ProHoster > Pūnaewele > Nā Administration > Hoʻonohonoho i ka BGP e kāpae i ka pale ʻana, a i ʻole "Pehea wau i pau ai ka makaʻu a aloha iā RKN"

Hoʻonohonoho i ka BGP e kāpae i ka pale ʻana, a i ʻole "Pehea wau i pau ai ka makaʻu a aloha iā RKN"

ʻAe, ʻae, e pili ana i ka "aloha" he hoʻonui. Ma kahi "hiki ke noho pū me".

E like me kāu e ʻike ai, mai ʻApelila 16, 2018, ua kāohi ʻo Roskomnadzor i ka loaʻa ʻana o nā kumuwaiwai ma ka pūnaewele me nā kīwī ākea ākea, me ka hoʻohui ʻana i ka Unified Registry o nā inoa inoa, nā kuhikuhi i nā ʻaoʻao o nā pūnaewele ma ka Pūnaewele a me nā helu pūnaewele e ʻae iā ʻoe e. e ʻike i nā pūnaewele ma ka Pūnaewele, i loaʻa ka ʻike, ʻaʻole i pāpā ʻia ka hoʻolaha ʻana i ka Russian Federation" (ma ka kikokikona - kahi kākau inoa wale nō) /10 i kekahi manawa. ʻO ka hopena, pilikia nā kamaʻāina o ka Russian Federation a me nā ʻoihana, me ka nalowale o ka loaʻa ʻana i nā kumuwaiwai kūpono loa e pono ai lākou.

Ma hope o koʻu ʻōlelo ʻana ma nā ʻōlelo i kekahi o nā ʻatikala ma Habré ua mākaukau wau e kōkua i ka poʻe i hōʻeha ʻia me ka hoʻonohonoho ʻana i kahi hoʻolālā bypass, ua hoʻopili mai kekahi poʻe iaʻu e noi ana i ia kōkua. Ke hana nā mea a pau iā lākou, ua ʻōlelo kekahi o lākou e wehewehe i ka ʻenehana i loko o kahi ʻatikala. Ma ka noʻonoʻo ʻana, ua hoʻoholo wau e uhaʻi i koʻu noho mālie ma ka pūnaewele a hoʻāʻo e kākau i kahi mea i waena o kahi papahana a me kahi pou ma Facebook, ʻo ia hoʻi. habrapost. Aia ka hopena i mua ou.

Akahana

No ka mea ʻaʻole kūpono loa ka hoʻolaha ʻana i nā ala e kāpae ai i ka ʻae ʻana i ka ʻike i pāpā ʻia ma ka ʻāina o ka Russian Federation, ʻo ke kumu o kēia ʻatikala e kamaʻilio e pili ana i kahi ala e hiki ai iā ʻoe ke hoʻokaʻawale i nā kumuwaiwai i ʻae ʻia ma ka ʻāina. o ka Russian Federation, akā ma muli o nā hana a kekahi i hiki ʻole ke loaʻa pololei ma o kāu mea hoʻolako. A ʻo ka loaʻa ʻana i nā kumuwaiwai ʻē aʻe, i loaʻa ma muli o nā hana mai ka ʻatikala, he hopena pōʻino a ʻaʻole ia ke kumu o ka ʻatikala.

Eia nō hoʻi, ʻoiai ʻo wau ka mea hana pūnaewele ma o ka ʻoihana, ʻoihana a me ke ala ola, ʻo ka polokalamu a me Linux ʻaʻole koʻu ikaika. No laila, ʻoiaʻiʻo, hiki ke kākau maikaʻi ʻia nā palapala, hiki ke hana hohonu ʻia nā pilikia palekana ma VPS, etc. E ʻae ʻia kāu mau manaʻo me ka mahalo, inā lawa ka kikoʻī - e hauʻoli wau e hoʻohui iā lākou i ka kikokikona o ka ʻatikala.

Aku; DR

Hoʻololi mākou i ke komo ʻana i nā kumuwaiwai ma o kāu tunnel e hoʻohana nei i kahi kope o ke kākau inoa a me ka protocol BGP. ʻO ka pahuhopu ka wehe ʻana i nā kaʻa a pau i hoʻopaʻa ʻia i nā kumuwaiwai i hoʻopaʻa ʻia i loko o ka tunnel. ʻO ka wehewehe liʻiliʻi, ka hapa nui o nā ʻōlelo aʻoaʻo.

He aha kāu e pono ai no kēia

ʻO ka mea pōʻino, ʻaʻole no kēlā me kēia pou kēia pou. No ka hoʻohana ʻana i kēia ʻenehana, pono ʻoe e hui pū i kekahi mau mea:

  1. Pono ʻoe i kahi kikowaena linux ma kahi o waho o ke kahua pale. A i ʻole ma ka liʻiliʻi o ka makemake e hoʻomaka i kahi kikowaena - ʻoiai ke kumu kūʻai mai $ 9 / makahiki, a ʻoi aku paha. He kūpono hoʻi ke ʻano inā loaʻa iā ʻoe kahi kaʻawale VPN, a laila hiki ke loaʻa ke kikowaena i loko o ka pā poloka.
  2. Pono ke akamai o kāu mea hoʻolale e hiki ai
    • ʻO kēlā me kēia mea kūʻai VPN āu e makemake ai (makemake wau iā OpenVPN, akā hiki iā ia ke PPTP, L2TP, GRE+IPSec, a me nā koho ʻē aʻe e hana i kahi interface tunnel);
    • BGPv4 protocol. ʻO ia hoʻi, no SOHO hiki iā ia ke Mikrotik a i ʻole kekahi alalai me OpenWRT/LEDE/like maʻamau firmware e hiki ai iā ʻoe ke hoʻokomo iā Quagga a i ʻole Bird. ʻAʻole pāpā ʻia ka hoʻohana ʻana i kahi router PC. No kahi ʻoihana, e ʻike i ka palapala no kāu mea hoʻokele palena no ke kākoʻo BGP.
  3. Pono ʻoe e kamaʻāina i ka hoʻohana ʻana iā Linux a me nā ʻenehana pūnaewele, me ka BGP. A i ʻole makemake e kiʻi i kēlā manaʻo. No ka mea ʻaʻole wau i mākaukau e apo i ka nui i kēia manawa, pono ʻoe e aʻo i kekahi mau mea i hiki ʻole iā ʻoe ke hoʻomaopopo iā ʻoe iho. Eia nō naʻe, ʻoiaʻiʻo, e pane wau i nā nīnau kikoʻī ma nā ʻōlelo a ʻaʻole paha wau wale nō ka pane, no laila e ʻoluʻolu e nīnau.

He aha ka mea i hoʻohana ʻia ma ka laʻana

  • Kope o ka papa inoa https://github.com/zapret-info/z-i 
  • VPS - Ubuntu 16.04
  • lawelawe alahele - manu 1.6.3   
  • Alaula - Mikrotik hAP ac
  • Nā waihona hana - ʻoiai ke hana nei mākou ma ke ʻano he kumu, e waiho ʻia ka hapa nui o nā mea āpau i ka waihona home kumu. ʻO kēlā me kēia:
    • /root/blacklist - waihona hana me ka palapala hōʻuluʻulu
    • /root/zi - he kope o ka papa inoa mai github
    • /etc/bird - waihona hoʻonohonoho lawelawe manu maʻamau
  • ʻAe mākou i ka 194.165.22.146, ASN 64998 ma ke ʻano he IP IP waho o ka VPS me ka server routing a me ka wahi hoʻopau tunnel; ka helu IP waho o ke alalai - 81.177.103.94, ASN 64999
  • ʻO nā helu IP i loko o ka tunnel he 172.30.1.1 a me 172.30.1.2.

Hoʻonohonoho i ka BGP e kāpae i ka pale ʻana, a i ʻole "Pehea wau i pau ai ka makaʻu a aloha iā RKN"

ʻOiaʻiʻo, hiki iā ʻoe ke hoʻohana i nā mea ala ʻē aʻe, nā ʻōnaehana hana a me nā huahana polokalamu, hoʻoponopono i ka hopena e kūpono i kā lākou loiloi.

ʻO ka pōkole - ke kumu o ka hoʻoholo

  1. Nā hana hoʻomākaukau
    1. Loaʻa i kahi VPS
    2. Hoʻokiʻekiʻe mākou i ka tunnel mai ke ala ala i ka VPS
  2. Loaʻa a hoʻonui mau i kahi kope o ke kākau inoa
  3. Ke hoʻouka a me ka hoʻonohonoho ʻana i ka lawelawe alahele
  4. E hana i kahi papa inoa o nā ala paʻa no ka lawelawe alahele ma muli o ke kākau inoa
  5. Hoʻohui mākou i ka mea alalai i ka lawelawe a hoʻonohonoho i ka hoʻouna ʻana i nā kaʻa āpau ma o ka tunnel.

ʻO ka hoʻoholo maoli

Nā hana hoʻomākaukau

Ma ka nui o ka pūnaewele he nui nā lawelawe e hāʻawi iā VPS no ke kālā kūpono loa. I kēia manawa, ua loaʻa iaʻu a hoʻohana i ka koho no $ 9 / makahiki, akā inā ʻaʻole ʻoe e hoʻopilikia maoli, nui nā koho no 1E / mahina ma kēlā me kēia kihi. ʻO ka nīnau o ke koho ʻana i kahi VPS aia ma mua o ke ʻano o kēia ʻatikala, no laila inā ʻaʻole maopopo i kekahi mea e pili ana i kēia, e nīnau i nā manaʻo.

Inā ʻoe e hoʻohana i ka VPS ʻaʻole wale no ka lawelawe alahele, akā no ka hoʻopau ʻana i kahi tunnel ma luna, pono ʻoe e hoʻokiʻekiʻe i kēia tunnel a, aneane maopopo ʻole, e hoʻonohonoho iā NAT no ia. Nui nā ʻōlelo aʻo ma ka pūnaewele no kēia mau hana, ʻaʻole wau e hana hou iā lākou ma aneʻi. ʻO ke koi nui no ia tunnel, ʻo ia ka mea e hana i kahi kikowaena kaʻawale ma kāu kelepona e kākoʻo ana i ka tunnel i ka VPS. ʻO ka hapa nui o nā ʻenehana VPN i hoʻohana i kēia koi - no ka laʻana, ua maikaʻi ʻo OpenVPN ma ke ʻano tun.

E kiʻi i kope o ke kākau inoa

E like me kā Jabrayil i ʻōlelo ai, "ʻO ka mea keʻakeʻa iā mākou e kōkua iā mākou." Ma muli o ka hana ʻana o ka RKN i kahi papa inoa o nā kumuwaiwai i pāpā ʻia, he hewa ke hoʻohana ʻole i kēia papa inoa e hoʻoponopono i kā mākou pilikia. E loaʻa iā mākou kahi kope o ke kākau inoa mai github.

Hele mākou i kāu kikowaena Linux, hāʻule i loko o ka pōʻaiapili o rootʻa (sudo su-) a hoʻokomo i ka git inā ʻaʻole i hoʻokomo ʻia.

apt install git

E hele i kāu papa kuhikuhi home a huki i kahi kope o ke kākau inoa.

cd ~ && git clone --depth=1 https://github.com/zapret-info/z-i 

E hoʻonohonoho i kahi hōʻano hou cron (loaʻa iaʻu i kēlā me kēia 20 mau minuke, akā hiki iā ʻoe ke koho i kekahi manawa e makemake ai ʻoe). No ka hana ʻana i kēia, holo mākou crontab -e a hoʻohui i kēia laina i laila:

*/20 * * * * cd ~/z-i && git pull && git gc

Hoʻohui mākou i kahi makau e hana ai i nā faila no ka lawelawe alahele ma hope o ka hoʻonui ʻana i ke kākau inoa. No ka hana ʻana i kēia, hana mākou i kahi faila /root/zi/.git/hooks/post-merge me keia mau mea:

#!/usr/bin/env bash
changed_files="$(git diff-tree -r --name-only --no-commit-id ORIG_HEAD HEAD)"
check_run() {
    echo "$changed_files" | grep --quiet "$1" && eval "$2"
}
check_run dump.csv "/root/blacklist/makebgp"

a mai poina e hoʻokō

chmod +x /root/z-i/.git/hooks/post-merge

E hana ʻia ka palapala makebgp i kuhikuhi ʻia e ka makau.

Ke hoʻouka a me ka hoʻonohonoho ʻana i ka lawelawe alahele

E hoʻouka manu. ʻO ka mea pōʻino, ʻo ka mana o ka manu i hoʻokuʻu ʻia i kēia manawa i loko o nā hale waihona ʻo Ubuntu e hoʻohālikelike ʻia i ka hou me Archeopteryx feces, no laila pono mākou e hoʻohui mua i ka PPA mana o nā mea hoʻomohala polokalamu i ka ʻōnaehana.

add-apt-repository ppa:cz.nic-labs/bird
apt update
apt install bird

Ma hope o kēlā, hoʻopau koke mākou i ka manu no IPv6 - ma kēia hoʻonohonoho ʻaʻole mākou e pono.

systemctl stop bird6
systemctl disable bird6

Aia ma lalo kahi faila hoʻonohonoho minimalistic no ka lawelawe manu (/etc/bird/bird.conf), ua lawa ia no mākou (a ke hoʻomanaʻo hou nei au iā ʻoe ʻaʻohe mea e pāpā i ka hoʻomohala ʻana a me ka hoʻoponopono ʻana i ka manaʻo e kūpono i kāu pono ponoʻī)

log syslog all;
router id 172.30.1.1;

protocol kernel {
        scan time 60;
        import none;
#       export all;   # Actually insert routes into the kernel routing table
}

protocol device {
        scan time 60;
}

protocol direct {
        interface "venet*", "tun*"; # Restrict network interfaces it works with
}

protocol static static_bgp {
        import all;
        include "pfxlist.txt";
        #include "iplist.txt";
}

protocol bgp OurRouter {
        description "Our Router";
        neighbor 81.177.103.94 as 64999;
        import none;
        export where proto = "static_bgp";
        local as 64998;
        passive off;
        multihop;
}

router id - ka mea ʻike router, ʻike ʻia e like me kahi helu IPv4, akā ʻaʻole. I kā mākou hihia, hiki ke helu i ka helu 32-bit i ka format address IPv4, akā he hana maikaʻi ke kuhikuhi i ka helu IPv4 o kāu hāmeʻa (ma kēia hihia, VPS) ma laila.

ʻO ka protocol pololei e hoʻoholo i nā pilina e hana me ke kaʻina hana ala. Hāʻawi ka laʻana i kekahi mau laʻana o nā inoa, hiki iā ʻoe ke hoʻohui hou aku. Hiki iā ʻoe ke hoʻopau wale i ka laina, a laila e hoʻolohe ke kikowaena i nā kikowaena āpau i loaʻa me kahi helu IPv4.

ʻO ka protocol static kā mākou kilokilo e hoʻouka i nā papa inoa o nā prefix a me nā helu IP (ʻo ia hoʻi, /32 prefixes) mai nā faila no ka hoʻolaha ma hope. No hea mai kēia mau papa inoa e kūkākūkā ʻia ma lalo nei. E ʻoluʻolu e hoʻomaopopo ʻia ka hoʻouka ʻana i nā helu ip ma ke ʻano maʻamau, ʻo ke kumu o kēia ka nui o ka hoʻouka ʻana. No ka hoʻohālikelike, i ka manawa o ke kākau ʻana i ka ʻatikala, aia nā laina 78 i ka papa inoa o nā prefixes, a me 85898 i ka papa inoa o nā helu ip. Manaʻo ikaika wau e hoʻomaka a debug wale nō ma ka papa inoa o nā prefixes, a hoʻoholo inā ʻaʻole paha. e hiki ai ke hoʻouka ip i ka wā e hiki mai ana ma hope o ka hoʻāʻo ʻana me kāu router. ʻAʻole hiki i kēlā me kēia o lākou ke hoʻoheheʻe maʻalahi i nā helu 85 tausani i ka papa kuhikuhi.

Hoʻonohonoho maoli ka protocol bgp i ka nānā ʻana i ka bgp me kāu mea hoʻokele. ʻO ka ip-address ka helu o ka ʻaoʻao o waho o ke alalai (a i ʻole ka helu o ke kikowaena tunnel mai ka ʻaoʻao o ke alalai), 64998 a me 64999 nā helu o nā ʻōnaehana autonomous. I kēia hihia, hiki ke hāʻawi ʻia iā lākou ma ke ʻano o nā helu 16-bit, akā maikaʻi ka hoʻohana ʻana i nā helu AS mai kahi kikoʻī i wehewehe ʻia e RFC6996 - 64512-65534 inclusive (aia he 32-bit format ASN, akā. i kā mākou hihia he mea nui loa kēia). Hoʻohana ka hoʻonohonoho i wehewehe ʻia i ka eBGP peering, kahi e ʻokoʻa ai nā helu ʻōnaehana autonomous o ka lawelawe alahele a me ke alalai.

E like me kāu e ʻike ai, pono e ʻike ka lawelawe i ka IP address o ke alalai, no laila inā loaʻa iā ʻoe kahi kikoʻī pilikino a i ʻole hiki ke hoʻololi ʻia (RFC1918) a i ʻole kaʻana like (RFC6598), ʻaʻohe āu koho e hoʻāla i ka peering ma ka ʻaoʻao waho. akā e hana mau ana ka lawelawe i loko o ka tunnel.

Maikaʻi nō hoʻi hiki iā ʻoe ke hāʻawi i nā ala ala like ʻole me nā ala mai kahi lawelawe hoʻokahi - e kope wale i nā hoʻonohonoho no lākou ma ke kope ʻana i ka ʻāpana protocol bgp me ka hoʻololi ʻana i ka IP address o ka hoalauna. ʻO ia ke kumu e hōʻike ai ka laʻana i nā hoʻonohonoho no ka nānā ʻana ma waho o ka tunnel, ʻo ia ka mea nui loa. ʻAʻole paʻakikī ke hoʻoneʻe iā lākou i loko o ka tunnel ma ka hoʻololi ʻana i nā helu IP i nā hoʻonohonoho e like me ia.

Kakau inoa no ka lawelawe alahele

I kēia manawa, pono mākou e hana i nā papa inoa o nā prefixes a me nā ip-addresses, i ʻōlelo ʻia ma ka pae mua i ka protocol static. No ka hana ʻana i kēia, lawe mākou i ka faila hoʻopaʻa inoa a hana i nā faila e pono ai mākou mai ia mea me ka palapala aʻe, aia i loko /root/blacklist/makebgp

#!/bin/bash
cut -d";" -f1 /root/z-i/dump.csv| tr '|' 'n' |  tr -d ' ' > /root/blacklist/tmpaddr.txt
cat /root/blacklist/tmpaddr.txt | grep / | sed 's_.*_route & reject;_' > /etc/bird/pfxlist.txt
cat /root/blacklist/tmpaddr.txt | sort | uniq | grep -Eo "([0-9]{1,3}[.]){3}[0-9]{1,3}" | sed 's_.*_route &/32 reject;_' > /etc/bird/iplist.txt
/etc/init.d/bird reload
logger 'bgp list compiled'

Mai poina e hoʻokō

chmod +x /root/blacklist/makebgp

I kēia manawa hiki iā ʻoe ke holo me ka lima a nānā i ke ʻano o nā faila ma /etc/bird.

ʻO ka mea nui, i kēia manawa ʻaʻole hana ka manu iā ʻoe, no ka mea ma ka pae mua āu i manaʻo ai e ʻimi i nā faila i loaʻa ʻole. No laila, hoʻomaka mākou a mālama i ka hoʻomaka ʻana:

systemctl start bird
birdc show route

Pono ka puka o ka lua o ke kauoha e hōʻike e pili ana i nā helu 80 (ʻo ia kēia i kēia manawa, a ke kau ʻoe iā ia, e hilinaʻi nā mea āpau i ka ikaika o ka ILV i ka pale ʻana i nā pūnaewele) e like me kēia:

54.160.0.0/12      unreachable [static_bgp 2018-04-19] * (200)

hui

birdc show protocol

e hōʻike i ke kūlana o nā protocols i loko o ka lawelawe. Aia a hiki i kou hoʻonohonoho ʻana i ke alalai (e ʻike i ka paukū aʻe), aia ka OurRouter protocol i ke kūlana hoʻomaka (Connect or Active phases), a ma hope o ka hoʻopili kūleʻa ʻana, e hele ia i ke kūlana kiʻekiʻe (Established phase). No ka laʻana, ma kaʻu ʻōnaehana, ua like ka hopena o kēia kauoha:

BIRD 1.6.3 ready.
name     proto    table    state  since       info
kernel1  Kernel   master   up     2018-04-19
device1  Device   master   up     2018-04-19
static_bgp Static   master   up     2018-04-19
direct1  Direct   master   up     2018-04-19
RXXXXXx1 BGP      master   up     13:10:22    Established
RXXXXXx2 BGP      master   up     2018-04-24  Established
RXXXXXx3 BGP      master   start  2018-04-22  Connect       Socket: Connection timed out
RXXXXXx4 BGP      master   up     2018-04-24  Established
RXXXXXx5 BGP      master   start  2018-04-24  Passive

Hoʻokuʻi ʻana i kahi alalai

Ua luhi paha nā kānaka a pau i ka heluhelu ʻana i kēia lole wāwae, akā e hoʻoikaika ʻoe - ua kokoke mai ka hopena. Eia kekahi, ma kēia ʻāpana ʻaʻole hiki iaʻu ke hāʻawi i nā ʻōlelo aʻoaʻo i kēlā me kēia pae - e ʻokoʻa ia no kēlā me kēia mea hana.

Eia naʻe, hiki iaʻu ke hōʻike iā ʻoe i kekahi mau laʻana. ʻO ka manaʻo nui e hoʻokiʻekiʻe i ka BGP peering a hoʻopili i ka nexthop i nā prefixes i loaʻa, e kuhikuhi ana i kā mākou tunnel (inā pono ʻoe e hoʻopuka i nā kaʻa ma o ka p2p interface) a i ʻole nexthop ip-address inā hele ke kaʻa i ka ethernet).

No ka laʻana, ma Mikrotik ma RouterOS, ua hoʻoholo ʻia e like me kēia

/routing bgp instance set default as=64999 ignore-as-path-len=yes router-id=172.30.1.2
/routing bgp peer add in-filter=dynamic-in multihop=yes name=VPS remote-address=194.165.22.146 remote-as=64998 ttl=default
/routing filter add action=accept chain=dynamic-in protocol=bgp comment="Set nexthop" set-in-nexthop=172.30.1.1

a ma Cisco IOS - e like me kēia

router bgp 64999
  neighbor 194.165.22.146 remote-as 64998
  neighbor 194.165.22.146 route-map BGP_NEXT_HOP in
  neighbor 194.165.22.146 ebgp-multihop 250
!
route-map BGP_NEXT_HOP permit 10
  set ip next-hop 172.30.1.1

Inā hoʻohana ʻia ka tunnel like no ka BGP peering a no ka hoʻouna ʻana i nā kaʻa pono, ʻaʻole pono e hoʻonohonoho i ka nexthop, e hoʻonohonoho pololei ʻia e ka protocol. Akā inā hoʻonoho lima ʻoe iā ia, ʻaʻole e ʻoi aku ka ʻino.

Ma nā kahua ʻē aʻe, pono ʻoe e noʻonoʻo i ka hoʻonohonoho ʻana iā ʻoe iho, akā inā pilikia ʻoe, e kākau i nā ʻōlelo, e hoʻāʻo wau e kōkua.

Ma hope o ka piʻi ʻana o kāu kau BGP, ua hōʻea nā ala i nā pūnaewele nui a hoʻokomo ʻia i ka papaʻaina, ua hala ke kaʻa ʻana i nā helu helu mai lākou a ua kokoke ka hauʻoli, hiki iā ʻoe ke hoʻi i ka lawelawe manu a hoʻāʻo e wehe i ke komo ʻana ma laila e pili ana i ka papa inoa o nā helu IP, e hoʻokō ma hope o kēlā

systemctl reload bird

a e ʻike i ke ʻano o ka neʻe ʻana o kāu mea hoʻokele i kēia mau ala he 85 tausani. E mākaukau e hoʻopau a noʻonoʻo i ka mea e hana ai me ia 🙂

Hōʻuluʻulu

Maʻemaʻe theoretically, ma hope o ka hana ʻana i nā ʻanuʻu i luna, loaʻa iā ʻoe kahi lawelawe e hoʻihoʻi hou i ke kaʻa i nā helu IP i pāpā ʻia ma ka Russian Federation ma mua o ka ʻōnaehana kānana.

Hiki ke hoʻomaikaʻi ʻia. No ka laʻana, maʻalahi ka hōʻuluʻulu ʻana i kahi papa inoa o nā helu ip ma o nā hopena perl a i ʻole python. ʻO kahi palapala perl maʻalahi e hana ana i kēia me Net::CIDR::Lite e hoʻololi i 85 tausani prefix i 60 (ʻaʻole tausani), akā uhi maoli i ka nui o nā helu helu ma mua o ka mea i kāohi ʻia.

Mai ka lawelawe ʻana o ka lawelawe ma ke kolu o ka pae o ka hoʻohālike ISO / OSI, ʻaʻole ia e hoʻopakele iā ʻoe mai ka pale ʻana i ka pūnaewele / ʻaoʻao inā ʻaʻole ia e hoʻoholo i ka helu i hoʻopaʻa ʻia i ka papa inoa. Akā, me ke kākau inoa mai github, hiki mai ka faila nxdomain.txt, me ka liʻiliʻi o ka paʻi ʻana o ka palapala maʻalahi e lilo i kumu o nā helu no ka laʻana, ka SwitchyOmega plugin ma Chrome.

Pono e ʻōlelo ʻia he koi hou ka hopena inā ʻaʻole ʻoe he mea hoʻohana pūnaewele, akā hoʻopuka pū kekahi i kekahi mau kumuwaiwai mai ʻoe iho (no ka laʻana, e holo ana kahi pūnaewele a i ʻole ka leka uila ma kēia pili). Ma o ke alalai, pono ʻoe e hoʻopaʻa paʻa i nā kaʻa i waho mai kēia lawelawe i kāu helu lehulehu, i ʻole e nalowale ʻoe i ka pilina me kēlā mau kumuwaiwai i uhi ʻia e ka papa inoa o nā prefixes i loaʻa e ka router.

Inā he mau nīnau kāu - e nīnau, mākaukau e pane.

UPD. Mahalo hoʻokele moku и TerAnYu no nā koho no git e hōʻemi i ka nui o ka hoʻoiho.

UPD2. E nā hoa hana, me he mea lā ua hana hewa wau ma ka hoʻohui ʻole ʻana i nā ʻōlelo aʻoaʻo no ka hoʻonohonoho ʻana i kahi tunnel ma waena o ka VPS a me ke alalai i ka ʻatikala. Nui nā nīnau ma muli o kēia.
I ka hihia, ʻike hou wau - ua manaʻo ʻia ma mua o ka hoʻomaka ʻana i nā ʻanuʻu i kēia alakaʻi, ua hoʻonohonoho ʻoe i ka tunnel VPN ma ke kuhikuhi āu e pono ai a nānā i kāna hana (e like me ka hoʻopili ʻana i ke kaʻa ma laila ma ke ʻano a i ʻole static). Inā ʻaʻole ʻoe i hoʻopau i kēia māhele, ʻaʻole kūpono ke hahai i nā ʻanuʻu mai ka ʻatikala. ʻAʻohe aʻu kikokikona ponoʻī ma kēia, akā inā ʻoe google "OpenVPN server setup" me ka inoa o ka ʻōnaehana hana i hoʻokomo ʻia ma ka VPS, a me "OpenVPN client setup" me ka inoa o kāu router, ʻoi aku paha ʻoe. e loaʻa i kekahi mau ʻatikala e pili ana i kēia kumuhana, me ka Habré.

UPD3. ʻAʻole kaumaha kākau i kahi code e hana ai i ka faila no ka manu mai dump.csv me ka hōʻuluʻulu koho o nā helu ip. No laila, hiki ke pani ʻia ka ʻāpana "Registry processing for the routing service" me kahi kelepona i kāna papahana. https://habr.com/post/354282/#comment_10782712

UPD4. He hana liʻiliʻi i nā hewa (ʻaʻole i hāʻawi i ka kikokikona):
1) ma kahi systemctl reload manu kūpono ke hoʻohana ʻana i ke kauoha hoʻonohonoho manuc.
2) i ka router Mikrotik, ma kahi o ka hoʻololi ʻana i ka hope-hop i ka IP o ka ʻaoʻao ʻelua o ka tunnel / routing filter add action=accept chain=dynamic-in protocol=bgp comment="Set nexthop" set-in-nexthop=172.30.1.1 He mea kūpono ke kuhikuhi pololei i ke ala i ka ʻaoʻao tunnel, me ka ʻole o ka helu wahi / routing filter add action=accept chain=dynamic-in protocol=bgp comment="Set nexthop" set-in-nexthop-direct=<inoa waena>

UPD5. Ua hiki mai kahi lawelawe hou https://antifilter.download, mai kahi e hiki ai iā ʻoe ke lawe i nā papa inoa ip-address i hoʻomākaukau ʻia. Hoʻouka hou ʻia i kēlā me kēia hapalua hola. Ma ka ʻaoʻao o ka mea kūʻai aku, ʻo ka mea wale nō e hoʻopili i nā mea komo me ka "alanui ... hōʻole".
A ua lawa paha ia no ka hoʻopaʻa ʻana i koʻu kupuna wahine a hoʻohou i ka ʻatikala.

UPD6. ʻO kahi mana hou o ka ʻatikala no ka poʻe makemake ʻole e hoʻomaopopo, akā makemake e hoʻomaka - maanei.

Source: www.habr.com

Pākuʻi i ka manaʻo hoʻopuka