Windows>> opnsense-multihop>> 返回
项目作者: ddowse

项目描述 :
Multihop with OpenVPN Tunnels on OPNsense
高级语言: PHP
项目地址: git://github.com/ddowse/opnsense-multihop.git
创建时间: 2021-05-18T05:10:36Z
项目社区:https://github.com/ddowse/opnsense-multihop
开源协议:BSD 3-Clause "New" or "Revised" License
下载


openvpn-multihop

Multihop with OpenVPN Tunnels on OPNsense

Check if your provider supports this. Perfect Privacy is known to support at least 4 Tunnel.

Build Instructions

  1. git clone https://github.com/opnsense/plugins
  2. git clone https://github.com/ddowse/opnsense-multihop plugins/security/openvpn-multihop
  3. cd plugins/security/openvpn-multihop
  4. make package

Install Instructions

Fetch the current pre-release from this repo and install it like this

  1. pkg add https://github.com/ddowse/opnsense-multihop/releases/download/Latest/os-openvpn-multihop-1.0.txz

Usage

General Tab

Clients Tab

You can also control the tunnel cascade on the shell like this:

  1. configctl multihop [stop|start|status]

Check your IP

  1. curl -s https://checkip.perfect-privacy.com/json | jq

Some simple technical background Information

  1. The Plugin will extract the VPNID and creates a list and stores that information in /usr/local/etc/multihop.conf.

  2. The Shellscript /usr/local/opnsense/scripts/OPNsense/Multihop/multihop.sh will be executed when the service API triggers configd.

    1. The Shellscript will read the list of VPNID’s from its own conf file.
    2. Get’s the server_addr field of the next VPNID int the list by using pluginclt and parse it with jq
    3. The correct server_addr is passed to the --route-up script. This adds the GW of the current OpenVPN Tunnel to the routing table for server_addr. The Shellscript skips --route-up on the last VPNID and set the routing options from the clients settings.

  3. The static route for the first tunnel is needed to prevent a network traffic loop.

The OPNsense OpenVPN Client Configuration is not touched. Altough VPN Clients that are used for mutlihopping should be disabled in OpenVPN->Client or they will
startup on reboot, too - as this is the default.

You may also want take care of NAT and Filter settings.
Some examples can be found in my other repo pfSense-pkg-openvpn-multihop.

You are welcome to open issues (code/errors) or improve this plugin. It might be a good idea to mix VPN providers and report your results if you want.

This Plugin was done as Freelance Job for a customer who wants to remain anonymous.
Thanks to her/him this Plugin is now available to the open-source community. Thank you!. ❤️

As I am a Freelancer, do not hesitate to contact me via my E-Mail if you have a need for individual Plugins or Bugfixes.