Ina kwana!
A cikin wannan labarin ina so in gaya muku yadda na aiwatar (
Ƙirƙirar haɗi ya ƙunshi matakai da yawa:
- Fara kumburi da jiran kullin nesa ya kasance a shirye;
- Ƙayyade adireshin IP na waje da tashar UDP;
- Canja wurin adireshin IP na waje da tashar UDP zuwa mai watsa shiri mai nisa;
- Samun adireshin IP na waje da tashar UDP daga mai watsa shiri mai nisa;
- Ƙirƙirar rami na IPIP;
- Kula da haɗin kai;
- Idan haɗin ya ɓace, share ramin IPIP.
Na yi tunani na dogon lokaci kuma har yanzu ina tunanin abin da za a iya amfani dashi don musayar bayanai tsakanin nodes, mafi sauƙi da sauri a gare ni a yanzu yana aiki ta hanyar Yandex.disk.
- Da fari dai, yana da sauƙin amfani - kuna buƙatar ayyuka 3: ƙirƙira, karantawa, sharewa. Tare da curl wannan shine:
Ƙirƙiri:curl -s -X MKCOL --user "$usename:$password" https://webdav.yandex.ru/$folder
Karanta:
curl -s --user "$usename:$password" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/$folder
Share:
curl -s -X DELETE --user "$usename:$password" https://webdav.yandex.ru/$folder
- Abu na biyu, yana da sauƙin shigarwa:
apt install curl
Don ƙayyade adireshin IP na waje da tashar tashar UDP, yi amfani da umarnin abokin ciniki:
stun stun.sipnet.ru -v -p $1 2>&1 | grep "MappedAddress"
Shigarwa tare da umarni:
apt install stun-client
Don tsara rami, ana amfani da daidaitattun kayan aikin OS daga fakitin iproute2. Akwai
- Load da FOU module:
modprobe fou
- sauraron tashar jiragen ruwa na gida:
ip fou add port $localport ipproto 4
- ƙirƙirar rami:
ip link add name fou$name type ipip remote $remoteip local $localip encap fou encap-sport $localport encap-dport $remoteport
- ɗaga hanyar haɗin rami:
ip link set up dev fou$name
- Sanya adiresoshin IP na gida na ciki da na ciki na rami:
ip addr add $intIP peer $peerip dev fou$name
Share rami:
ip link del dev fou$name
ip fou del port $localport
Ana kula da yanayin ramin ta hanyar sanya adireshin IP na ciki na cikin rami mai nisa tare da umarni:
ping -c 1 $peerip -s 0
Ana buƙatar ping na lokaci-lokaci da farko don kula da tashar, in ba haka ba, lokacin da rami ba shi da aiki, ana iya share teburin NAT akan masu amfani da hanyoyin sadarwa sannan haɗin haɗin zai karye.
Idan ping ɗin ya ɓace, to, an share ramin IPIP kuma yana jiran shiri daga mai watsa shiri mai nisa.
Rubutun kansa:
#!/bin/bash
username="[email protected]"
password="password"
folder="vpnid"
intip="10.0.0.1"
localport=`shuf -i 10000-65000 -n 1`
cid=`shuf -i 10000-99999 -n 1`
tid=`shuf -i 10-99 -n 1`
function yaread {
curl -s --user "$1:$2" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/$3 | sed 's/></>n</g' | grep "displayname" | sed 's/<d:displayname>//g' | sed 's/</d:displayname>//g' | grep -v $3 | grep -v $4 | sort -r
}
function yacreate {
curl -s -X MKCOL --user "$1:$2" https://webdav.yandex.ru/$3
}
function yadelete {
curl -s -X DELETE --user "$1:$2" https://webdav.yandex.ru/$3
}
function myipport {
stun stun.sipnet.ru -v -p $1 2>&1 | grep "MappedAddress" | sort | uniq | awk '{print $3}' | head -n1
}
function tunnel-up {
modprobe fou
ip fou add port $4 ipproto 4
ip link add name fou$7 type ipip remote $1 local $3 encap fou encap-sport $4 encap-dport $2
ip link set up dev fou$7
ip addr add $6 peer $5 dev fou$7
}
function tunnel-check {
sleep 10
pings=0
until [[ $pings == 4 ]]; do
if ping -c 1 $1 -s 0 &>/dev/null;
then echo -n .; n=0
else echo -n !; ((pings++))
fi
sleep 15
done
}
function tunnel-down {
ip link del dev fou$1
ip fou del port $2
}
trap 'echo -e "nDisconnecting..." && yadelete $username $password $folder; tunnel-down $tunnelid $localport; echo "IPIP tunnel disconnected!"; exit 1' 1 2 3 8 9 14 15
until [[ -n $end ]]; do
yacreate $username $password $folder
until [[ -n $ip ]]; do
mydate=`date +%s`
timeout="60"
list=`yaread $username $password $folder $cid | head -n1`
yacreate $username $password $folder/$mydate:$cid
for l in $list; do
if [ `echo $l | sed 's/:/ /g' | awk {'print $1'}` -ge $(($mydate-65)) ]; then
#echo $list
myipport=`myipport $localport`
yacreate $username $password $folder/$mydate:$cid:$myipport:$intip:$tid
timeout=$(( $timeout + `echo $l | sed 's/:/ /g' | awk {'print $1'}` - $mydate + 3 ))
ip=`echo $l | sed 's/:/ /g' | awk '{print $3}'`
port=`echo $l | sed 's/:/ /g' | awk '{print $4}'`
peerip=`echo $l | sed 's/:/ /g' | awk '{print $5}'`
peerid=`echo $l | sed 's/:/ /g' | awk '{print $6}'`
if [[ -n $peerid ]]; then tunnelid=$(($peerid*$tid)); fi
fi
done
if ( [[ -z "$ip" ]] && [ "$timeout" -gt 0 ] ) ; then
echo -n "!"
sleep $timeout
fi
done
localip=`ip route get $ip | head -n1 | sed 's|.*src ||' | cut -d' ' -f1`
tunnel-up $ip $port $localip $localport $peerip $intip $tunnelid
tunnel-check $peerip
tunnel-down $tunnelid $localport
yadelete $username $password $folder
unset ip port myipport
done
exit 0
Bambanci sunan mai amfani, password и babban fayil ya kamata ya zama iri ɗaya a bangarorin biyu, amma tip - daban-daban, misali: 10.0.0.1 da 10.0.0.2. Dole ne a daidaita lokacin kan nodes. Kuna iya gudanar da rubutun kamar haka:
nohup script.sh &
Ina so in jawo hankalin ku zuwa ga gaskiyar cewa ramin IPIP ba shi da lafiya daga ra'ayi na gaskiyar cewa zirga-zirgar ba a ɓoye ba, amma ana iya magance wannan cikin sauƙi ta amfani da IPsec over.
Na kasance ina amfani da wannan rubutun don haɗawa zuwa PC ɗin aiki na makonni da yawa yanzu kuma ban lura da wata matsala ba. Mai dacewa wajen saita shi da manta shi.
Wataƙila za ku sami tsokaci da shawarwari, zan yi farin cikin saurare.
Na gode da hankali!
source: www.habr.com