client //
client
dev tun
proto udp
remote IPĀ 1194
nobind
persist-key
persist-tun
comp-lzo
log-append openvpn-log
verb 3
mute 10
// Server //
proto udp
dev tun
port 1194
server 10.100.200.0 255.255.255.0
push “route 192.168.3.0 255.255.255.0”
client-config-dir ccd
client-to-client
ifconfig-pool-persist ipp.txt
keepalive 10 120
comp-lzo
persist-key
persist-tun
status openvpn-status.log 20
log-append openvpn-log
verb 3
mute 1
// Iptables //
*filter
:INPUT ACCEPT [9976:1352302]
:FORWARD ACCEPT [7:364]
:OUTPUT ACCEPT [19184:1814693]
-A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i tun0 -j ACCEPT
-A INPUT -s 10.100.200.0/24 -p tcp -m tcp –dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 8086 -j ACCEPT
-A INPUT -s xxx.xxx.xxx.xxx/32 -p tcp -m tcp –dport 3128 -j ACCEPT
-A INPUT -m state –state NEW -j LOG –log-prefix “INPUT: ”
-A FORWARD -i tun0 -j ACCEPT
-A FORWARD -s 10.100.200.0/24 -d 192.168.x.0/24 -i tun0 -j ACCEPT
-A FORWARD -i eth0 -o tun0 -m state –state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i tun0 -o eth0 -j ACCEPT
-A OUTPUT -p udp -m udp –dport 123 -j ACCEPT
-A OUTPUT -o tun+ -j ACCEPT
COMMIT
# Completed on Thu Dec 29 13:16:58 2016
# Generated by iptables-save v1.4.21 on Thu Dec 29 13:16:58 2016
*nat
:PREROUTING ACCEPT [7:588]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
// sysctl.conf //
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv4.ip_forward=1