Openvpn Support Both TCP and UDP On 1 Server

To support  both TCP and UDP, for example port 53 for udp and port 443 for tcp,  we aren’t just use one server config (server.conf) but 2 server configs

What I mean is our server able to connect openvpn with either port udp and tcp but every connection only use one port, tcp or udp.

if you already have server.conf, you can delete it or you can rename it depend on configuration in server.conf.

for example, if you use port udp you can rename it with udp.conf

#mv server.conf udp.conf

About the name of 2 server configs, lets we call it udp.conf and tcp.conf

First we set udp.conf to support port udp

#nano /etc/openvpn/udp.conf

and fill that with config like this :

local 123.123.123.123 #- change it with your server ip address
port 53 #- change the port you want
proto udp
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
server 1.2.4.0 255.255.255.0 #- must defferent tcp config
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 4.2.2.1"
keepalive 5 30
comp-lzo
persist-key
persist-tun
status server-tcp.log
verb 3

and now we set tcp.conf to support port tcp

#nano /etc/openvpn/tcp.conf

and fill that with config like this :

local 123.123.123.123 #- change it with your server ip address
port 443 #- change the port you want
proto tcp
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
server 1.2.5.0 255.255.255.0 #- must be different with tcp config
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 4.2.2.1"
keepalive 5 30
comp-lzo
persist-key
persist-tun
status server-tcp.log
verb 3

remember line of server ip config in tcp config must be differrent with server ip config in udp config

for example referring two config above, we use server 1.2.4.0 255.255.255.0 for udp and server 1.2.5.0 255.255.255.0 for tcp

After we have two server configs, we also must have two different client configs

First we set udp client config by editing openvpn config sample sample.ovpn and rename it with udp.ovpn

here configuration for udp client config

client
dev tun
proto udp
remote 123.123.123.123 53 #- your OPENVPN server ip and port
resolv-retry infinite
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ca ca.crt
cert sample.crt #- edit it with you client certificate name
key sample.key #- edit it with you client key name
comp-lzo
verb 3
route-method exe
route-delay 2

and now we set tcp client config by editing openvpn config sample sample.ovpn and rename it with tcp.ovpn

here configuration for tcp client config

client
dev tun
proto tcp
remote 123.123.123.123 443 #- your OPENVPN server ip and port
resolv-retry infinite
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ca ca.crt
cert sample.crt #- edit it with you client certificate name
key sample.key #- edit it with you client key name
comp-lzo
verb 3
route-method exe
route-delay 2

Now we have two server configs and two client configs

last step is enabling ip forward and create NAT iptables rules

If you’re using VPS (change 123.123.123.123 with your VPS IP) :

for udp :

#iptables -t nat -A POSTROUTING -s 1.2.4.0/24 -j SNAT --to 123.123.123.123

for tcp :

#iptables -t nat -A POSTROUTING -s 1.2.5.0/24 -j SNAT --to 123.123.123.123

If you’re using Dedicated Server:

for udp :

#iptables -t nat -A POSTROUTING -s 1.2.4.0/24 -o eth0 -j MASQUERADE

for tcp :

#iptables -t nat -A POSTROUTING -s 1.2.5.0/24 -o eth0 -j MASQUERADE

Now your openvpn is ready for TCP and UDP connection. Enjoy !!! :D

sumber : http://benidiktus.web.id/2010/07/membuat-koneksi-vpn-dengan-open-vpn/

About these ads

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s