ProHoster > Блог > Gudanarwa > Gina na'ura mai ba da hanya tsakanin hanyoyin sadarwa a SOCKS akan kwamfutar tafi-da-gidanka tare da Debian 10
Gina na'ura mai ba da hanya tsakanin hanyoyin sadarwa a SOCKS akan kwamfutar tafi-da-gidanka tare da Debian 10
Tsawon shekara guda (ko biyu) na dakatar da buga wannan labarin saboda babban dalili - Na riga na buga labarai guda biyu waɗanda a ciki na bayyana tsarin ƙirƙirar na'ura mai ba da hanya tsakanin hanyoyin sadarwa a cikin SOCKS daga kwamfutar tafi-da-gidanka ta yau da kullun tare da Debian.
Koyaya, tun daga wannan lokacin an sabunta sigar Debian ta tsayayye zuwa Buster, isassun mutane sun tuntube ni suna neman taimako tare da saitin, wanda ke nufin cewa labaran da na gabata ba su ƙare ba. Da kyau, ni kaina na yi tsammani cewa hanyoyin da aka zayyana a cikinsu ba su cika bayyana duk ɓarnar da aka kafa na Linux ba don kewayawa a cikin SOCKS. Bugu da ƙari, an rubuta su don Debian Stretch, kuma bayan haɓakawa zuwa Buster, a cikin tsarin init na tsarin, na lura da ƙananan canje-canje a cikin hulɗar ayyuka. Kuma a cikin labaran da kansu, ban yi amfani da tsarin sadarwa na tsarin ba, kodayake ya fi dacewa da saitunan cibiyar sadarwa mai rikitarwa.
Bugu da ƙari ga canje-canjen da ke sama, an ƙara waɗannan ayyuka zuwa tsarina: amintacce - sabis don samun damar hangen nesa, NTP don daidaita lokacin abokan hulɗar cibiyar sadarwar gida, dnscrypt-proxy don ɓoye haɗin kai ta hanyar DNS da kuma kashe talla akan abokan cinikin cibiyar sadarwar gida, haka kuma, kamar yadda na ambata a baya, systemd-cibiyar sadarwa don daidaita hanyoyin sadarwa na cibiyar sadarwa.
Anan akwai zane mai sauƙi na toshe na tsarin ciki na irin wannan na'ura mai ba da hanya tsakanin hanyoyin sadarwa.
Don haka, bari in tunatar da ku menene manufofin wannan jerin kasidu:
Sanya duk hanyoyin haɗin OS zuwa SOCKS, da kuma haɗin kai daga duk na'urori akan hanyar sadarwa iri ɗaya da kwamfutar tafi-da-gidanka.
Ya kamata kwamfutar tafi-da-gidanka a cikin akwati na ya kasance gaba daya ta hannu. Wato, don ba da damar yin amfani da yanayin tebur kuma kada a ɗaure zuwa wuri na zahiri.
Batu na ƙarshe yana nuna haɗin kai da kai tsaye ta hanyar ginanniyar hanyar sadarwa mara waya.
To, kuma ba shakka, ƙirƙirar cikakken jagora, da kuma nazarin fasahohin da suka dace da mafi kyawun ilimina.
Abin da za a tattauna a wannan labarin:
Git - zazzage wuraren ajiyar aikin tun2 safada ake buƙata don tafiyar da zirga-zirgar TCP zuwa SOCKS, kuma halitta_ap - Rubutun don sarrafa saitin wurin samun damar kama-da-wane ta amfani da shi amintacce.
tun2 safa - ginawa da shigar da sabis na tsarin akan tsarin.
systemd-cibiyar sadarwa - saita musaya mara igiyar waya da kama-da-wane, tebur masu karkatar da kai tsaye da jujjuya fakiti.
halitta_ap - shigar da tsarin tsarin akan tsarin, saita kuma ƙaddamar da wurin samun damar kama-da-wane.
Matakai na zaɓi:
NTP - shigar da saita sabar don daidaita lokaci akan abokan ciniki na hanyar samun dama.
dnscrypt-proxy - za mu ɓoye buƙatun DNS, mu tura su zuwa SOCKS kuma mu kashe wuraren talla don cibiyar sadarwar gida.
Menene wannan duka don me?
Wannan yana ɗaya daga cikin hanyoyin kiyaye haɗin TCP akan hanyar sadarwar gida. Babban fa'idar ita ce, ana yin duk haɗin gwiwa a cikin SOCKS, sai dai idan an gina musu hanya madaidaiciya ta ƙofar asali. Wannan yana nufin cewa ba kwa buƙatar saka saitunan uwar garken SOCKS don kowane shirye-shirye ko abokan ciniki a cibiyar sadarwar gida - duk suna zuwa SOCKS ta tsohuwa, tunda ita ce tsohuwar ƙofa har sai mun nuna akasin haka.
Ainihin muna ƙara na'ura mai ɓoyewa ta biyu a matsayin kwamfutar tafi-da-gidanka a gaban ainihin hanyar sadarwa kuma muna amfani da haɗin Intanet na asali don buƙatun SOCKS na kwamfutar tafi-da-gidanka da aka riga aka ɓoye, wanda hakanan yana bin hanyoyi da ɓoye buƙatun daga abokan cinikin LAN.
Daga ra'ayi na mai bayarwa, koyaushe ana haɗa mu zuwa sabar guda ɗaya tare da ɓoyayyen zirga-zirga.
--tundev - yana ɗaukar sunan ƙaƙƙarfan ƙa'idar da muka fara tare da tsarin tsarin sadarwa.
--netif-ipaddr - adireshin cibiyar sadarwa na tun2socks "na'ura mai ba da hanya tsakanin hanyoyin sadarwa" wanda aka haɗa madaidaicin ke dubawa. Yana da kyau a raba shi subnet mai tanadi.
NetworkManager-jira-kan layi sabis ne da ke jiran haɗin cibiyar sadarwa mai aiki kafin systemd ya ci gaba da fara wasu ayyuka waɗanda suka dogara da kasancewar cibiyar sadarwa. Muna kashe shi yayin da muke canzawa zuwa tsarin tsarin sadarwa na analog.
Bari mu kunna shi nan da nan:
systemctl enable systemd-networkd-wait-online
Saita hanyar sadarwa mara waya
Ƙirƙiri fayil ɗin daidaitawa-tsarin hanyar sadarwa don mahaɗin cibiyar sadarwar mara waya /etc/systemd/network/25-wlp6s0.network.
sunan shine sunan cibiyar sadarwa mara waya ta ku. Gane shi tare da umarni ip a.
IPForward - umarnin da ke ba da damar juyar da fakiti akan hanyar sadarwa.
Adireshin ke da alhakin sanya adireshin IP zuwa mahaɗin mara waya. Mun saka shi a tsaye saboda tare da daidai umarnin DHCP=yes, systemd-networkd yana haifar da tsohuwar ƙofa akan tsarin. Sa'an nan duk zirga-zirga za su bi ta asalin ƙofar, kuma ba ta hanyar kama-da-wane na gaba a kan wani gidan yanar gizo na daban ba. Kuna iya duba tsohuwar ƙofa ta yanzu tare da umarnin ip r
Ƙirƙiri madaidaiciyar hanya don uwar garken SOCKS mai nisa
Idan uwar garken SOCKS ɗin ku ba na gida ba ne, amma mai nisa, to kuna buƙatar ƙirƙirar matattarar hanya. Don yin wannan, ƙara sashe Route zuwa ƙarshen fayil ɗin daidaitawar mu'amala mara waya da kuka ƙirƙira tare da abun ciki mai zuwa:
[Route]
Gateway=192.168.1.1
Destination=0.0.0.0
Gateway - wannan ita ce tsohuwar ƙofa ko adireshin wurin shiga na asali.
Destination - Adireshin uwar garken SOCKS.
Sanya wpa_supplicant don tsarin sadarwa na tsarin
systemd-networkd yana amfani da wpa_supplicant don haɗawa zuwa amintacciyar hanyar shiga. Lokacin ƙoƙarin "ɗaga" ƙirar mara waya, systemd-networkd yana fara sabis ɗin wpa_supplicant@имяinda имя shine sunan cibiyar sadarwa mara waya. Idan baku yi amfani da tsarin sadarwa na systemd kafin wannan batu ba, to tabbas wannan sabis ɗin ya ɓace akan tsarin ku.
Don haka ƙirƙira shi da umarni:
systemctl enable wpa_supplicant@wlp6s0
na yi amfani wlp6s0 a matsayin sunan cibiyar sadarwa mara waya. Sunan ku na iya bambanta. Kuna iya gane shi tare da umarnin ip l.
Yanzu sabis ɗin da aka ƙirƙira wpa_supplicant@wlp6s0 za a kaddamar da shi lokacin da aka "taso" mara waya, duk da haka, shi, bi da bi, zai nemi SSID da saitunan kalmar sirri na wurin shiga cikin fayil ɗin. /etc/wpa_supplicant/wpa_supplicant-wlp6s0. Don haka, kuna buƙatar ƙirƙirar ta ta amfani da mai amfani wpa_passphrase.
inda SSID shine sunan wurin shiga ku, kalmar sirri shine kalmar sirri, kuma wlp6s0 — sunan cibiyar sadarwa mara waya ta ku.
Ƙaddamar da ƙayataccen mahallin don tun2socks
Ƙirƙiri fayil don fara sabon ƙirar ƙira a cikin tsarin/etc/systemd/network/25-tun2socks.netdev
[NetDev]
Name=tun2socks
Kind=tun
sunan shine sunan da systemd-networkd zai sanya wa mai gani na gaba lokacin da aka fara shi.
tausayi wani nau'in dubawa ne na kama-da-wane. Daga sunan sabis na tun2socks, zaku iya tsammani yana amfani da hanyar sadarwa kamar tun.
yanar gizo shine tsawo na fayilolin da systemd-networkd Yana amfani don fara mu'amalar hanyar sadarwa ta kama-da-wane. Adireshin da sauran saitunan cibiyar sadarwa na waɗannan musaya an ƙayyade a ciki .cibiyar sadarwa- fayiloli.
Ƙirƙiri fayil kamar wannan /etc/systemd/network/25-tun2socks.network tare da abun ciki mai zuwa:
Name - sunan kama-da-wane da ka ayyana a ciki yanar gizo- fayil.
Address - Adireshin IP wanda za'a sanya shi zuwa mahallin mahaɗa. Dole ne ya kasance kan hanyar sadarwa iri ɗaya da adireshin da kuka ayyana a cikin sabis na tun2socks
Gateway - Adireshin IP na "Router" tun2 safa, wanda kuka ayyana lokacin ƙirƙirar sabis ɗin tsarin.
Don haka dubawa tun2 safa yana da adireshin 172.16.1.2, da sabis tun2 safa - 172.16.1.1, ma'ana, ita ce ƙofa ga duk haɗin gwiwa daga ma'amalar kama-da-wane.
Saita wurin samun damar kama-da-wane
Sanya abubuwan dogaro:
apt install util-linux procps hostapd iw haveged
Zazzage ma'ajiyar ƙirƙirar_ap zuwa motar ku:
git clone https://github.com/oblique/create_ap
Jeka babban fayil ɗin ajiya akan injin ku:
cd create_ap
Shigar akan tsarin:
make install
Saitin zai bayyana akan tsarin ku /etc/create_ap.conf. Ga manyan zaɓuɓɓukan gyarawa:
GATEWAY=10.0.0.1 - yana da kyau a sanya shi keɓantaccen tsarin subnet.
NO_DNS=1 - musaki, tunda wannan sigar za a sarrafa ta ta hanyar tsarin sadarwa na tsarin sadarwa.
NO_DNSMASQ=1 - kashe shi saboda wannan dalili.
WIFI_IFACE=wlp6s0 - kwamfutar tafi-da-gidanka mara igiyar waya.
INTERNET_IFACE=tun2socks - ƙirar ƙirar ƙira don tun2socks.
SSID=hostapd - sunan madaidaicin hanyar shiga.
PASSPHRASE=12345678 - kalmar sirri.
Kar a manta kunna sabis ɗin:
systemctl enable create_ap
Kunna uwar garken DHCP a cikin tsarin tsarin sadarwa
Sabis create_ap ya fara fara dubawa mai kama-da-wane a cikin tsarin ap0. A ka'idar, dnsmasq yana rataye akan wannan keɓancewa, amma me yasa za a shigar da ƙarin ayyuka idan tsarin tsarin sadarwa ya ƙunshi sabar DHCP da aka gina a ciki?
Don kunna shi, za mu ayyana saitunan cibiyar sadarwar don ma'anar kama-da-wane. Don yin wannan, ƙirƙirar fayil /etc/systemd/network/25-ap0.network tare da abun ciki mai zuwa:
Bayan sabis ɗin create_ap yana ƙaddamar da ƙirar kama-da-wane ap0, systemd-networkd zai sanya masa adireshin IP ta atomatik kuma ya ba da damar uwar garken DHCP.
igiyoyi EmitDNS=yes и DNS=10.0.0.1 aika saitunan uwar garken DNS zuwa na'urorin da aka haɗa zuwa wurin shiga.
Idan baku shirya amfani da uwar garken DNS na gida ba - a cikin akwati na dnscrypt-proxy ne - zaku iya shigarwa. DNS=10.0.0.1 в DNS=192.168.1.1inda 192.168.1.1 - adireshin ƙofa na asali. Sannan buƙatun DNS na mai gidan ku da cibiyar sadarwar gida ba za su ɓoye ta cikin sabar mai bayarwa ba.
EmitNTP=yes и NTP=192.168.1.1 canja wurin saitunan NTP.
Bayan sake kunnawa ko sake kunnawa, zaku sami wurin shiga na biyu wanda ke tura mai watsa shiri da na'urorin LAN zuwa SOCKS.
Wannan shi ne abin da fitarwa ya yi kama ip a kwamfutar tafi-da-gidanka na yau da kullun:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: tun2socks: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 500
link/none
inet 172.16.1.2/24 brd 172.16.1.255 scope global tun2socks
valid_lft forever preferred_lft forever
inet6 fe80::122b:260:6590:1b0e/64 scope link stable-privacy
valid_lft forever preferred_lft forever
3: enp4s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
link/ether e8:11:32:0e:01:50 brd ff:ff:ff:ff:ff:ff
4: wlp6s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 4c:ed:de:cb:cf:85 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.2/24 brd 192.168.1.255 scope global wlp6s0
valid_lft forever preferred_lft forever
inet6 fe80::4eed:deff:fecb:cf85/64 scope link
valid_lft forever preferred_lft forever
5: ap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 4c:ed:de:cb:cf:86 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.1/24 brd 10.0.0.255 scope global ap0
valid_lft forever preferred_lft forever
inet6 fe80::4eed:deff:fecb:cf86/64 scope link
valid_lft forever preferred_lft forever
A ƙarshe
Mai badawa yana ganin rufaffen haɗin kai zuwa uwar garken SOCKS ɗin ku, wanda ke nufin ba sa ganin komai.
Kuma duk da haka yana ganin buƙatun ku na NTP, don hana hakan, cire tsayayyen hanyoyi don sabar NTP. Koyaya, ba ta da tabbas cewa uwar garken SOCKS ɗin ku yana ba da izinin ka'idar NTP.
An hango Crutch akan Debain 10
Idan kayi ƙoƙarin sake kunna sabis na cibiyar sadarwa daga na'ura wasan bidiyo, zai gaza tare da kuskure. Wannan shi ne saboda gaskiyar cewa wani ɓangare na shi a cikin nau'i mai mahimmanci yana da alaƙa da sabis na tun2socks, wanda ke nufin ana amfani da shi. Don sake kunna sabis na cibiyar sadarwa, dole ne ka fara dakatar da sabis na tun2socks. Amma, ina tsammanin, idan kun karanta har zuwa ƙarshe, wannan ba shakka ba matsala gare ku ba!