I have a home server running Debian 12 with multiple internet connections:
* eth0: My primary optic fiber connection. * pppX (0-N): USB 4G modem interfaces connected via wvdial. I use wvdial for better control and stability, though I'm open to suggestions.
A C# server I wrote manages these resources to provide a small, experimental proxy service.
How it works:
1. Client Request: A client requests a proxy. 2. Server Action: The server selects an available USB modem, and uses wvdial to establish a connection, creating a new network interface (pppX). The server then configures 3proxy to listen on a specific port and forward traffic to the newly created interface. Generates credentials, and gives the proxy data to the client.
The connection lasts for a set number of hours, then is closed and resources are released.
The Problem:
While this system works, I need to make it more robust and secure. I've considered OpenVPN, but WireGuard isn't suitable due to its UDP-only nature. I need TCP for anonymity.
The Goal:
I want to implement OpenVPN in my existing architecture. The core idea remains the same: using USB modems and wvdial. However, instead of a proxy server, we'll use an OpenVPN server.
Requirements:
1. Dynamic Configuration: The server should generate .ovpn files for each client, revoking them after the connection ends. 2. Dedicated Connections: Each client should have a dedicated connection to a specific USB modem, ensuring that traffic from different clients is not mixed. After the connection is closed and resources are released, the modem should be available for a new client. 3. Configuration Guidance: I need help with the OpenVPN configuration, including file locations, key settings, and routing rules. Consider I don't have advanced knowledge on Linux network management.
I'm not a Linux expert, but I'm eager to learn. I have clients relying on this service, so I need a quicker solution than self-learning.
How I want it to work (I'm open to suggestions of course):
1. A client requests a VPN connection, the server runs wvdial as it currently does. 2. After the interface is up and has internet access, the server must set up a new configuration to allow the current client to connect to the server and redirect their traffic to this newly created interface through a specific port. 3. Then after some hours, or when the client requests it, the server closes the connection, invalidates the .ovpn client file, and closes wvdial.
Just to clarify, wvdial, after linking the modem with the ISP (by running ppp), gives me the information of the new connection. The network details such as IPv4 addresses, interface name, etc., all the data that comes from `/etc/ppp/ip-up`, are available to use for routing or whatever is needed.
