ProHoster > Pūnaewele > Nā Administration > Hoʻonohonoho i ka BGP e kāpae i ka pale ʻana, a i ʻole "Pehea wau i pau ai ka makaʻu a aloha iā RKN"
Hoʻonohonoho i ka BGP e kāpae i ka pale ʻana, a i ʻole "Pehea wau i pau ai ka makaʻu a aloha iā RKN"
ʻAe, ʻae, e pili ana i ka "aloha" he hoʻonui. Ma kahi "hiki ke noho pū me".
E like me kāu e ʻike ai, mai ʻApelila 16, 2018, ua kāohi ʻo Roskomnadzor i ka loaʻa ʻana o nā kumuwaiwai ma ka pūnaewele me nā kīwī ākea ākea, me ka hoʻohui ʻana i ka Unified Registry o nā inoa inoa, nā kuhikuhi i nā ʻaoʻao o nā pūnaewele ma ka Pūnaewele a me nā helu pūnaewele e ʻae iā ʻoe e. e ʻike i nā pūnaewele ma ka Pūnaewele, i loaʻa ka ʻike, ʻaʻole i pāpā ʻia ka hoʻolaha ʻana i ka Russian Federation" (ma ka kikokikona - kahi kākau inoa wale nō) /10 i kekahi manawa. ʻO ka hopena, pilikia nā kamaʻāina o ka Russian Federation a me nā ʻoihana, me ka nalowale o ka loaʻa ʻana i nā kumuwaiwai kūpono loa e pono ai lākou.
Ma hope o koʻu ʻōlelo ʻana ma nā ʻōlelo i kekahi o nā ʻatikala ma Habré ua mākaukau wau e kōkua i ka poʻe i hōʻeha ʻia me ka hoʻonohonoho ʻana i kahi hoʻolālā bypass, ua hoʻopili mai kekahi poʻe iaʻu e noi ana i ia kōkua. Ke hana nā mea a pau iā lākou, ua ʻōlelo kekahi o lākou e wehewehe i ka ʻenehana i loko o kahi ʻatikala. Ma ka noʻonoʻo ʻana, ua hoʻoholo wau e uhaʻi i koʻu noho mālie ma ka pūnaewele a hoʻāʻo e kākau i kahi mea i waena o kahi papahana a me kahi pou ma Facebook, ʻo ia hoʻi. habrapost. Aia ka hopena i mua ou.
Akahana
No ka mea ʻaʻole kūpono loa ka hoʻolaha ʻana i nā ala e kāpae ai i ka ʻae ʻana i ka ʻike i pāpā ʻia ma ka ʻāina o ka Russian Federation, ʻo ke kumu o kēia ʻatikala e kamaʻilio e pili ana i kahi ala e hiki ai iā ʻoe ke hoʻokaʻawale i nā kumuwaiwai i ʻae ʻia ma ka ʻāina. o ka Russian Federation, akā ma muli o nā hana a kekahi i hiki ʻole ke loaʻa pololei ma o kāu mea hoʻolako. A ʻo ka loaʻa ʻana i nā kumuwaiwai ʻē aʻe, i loaʻa ma muli o nā hana mai ka ʻatikala, he hopena pōʻino a ʻaʻole ia ke kumu o ka ʻatikala.
Eia nō hoʻi, ʻoiai ʻo wau ka mea hana pūnaewele ma o ka ʻoihana, ʻoihana a me ke ala ola, ʻo ka polokalamu a me Linux ʻaʻole koʻu ikaika. No laila, ʻoiaʻiʻo, hiki ke kākau maikaʻi ʻia nā palapala, hiki ke hana hohonu ʻia nā pilikia palekana ma VPS, etc. E ʻae ʻia kāu mau manaʻo me ka mahalo, inā lawa ka kikoʻī - e hauʻoli wau e hoʻohui iā lākou i ka kikokikona o ka ʻatikala.
Aku; DR
Hoʻololi mākou i ke komo ʻana i nā kumuwaiwai ma o kāu tunnel e hoʻohana nei i kahi kope o ke kākau inoa a me ka protocol BGP. ʻO ka pahuhopu ka wehe ʻana i nā kaʻa a pau i hoʻopaʻa ʻia i nā kumuwaiwai i hoʻopaʻa ʻia i loko o ka tunnel. ʻO ka wehewehe liʻiliʻi, ka hapa nui o nā ʻōlelo aʻoaʻo.
He aha kāu e pono ai no kēia
ʻO ka mea pōʻino, ʻaʻole no kēlā me kēia pou kēia pou. No ka hoʻohana ʻana i kēia ʻenehana, pono ʻoe e hui pū i kekahi mau mea:
Pono ʻoe i kahi kikowaena linux ma kahi o waho o ke kahua pale. A i ʻole ma ka liʻiliʻi o ka makemake e hoʻomaka i kahi kikowaena - ʻoiai ke kumu kūʻai mai $ 9 / makahiki, a ʻoi aku paha. He kūpono hoʻi ke ʻano inā loaʻa iā ʻoe kahi kaʻawale VPN, a laila hiki ke loaʻa ke kikowaena i loko o ka pā poloka.
Pono ke akamai o kāu mea hoʻolale e hiki ai
ʻO kēlā me kēia mea kūʻai VPN āu e makemake ai (makemake wau iā OpenVPN, akā hiki iā ia ke PPTP, L2TP, GRE+IPSec, a me nā koho ʻē aʻe e hana i kahi interface tunnel);
BGPv4 protocol. ʻO ia hoʻi, no SOHO hiki iā ia ke Mikrotik a i ʻole kekahi alalai me OpenWRT/LEDE/like maʻamau firmware e hiki ai iā ʻoe ke hoʻokomo iā Quagga a i ʻole Bird. ʻAʻole pāpā ʻia ka hoʻohana ʻana i kahi router PC. No kahi ʻoihana, e ʻike i ka palapala no kāu mea hoʻokele palena no ke kākoʻo BGP.
Pono ʻoe e kamaʻāina i ka hoʻohana ʻana iā Linux a me nā ʻenehana pūnaewele, me ka BGP. A i ʻole makemake e kiʻi i kēlā manaʻo. No ka mea ʻaʻole wau i mākaukau e apo i ka nui i kēia manawa, pono ʻoe e aʻo i kekahi mau mea i hiki ʻole iā ʻoe ke hoʻomaopopo iā ʻoe iho. Eia nō naʻe, ʻoiaʻiʻo, e pane wau i nā nīnau kikoʻī ma nā ʻōlelo a ʻaʻole paha wau wale nō ka pane, no laila e ʻoluʻolu e nīnau.
Nā waihona hana - ʻoiai ke hana nei mākou ma ke ʻano he kumu, e waiho ʻia ka hapa nui o nā mea āpau i ka waihona home kumu. ʻO kēlā me kēia:
/root/blacklist - waihona hana me ka palapala hōʻuluʻulu
/root/zi - he kope o ka papa inoa mai github
/etc/bird - waihona hoʻonohonoho lawelawe manu maʻamau
ʻAe mākou i ka 194.165.22.146, ASN 64998 ma ke ʻano he IP IP waho o ka VPS me ka server routing a me ka wahi hoʻopau tunnel; ka helu IP waho o ke alalai - 81.177.103.94, ASN 64999
ʻO nā helu IP i loko o ka tunnel he 172.30.1.1 a me 172.30.1.2.
ʻOiaʻiʻo, hiki iā ʻoe ke hoʻohana i nā mea ala ʻē aʻe, nā ʻōnaehana hana a me nā huahana polokalamu, hoʻoponopono i ka hopena e kūpono i kā lākou loiloi.
ʻO ka pōkole - ke kumu o ka hoʻoholo
Nā hana hoʻomākaukau
Loaʻa i kahi VPS
Hoʻokiʻekiʻe mākou i ka tunnel mai ke ala ala i ka VPS
Loaʻa a hoʻonui mau i kahi kope o ke kākau inoa
Ke hoʻouka a me ka hoʻonohonoho ʻana i ka lawelawe alahele
E hana i kahi papa inoa o nā ala paʻa no ka lawelawe alahele ma muli o ke kākau inoa
Hoʻohui mākou i ka mea alalai i ka lawelawe a hoʻonohonoho i ka hoʻouna ʻana i nā kaʻa āpau ma o ka tunnel.
ʻO ka hoʻoholo maoli
Nā hana hoʻomākaukau
Ma ka nui o ka pūnaewele he nui nā lawelawe e hāʻawi iā VPS no ke kālā kūpono loa. I kēia manawa, ua loaʻa iaʻu a hoʻohana i ka koho no $ 9 / makahiki, akā inā ʻaʻole ʻoe e hoʻopilikia maoli, nui nā koho no 1E / mahina ma kēlā me kēia kihi. ʻO ka nīnau o ke koho ʻana i kahi VPS aia ma mua o ke ʻano o kēia ʻatikala, no laila inā ʻaʻole maopopo i kekahi mea e pili ana i kēia, e nīnau i nā manaʻo.
Inā ʻoe e hoʻohana i ka VPS ʻaʻole wale no ka lawelawe alahele, akā no ka hoʻopau ʻana i kahi tunnel ma luna, pono ʻoe e hoʻokiʻekiʻe i kēia tunnel a, aneane maopopo ʻole, e hoʻonohonoho iā NAT no ia. Nui nā ʻōlelo aʻo ma ka pūnaewele no kēia mau hana, ʻaʻole wau e hana hou iā lākou ma aneʻi. ʻO ke koi nui no ia tunnel, ʻo ia ka mea e hana i kahi kikowaena kaʻawale ma kāu kelepona e kākoʻo ana i ka tunnel i ka VPS. ʻO ka hapa nui o nā ʻenehana VPN i hoʻohana i kēia koi - no ka laʻana, ua maikaʻi ʻo OpenVPN ma ke ʻano tun.
E kiʻi i kope o ke kākau inoa
E like me kā Jabrayil i ʻōlelo ai, "ʻO ka mea keʻakeʻa iā mākou e kōkua iā mākou." Ma muli o ka hana ʻana o ka RKN i kahi papa inoa o nā kumuwaiwai i pāpā ʻia, he hewa ke hoʻohana ʻole i kēia papa inoa e hoʻoponopono i kā mākou pilikia. E loaʻa iā mākou kahi kope o ke kākau inoa mai github.
Hele mākou i kāu kikowaena Linux, hāʻule i loko o ka pōʻaiapili o rootʻa (sudo su-) a hoʻokomo i ka git inā ʻaʻole i hoʻokomo ʻia.
apt install git
E hele i kāu papa kuhikuhi home a huki i kahi kope o ke kākau inoa.
cd ~ && git clone --depth=1 https://github.com/zapret-info/z-i
E hoʻonohonoho i kahi hōʻano hou cron (loaʻa iaʻu i kēlā me kēia 20 mau minuke, akā hiki iā ʻoe ke koho i kekahi manawa e makemake ai ʻoe). No ka hana ʻana i kēia, holo mākou crontab -e a hoʻohui i kēia laina i laila:
*/20 * * * * cd ~/z-i && git pull && git gc
Hoʻohui mākou i kahi makau e hana ai i nā faila no ka lawelawe alahele ma hope o ka hoʻonui ʻana i ke kākau inoa. No ka hana ʻana i kēia, hana mākou i kahi faila /root/zi/.git/hooks/post-merge me keia mau mea:
E hana ʻia ka palapala makebgp i kuhikuhi ʻia e ka makau.
Ke hoʻouka a me ka hoʻonohonoho ʻana i ka lawelawe alahele
E hoʻouka manu. ʻO ka mea pōʻino, ʻo ka mana o ka manu i hoʻokuʻu ʻia i kēia manawa i loko o nā hale waihona ʻo Ubuntu e hoʻohālikelike ʻia i ka hou me Archeopteryx feces, no laila pono mākou e hoʻohui mua i ka PPA mana o nā mea hoʻomohala polokalamu i ka ʻōnaehana.
Ma hope o kēlā, hoʻopau koke mākou i ka manu no IPv6 - ma kēia hoʻonohonoho ʻaʻole mākou e pono.
systemctl stop bird6
systemctl disable bird6
Aia ma lalo kahi faila hoʻonohonoho minimalistic no ka lawelawe manu (/etc/bird/bird.conf), ua lawa ia no mākou (a ke hoʻomanaʻo hou nei au iā ʻoe ʻaʻohe mea e pāpā i ka hoʻomohala ʻana a me ka hoʻoponopono ʻana i ka manaʻo e kūpono i kāu pono ponoʻī)
log syslog all;
router id 172.30.1.1;
protocol kernel {
scan time 60;
import none;
# export all; # Actually insert routes into the kernel routing table
}
protocol device {
scan time 60;
}
protocol direct {
interface "venet*", "tun*"; # Restrict network interfaces it works with
}
protocol static static_bgp {
import all;
include "pfxlist.txt";
#include "iplist.txt";
}
protocol bgp OurRouter {
description "Our Router";
neighbor 81.177.103.94 as 64999;
import none;
export where proto = "static_bgp";
local as 64998;
passive off;
multihop;
}
router id - ka mea ʻike router, ʻike ʻia e like me kahi helu IPv4, akā ʻaʻole. I kā mākou hihia, hiki ke helu i ka helu 32-bit i ka format address IPv4, akā he hana maikaʻi ke kuhikuhi i ka helu IPv4 o kāu hāmeʻa (ma kēia hihia, VPS) ma laila.
ʻO ka protocol pololei e hoʻoholo i nā pilina e hana me ke kaʻina hana ala. Hāʻawi ka laʻana i kekahi mau laʻana o nā inoa, hiki iā ʻoe ke hoʻohui hou aku. Hiki iā ʻoe ke hoʻopau wale i ka laina, a laila e hoʻolohe ke kikowaena i nā kikowaena āpau i loaʻa me kahi helu IPv4.
ʻO ka protocol static kā mākou kilokilo e hoʻouka i nā papa inoa o nā prefix a me nā helu IP (ʻo ia hoʻi, /32 prefixes) mai nā faila no ka hoʻolaha ma hope. No hea mai kēia mau papa inoa e kūkākūkā ʻia ma lalo nei. E ʻoluʻolu e hoʻomaopopo ʻia ka hoʻouka ʻana i nā helu ip ma ke ʻano maʻamau, ʻo ke kumu o kēia ka nui o ka hoʻouka ʻana. No ka hoʻohālikelike, i ka manawa o ke kākau ʻana i ka ʻatikala, aia nā laina 78 i ka papa inoa o nā prefixes, a me 85898 i ka papa inoa o nā helu ip. Manaʻo ikaika wau e hoʻomaka a debug wale nō ma ka papa inoa o nā prefixes, a hoʻoholo inā ʻaʻole paha. e hiki ai ke hoʻouka ip i ka wā e hiki mai ana ma hope o ka hoʻāʻo ʻana me kāu router. ʻAʻole hiki i kēlā me kēia o lākou ke hoʻoheheʻe maʻalahi i nā helu 85 tausani i ka papa kuhikuhi.
Hoʻonohonoho maoli ka protocol bgp i ka nānā ʻana i ka bgp me kāu mea hoʻokele. ʻO ka ip-address ka helu o ka ʻaoʻao o waho o ke alalai (a i ʻole ka helu o ke kikowaena tunnel mai ka ʻaoʻao o ke alalai), 64998 a me 64999 nā helu o nā ʻōnaehana autonomous. I kēia hihia, hiki ke hāʻawi ʻia iā lākou ma ke ʻano o nā helu 16-bit, akā maikaʻi ka hoʻohana ʻana i nā helu AS mai kahi kikoʻī i wehewehe ʻia e RFC6996 - 64512-65534 inclusive (aia he 32-bit format ASN, akā. i kā mākou hihia he mea nui loa kēia). Hoʻohana ka hoʻonohonoho i wehewehe ʻia i ka eBGP peering, kahi e ʻokoʻa ai nā helu ʻōnaehana autonomous o ka lawelawe alahele a me ke alalai.
E like me kāu e ʻike ai, pono e ʻike ka lawelawe i ka IP address o ke alalai, no laila inā loaʻa iā ʻoe kahi kikoʻī pilikino a i ʻole hiki ke hoʻololi ʻia (RFC1918) a i ʻole kaʻana like (RFC6598), ʻaʻohe āu koho e hoʻāla i ka peering ma ka ʻaoʻao waho. akā e hana mau ana ka lawelawe i loko o ka tunnel.
Maikaʻi nō hoʻi hiki iā ʻoe ke hāʻawi i nā ala ala like ʻole me nā ala mai kahi lawelawe hoʻokahi - e kope wale i nā hoʻonohonoho no lākou ma ke kope ʻana i ka ʻāpana protocol bgp me ka hoʻololi ʻana i ka IP address o ka hoalauna. ʻO ia ke kumu e hōʻike ai ka laʻana i nā hoʻonohonoho no ka nānā ʻana ma waho o ka tunnel, ʻo ia ka mea nui loa. ʻAʻole paʻakikī ke hoʻoneʻe iā lākou i loko o ka tunnel ma ka hoʻololi ʻana i nā helu IP i nā hoʻonohonoho e like me ia.
Kakau inoa no ka lawelawe alahele
I kēia manawa, pono mākou e hana i nā papa inoa o nā prefixes a me nā ip-addresses, i ʻōlelo ʻia ma ka pae mua i ka protocol static. No ka hana ʻana i kēia, lawe mākou i ka faila hoʻopaʻa inoa a hana i nā faila e pono ai mākou mai ia mea me ka palapala aʻe, aia i loko /root/blacklist/makebgp
I kēia manawa hiki iā ʻoe ke holo me ka lima a nānā i ke ʻano o nā faila ma /etc/bird.
ʻO ka mea nui, i kēia manawa ʻaʻole hana ka manu iā ʻoe, no ka mea ma ka pae mua āu i manaʻo ai e ʻimi i nā faila i loaʻa ʻole. No laila, hoʻomaka mākou a mālama i ka hoʻomaka ʻana:
systemctl start bird
birdc show route
Pono ka puka o ka lua o ke kauoha e hōʻike e pili ana i nā helu 80 (ʻo ia kēia i kēia manawa, a ke kau ʻoe iā ia, e hilinaʻi nā mea āpau i ka ikaika o ka ILV i ka pale ʻana i nā pūnaewele) e like me kēia:
e hōʻike i ke kūlana o nā protocols i loko o ka lawelawe. Aia a hiki i kou hoʻonohonoho ʻana i ke alalai (e ʻike i ka paukū aʻe), aia ka OurRouter protocol i ke kūlana hoʻomaka (Connect or Active phases), a ma hope o ka hoʻopili kūleʻa ʻana, e hele ia i ke kūlana kiʻekiʻe (Established phase). No ka laʻana, ma kaʻu ʻōnaehana, ua like ka hopena o kēia kauoha:
BIRD 1.6.3 ready.
name proto table state since info
kernel1 Kernel master up 2018-04-19
device1 Device master up 2018-04-19
static_bgp Static master up 2018-04-19
direct1 Direct master up 2018-04-19
RXXXXXx1 BGP master up 13:10:22 Established
RXXXXXx2 BGP master up 2018-04-24 Established
RXXXXXx3 BGP master start 2018-04-22 Connect Socket: Connection timed out
RXXXXXx4 BGP master up 2018-04-24 Established
RXXXXXx5 BGP master start 2018-04-24 Passive
Hoʻokuʻi ʻana i kahi alalai
Ua luhi paha nā kānaka a pau i ka heluhelu ʻana i kēia lole wāwae, akā e hoʻoikaika ʻoe - ua kokoke mai ka hopena. Eia kekahi, ma kēia ʻāpana ʻaʻole hiki iaʻu ke hāʻawi i nā ʻōlelo aʻoaʻo i kēlā me kēia pae - e ʻokoʻa ia no kēlā me kēia mea hana.
Eia naʻe, hiki iaʻu ke hōʻike iā ʻoe i kekahi mau laʻana. ʻO ka manaʻo nui e hoʻokiʻekiʻe i ka BGP peering a hoʻopili i ka nexthop i nā prefixes i loaʻa, e kuhikuhi ana i kā mākou tunnel (inā pono ʻoe e hoʻopuka i nā kaʻa ma o ka p2p interface) a i ʻole nexthop ip-address inā hele ke kaʻa i ka ethernet).
No ka laʻana, ma Mikrotik ma RouterOS, ua hoʻoholo ʻia e like me kēia
router bgp 64999
neighbor 194.165.22.146 remote-as 64998
neighbor 194.165.22.146 route-map BGP_NEXT_HOP in
neighbor 194.165.22.146 ebgp-multihop 250
!
route-map BGP_NEXT_HOP permit 10
set ip next-hop 172.30.1.1
Inā hoʻohana ʻia ka tunnel like no ka BGP peering a no ka hoʻouna ʻana i nā kaʻa pono, ʻaʻole pono e hoʻonohonoho i ka nexthop, e hoʻonohonoho pololei ʻia e ka protocol. Akā inā hoʻonoho lima ʻoe iā ia, ʻaʻole e ʻoi aku ka ʻino.
Ma nā kahua ʻē aʻe, pono ʻoe e noʻonoʻo i ka hoʻonohonoho ʻana iā ʻoe iho, akā inā pilikia ʻoe, e kākau i nā ʻōlelo, e hoʻāʻo wau e kōkua.
Ma hope o ka piʻi ʻana o kāu kau BGP, ua hōʻea nā ala i nā pūnaewele nui a hoʻokomo ʻia i ka papaʻaina, ua hala ke kaʻa ʻana i nā helu helu mai lākou a ua kokoke ka hauʻoli, hiki iā ʻoe ke hoʻi i ka lawelawe manu a hoʻāʻo e wehe i ke komo ʻana ma laila e pili ana i ka papa inoa o nā helu IP, e hoʻokō ma hope o kēlā
systemctl reload bird
a e ʻike i ke ʻano o ka neʻe ʻana o kāu mea hoʻokele i kēia mau ala he 85 tausani. E mākaukau e hoʻopau a noʻonoʻo i ka mea e hana ai me ia 🙂
Hōʻuluʻulu
Maʻemaʻe theoretically, ma hope o ka hana ʻana i nā ʻanuʻu i luna, loaʻa iā ʻoe kahi lawelawe e hoʻihoʻi hou i ke kaʻa i nā helu IP i pāpā ʻia ma ka Russian Federation ma mua o ka ʻōnaehana kānana.
Hiki ke hoʻomaikaʻi ʻia. No ka laʻana, maʻalahi ka hōʻuluʻulu ʻana i kahi papa inoa o nā helu ip ma o nā hopena perl a i ʻole python. ʻO kahi palapala perl maʻalahi e hana ana i kēia me Net::CIDR::Lite e hoʻololi i 85 tausani prefix i 60 (ʻaʻole tausani), akā uhi maoli i ka nui o nā helu helu ma mua o ka mea i kāohi ʻia.
Mai ka lawelawe ʻana o ka lawelawe ma ke kolu o ka pae o ka hoʻohālike ISO / OSI, ʻaʻole ia e hoʻopakele iā ʻoe mai ka pale ʻana i ka pūnaewele / ʻaoʻao inā ʻaʻole ia e hoʻoholo i ka helu i hoʻopaʻa ʻia i ka papa inoa. Akā, me ke kākau inoa mai github, hiki mai ka faila nxdomain.txt, me ka liʻiliʻi o ka paʻi ʻana o ka palapala maʻalahi e lilo i kumu o nā helu no ka laʻana, ka SwitchyOmega plugin ma Chrome.
Pono e ʻōlelo ʻia he koi hou ka hopena inā ʻaʻole ʻoe he mea hoʻohana pūnaewele, akā hoʻopuka pū kekahi i kekahi mau kumuwaiwai mai ʻoe iho (no ka laʻana, e holo ana kahi pūnaewele a i ʻole ka leka uila ma kēia pili). Ma o ke alalai, pono ʻoe e hoʻopaʻa paʻa i nā kaʻa i waho mai kēia lawelawe i kāu helu lehulehu, i ʻole e nalowale ʻoe i ka pilina me kēlā mau kumuwaiwai i uhi ʻia e ka papa inoa o nā prefixes i loaʻa e ka router.
Inā he mau nīnau kāu - e nīnau, mākaukau e pane.
UPD. Mahalo hoʻokele moku и TerAnYu no nā koho no git e hōʻemi i ka nui o ka hoʻoiho.
UPD2. E nā hoa hana, me he mea lā ua hana hewa wau ma ka hoʻohui ʻole ʻana i nā ʻōlelo aʻoaʻo no ka hoʻonohonoho ʻana i kahi tunnel ma waena o ka VPS a me ke alalai i ka ʻatikala. Nui nā nīnau ma muli o kēia.
I ka hihia, ʻike hou wau - ua manaʻo ʻia ma mua o ka hoʻomaka ʻana i nā ʻanuʻu i kēia alakaʻi, ua hoʻonohonoho ʻoe i ka tunnel VPN ma ke kuhikuhi āu e pono ai a nānā i kāna hana (e like me ka hoʻopili ʻana i ke kaʻa ma laila ma ke ʻano a i ʻole static). Inā ʻaʻole ʻoe i hoʻopau i kēia māhele, ʻaʻole kūpono ke hahai i nā ʻanuʻu mai ka ʻatikala. ʻAʻohe aʻu kikokikona ponoʻī ma kēia, akā inā ʻoe google "OpenVPN server setup" me ka inoa o ka ʻōnaehana hana i hoʻokomo ʻia ma ka VPS, a me "OpenVPN client setup" me ka inoa o kāu router, ʻoi aku paha ʻoe. e loaʻa i kekahi mau ʻatikala e pili ana i kēia kumuhana, me ka Habré.
UPD3. ʻAʻole kaumaha kākau i kahi code e hana ai i ka faila no ka manu mai dump.csv me ka hōʻuluʻulu koho o nā helu ip. No laila, hiki ke pani ʻia ka ʻāpana "Registry processing for the routing service" me kahi kelepona i kāna papahana. https://habr.com/post/354282/#comment_10782712
UPD4. He hana liʻiliʻi i nā hewa (ʻaʻole i hāʻawi i ka kikokikona):
1) ma kahi systemctl reload manu kūpono ke hoʻohana ʻana i ke kauoha hoʻonohonoho manuc.
2) i ka router Mikrotik, ma kahi o ka hoʻololi ʻana i ka hope-hop i ka IP o ka ʻaoʻao ʻelua o ka tunnel / routing filter add action=accept chain=dynamic-in protocol=bgp comment="Set nexthop" set-in-nexthop=172.30.1.1 He mea kūpono ke kuhikuhi pololei i ke ala i ka ʻaoʻao tunnel, me ka ʻole o ka helu wahi / routing filter add action=accept chain=dynamic-in protocol=bgp comment="Set nexthop" set-in-nexthop-direct=<inoa waena>
UPD5. Ua hiki mai kahi lawelawe hou https://antifilter.download, mai kahi e hiki ai iā ʻoe ke lawe i nā papa inoa ip-address i hoʻomākaukau ʻia. Hoʻouka hou ʻia i kēlā me kēia hapalua hola. Ma ka ʻaoʻao o ka mea kūʻai aku, ʻo ka mea wale nō e hoʻopili i nā mea komo me ka "alanui ... hōʻole".
A ua lawa paha ia no ka hoʻopaʻa ʻana i koʻu kupuna wahine a hoʻohou i ka ʻatikala.
UPD6. ʻO kahi mana hou o ka ʻatikala no ka poʻe makemake ʻole e hoʻomaopopo, akā makemake e hoʻomaka - maanei.