• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

essandess/macos-openvpn-server: macOS OpenVPN Server and Client Configuration (O ...

原作者: [db:作者] 来自: 网络 收藏 邀请

开源软件名称(OpenSource Name):

essandess/macos-openvpn-server

开源软件地址(OpenSource Url):

https://github.com/essandess/macos-openvpn-server

开源编程语言(OpenSource Language):

Shell 100.0%

开源软件介绍(OpenSource Introduction):

macos-openvpn-server

macOS OpenVPN Server and Client Configuration

This repo describes how to build an OpenVPN VPN server on macOS using pfctl and Tunnelblick.

This configuration provides a TLS-based VPN server using 4096-bit certificates and UDP port 443, accessible by any OpenVPN client, especially iOS with the OpenVPN app.

OpenVPN iPad

VPN Configuration Advantages

This OpenVPN configuration provides the following advantages:

Tunnelblick Configuration

Configure Tunnelblick settings so that the server connection persists over macOS Fast User Switching. Failure to do this is observed to cause routing problems beyond OpenVPN server accessibility. Use the recommended standard and advanced settings:

Tunnelblick Settings Advanced…
Tunnelblick Settings Tunnelblick Advanced Settings

Privatizing Proxy for Mobile Devices

A privatizing proxy is necessary to block mobile carriers from adding uniquely identifying HTTP headers used for customer tracking. See, for example, Does your phone company track you?. The repo essandess/osxfortress provides a firewall, blackhole, and privatizing proxy . Use the server configuration config.ovpn.osxfortress for these features, including blocking the mobile carrier tracking headers:

# Mobile carrier uniquely identifying headers
request_header_access MSISDN deny all           # T-Mobile
request_header_access X-MSISDN deny all         # T-Mobile
request_header_access X-UIDH deny all           # Verizon
request_header_access x-up-subno deny all       # AT&T
request_header_access X-ACR deny all            # AT&T
request_header_access X-UP-SUBSCRIBER-COS deny all
request_header_access X-OPWV-DDM-HTTPMISCDD deny all
request_header_access X-OPWV-DDM-IDENTITY deny all
request_header_access X-OPWV-DDM-SUBSCRIBER deny all
request_header_access CLIENTID deny all
request_header_access X-VF-ACR deny all
request_header_access X_MTI_USERNAME deny all
request_header_access X_MTI_EMAIL deny all
request_header_access X_MTI_EMPID deny all



鲜花

握手

雷人

路过

鸡蛋
该文章已有0人参与评论

请发表评论

全部评论

专题导读
热门推荐
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap