forked from clowwindy/ShadowVPN
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
3 changed files
with
24 additions
and
12 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
|
|
||
| int_if = "em0" | ||
| tun_if = "tun99" | ||
| nat on $int_if inet from { $tun_if/24 } to any -> ($int_if) | ||
| pass in log on $tun_if proto icmp from any to any keep state | ||
|
|
||
|
|
||
| #nat on tun0 from 172.16.1.0/24 to any -> tun0 | ||
| #pass out log on $vpn_if inet proto { $protos } from $lan_net to any flags S/SA modulate state nat-to ($vpn_if) round-robin | ||
| #pass in log quick on $dmz_if route-to (tun0 <anonine_gateway>) inet proto icmp from $dmz_network to any icmp-type echoreq tag VPN_TRAFFIC | ||
| #pass out log quick on tun0 inet proto icmp from tun0 to any icmp-type echoreq tagged VPN_TRAFFIC |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,27 +1,28 @@ | ||
| #!/bin/sh | ||
|
|
||
| set -x | ||
| # example server up script | ||
| # will be executed when server is up | ||
|
|
||
| # all key value pairs in ShadowVPN config file will be passed to this script | ||
| # as environment variables, except password | ||
|
|
||
| # turn on IP forwarding | ||
| sysctl -w net.ipv4.ip_forward=1 | ||
| sysctl -w net.inet.ip.forwarding=1 | ||
|
|
||
| # configure IP address and MTU of VPN interface | ||
| ifconfig $intf 10.7.0.1 netmask 255.255.255.0 | ||
| ifconfig $intf mtu $mtu | ||
| ifconfig $intf 10.7.0.1 10.7.0.1 netmask 255.255.255.0 mtu $mtu up | ||
| #ifconfig $intf mtu $mtu | ||
|
|
||
| # turn on NAT over eth0 and VPN | ||
| # if you use other interface name that eth0, replace eth0 with it | ||
| iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE | ||
| iptables -A FORWARD -i eth0 -o $intf -m state --state RELATED,ESTABLISHED -j ACCEPT | ||
| iptables -A FORWARD -i $intf -o eth0 -j ACCEPT | ||
| #iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE | ||
| #iptables -A FORWARD -i eth0 -o $intf -m state --state RELATED,ESTABLISHED -j ACCEPT | ||
| #iptables -A FORWARD -i $intf -o eth0 -j ACCEPT | ||
|
|
||
| # turn on MSS fix | ||
| # MSS = MTU - TCP header - IP header | ||
| mss=$(($mtu - 40)) | ||
| iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss $mss | ||
| #mss=$(($mtu - 40)) | ||
| #iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss $mss | ||
|
|
||
| echo $0 done |