ProHoster > Π‘Π»ΠΎΠ³ > Kev tswj hwm > Teeb tsa BGP kom hla kev thaiv, lossis "Kuv tsis ntshai thiab poob rau hauv kev hlub nrog RKN"

Teeb tsa BGP kom hla kev thaiv, lossis "Kuv tsis ntshai thiab poob rau hauv kev hlub nrog RKN"

Zoo, ua li cas, hais txog "hlub" yog ib qho exaggeration. Es tsis txhob, "muaj peev xwm ua ke nrog."

Raws li koj txhua tus paub, txij li lub Plaub Hlis 16, 2018, Roskomnadzor tau thaiv kev nkag mus rau cov peev txheej hauv Is Taws Nem hauv qhov dav dav heev, ntxiv rau "Kev Sau Npe Sau Npe ntawm cov npe sau npe, nplooj ntawv ntsuas ntawm cov vev xaib hauv Is Taws Nem thiab cov chaw nyob hauv network uas tso cai rau txheeb xyuas qhov chaw. Hauv Is Taws Nem, "muaj cov ntaub ntawv faib tawm uas raug txwv hauv Lavxias Federation" (hauv cov ntawv nyeem - tsuas yog sau npe) los ntawm /10 qee zaum. Yog li ntawd, cov pej xeem ntawm Lavxias teb sab Federation thiab kev lag luam raug kev txom nyem, tau poob kev nkag mus rau tag nrho cov kev cai lij choj uas lawv xav tau.

Tom qab kuv tau hais hauv cov lus rau ib qho ntawm cov kab lus ntawm HabrΓ© tias kuv tau npaj los pab cov neeg raug tsim txom los ntawm kev teeb tsa lub tswv yim bypass, ntau tus neeg tuaj rau kuv thov kev pab zoo li no. Thaum txhua yam ua haujlwm rau lawv, ib tus ntawm lawv tau pom zoo piav qhia txog cov txheej txheem hauv ib tsab xov xwm. Tom qab qee qhov kev xav, kuv tau txiav txim siab los rhuav tshem kuv qhov ntsiag to ntawm lub xaib thiab sim ib zaug los sau qee yam nruab nrab ntawm qhov project thiab Facebook tshaj tawm, piv txwv li. habrapost. Qhov tshwm sim yog nyob rau hauv pem hauv ntej ntawm koj.

Disclaimer

Txij li thaum nws tsis yog kev cai lij choj tshaj tawm txoj hauv kev los hla kev nkag mus rau cov ntaub ntawv txwv tsis pub nkag mus rau thaj chaw ntawm Lavxias Federation, lub hom phiaj ntawm tsab xov xwm no yuav yog los tham txog ib txoj hauv kev uas tso cai rau koj kom nkag mus rau kev nkag mus rau cov peev txheej uas tau tso cai rau ntawm lub vev xaib. thaj chaw ntawm Lavxias teb sab Federation, tab sis vim yog lwm tus neeg ua haujlwm tsis tuaj yeem nkag ncaj qha los ntawm koj tus kws kho mob. Thiab kev nkag mus rau lwm cov peev txheej tau txais los ntawm kev ua los ntawm tsab xov xwm yog ib qho kev mob tshwm sim tsis zoo thiab tsis muaj lub hom phiaj ntawm tsab xov xwm.

Tsis tas li ntawd, txij li kuv feem ntau yog ib tus kws tsim qauv hauv network los ntawm kev ua haujlwm, kev ua haujlwm thiab txoj hauv kev ua neej, programming thiab Linux tsis yog kuv cov ntsiab lus muaj zog. Yog li ntawd, tau kawg, cov ntawv sau tuaj yeem sau tau zoo dua, teeb meem kev nyab xeeb hauv VPS tuaj yeem ua tiav ntau dua, thiab lwm yam. Koj cov lus pom zoo yuav raug lees txais nrog kev ris txiaj, yog tias lawv muaj cov ncauj lus kom ntxaws txaus - Kuv yuav zoo siab ntxiv rau lawv rau cov ntawv nyeem ntawm tsab xov xwm.

TL; DR

Peb automate nkag mus rau cov kev pab cuam los ntawm koj lub qhov uas twb muaj lawm siv ib daim ntawv teev npe thiab BGP raws tu qauv. Lub hom phiaj yog kom tshem tawm tag nrho cov tsheb thauj mus los los thaiv cov peev txheej rau hauv qhov av. Cov lus piav qhia yam tsawg kawg nkaus, feem ntau yog cov lus qhia ib kauj ruam.

Koj xav tau dab tsi rau qhov no?

Hmoov tsis zoo, tsab ntawv no tsis yog rau txhua tus. Txhawm rau siv cov txheej txheem no, koj yuav tsum tau muab ntau yam sib xyaw ua ke:

  1. Koj yuav tsum muaj lub linux server qhov chaw sab nraum qhov thaiv qhov chaw. Los yog tsawg kawg yog xav kom muaj xws li ib tug neeg rau zaub mov - hmoov zoo nws tam sim no raug nqi ntawm $ 9 / xyoo, thiab tejzaum nws tsawg dua. Cov txheej txheem kuj tseem tsim nyog yog tias koj muaj qhov sib cais VPN qhov, ces tus neeg rau zaub mov tuaj yeem nyob hauv qhov thaiv qhov chaw.
  2. Koj lub router yuav tsum ntse txaus kom ua tau
    • txhua tus neeg siv VPN koj nyiam (Kuv nyiam OpenVPN, tab sis nws tuaj yeem yog PPTP, L2TP, GRE + IPSec lossis lwm yam kev xaiv uas tsim lub qhov txuas);
    • BGPv4 raws tu qauv. Qhov ntawd txhais tau hais tias rau SOHO nws tuaj yeem yog Mikrotik lossis ib lub router nrog OpenWRT / LED / zoo li kev cai firmware uas tso cai rau koj los nruab Quagga lossis noog. Kev siv lub PC router kuj tsis txwv. Nyob rau hauv rooj plaub ntawm kev lag luam, nrhiav BGP kev txhawb nqa hauv cov ntaub ntawv rau koj tus ciam teb router.
  3. Koj yuav tsum muaj kev nkag siab txog Linux kev siv thiab kev sib tham thev naus laus zis, suav nrog BGP raws tu qauv. Los yog tsawg kawg xav tau lub tswv yim zoo li no. Txij li thaum kuv tsis tau npaj txhij los puag lub immensity lub sij hawm no, koj yuav tau kawm tej yam uas yog incomprehensible rau koj ntawm koj tus kheej. Txawm li cas los xij, kuv yuav, tau kawg, teb cov lus nug tshwj xeeb hauv cov lus thiab kuv tsis zoo li yuav yog tib tus teb, yog li tsis txhob yig nug.

Dab tsi yog siv hauv qhov piv txwv

  • Ib daim ntawv teev npe - los ntawm https://github.com/zapret-info/z-i 
  • VPS - Ubuntu 16.04
  • Routing Service - qub 1.6.3   
  • Router - Mikrotik hAP ac
  • Ua hauj lwm folders - txij li thaum peb ua hauj lwm raws li hauv paus, feem ntau ntawm txhua yam yuav nyob rau hauv lub hauv paus lub tsev nplaub tshev. Raws li:
    • /root/blacklist - ua haujlwm nplaub tshev nrog cov ntawv sau ua ke
    • /root/zi - daim ntawv teev npe ntawm github
    • /etc/bird - txheem nplaub tshev rau cov chaw pabcuam noog
  • Tus IP chaw nyob sab nraud ntawm VPS nrog cov neeg rau zaub mov routing thiab lub qhov tunnel termination point yog 194.165.22.146, ASN 64998; Sab nraud IP chaw nyob ntawm router - 81.177.103.94, ASN 64999
  • IP chaw nyob hauv lub qhov yog 172.30.1.1 thiab 172.30.1.2, raws li.

Teeb tsa BGP kom hla kev thaiv, lossis "Kuv tsis ntshai thiab poob rau hauv kev hlub nrog RKN"

Tau kawg, koj tuaj yeem siv lwm lub routers, kev khiav haujlwm thiab cov khoom siv software, kho cov kev daws teeb meem rau lawv cov logic.

Luv luv - lub logic ntawm kev daws

  1. Npaj ua tej yam
    1. Tau txais VPS
    2. Nqa ib qhov av ntawm lub router mus rau VPS
  2. Peb tau txais thiab tsis tu ncua hloov ib daim qauv ntawm daim ntawv teev npe
  3. Txhim kho thiab teeb tsa cov kev pabcuam routing
  4. Peb tsim cov npe ntawm txoj kev zoo li qub rau cov kev pabcuam routing raws li kev sau npe
  5. Peb txuas lub router mus rau qhov kev pabcuam thiab teeb tsa kev xa tag nrho cov tsheb khiav los ntawm lub qhov.

Qhov kev daws teeb meem tiag tiag

Npaj ua tej yam

Muaj ntau cov kev pabcuam hauv Is Taws Nem uas muab VPS rau tus nqi tsim nyog heev. Txog tam sim no kuv tau pom thiab kuv siv qhov kev xaiv rau $ 9 / xyoo, tab sis txawm tias koj tsis thab ntau dhau, muaj ntau txoj kev xaiv rau 1E / hli ntawm txhua lub ces kaum. Cov lus nug ntawm kev xaiv VPS nyob deb dhau ntawm cov kab lus no, yog li yog tias ib tus neeg tsis nkag siab qee yam txog qhov no, nug hauv cov lus.

Yog tias koj siv VPS tsis yog rau cov kev pabcuam routing nkaus xwb, tab sis kuj txhawm rau txiav lub qhov av ntawm nws, koj yuav tsum tau tsa lub qhov dej no thiab, yuav luag, teeb tsa NAT rau nws. Muaj ntau cov lus qhia ntawm cov kev ua no hauv Is Taws Nem, Kuv yuav tsis rov hais dua ntawm no. Lub ntsiab yuav tsum tau muaj rau xws li ib tug qhov av yog hais tias nws yuav tsum tsim ib tug nyias muaj nyias ib interface ntawm koj lub router uas txhawb lub qhov ntawm lub VPS. Feem ntau siv VPN technologies ua tau raws li qhov yuav tsum tau ua - piv txwv li, OpenVPN hauv tun hom yog zoo meej.

Tau txais ib daim ntawv teev npe

Raws li Jabrail hais tias, "Tus uas thaiv peb yuav pab peb." Txij li thaum RKN tab tom tsim cov ntawv sau npe txwv tsis pub siv, nws yuav yog kev txhaum tsis siv cov npe no los daws peb cov teeb meem. Peb yuav tau txais ib daim qauv ntawm kev sau npe los ntawm github.

Peb mus rau koj lub Linux server, poob rau hauv cov ntsiab lus hauv paus (sudo ua -) thiab nruab git yog tias nws tsis tau teeb tsa.

apt install git

Mus rau koj daim ntawv teev npe hauv tsev thiab rub tawm ib daim qauv ntawm daim ntawv teev npe.

cd ~ && git clone --depth=1 https://github.com/zapret-info/z-i 

Peb teeb tsa cron hloov tshiab (Kuv ua nws ib zaug txhua 20 feeb, tab sis koj tuaj yeem xaiv lub sijhawm uas koj nyiam). Ua li no peb tso tawm crontab -e thiab ntxiv cov kab hauv qab no rau nws:

*/20 * * * * cd ~/z-i && git pull && git gc

Peb txuas tus nuv uas yuav tsim cov ntaub ntawv rau cov kev pabcuam routing tom qab hloov kho cov npe. Ua li no, tsim ib cov ntaub ntawv /root/zi/.git/hooks/post-merge nrog cov ntsiab lus hauv qab no:

#!/usr/bin/env bash
changed_files="$(git diff-tree -r --name-only --no-commit-id ORIG_HEAD HEAD)"
check_run() {
    echo "$changed_files" | grep --quiet "$1" && eval "$2"
}
check_run dump.csv "/root/blacklist/makebgp"

thiab tsis txhob hnov ​​qab ua kom nws executable

chmod +x /root/z-i/.git/hooks/post-merge

Peb yuav tsim cov ntawv makebgp uas tus nuv hais txog me ntsis tom qab.

Txhim kho thiab teeb tsa ib qho kev pabcuam routing

Nruab noog. Hmoov tsis zoo, cov qauv ntawm cov noog tam sim no tau tshaj tawm hauv Ubuntu repositories yog piv rau qhov tshiab rau Archeopteryx quav, yog li peb yuav tsum xub ntxiv cov nom PPA ntawm cov software tsim tawm rau lub kaw lus.

add-apt-repository ppa:cz.nic-labs/bird
apt update
apt install bird

Tom qab no, peb tam sim ntawd lov tes taw noog rau IPv6 - peb yuav tsis xav tau nws hauv qhov kev teeb tsa no.

systemctl stop bird6
systemctl disable bird6

Hauv qab no yog ib daim ntawv teev cov kev pabcuam noog minimalistic (/etc/bird/bird.conf), uas yog txaus rau peb (thiab kuv ceeb toom koj ib zaug ntxiv tias tsis muaj leej twg txwv tsis pub tsim thiab kho lub tswv yim kom haum rau koj tus kheej xav tau)

log syslog all;
router id 172.30.1.1;

protocol kernel {
        scan time 60;
        import none;
#       export all;   # Actually insert routes into the kernel routing table
}

protocol device {
        scan time 60;
}

protocol direct {
        interface "venet*", "tun*"; # Restrict network interfaces it works with
}

protocol static static_bgp {
        import all;
        include "pfxlist.txt";
        #include "iplist.txt";
}

protocol bgp OurRouter {
        description "Our Router";
        neighbor 81.177.103.94 as 64999;
        import none;
        export where proto = "static_bgp";
        local as 64998;
        passive off;
        multihop;
}

router id - router identifier, uas pom zoo li qhov chaw nyob IPv4, tab sis tsis yog ib qho. Hauv peb cov ntaub ntawv, nws tuaj yeem yog tus lej 32-ntsis hauv IPv4 qhov chaw nyob hom, tab sis nws yog daim ntawv zoo los qhia qhov chaw nyob IPv4 ntawm koj lub cuab yeej (qhov no, VPS).

raws tu qauv ncaj qha txhais cov interfaces yuav ua hauj lwm nrog cov txheej txheem routing. Qhov piv txwv muab ob peb lub npe piv txwv, koj tuaj yeem ntxiv lwm tus. Koj tuaj yeem tshem tawm cov kab yooj yim; nyob rau hauv rooj plaub no, tus neeg rau zaub mov yuav mloog tag nrho cov interfaces muaj nrog qhov chaw nyob IPv4.

raws tu qauv zoo li qub yog peb cov khawv koob uas thauj cov npe ntawm cov npe ua ntej thiab IP chaw nyob (uas yog / 32 prefixes, tau kawg) los ntawm cov ntaub ntawv rau kev tshaj tawm tom ntej. Cov npe no tuaj qhov twg los yuav tau tham hauv qab no. Thov nco ntsoov tias kev thauj khoom IP chaw nyob yog tawm tswv yim los ntawm lub neej ntawd, yog vim li cas qhov no yog qhov ntim loj ntawm uploading. Rau kev sib piv, thaum lub sijhawm sau ntawv, muaj 78 kab hauv daim ntawv teev npe ua ntej, thiab 85898 hauv daim ntawv teev npe IP chaw nyob. Lub neej yav tom ntej yog nyob ntawm koj txiav txim siab tom qab sim nrog koj lub router. Tsis yog txhua tus ntawm lawv tuaj yeem yooj yim zom 85 txhiab nkag hauv lub rooj sib tham.

raws tu qauv bgp, qhov tseeb, teeb tsa bgp peering nrog koj lub router. Tus IP chaw nyob yog qhov chaw nyob ntawm sab nraud interface ntawm lub router (lossis qhov chaw nyob ntawm qhov chaw sib txuas ntawm sab router), 64998 thiab 64999 yog cov lej ntawm kev tswj hwm tus kheej. Hauv qhov no, lawv tuaj yeem raug muab tso rau hauv daim ntawv ntawm 16-ntsis tus lej, tab sis nws yog qhov zoo siv AS tus lej los ntawm tus kheej ntau yam txhais los ntawm RFC6996 - 64512-65534 suav nrog (muaj ib hom ntawv rau 32-ntsis ASNs, tab sis nyob rau hauv peb cov ntaub ntawv no yog twv yuav raug hu overkill). Cov txheej txheem piav qhia siv eBGP peering, nyob rau hauv uas cov lej ntawm cov kev tswj hwm tus kheej ntawm cov kev pabcuam routing thiab router yuav tsum sib txawv.

Raws li koj tuaj yeem pom, cov kev pabcuam yuav tsum paub tus IP chaw nyob ntawm lub router, yog li yog tias koj muaj qhov chaw nyob tsis muaj zog lossis tsis muaj chaw nyob (RFC1918) lossis sib koom (RFC6598) chaw nyob, koj tsis muaj kev xaiv los tsa kev sib tham sab nraud. interface, tab sis cov kev pabcuam tseem yuav ua haujlwm hauv lub qhov.

Nws kuj yog qhov tseeb heev tias los ntawm ib qho kev pabcuam koj tuaj yeem muab txoj hauv kev rau ntau lub routers sib txawv - tsuas yog luam cov chaw rau lawv los ntawm kev luam cov txheej txheem bgp thiab hloov tus neeg nyob ze tus IP chaw nyob. Tias yog vim li cas qhov piv txwv qhia tau hais tias qhov chaw rau peering sab nraum lub qhov, raws li qhov feem ntau universal. Nws yog ib qho yooj yim kom tshem lawv mus rau hauv qhov av los ntawm kev hloov tus IP chaw nyob hauv cov chaw raws li.

Ua cov npe rau cov kev pabcuam routing

Tam sim no peb xav tau, qhov tseeb, los tsim cov npe ntawm cov npe ua ntej thiab IP chaw nyob, uas tau hais hauv cov txheej txheem zoo li qub ntawm theem dhau los. Txhawm rau ua qhov no, peb nqa cov ntaub ntawv sau npe thiab ua cov ntaub ntawv peb xav tau los ntawm nws siv cov ntawv hauv qab no, muab tso rau hauv /root/blacklist/makebgp

#!/bin/bash
cut -d";" -f1 /root/z-i/dump.csv| tr '|' 'n' |  tr -d ' ' > /root/blacklist/tmpaddr.txt
cat /root/blacklist/tmpaddr.txt | grep / | sed 's_.*_route & reject;_' > /etc/bird/pfxlist.txt
cat /root/blacklist/tmpaddr.txt | sort | uniq | grep -Eo "([0-9]{1,3}[.]){3}[0-9]{1,3}" | sed 's_.*_route &/32 reject;_' > /etc/bird/iplist.txt
/etc/init.d/bird reload
logger 'bgp list compiled'

Tsis txhob hnov ​​qab ua kom nws executable

chmod +x /root/blacklist/makebgp

Tam sim no koj tuaj yeem khiav nws manually thiab saib cov tsos ntawm cov ntaub ntawv hauv /etc/bird.

Feem ntau, noog tsis ua haujlwm rau koj tam sim no, vim tias nyob rau theem dhau los koj tau hais kom nws mus nrhiav cov ntaub ntawv uas tseem tsis tau muaj. Yog li ntawd, peb tso nws thiab xyuas tias nws tau pib:

systemctl start bird
birdc show route

Cov zis ntawm qhov thib ob hais kom ua yuav tsum qhia txog 80 cov ntaub ntawv (qhov no yog rau tam sim no, tab sis thaum koj teeb tsa, txhua yam yuav nyob ntawm qhov mob siab rau ntawm RKN hauv kev thaiv cov tes hauj lwm) qee yam zoo li no:

54.160.0.0/12      unreachable [static_bgp 2018-04-19] * (200)

pab neeg

birdc show protocol

yuav qhia cov xwm txheej ntawm cov txheej txheem hauv kev pabcuam. Txog thaum koj tau teeb tsa lub router (saib cov ntsiab lus tom ntej), OurRouter raws tu qauv yuav nyob rau hauv lub xeev pib (Txuas lossis Active theem), thiab tom qab kev sib txuas ua tiav nws yuav mus rau lub xeev nce (Tsim theem). Piv txwv li, ntawm kuv lub kaw lus cov zis ntawm cov lus txib zoo li no:

BIRD 1.6.3 ready.
name     proto    table    state  since       info
kernel1  Kernel   master   up     2018-04-19
device1  Device   master   up     2018-04-19
static_bgp Static   master   up     2018-04-19
direct1  Direct   master   up     2018-04-19
RXXXXXx1 BGP      master   up     13:10:22    Established
RXXXXXx2 BGP      master   up     2018-04-24  Established
RXXXXXx3 BGP      master   start  2018-04-22  Connect       Socket: Connection timed out
RXXXXXx4 BGP      master   up     2018-04-24  Established
RXXXXXx5 BGP      master   start  2018-04-24  Passive

Txuas lub router

Txhua leej txhua tus yuav nkees ntawm kev nyeem cov ntaub ntawv no, tab sis ua siab ntev - qhov kawg yog nyob ze. Ntxiv mus, nyob rau hauv seem no kuv yuav tsis muaj peev xwm muab cov lus qhia step-by-step - nws yuav txawv rau txhua tus neeg tsim khoom.

Txawm li cas los xij, kuv tuaj yeem qhia koj ob peb yam piv txwv. Lub ntsiab logic yog nce BGP peering thiab muab nexthop rau tag nrho cov tau txais prefixes, taw tes rau peb lub qhov (yog hais tias peb yuav tsum tau xa tsheb khiav los ntawm ib tug p2p interface) los yog lub nexthop IP chaw nyob yog hais tias lub tsheb yuav mus rau ethernet).

Piv txwv li, ntawm Mikrotik hauv RouterOS qhov no tau daws raws li hauv qab no

/routing bgp instance set default as=64999 ignore-as-path-len=yes router-id=172.30.1.2
/routing bgp peer add in-filter=dynamic-in multihop=yes name=VPS remote-address=194.165.22.146 remote-as=64998 ttl=default
/routing filter add action=accept chain=dynamic-in protocol=bgp comment="Set nexthop" set-in-nexthop=172.30.1.1

thiab hauv Cisco IOS - zoo li qhov no

router bgp 64999
  neighbor 194.165.22.146 remote-as 64998
  neighbor 194.165.22.146 route-map BGP_NEXT_HOP in
  neighbor 194.165.22.146 ebgp-multihop 250
!
route-map BGP_NEXT_HOP permit 10
  set ip next-hop 172.30.1.1

Yog tias tib lub qhov yog siv ob qho tib si rau BGP peering thiab rau kev xa cov tsheb muaj txiaj ntsig, nws tsis tas yuav teeb tsa nexthop; nws yuav raug teeb tsa kom raug siv raws tu qauv. Tab sis yog tias koj teem nws manually, nws yuav tsis ua rau nws phem dua.

Ntawm lwm lub platform, koj yuav tsum paub txog qhov kev teeb tsa koj tus kheej, tab sis yog tias koj muaj teeb meem, sau rau hauv cov lus, kuv yuav sim pab.

Tom qab koj qhov kev sib tham BGP tau pib, txoj hauv kev mus rau cov tes hauj lwm loj tau tuaj txog thiab tau teeb tsa hauv lub rooj, kev khiav tsheb tau ntws mus rau qhov chaw nyob los ntawm lawv thiab kev zoo siab yog nyob ze, koj tuaj yeem rov qab mus rau qhov kev pabcuam noog thiab sim ua kom tsis pom qhov nkag mus rau qhov chaw nyob. cov npe ntawm IP chaw nyob, ua tom qab ntawd

systemctl reload bird

thiab saib seb koj lub router tau hloov pauv li cas 85 txhiab txoj kev. Npaj kom tshem tawm thiab xav txog yuav ua li cas nrog nws :)

Tag nrho

Purely theoretically, tom qab ua tiav cov kauj ruam tau piav qhia saum toj no, koj tam sim no muaj cov kev pabcuam uas cia li hloov tsheb mus rau IP chaw nyob txwv hauv Lavxias Federation dhau los ntawm kev lim dej.

Nws muaj peev xwm, ntawm chav kawm, yuav txhim kho. Piv txwv li, nws yooj yim heev los sau cov npe ntawm IP chaw nyob siv perl lossis python daws. Ib tsab ntawv Perl yooj yim ua qhov no siv Net::CIDR::Lite hloov 85 txhiab prefixes rau hauv 60 (tsis yog txhiab), tab sis, ntawm chav kawm, npog ntau qhov chaw nyob ntau dua li raug thaiv.

Txij li thaum cov kev pabcuam ua haujlwm ntawm qib peb ntawm ISO / OSI qauv, nws yuav tsis cawm koj los ntawm kev thaiv qhov chaw / nplooj ntawv yog tias nws daws qhov chaw nyob tsis raug raws li sau tseg hauv daim ntawv teev npe. Tab sis nrog rau kev sau npe, cov ntaub ntawv nxdomain.txt tuaj txog ntawm github, uas nrog ob peb lub strokes ntawm tsab ntawv yooj yim hloov mus rau hauv qhov chaw nyob, piv txwv li, SwitchyOmega plugin hauv Chrome.

Nws kuj tseem yuav tsum tau hais txog qhov kev daws teeb meem yuav tsum tau ua kom zoo ntxiv yog tias koj tsis yog tus neeg siv Is Taws Nem nkaus xwb, tab sis kuj tshaj tawm qee qhov kev pabcuam ntawm koj tus kheej (piv txwv li, lub vev xaib lossis xa ntawv xa mus rau qhov txuas no). Siv lub router txoj kev, nws yog ib qho tsim nyog yuav tsum nruj me ntsis khi cov tsheb khiav tawm los ntawm qhov kev pabcuam no rau koj qhov chaw nyob pej xeem, txwv tsis pub koj yuav poob kev sib txuas nrog cov peev txheej uas tau them los ntawm cov npe ntawm cov npe ua ntej tau txais los ntawm router.

Yog tias koj muaj lus nug, nug, kuv npaj teb.

UPD. Ua tsaug navion ΠΈ TerAnYu rau cov kev txwv rau git uas tso cai kom txo cov download ntim.

UPD 2. Cov npoj yaig, zoo li kuv tau ua yuam kev los ntawm kev tsis ntxiv cov lus qhia rau kev teeb tsa lub qhov av ntawm VPS thiab router rau hauv kab lus. Ntau cov lus nug raug tsa los ntawm qhov no.
Tsuas yog nyob rau hauv rooj plaub no, kuv mam li nco ntsoov ib zaug ntxiv tias ua ntej pib phau ntawv qhia no, koj twb tau teeb tsa lub VPN qhov hauv qhov kev taw qhia koj xav tau thiab kuaj xyuas nws cov haujlwm (piv txwv li, los ntawm kev xa tsheb mus los ntawm lub neej ntawd lossis statically). Yog tias koj tseem tsis tau ua tiav theem no, nws tsis muaj txiaj ntsig zoo los ua raws cov kauj ruam hauv tsab xov xwm. Kuv tsis muaj kuv tus kheej cov ntawv ntawm qhov no tsis tau, tab sis yog tias koj google " teeb tsa OpenVPN server" nrog rau lub npe ntawm lub operating system nruab rau ntawm VPS, thiab " teeb tsa OpenVPN tus neeg siv" nrog lub npe ntawm koj lub router. , koj feem ntau yuav pom ntau cov lus ntawm cov ncauj lus no, suav nrog hauv Habre.

UPD 3. Tsis txi Kuv tau sau ib tus lej uas hloov dump.csv rau hauv cov ntaub ntawv tshwm sim rau noog nrog kev xaiv cov ntsiab lus ntawm IP chaw nyob. Yog li ntawd, ntu "Ua tiav cov npe rau cov kev pabcuam routing" tuaj yeem hloov tau los ntawm kev hu rau nws qhov program. https://habr.com/post/354282/#comment_10782712

UPD4. Ua haujlwm me ntsis ntawm qhov yuam kev (Kuv tsis tau ntxiv rau hauv cov ntawv nyeem):
1) hloov systemctl reload noog nws ua rau kev nkag siab siv cov lus txib birdc configure.
2) nyob rau hauv lub Mikrotik router, es tsis txhob hloov lub nexthop rau tus IP ntawm lub thib ob sab ntawm lub qhov. /routing lim ntxiv kev nqis tes ua = lees txais cov saw = dynamic-nyob rau hauv raws tu qauv = bgp tawm tswv yim = Β»Set nexthopΒ» set-in-nexthop=172.30.1.1 nws ua rau kev txiav txim siab hais txog txoj hauv kev ncaj qha mus rau qhov chaw sib txuas, tsis muaj chaw nyob / routing lim ntxiv kev nqis tes ua = lees txais cov saw = dynamic-nyob rau hauv raws tu qauv = bgp tawm tswv yim = Β»Set nexthopΒ» set-in-nexthop-direct = <interface name>

UPD 5. Ib qho kev pabcuam tshiab tau tshwm sim https://antifilter.download, los ntawm qhov chaw koj tuaj yeem khaws cov npe npaj ua tiav ntawm IP chaw nyob. Hloov kho txhua ib nrab teev. Ntawm cov neeg siv khoom, txhua yam uas tseem tshuav yog txhawm rau teeb tsa cov ntaub ntawv nrog rau "txoj kev ... tsis lees paub".
Thiab ntawm lub sijhawm no, tej zaum, nws txaus los rub koj pog thiab hloov kho cov kab lus.

UPD 6. Ib qho kev hloov kho ntawm tsab xov xwm rau cov neeg uas tsis xav paub nws, tab sis xav pib - no.

Tau qhov twg los: www.hab.com

Ntxiv ib saib