한 서버에 각각 내부 IP가 다른 여러 개의 VPN 인스턴스가 있습니다. 두 개의 OpenVPN 인스턴스가 있고 각 클라이언트가 서로 클라이언트와 통신할 수 있도록 하고 싶습니다. 내 OpenVPN 구성은 다음과 같습니다.
port 1194
proto tcp
dev tun0
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
topology subnet
server 10.10.0.0 255.255.255.0
server-ipv6 fde6:7c9e:7ab4:0cc0::/64
cipher AES-256-GCM
auth SHA512
ifconfig-pool-persist ipp.txt 0
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
reneg-bytes 32000000
compress lz4-v2
push "compress lz4-v2"
push "redirect-gateway"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
persist-key
persist-tun
verb 3
crl-verify /etc/openvpn/easy-rsa/pki/crl.pem
duplicate-cn
client-to-client
topology subnet
log-append /var/log/openvpn.log
그리고
port 1194
proto tcp
dev tun0
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
topology subnet
server 10.8.0.0 255.255.255.0
server-ipv6 fd7d:89e2:ccd5:09ef::/64
cipher AES-256-GCM
auth SHA512
ifconfig-pool-persist ipp.txt 0
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
reneg-bytes 32000000
compress lz4-v2
push "compress lz4-v2"
push "redirect-gateway"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
persist-key
persist-tun
verb 3
crl-verify /etc/openvpn/easy-rsa/pki/crl.pem
duplicate-cn
client-to-client
topology subnet
log-append /var/log/openvpn.log
VPN에 추가한 유일한 iptables 규칙은 다음과 같습니다.
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ens3 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 10.10.0.0/24 -o ens3 -j MASQUERADE