OpenVPN

1. Installing
yum install openvpn -y
sysctl net.ipv4.ip_forward=1
echo net.ipv4.ip_forward=1 >> /etc/sysctl.conf
systemctl -f enable openvpn@server
2. Generating keys
cd /etc/openvpn/
openvpn --genkey --secret static.key
scp static.key server2:/etc/openvpn/
3. Configuring /etc/openvpn/server.conf on first node
proto tcp-server
# proto udp
dev tun
port 443
secret static.key
keepalive 30 120
persist-key
persist-tun
ifconfig 1.1.1.1 1.1.1.2

# iptables nat
# -A POSTROUTING -o eth0 -s 1.1.1.0/24 -j MASQUERADE
4. /etc/openvpn/scaleway.conf on second node
remote 88.77.66.55 443
proto tcp-client
# proto udp
dev vpn-scaleway
dev-type tun
secret static.key
keepalive 30 120
persist-key
persist-tun
ifconfig 1.1.1.2 1.1.1.1

# Microsoft Azure
route 51.136.0.0 255.254.0.0

# AWS
route 13.0.0.0 255.0.0.0
route 18.0.0.0 255.0.0.0
route 34.0.0.0 255.0.0.0
route 35.0.0.0 255.0.0.0
route 52.0.0.0 255.0.0.0
route 54.0.0.0 255.0.0.0

# Google
route 23.0.0.0 255.0.0.0
route 64.233.0.0 255.255.0.0
route 173.194.0.0 255.255.0.0
route 173.194.222.101 255.255.255.255

# iptables nat
# -A POSTROUTING -o vpn-scaleway -s 192.168.1.0/24 ! -d 192.168.1.0/24 -j MASQUERADE
start client
systemctl -f enable openvpn@scaleway
systemctl start openvpn@scaleway
Add routes to nm on clients
# aws
nmcli connection modify eth0 +ipv4.routes "13.0.0.0/8 192.168.1.254"
nmcli connection modify eth0 +ipv4.routes "18.0.0.0/8 192.168.1.254"
nmcli connection modify eth0 +ipv4.routes "34.0.0.0/8 192.168.1.254"
nmcli connection modify eth0 +ipv4.routes "35.0.0.0/8 192.168.1.254"
nmcli connection modify eth0 +ipv4.routes "52.0.0.0/8 192.168.1.254"
nmcli connection modify eth0 +ipv4.routes "54.0.0.0/8 192.168.1.254"
nmcli connection modify eth0 +ipv4.routes "91.108.0.0/16 192.168.1.254"
nmcli connection modify eth0 +ipv4.routes "109.239.0.0/16 192.168.1.254"
nmcli connection modify eth0 +ipv4.routes "149.154.0.0/16 192.168.1.254"
# google
nmcli connection modify eth0 +ipv4.routes "23.0.0.0/8 192.168.1.254"
nmcli connection modify eth0 +ipv4.routes "173.194.0.0/16 192.168.1.254"
nmcli connection modify eth0 +ipv4.routes "64.233.0.0/16 192.168.1.254"
# microsoft
nmcli connection modify eth0 +ipv4.routes "51.136.0.0/15 192.168.1.254"
Automating adding all != /32 subnets
crontab -e -u root
15 * * * * curl --silent http://api.antizapret.info/all.php | grep -o -E '[0-9]+[.][0-9]+[.][0-9]+[.][0-9]+/[0-9]+' | xargs -I % ip r a % via 192.168.1.254