UDPspeeder openvpn config guide
./speederv2 -s -l0.0.0.0:8855 -r 127.0.0.1:7777 -f20:10
assume server ip is 45.66.77.88
./speederv2 -c -l0.0.0.0:3333 -r 45.66.77.88:8855 -f20:10
client
dev tun100
proto udp
remote 127.0.0.1 3333
resolv-retry infinite
nobind
persist-key
persist-tun
ca /root/add-on/openvpn/ca.crt
cert /root/add-on/openvpn/client.crt
key /root/add-on/openvpn/client.key
keepalive 3 20
verb 3
mute 20
comp-lzo no #this option is deprecated since openvpn2.4. For 2.4 and above, use "compress" instead
#compress
#fragment 1200 ##### for UDPspeeder with --mode 0, no need to set this. But for --mode 1, it's important to set this. it's a conservative value, you can turn it up a bit
#mssfix 1200 ##### same as above.
sndbuf 2000000 ##### important
rcvbuf 2000000 ##### important
txqueuelen 4000 ##### suggested
local 0.0.0.0
port 7777
proto udp
dev tun
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
server 10.222.2.0 255.255.255.0
ifconfig 10.222.2.1 10.222.2.6
client-to-client
duplicate-cn
keepalive 10 60
max-clients 50
persist-key
persist-tun
status /etc/openvpn/openvpn-status.log
verb 3
mute 20
comp-lzo no #this option is deprecated since openvpn2.4. For 2.4 and above, use "compress" instead
#compress
#fragment 1200 ##### for UDPspeeder with --mode 0, no need to set this. But for --mode 1, it's important to set this. it's a conservative value, you can turn it up a bit
#mssfix 1200 ##### same as above.
sndbuf 2000000 ##### important
rcvbuf 2000000 ##### important
txqueuelen 4000 ##### suggested
run:
#enable ip forward:
echo 1 >/proc/sys/net/ipv4/ip_forward
#setup SNAT rule:
iptables -t nat -A POSTROUTING -s 10.222.0.0/16 ! -d 10.222.0.0/16 -j MASQUERADE
add following lines to the end of you OpenVPN config:
redirect-gateway def1
route 44.55.66.77 255.255.255.255 net_gateway # change 44.55.66.77 to your server ip
#the line above adds a route exception for your UDPspeeder server, very important
#change 44.55.66.77 to your server ip, x.x.x.x to you gateway
ip route add 44.55.66.77 via x.x.x.x
this step adds a route exception for your UDPspeeder server, very important, otherwise your UDPspeeder traffic will be hijacked by openvpn, then there will be a traffic loop
for example, run ip route, if the output is:
default via 192.168.200.1 dev eth0 metric 202
192.168.100.0/24 dev wlan0 proto kernel scope link src 192.168.100.1
192.168.200.0/24 dev eth0 proto kernel scope link src 192.168.200.205 metric 202
then x.x.x.x should be 192.168.200.1
#chang x.x.x.x to the P-to-P dest address
ip route add 0.0.0.0/1 via x.x.x.x dev tun100
ip route add 128.0.0.0/1 via x.x.x.x dev tun100
for example if you ifconfig output is:
eth0 Link encap:Ethernet HWaddr b8:27:eb:1f:05:85
inet addr:192.168.200.205 Bcast:192.168.200.255 Mask:255.255.255.0
inet6 addr: fe80::9a5d:1529:f914:79de/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
tun100 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.222.2.6 P-t-P:10.222.2.5 Mask:255.255.255.255
inet6 addr: fe80::6742:d620:f5f:5a4c/64 Scope:Link
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
then x.x.x.x should be 10.222.2.5
You can also use tinyfecVPN,a lightweight VPN with UDPspeeder's function built-in:
https://github.com/wangyu-/tinyfecVPN/wiki/redirect-all-traffic-through-tinyfecVPN