Advanced OpenVPN on pfSense
-
Просто замечательное видео для понимания работы Openvpn на pfsense. Описаны режимы работы, работа с multiwan, динамическая маршрутизация ospf (quagga).
Упомянуты моменты, в каком случае надо явно объявлять Openvpn интерфейсом, описаны директивы port-share, reneg-sec, allow-recursive-routing.Лично для себя почерпнул много интересного. Крайне рекомендую для просмотра.
https://www.youtube.com/watch?v=ku-fNfJJV7w
P.s. Жаль только, что .pdf на этом видео доступен только по подписке :'(
P.p.s. Наделал скриншотов с важными (для себя) моментами. Прикладываю. Возможно, поможет многое понять в настройке\работе Openvpn на pfsense :
![OpenVPN device mode tap tun.png](/public/imported_attachments/1/OpenVPN device mode tap tun.png)
![OpenVPN device mode tap tun.png_thumb](/public/imported_attachments/1/OpenVPN device mode tap tun.png_thumb)
![OpenVPN tunnel networks.png](/public/imported_attachments/1/OpenVPN tunnel networks.png)
![OpenVPN tunnel networks.png_thumb](/public/imported_attachments/1/OpenVPN tunnel networks.png_thumb)
![Shared key.png](/public/imported_attachments/1/Shared key.png)
![Shared key.png_thumb](/public/imported_attachments/1/Shared key.png_thumb)
![SLL TLS in tun net30 mode.png](/public/imported_attachments/1/SLL TLS in tun net30 mode.png)
![SLL TLS in tun net30 mode.png_thumb](/public/imported_attachments/1/SLL TLS in tun net30 mode.png_thumb)
![SSL TLS subnet mode.png](/public/imported_attachments/1/SSL TLS subnet mode.png)
![SSL TLS subnet mode.png_thumb](/public/imported_attachments/1/SSL TLS subnet mode.png_thumb)
![Single server multiwan localhost.png](/public/imported_attachments/1/Single server multiwan localhost.png)
![Single server multiwan localhost.png_thumb](/public/imported_attachments/1/Single server multiwan localhost.png_thumb)
![Multipile servers multipile WANs.png](/public/imported_attachments/1/Multipile servers multipile WANs.png)
![Multipile servers multipile WANs.png_thumb](/public/imported_attachments/1/Multipile servers multipile WANs.png_thumb)
![Client specific overrides.png](/public/imported_attachments/1/Client specific overrides.png)
![Client specific overrides.png_thumb](/public/imported_attachments/1/Client specific overrides.png_thumb)
![Servers as clients.png](/public/imported_attachments/1/Servers as clients.png)
![Servers as clients.png_thumb](/public/imported_attachments/1/Servers as clients.png_thumb)
![Share LAN subnet tun.png](/public/imported_attachments/1/Share LAN subnet tun.png)
![Share LAN subnet tun.png_thumb](/public/imported_attachments/1/Share LAN subnet tun.png_thumb)
![RA tap bridge vpn.png](/public/imported_attachments/1/RA tap bridge vpn.png)
![RA tap bridge vpn.png_thumb](/public/imported_attachments/1/RA tap bridge vpn.png_thumb)
![Random tips port-share recursive-routing reneg-sec.png](/public/imported_attachments/1/Random tips port-share recursive-routing reneg-sec.png)
![Random tips port-share recursive-routing reneg-sec.png_thumb](/public/imported_attachments/1/Random tips port-share recursive-routing reneg-sec.png_thumb)
[Assign OpenVPN interfaces Ñвно.zip](/public/imported_attachments/1/Assign OpenVPN interfaces Ñвно.zip)
[OSPF dynamic routed openvpn.zip](/public/imported_attachments/1/OSPF dynamic routed openvpn.zip)