Ina kwana!
A cikin wannan labarin ina so in gaya muku yadda na aiwatar () Rubutun Bash don haɗa kwamfutoci guda biyu da ke bayan NAT ta amfani da fasaha ta UDP rami ta amfani da Ubuntu/Debian OS a matsayin misali.
Ƙirƙirar haɗi ya ƙunshi matakai da yawa:
- Fara kumburi da jiran kullin nesa ya kasance a shirye;
- Ƙayyade adireshin IP na waje da tashar UDP;
- Canja wurin adireshin IP na waje da tashar UDP zuwa mai watsa shiri mai nisa;
- Samun adireshin IP na waje da tashar UDP daga mai watsa shiri mai nisa;
- Ƙirƙirar rami na IPIP;
- Kula da haɗin kai;
- Idan haɗin ya ɓace, share ramin IPIP.
Na yi tunani na dogon lokaci kuma har yanzu ina tunanin abin da za a iya amfani dashi don musayar bayanai tsakanin nodes, mafi sauƙi da sauri a gare ni a yanzu yana aiki ta hanyar Yandex.disk.
- Da fari dai, yana da sauƙin amfani - kuna buƙatar ayyuka 3: ƙirƙira, karantawa, sharewa. Tare da curl wannan shine:
Ƙirƙiri:curl -s -X MKCOL --user "$usename:$password" https://webdav.yandex.ru/$folderKaranta:
curl -s --user "$usename:$password" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/$folderShare:
curl -s -X DELETE --user "$usename:$password" https://webdav.yandex.ru/$folder - Abu na biyu, yana da sauƙin shigarwa:
apt install curl
Don ƙayyade adireshin IP na waje da tashar tashar UDP, yi amfani da umarnin abokin ciniki:
stun stun.sipnet.ru -v -p $1 2>&1 | grep "MappedAddress"Shigarwa tare da umarni:
apt install stun-clientDon tsara rami, ana amfani da daidaitattun kayan aikin OS daga fakitin iproute2. Akwai wanda za'a iya tadawa ta amfani da ma'auni (L2TPv3, GRE, da dai sauransu), amma na zaɓi IPIP saboda yana haifar da ƙananan ƙarin nauyi akan tsarin. Na gwada L2TPv3 akan UDP kuma na ji takaici, saurin ya ragu sau 10, amma waɗannan na iya zama ƙuntatawa daban-daban dangane da masu samarwa ko wani abu dabam. Tun da ramin IPIP yana aiki a matakin IP, ana amfani da rami na FOU don aiki a matakin tashar tashar UDP. Don tsara rami na IPIP kuna buƙatar:
- Load da FOU module:
modprobe fou- sauraron tashar jiragen ruwa na gida:
ip fou add port $localport ipproto 4- ƙirƙirar rami:
ip link add name fou$name type ipip remote $remoteip local $localip encap fou encap-sport $localport encap-dport $remoteport- ɗaga hanyar haɗin rami:
ip link set up dev fou$name- Sanya adiresoshin IP na gida na ciki da na ciki na rami:
ip addr add $intIP peer $peerip dev fou$nameShare rami:
ip link del dev fou$nameip fou del port $localportAna kula da yanayin ramin ta hanyar sanya adireshin IP na ciki na cikin rami mai nisa tare da umarni:
ping -c 1 $peerip -s 0Ana buƙatar ping na lokaci-lokaci da farko don kula da tashar, in ba haka ba, lokacin da rami ba shi da aiki, ana iya share teburin NAT akan masu amfani da hanyoyin sadarwa sannan haɗin haɗin zai karye.
Idan ping ɗin ya ɓace, to, an share ramin IPIP kuma yana jiran shiri daga mai watsa shiri mai nisa.
Rubutun kansa:
#!/bin/bash
username="[email protected]"
password="password"
folder="vpnid"
intip="10.0.0.1"
localport=`shuf -i 10000-65000 -n 1`
cid=`shuf -i 10000-99999 -n 1`
tid=`shuf -i 10-99 -n 1`
function yaread {
curl -s --user "$1:$2" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/$3 | sed 's/></>n</g' | grep "displayname" | sed 's/<d:displayname>//g' | sed 's/</d:displayname>//g' | grep -v $3 | grep -v $4 | sort -r
}
function yacreate {
curl -s -X MKCOL --user "$1:$2" https://webdav.yandex.ru/$3
}
function yadelete {
curl -s -X DELETE --user "$1:$2" https://webdav.yandex.ru/$3
}
function myipport {
stun stun.sipnet.ru -v -p $1 2>&1 | grep "MappedAddress" | sort | uniq | awk '{print $3}' | head -n1
}
function tunnel-up {
modprobe fou
ip fou add port $4 ipproto 4
ip link add name fou$7 type ipip remote $1 local $3 encap fou encap-sport $4 encap-dport $2
ip link set up dev fou$7
ip addr add $6 peer $5 dev fou$7
}
function tunnel-check {
sleep 10
pings=0
until [[ $pings == 4 ]]; do
if ping -c 1 $1 -s 0 &>/dev/null;
then echo -n .; n=0
else echo -n !; ((pings++))
fi
sleep 15
done
}
function tunnel-down {
ip link del dev fou$1
ip fou del port $2
}
trap 'echo -e "nDisconnecting..." && yadelete $username $password $folder; tunnel-down $tunnelid $localport; echo "IPIP tunnel disconnected!"; exit 1' 1 2 3 8 9 14 15
until [[ -n $end ]]; do
yacreate $username $password $folder
until [[ -n $ip ]]; do
mydate=`date +%s`
timeout="60"
list=`yaread $username $password $folder $cid | head -n1`
yacreate $username $password $folder/$mydate:$cid
for l in $list; do
if [ `echo $l | sed 's/:/ /g' | awk {'print $1'}` -ge $(($mydate-65)) ]; then
#echo $list
myipport=`myipport $localport`
yacreate $username $password $folder/$mydate:$cid:$myipport:$intip:$tid
timeout=$(( $timeout + `echo $l | sed 's/:/ /g' | awk {'print $1'}` - $mydate + 3 ))
ip=`echo $l | sed 's/:/ /g' | awk '{print $3}'`
port=`echo $l | sed 's/:/ /g' | awk '{print $4}'`
peerip=`echo $l | sed 's/:/ /g' | awk '{print $5}'`
peerid=`echo $l | sed 's/:/ /g' | awk '{print $6}'`
if [[ -n $peerid ]]; then tunnelid=$(($peerid*$tid)); fi
fi
done
if ( [[ -z "$ip" ]] && [ "$timeout" -gt 0 ] ) ; then
echo -n "!"
sleep $timeout
fi
done
localip=`ip route get $ip | head -n1 | sed 's|.*src ||' | cut -d' ' -f1`
tunnel-up $ip $port $localip $localport $peerip $intip $tunnelid
tunnel-check $peerip
tunnel-down $tunnelid $localport
yadelete $username $password $folder
unset ip port myipport
done
exit 0Bambanci sunan mai amfani, password и babban fayil ya kamata ya zama iri ɗaya a bangarorin biyu, amma tip - daban-daban, misali: 10.0.0.1 da 10.0.0.2. Dole ne a daidaita lokacin kan nodes. Kuna iya gudanar da rubutun kamar haka:
nohup script.sh &Ina so in jawo hankalin ku zuwa ga gaskiyar cewa ramin IPIP ba shi da lafiya daga ra'ayi na gaskiyar cewa zirga-zirgar ba a ɓoye ba, amma ana iya magance wannan cikin sauƙi ta amfani da IPsec over. , ya zama kamar mai sauƙi da fahimta a gare ni.
Na kasance ina amfani da wannan rubutun don haɗawa zuwa PC ɗin aiki na makonni da yawa yanzu kuma ban lura da wata matsala ba. Mai dacewa wajen saita shi da manta shi.
Wataƙila za ku sami tsokaci da shawarwari, zan yi farin cikin saurare.
Na gode da hankali!
source: www.habr.com