I need communication between the Server and End-Devices (PC for example). I don't need Client-to-Client communication. There are two OpenVPN Server instances running on the server; one in UDP (tap1) and other in TCP (tap2) mode. I am using server-bridge option and bridged tap1 and tap2 with vpnbr0.
It allows clients (OpenWrt) to connect with any of UDP and TCP protocols. I am using ccd to assign static ip (10.0.8.0/24) to the openvpn clients (OpenWrt).
Now, there will be RTP traffic like VoIP between the server and end-devices. RTP will go through the VPN tunnel. Therefore, it is important to compress the IP/UDP/RTP header (and this is what I am assigned for).
The server will compress the IP/UDP/RTP header and the routers (OpenWrt) will decompress it.
My question is how to acheive this compression technique with OpenVPN and OpenWrt.
Note that I am using Asterisk for VoIP.
OpenVPN Server-1:
server-1
server-bridge 10.0.8.1 255.255.255.0 10.0.8.101 10.0.8.199
route-gateway 10.0.8.1
tls-server
port 1194
proto udp
dev tap
script-security 2
up "/etc/openvpn/up.sh"
down "/etc/openvpn/down.sh"
mssfix
mode "server"
topology "subnet"
local 139.x.y.z
push "redirect-gateway def1 bypass-dhcp"
persist-tun
persist-key
keepalive 10 60
cipher AES-256-CBC
compress lz4
remote-cert-tls client
client-config-dir "/etc/openvpn/ccd"
ccd-exclusive
verb 3
<ca>
</ca>
<cert>
</cert>
<key>
</key>
<dh>
</dh>
<tls-crypt>
</tls-crypt>
/etc/openvpn/up.sh
Code: Select all
#!/bin/bash
# Add a bridge interface.
vpn_ifname=$1
(/usr/sbin/brctl show | grep vpnbr0 &>/dev/null) || /usr/sbin/brctl addbr vpnbr0
/usr/sbin/brctl addif vpnbr0 $vpn_ifname
/sbin/ip addr add 10.0.8.1/24 broadcast 10.0.8.255 dev vpnbr0 &>/dev/null
/sbin/ip link set vpnbr0 up
/sbin/ip link set $vpn_ifname up promisc on
for i in $(seq 1 10);do
/sbin/ip route add 192.168.1.$((16*(i-1)))/28 via 10.0.8.$((100+i)) src 10.0.8.1 &>/dev/null
done
exit 0