Eu tenho várias instâncias de VPN em um servidor, cada um com diferentes ips internos. Eu tenho duas instâncias do OpenVPN, e gostaria que os clientes de cada um pudessem se comunicar com os clientes uns dos outros. Aqui estão minhas configurações do OpenVPN:
port 1194
proto tcp
dev tun0
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
topology subnet
server 10.10.0.0 255.255.255.0
server-ipv6 fde6:7c9e:7ab4:0cc0::/64
cipher AES-256-GCM
auth SHA512
ifconfig-pool-persist ipp.txt 0
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
reneg-bytes 32000000
compress lz4-v2
push "compress lz4-v2"
push "redirect-gateway"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
persist-key
persist-tun
verb 3
crl-verify /etc/openvpn/easy-rsa/pki/crl.pem
duplicate-cn
client-to-client
topology subnet
log-append /var/log/openvpn.log
e
port 1194
proto tcp
dev tun0
sndbuf 0
rcvbuf 0
ca ca.crt
cert server.crt
key server.key
dh dh.pem
topology subnet
server 10.8.0.0 255.255.255.0
server-ipv6 fd7d:89e2:ccd5:09ef::/64
cipher AES-256-GCM
auth SHA512
ifconfig-pool-persist ipp.txt 0
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
reneg-bytes 32000000
compress lz4-v2
push "compress lz4-v2"
push "redirect-gateway"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 10 120
persist-key
persist-tun
verb 3
crl-verify /etc/openvpn/easy-rsa/pki/crl.pem
duplicate-cn
client-to-client
topology subnet
log-append /var/log/openvpn.log
E aqui estão as únicas regras de iptables que adicionei para a VPN:
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ens3 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 10.10.0.0/24 -o ens3 -j MASQUERADE
Tags networking vpn openvpn iptables