Hi, greetings to all, and I apologize for my translated English being Italian, I need some help from you for my proxy project:
I have installed and manage a Pritunl Enterprise VPN Panel with a dedicated server in which I have created, based on the type of user to be assigned, n. 13 different VPN servers with as many different udp ports which in the overall total manage a total number of about 6,000 users.
For the proxy project I bought a second dedicated server (DUAL E5-2670v3 24core/48 threads 128GB RAM 1x240GB SSD (up to 46TB SSB)) with which, through Ngnix, I would like to protect the ip address of the VPN server anonymously by proxing its ip, contained in the .ovpn certificate distributed to the various customers, replacing it with the address:port of the proxy.
To do this, in addition to opening all the udp ports in question (for each server I used the same port for in-out), and finally I created this ngnix.conf configuration
================
user www-data;
worker_processes auto;
pid /run/nginx.pid;
worker_rlimit_nofile 30000; #vg
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 65535; #vg
#multi_accept on; #vg
}
http {
.......
stream{
upstream srv_A {
hash $remote_addr consistent;
zone srv_SERVIZIO 64k; #zona di memoria condivisa
server DNS_SERVER_VPN:11269 max_fails=0; #srv_SERVIZIO
}
upstream srv_B {
hash $remote_addr consistent;
zone srv_zacco 64k; #zona di memoria condivisa
server DNS_SERVER_VPN:17067 max_fails=0; #srv_zacco
}
upstream srv_C {
hash $remote_addr consistent;
zone srv_zacco_e2 64k; #zona di memoria condivisa
server DNS_SERVER_VPN:12263 max_fails=0; #srv_zacco_e2
}
upstream srv_D {
hash $remote_addr consistent;
zone srv_nat 64k; #zona di memoria condivisa
server DNS_SERVER_VPN:13878 max_fails=0; #srv_nat
}
upstream srv_E {
hash $remote_addr consistent;
zone srv_Full 64k; #zona di memoria condivisa
server DNS_SERVER_VPN:17299 max_fails=0; #srv_Full
}
upstream srv_F {
hash $remote_addr consistent;
zone srv_max 64k; #zona di memoria condivisa
server DNS_SERVER_VPN:12381 max_fails=0; #srv_max
}
upstream srv_G {
hash $remote_addr consistent;
zone srv_catgio 64k; #zona di memoria condivisa
server DNS_SERVER_VPN:12419 max_fails=0; #srv_catgio
}
upstream srv_H {
hash $remote_addr consistent;
zone srv_remida 64k; #zona di memoria condivisa
server DNS_SERVER_VPN:14687 max_fails=0; #srv_remida
}
upstream srv_I {
hash $remote_addr consistent;
zone srv_ramesse 64k; #zona di memoria condivisa
server DNS_SERVER_VPN:15429 max_fails=0; #srv_ramesse
}
upstream srv_L {
hash $remote_addr consistent;
zone alex99 64k; #zona di memoria condivisa
server DNS_SERVER_VPN:16738 max_fails=0; #srv_alex99
}
upstream srv_M {
hash $remote_addr consistent;
zone srv_E2_singoli 64k; #zona di memoria condivisa
server DNS_SERVER_VPN:17584 max_fails=0; #srv_E2_singoli
}
upstream srv_N {
hash $remote_addr consistent;
zone srv_v21_app 64k; #zona di memoria condivisa
server DNS_SERVER_VPN:10474 max_fails=0; #srv_v21_app
}
upstream srv_O {
hash $remote_addr consistent;
zone srv.e2.arse 64k; #zona di memoria condivisa
server DNS_SERVER_VPN:18823 max_fails=0; #srv.e2.arse
}
#-----------------------
#===SERVER DESTINATION
#-----------------------
server {
listen 11269 udp;
proxy_pass srv_A;
}
server {
listen 17067 udp;
proxy_pass srv_B;
}
server {
listen 12263 udp;
proxy_pass srv_C;
}
server {
listen 13878 udp;
proxy_pass srv_D;
}
server {
listen 17299 udp;
proxy_pass srv_E;
}
server {
listen 12381 udp;
proxy_pass srv_F;
}
server {
listen 12419 udp;
proxy_pass srv_G;
}
server {
listen 14687 udp;
proxy_pass srv_H;
}
server {
listen 15429 udp;
proxy_pass srv_I;
}
server {
listen 16738 udp;
proxy_pass srv_L;
}
server {
listen 17584 udp;
proxy_pass srv_M;
}
server {
listen 10474 udp;
proxy_pass srv_N;
}
server {
listen 18823 udp;
proxy_pass srv_O;
}
===============
When the service starts everything seems to be fine and the clients connect via vpn using the proxy ip very quickly but after a while it slows down dramatically and it becomes almost impossible to connect while trying at the same time without a proxy the connection always happens quickly .
All suggestions are welcome, thanks
