This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Для улучшения производительности системы, рекомендуется снизить интенсивность обращения к SWAP. | |
Чтобы снизить минимальный процент свободной памяти, при которой будет происходить запись страниц в SWAP, необходимо установить значение параметра vm.swappiness=10 | |
echo 'vm.swappiness=5' >> /etc/sysctl.conf | |
Параметр vfs_cache_pressure отвечает за уровень выделяемой памяти под использование дискового кэша. В зависимости от величины, параметр увеличивает или уменьшает активность выгрузки неиспользуемых страниц памяти из кэша. Для SSD рекомендуется установить значение параметра vfs_cache_pressure равным 50. | |
echo 'vm.vfs_cache_pressure=50' >> /etc/sysctl.conf | |
Связи с тем, что SSD накопители не используют вращающиеся пластины в отличие от традиционных жестких дисков. Нулевое значение отключает использование алгоритмов снижения времени поиска данных: | |
echo 0 > /sys/block/sda/queue/rotational |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# OC CentOS 7.x | |
# установка пакета easy-rsa | |
yum install -y easy-rsa | |
# ключи и сертификаты будут после генерирования в каталоге /usr/share/easy-rsa/2.0/keys | |
cd /usr/share/easy-rsa/2.0/ | |
. ./vars | |
./clean-all | |
# генерирование сертификата и ключа CA. Содержимое ca.crt нужно поместить в секцию <ca> </ca> в каждый конфиг |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# ОС CentOS 7.x | |
# установка пакета openvpn | |
yum install -y epel-release && yum install -y openvpn | |
# установка пакета easy-rsa | |
yum install -y easy-rsa | |
# генерирование ключей и сертификатов - https://gist.github.com/seugene/c73f44c80ee4fbf1aade | |
# включение маршрутизации |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# включение маршрутизации | |
sysctl -w net.ipv4.ip_forward=1 | |
# правила межсетевого экрана и NAT | |
iptables -F FORWARD | |
iptables -A INPUT -i tun+ -j ACCEPT | |
iptables -A FORWARD -i tun+ -j ACCEPT | |
iptables -t nat -A POSTROUTING -s 10.1.0.0/24 -o tun0 -j MASQUERADE | |
# монтирование tmpfs |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# включение маршрутизации | |
sysctl -w net.ipv4.ip_forward=1 | |
# правила межсетевого экрана и NAT | |
iptables -F FORWARD | |
iptables -A INPUT -i tun+ -j ACCEPT | |
iptables -A FORWARD -i tun+ -j ACCEPT | |
iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -j SNAT --to-source 5.79.97.139 | |
# монтирование tmpfs |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# установка пакета openvpn | |
yum install -y epel-release && yum install -y openvpn | |
# включение маршрутизации | |
sysctl -w net.ipv4.ip_forward=1 | |
# правила межсетевого экрана и NAT | |
iptables -F FORWARD | |
iptables -A INPUT -i tun+ -j ACCEPT | |
iptables -A FORWARD -i tun+ -j ACCEPT |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
daemon | |
dev tun | |
proto udp | |
port 53 | |
tls-server | |
server 10.0.0.0 255.255.255.0 | |
keepalive 20 60 | |
comp-lzo |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dev tun1 | |
proto tcp-server | |
port 443 | |
mode server | |
tls-server | |
server 10.1.0.0 255.255.255.0 | |
push "redirect-gateway def1" | |
push "dhcp-option DNS 8.8.8.8" | |
push "dhcp-option DNS 8.8.4.4" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
client | |
daemon | |
dev tun0 | |
proto udp | |
port 53 | |
# адрес vps2 | |
remote x.x.x.x | |
keepalive 20 60 | |
comp-lzo |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# режим работы - client | |
client | |
# устройство tun или tap | |
dev tun | |
# протокол tcp | |
proto tcp-client | |
# порт для подключения к серверу | |
port 443 | |
# режим клиента TLS для шифрования |
OlderNewer