Skip to content

UDPspeeder openvpn config guide

wangyu- edited this page Mar 12, 2021 · 26 revisions

UDPspeeder + openvpn config guide

image_vpn

UDPspeeder command

run at server side

./speederv2 -s -l0.0.0.0:8855 -r 127.0.0.1:7777 -f20:10

run at client side

assume server ip is 45.66.77.88

./speederv2 -c -l0.0.0.0:3333 -r 45.66.77.88:8855 -f20:10

openvpn config

client side config

client
dev tun100
proto udp

remote 127.0.0.1 3333
resolv-retry infinite 
nobind 
persist-key 
persist-tun  

ca /root/add-on/openvpn/ca.crt
cert /root/add-on/openvpn/client.crt
key /root/add-on/openvpn/client.key

keepalive 3 20
verb 3
mute 20

comp-lzo no   #this option is deprecated since openvpn2.4. For 2.4 and above, use "compress" instead
#compress

#fragment 1200       ##### for UDPspeeder with --mode 0, no need to set this. But for --mode 1, it's important to set this. it's a conservative value, you can turn it up a bit
#mssfix 1200         ##### same as above.   

sndbuf 2000000      ##### important
rcvbuf 2000000      ##### important
txqueuelen 4000     ##### suggested

server side config

local 0.0.0.0
port 7777 
proto udp
dev tun 

ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem

server 10.222.2.0 255.255.255.0 
ifconfig 10.222.2.1 10.222.2.6

client-to-client
duplicate-cn 
keepalive 10 60 

max-clients 50

persist-key
persist-tun

status /etc/openvpn/openvpn-status.log

verb 3
mute 20  

comp-lzo no   #this option is deprecated since openvpn2.4. For 2.4 and above, use "compress" instead
#compress

#fragment 1200       ##### for UDPspeeder with --mode 0, no need to set this. But for --mode 1, it's important to set this. it's a conservative value, you can turn it up a bit
#mssfix 1200         ##### same as above.   

sndbuf 2000000      ##### important
rcvbuf 2000000      ##### important
txqueuelen 4000     ##### suggested

Addtional steps to transparently redirect traffic

at server side

run:

#enable ip forward:
echo 1 >/proc/sys/net/ipv4/ip_forward

#setup SNAT rule:
iptables -t nat -A POSTROUTING -s 10.222.0.0/16 ! -d 10.222.0.0/16 -j MASQUERADE

at client side(easier way)

add following lines to the end of you OpenVPN config:

redirect-gateway def1
route 44.55.66.77 255.255.255.255 net_gateway    # change 44.55.66.77 to your server ip 
#the line above adds a route exception for your UDPspeeder server, very important

at client side(alternative way)

1. add route exception by running:
#change 44.55.66.77 to your server ip, x.x.x.x to you gateway
ip route add 44.55.66.77 via x.x.x.x

this step adds a route exception for your UDPspeeder server, very important, otherwise your UDPspeeder traffic will be hijacked by openvpn, then there will be a traffic loop

exapmle

for example, run ip route, if the output is:

default via 192.168.200.1 dev eth0  metric 202
192.168.100.0/24 dev wlan0  proto kernel  scope link  src 192.168.100.1
192.168.200.0/24 dev eth0  proto kernel  scope link  src 192.168.200.205  metric 202

then x.x.x.x should be 192.168.200.1

2. redirect default route by running:
#chang x.x.x.x to the P-to-P dest address
ip route add 0.0.0.0/1 via x.x.x.x dev tun100   
ip route add 128.0.0.0/1 via x.x.x.x dev tun100

exapmle:

for example if you ifconfig output is:

eth0      Link encap:Ethernet  HWaddr b8:27:eb:1f:05:85
          inet addr:192.168.200.205  Bcast:192.168.200.255  Mask:255.255.255.0
          inet6 addr: fe80::9a5d:1529:f914:79de/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1


tun100    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.222.2.6  P-t-P:10.222.2.5  Mask:255.255.255.255
          inet6 addr: fe80::6742:d620:f5f:5a4c/64 Scope:Link
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1

then x.x.x.x should be 10.222.2.5

Other Info

You can also use tinyfecVPN,a lightweight VPN with UDPspeeder's function built-in:

https://github.com/wangyu-/tinyfecVPN/wiki/redirect-all-traffic-through-tinyfecVPN

Clone this wiki locally