Wasu daga cikin mu ba sa amfani da Intanet ba tare da VPN ba saboda dalili ɗaya ko wani: wani yana buƙatar IP mai sadaukarwa, kuma yana da sauƙi kuma mai rahusa don siyan VPS tare da IP guda biyu fiye da siyan adireshi daga mai badawa, wani yana so ya shiga duk gidajen yanar gizo. , kuma ba wai kawai waɗanda aka ba da izini ba a yankin Tarayyar Rasha, wasu suna buƙatar IPv6, amma mai ba da sabis ba ya samar da shi ...
Mafi yawan lokuta, haɗin yanar gizo na VPN yana samuwa akan na'urar kanta da ake amfani da ita a wani lokaci, wanda ke da ma'ana idan kuna da kwamfuta daya da waya daya kuma ba kasafai ake amfani da su a lokaci guda ba. Idan akwai na'urori da yawa a cikin gidan yanar gizon ku, ko, alal misali, akwai wasu waɗanda ba za a iya saita VPN akan su ba, zai fi dacewa don ƙirƙirar rami kai tsaye a kan na'ura mai ba da hanya tsakanin hanyoyin sadarwa don kada kuyi tunanin saita kowace na'ura daban. .
Idan kun taɓa shigar da OpenVPN akan na'ura mai ba da hanya tsakanin hanyoyin sadarwa, wataƙila kun yi mamakin yadda sauri yake aiki. SoCs na ko da arha masu ba da hanya tsakanin hanyoyin sadarwa suna wucewa ta hanyar zirga-zirgar gigabit ba tare da wata matsala ba, saboda canja wurin zirga-zirgar ababen hawa da ayyukan NAT zuwa wani guntu daban da aka tsara don wannan aikin, kuma manyan na'urori masu sarrafa na'urori na irin waɗannan hanyoyin suna da rauni sosai, saboda A zahiri babu kaya a kansu. Wannan sulhu yana ba ku damar cimma babban saurin na'ura mai ba da hanya tsakanin hanyoyin sadarwa kuma yana rage farashin na'urar da aka gama - magudanar ruwa tare da na'urori masu ƙarfi sun ninka sau da yawa, kuma an sanya su ba kawai a matsayin akwatin don rarraba Intanet ba, har ma a matsayin NAS, torrent. mai saukewa da tsarin multimedia na gida.
Na'ura mai ba da hanya tsakanin hanyoyin sadarwa, TP-Link TL-WDR4300, ba za a iya kiransa sabo ba - samfurin ya bayyana a tsakiyar 2012, kuma yana da na'ura mai sarrafa 560 MHz MIPS32 74Kc, wanda ikonsa ya isa kawai don 20-23 Mb/s na zirga-zirgar ɓoyayyiya. ta OpenVPN, wanda ke bisa ka'idoji Gudun Intanet na gida na zamani ya yi ƙasa sosai.
Ta yaya za mu iya ƙara saurin ɓoyayyen rami? Na'ura mai ba da hanya tsakanin hanyoyin sadarwa tana aiki sosai, tana goyan bayan 3x3 MIMO, kuma gabaɗaya yana aiki da kyau, ba zan so in canza shi ba.
Tun da yake yanzu al'ada ne don yin shafukan Intanet na megabyte 10, rubuta aikace-aikacen tebur a cikin node.js kuma shirya su cikin fayil mai girman megabyte 100, ƙara ƙarfin kwamfuta maimakon ingantawa, za mu yi wani abu mai muni - za mu canja wurin haɗin VPN zuwa. “kwamfuta” Orange Pi One mai inganci guda ɗaya, wanda za mu shigar a cikin akwati na na'ura mai ba da hanya tsakanin hanyoyin sadarwa ba tare da ɗaukar hanyar sadarwa da tashoshin USB ba, akan $ 9.99 * kawai!
* + bayarwa, + haraji, + ga giya, + MicroSD.
OpenVPN
Ba za a iya kiran mai sarrafa na'ura mai ba da hanya tsakanin hanyoyin sadarwa mai rauni ba - yana da ikon ɓoyewa da hashing bayanai ta amfani da AES-128-CBC-SHA1 algorithm a cikin saurin 50 Mb/s, wanda ya fi sauri fiye da yadda OpenVPN ke aiki, da rafin CHACHA20 na zamani. sifa mai POLY1305 har ma ya kai megabits 130 a sakan daya! Me yasa saurin rami na VPN yayi ƙasa sosai? Yana da duka game da yanayin musanya tsakanin sararin mai amfani da sararin kernel: OpenVPN yana ɓoye zirga-zirgar zirga-zirga da sadarwa tare da duniyar waje a cikin mahallin mai amfani, kuma hanyar sarrafa kanta tana faruwa a cikin mahallin kernel. Tsarin aiki dole ne koyaushe yana juyawa baya da baya ga kowane fakiti da aka karɓa ko aka watsa, kuma wannan aikin yana jinkirin. Wannan matsalar tana cikin duk aikace-aikacen VPN da ke gudana ta hanyar direban TUN/TAP, kuma ba za a iya cewa matsalar ƙarancin gudu ba ta haifar da ƙarancin haɓakawa na OpenVPN (ko da yake, ba shakka, akwai wuraren da ake buƙatar sake yin aiki). Ba abokin ciniki VPN ɗaya ɗaya ke ba da ko da gigabit tare da ɓoyayyen ɓoyayyen a kwamfutar tafi-da-gidanka na ba, balle tsarin tare da na'ura mai rauni.
Orange Pi Daya
Orange Pi One mai guda ɗaya daga Xunlong shine mafi kyawun tayin dangane da aikin aiki/rashin farashi a yanzu. Don $ 9.99 * kuna samun ingantacciyar quad-core ARM Cortex-A7 processor yana gudana (barga) a 1008 MHz, kuma a sarari ya fi maƙwabtan ƙimar farashin Rasberi Pi Zero da Abu na gaba CHIP. Wannan shi ne inda amfani ya ƙare. Kamfanin Xunlong yana ba da hankali sosai ga software na allunan sa, kuma a lokacin da aka ƙaddamar da One ɗin don siyarwa, bai ma samar da fayil ɗin tsarin hukumar ba, har ma da hotuna da aka shirya. Allwinner, mai kera na SoC, shima ba shi da kulawa ta musamman ga tallafawa samfurin sa. Suna sha'awar ƙaramin aiki a cikin Android 4.4.4 OS, wanda ke nufin an tilasta mana yin amfani da kernel 3.4 tare da facin Android. Abin farin ciki, akwai masu goyon baya waɗanda ke haɗa rarrabawa, gyara kernel, rubuta lamba don tallafawa allo a cikin babban layin kernel, i.e. a zahiri suna yin aikin don masana'anta, suna mai da wannan ƙazanta aikin karbuwa. Don dalilai na, na zaɓi rarrabawar Armbian; ana sabunta shi akai-akai kuma cikin dacewa (ana shigar da sabbin kernels kai tsaye ta hanyar mai sarrafa fakitin, kuma ba ta kwafin fayiloli zuwa wani yanki na musamman ba, kamar yadda yawanci yake faruwa tare da Allwinner), kuma yana goyan bayan mafi yawa. na gefe, sabanin sauran.
Router
Don kada mu ɗora wa mai sarrafa na'ura mai ba da hanya tsakanin hanyoyin sadarwa tare da ɓoyewa da haɓaka haɗin yanar gizon mu na VPN, za mu iya matsar da wannan aikin zuwa kafaɗun na'ura mai ƙarfi ta Orange Pi ta hanyar haɗa shi zuwa na'ura mai ba da hanya tsakanin hanyoyin sadarwa ta wata hanya. Haɗa ko dai ta hanyar Ethernet ko USB yana zuwa a hankali - duka waɗannan ƙa'idodin duka na'urorin biyu suna goyan bayansu, amma ban so ɗaukar tashoshin jiragen ruwa da ke akwai. Abin farin ciki, akwai hanyar fita.
GL850G USB hub guntu, wanda ake amfani da shi a cikin na'ura mai ba da hanya tsakanin hanyoyin sadarwa, yana tallafawa tashoshin USB guda 4, biyu daga cikinsu ba su da waya. Ba a san dalilin da ya sa masana'anta ba su warware su ba, Ina tsammanin hana masu amfani haɗa na'urori 4 tare da babban amfani na yanzu (misali, rumbun kwamfyuta) lokaci guda, saboda Ba a tsara daidaitattun wutar lantarki na na'ura mai ba da hanya tsakanin hanyoyin sadarwa don irin wannan nauyin ba. A kowane hali, wannan shine amfanin mu.
Domin samun wata tashar USB, kawai kuna buƙatar siyar da wayoyi biyu zuwa fil 8 (D-) da 9 (D+) ko 11 (D-) da 12(D+).
Koyaya, bai isa kawai toshe na'urorin USB guda biyu ba kuma fatan cewa komai zai yi aiki da kansa, kamar yadda zai yi da Ethernet. Na farko, muna buƙatar sanya ɗaya daga cikinsu ya yi aiki a yanayin Client na USB, ba USB Mai watsa shiri ba, na biyu kuma, muna buƙatar yanke shawarar yadda na'urorin zasu gano juna. Akwai da yawa direbobi don abin da ake kira USB Gadgets (mai suna bayan Linux kernel subsystem), wanda ke ba ka damar yin koyi da nau'ikan na'urorin USB daban-daban: adaftar cibiyar sadarwa, katin sauti, keyboard da linzamin kwamfuta, filasha, kyamara, wasan bidiyo ta hanyar serial. tashar jiragen ruwa. Tun da na'urarmu za ta yi aiki tare da hanyar sadarwa, yin koyi da adaftar Ethernet shine mafi dacewa a gare mu.
Akwai ma'aunin Ethernet-over-USB guda uku:
- NDIS mai nisa (RNDIS). Ƙimar da ta ƙare daga Microsoft, ana amfani da ita da farko lokacin Windows XP.
- Samfurin Gudanar da Ethernet (ECM). Ma'auni mai sauƙi wanda ke ɗaukar firam ɗin Ethernet cikin fakitin USB. Yana da kyau ga modem masu waya tare da haɗin kebul, inda ya dace don canja wurin firam ɗin ba tare da aiki ba, amma saboda sauƙi da iyakancewar bas ɗin USB, ba shi da sauri sosai.
- Samfurin Emulation Ethernet (EEM). Ƙa'idar da ta fi wayo wacce ke yin la'akari da iyakokin kebul kuma mafi kyawu tana haɗa firam ɗin da yawa zuwa ɗaya, don haka ƙara kayan aiki.
- Model Sarrafa hanyar sadarwa (NCM). Sabuwar yarjejeniya. Yana da fa'idodin EEM kuma yana ƙara haɓaka ƙwarewar bas.
Don samun ɗayan waɗannan ka'idoji don yin aiki a kan hukumarmu, kamar koyaushe, dole ne mu fuskanci wasu matsaloli. Saboda gaskiyar cewa Allwinner yana da sha'awar sassan Android na kernel, kawai Android Gadget yana aiki akai-akai - lambar da ke aiwatar da sadarwa tare da adb, fitar da na'urar ta hanyar tsarin MTP da kuma kwaikwayon filasha akan na'urorin Android. Android Gadget ita ma tana goyan bayan ka'idar RNDIS, amma ta karye a cikin Allwinner kernel. Idan ka yi ƙoƙarin haɗa kernel tare da kowane na'urar USB, na'urar ba za ta bayyana a kan tsarin ba, ko da me kake yi.
Don warware matsalar, ta hanyar jin daɗi, kuna buƙatar nemo wurin da aka fara fara kebul na USB a cikin lambar na'urar Android na'urar android.c wanda masu haɓakawa suka gyara, amma akwai kuma hanyar da za a iya yin kwaikwayi aƙalla Ethernet. Kebul na aiki:
--- sun8i/drivers/usb/sunxi_usb/udc/sunxi_udc.c 2016-04-16 15:01:40.427088792 +0300
+++ sun8i/drivers/usb/sunxi_usb/udc/sunxi_udc.c 2016-04-16 15:01:45.339088792 +0300
@@ -57,7 +57,7 @@
static sunxi_udc_io_t g_sunxi_udc_io;
static u32 usb_connect = 0;
static u32 is_controller_alive = 0;
-static u8 is_udc_enable = 0; /* is udc enable by gadget? */
+static u8 is_udc_enable = 1; /* is udc enable by gadget? */
#ifdef CONFIG_USB_SUNXI_USB0_OTG
static struct platform_device *g_udc_pdev = NULL;Wannan facin yana tilasta yanayin abokin ciniki na USB, yana ba ku damar amfani da Na'urorin USB na yau da kullun daga Linux.
Yanzu yakamata ku sake gina kwaya tare da wannan facin da na'urar da ta dace. Na zabi EEM saboda... Dangane da sakamakon gwajin, ya zama mafi inganci fiye da NCM.
Tawagar Armbian tana bayarwa don duk allunan tallafi a cikin rarrabawa. Kawai zazzage shi, saka facin mu a ciki userpatches/kernel/sun8i-default/otg.patch, gyara kadan compile.sh kuma zaɓi na'urar da ake buƙata:
Za a hada kwaya a cikin kunshin bashi, wanda ba zai yi wahala a sanya shi a kan allo ta hanyar ba dpkg.
Abin da ya rage shine haɗa allon ta USB kuma saita sabon adaftar hanyar sadarwar mu don karɓar adireshi ta DHCP. Don yin wannan kuna buƙatar ƙara wani abu kamar mai zuwa zuwa /etc/network/interfaces:
auto usb0
iface usb0 inet dhcp
hwaddress ether c2:46:98:49:3e:9d
pre-up /bin/sh -c 'echo 2 > /sys/bus/platform/devices/sunxi_usb_udc/otg_role'Yana da kyau a saita adireshin MAC da hannu, saboda ... zai zama bazuwar duk lokacin da aka sake kunna na'urar, wanda ba shi da daɗi da damuwa.
Muna haɗa kebul na MicroUSB zuwa mai haɗin OTG, haɗa wuta daga na'ura mai ba da hanya tsakanin hanyoyin sadarwa (ana iya ba da shi zuwa fil 2 da 3 na tsefe, kuma ba kawai ga mai haɗa wuta ba).
Abin da ya rage shi ne saita na'ura mai ba da hanya tsakanin hanyoyin sadarwa. Ya isa shigar da kunshin tare da direban EEM kuma ƙara sabon na'urar hanyar sadarwa ta USB zuwa gada na yankin Firewall na gida:
opkg install kmod-usb-net-cdc-eem
Don tafiyar da duk zirga-zirga zuwa rami na VPN, kuna buƙatar ko dai ƙara dokar SNAT zuwa adireshin IP na hukumar a gefen hanyar sadarwa, ko rarraba adireshin hukumar a matsayin adireshin ƙofar ta hanyar dnsmasq. Ana yin na ƙarshe ta ƙara layin da ke gaba zuwa /etc/dnsmasq.conf:
dhcp-option = tag:lan, option:router, 192.168.1.100inda 192.168.1.100 - Adireshin IP na hukumar ku. Kar a manta da shigar da adireshin mai ba da hanya tsakanin hanyoyin sadarwa a cikin saitunan cibiyar sadarwa akan allon kanta!
An yi amfani da soso na melamine don keɓance lambobin allo daga lambobin sadarwa. Ya zama kamar haka:
ƙarshe
Cibiyar sadarwa ta USB tana aiki da mamaki da sauri: 100-120 Mb/s, Ina tsammanin ƙasa. OpenVPN yana wucewa ta kusan 70 Mb/s na zirga-zirgar ɓoyayyiyar, wanda kuma ba shi da yawa, amma ya isa ga buƙatu na. Murfin na'ura mai ba da hanya tsakanin hanyoyin sadarwa baya rufewa sosai, yana barin ƙaramin rata. Aesthetes na iya cire masu haɗin Ethernet da USB Mai watsa shiri daga allon, wanda zai ba da damar murfin ya rufe gaba ɗaya kuma har yanzu yana da sauran sarari.
Zai fi kyau kada ku shiga irin wannan batsa kuma ku saya .
source: www.habr.com