ProHoster > Π‘Π»ΠΎΠ³ > Kev tswj hwm > Tsim lub router hauv SOCKS ntawm lub laptop nrog Debian 10

Tsim lub router hauv SOCKS ntawm lub laptop nrog Debian 10

Rau ib lub xyoo (lossis ob) Kuv tau tso tawm cov ntawv tshaj tawm no rau qhov laj thawj tseem ceeb - Kuv twb tau luam tawm ob kab lus uas kuv tau piav qhia txog cov txheej txheem tsim lub router hauv SOCKS los ntawm lub laptop zoo tib yam nrog Debian.

Txawm li cas los xij, txij li tom qab ntawd qhov ruaj khov version ntawm Debian tau hloov kho rau Buster, muaj tus lej txaus ntawm cov neeg tau hu rau kuv tus kheej thov kev pab nrog kev teeb tsa, uas txhais tau hais tias kuv cov ntawv dhau los tsis tag. Zoo, kuv tus kheej kwv yees tias cov txheej txheem tau teev tseg hauv lawv tsis qhia tag nrho cov intricacies ntawm kev teeb tsa Linux rau routing hauv SOCKS. Tsis tas li ntawd, lawv tau sau rau Debian Stretch, thiab tom qab hloov kho mus rau Buster, hauv qhov systemd init system, kuv pom cov kev hloov me me hauv kev sib cuam tshuam ntawm cov kev pabcuam. Thiab hauv cov ntawv lawv tus kheej, kuv tsis tau siv systemd-networkd, txawm hais tias nws yog qhov zoo tshaj plaws rau kev teeb tsa lub network nyuaj.

Ntxiv rau qhov kev hloov pauv saum toj no, cov kev pabcuam hauv qab no tau ntxiv rau kuv qhov kev teeb tsa: hostapd - kev pabcuam rau nkag mus rau qhov chaw virtualization, ntp txhawm rau synchronize lub sijhawm ntawm cov neeg siv khoom network hauv zos, dnscrypt-proxy los encrypt kev sib txuas ntawm DNS thiab lov tes taw kev tshaj tawm ntawm cov neeg siv khoom hauv zos, thiab, raws li kuv tau hais dhau los, systemd-networkd rau configure network interfaces.

Ntawm no yog ib daim duab thaiv yooj yim ntawm cov qauv sab hauv ntawm lub router.

Tsim lub router hauv SOCKS ntawm lub laptop nrog Debian 10

Yog li, cia kuv nco ntsoov koj lub hom phiaj ntawm cov kab lus no yog dab tsi:

  1. Taug kev tag nrho OS kev sib txuas rau SOCKS, nrog rau kev sib txuas los ntawm txhua yam khoom siv hauv tib lub network li lub laptop.
  2. Lub laptop hauv kuv rooj plaub yuav tsum nyob twj ywm kiag li mobile. Ntawd yog, muab lub sijhawm los siv lub desktop ib puag ncig thiab tsis raug khi rau qhov chaw ntawm lub cev.
  3. Qhov kawg taw tes qhia txog kev sib txuas thiab routing tsuas yog los ntawm lub built-in wireless interface.
  4. Zoo, thiab tau kawg, kev tsim cov lus qhia dav dav, nrog rau kev txheeb xyuas cov thev naus laus zis cuam tshuam rau qhov zoo tshaj plaws ntawm kuv qhov kev paub me me.

Dab tsi yuav tau them rau hauv kab lus no:

  1. git - download tau qhov project repositories tun2 lujyuav tsum tau coj TCP tsheb mus rau SOCKS, thiab tsim_ap - ib tsab ntawv los automate lub teeb ntawm ib tug virtual nkag point siv hostapd.
  2. tun2 luj - tsim thiab nruab qhov kev pabcuam systemd ntawm qhov system.
  3. systemd-networkd - teeb tsa wireless thiab virtual interfaces, static routing tables thiab packet redirection.
  4. tsim_ap - nruab qhov kev pabcuam systemd ntawm lub kaw lus, teeb tsa thiab tso tawm qhov chaw nkag virtual.

Xaiv cov kauj ruam:

  • ntp - nruab thiab teeb tsa lub server kom synchronize lub sijhawm ntawm cov neeg siv khoom siv virtual.
  • dnscrypt-proxy - peb yuav encrypt DNS thov, xa lawv mus rau SOCKS thiab lov tes taw advertising domains rau lub zos network.

Qhov no yog dab tsi?

Qhov no yog ib txoj hauv kev kom ruaj ntseg TCP kev sib txuas ntawm lub network hauv zos. Lub ntsiab kom zoo dua yog tias tag nrho cov kev sib txuas yog tsim nyob rau hauv SOCKS, tshwj tsis yog tias txoj kev zoo li qub tau tsim rau lawv los ntawm lub rooj vag qub. Qhov no txhais tau hais tias koj tsis tas yuav qhia SOCKS server chaw rau ib tus neeg cov kev pab cuam lossis cov neeg siv khoom ntawm lub network hauv zos - lawv txhua tus mus rau SOCKS los ntawm lub neej ntawd, vim nws yog lub qhov rooj nkag mus txog thaum peb qhia lwm yam.

Qhov tseem ceeb peb ntxiv qhov thib ob encrypting router ua lub laptop nyob rau hauv pem hauv ntej ntawm tus thawj router thiab siv tus thawj router lub Internet kev twb kev txuas rau lub laptop tus twb encrypted SOCKS thov, uas nyob rau hauv lem txoj kev thiab encrypts thov los ntawm LAN neeg.

Los ntawm tus kws kho mob qhov kev xav, peb txuas ntxiv mus rau ib tus neeg rau zaub mov nrog encrypted tsheb.

Raws li, txhua yam khoom siv txuas nrog lub khoos phis tawj virtual nkag mus.

Nruab tun2 thom khwm ntawm qhov system

Tsuav koj lub tshuab muaj internet, download tau tag nrho cov cuab yeej tsim nyog.

apt update
apt install git make cmake

Download tau lub pob badvpn

git clone https://github.com/ambrop72/badvpn

Ib daim nplaub tshev yuav tshwm sim ntawm koj lub cev badvpn. Tsim ib daim ntawv tais ceev tseg rau kev tsim

mkdir badvpn-build

Mus rau nws

cd badvpn-build

Sau tun2socks

cmake ../badvpn -DBUILD_NOTHING_BY_DEFAULT=1 -DBUILD_TUN2SOCKS=1

Nruab rau ntawm qhov system

make install
  • Parameter -DBUILD_NOTHING_BY_DEFAULT=1 disables tsim ntawm tag nrho cov khoom ntawm badvpn repository.
  • -DBUILD_TUN2SOCKS=1 suav nrog ib feem ntawm lub rooj sib txoos tun2 luj.
  • make install - yuav nruab tun2socks binary ntawm koj lub cev ntawm /usr/local/bin/badvpn-tun2socks.

Nruab qhov kev pabcuam tun2socks hauv systemd

Tsim ib cov ntaub ntawv /etc/systemd/system/tun2socks.service nrog cov ntsiab lus hauv qab no:

[Unit]
Description=SOCKS TCP Relay

[Service]
ExecStart=/usr/local/bin/badvpn-tun2socks --tundev tun2socks --netif-ipaddr 172.16.1.1 --netif-netmask 255.255.255.0 --socks-server-addr 127.0.0.1:9050

[Install]
WantedBy=multi-user.target
  • --tundev - siv lub npe ntawm virtual interface uas peb pib nrog systemd-networkd.
  • --netif-ipaddr - qhov chaw nyob network ntawm tun2socks "router" uas lub virtual interface txuas nrog. Nws yog qhov zoo dua los ua kom nws sib cais reserved subnet.
  • --socks-server-addr - lees txais lub qhov (socket)адрСс:ΠΏΠΎΡ€Ρ‚ SOCKS servers).

Yog tias koj tus neeg rau zaub mov SOCKS xav tau kev lees paub, koj tuaj yeem qhia qhov tsis muaj --username ΠΈ --password.

Tom ntej no, sau npe qhov kev pabcuam

systemctl daemon-reload

Thiab tig rau

systemctl enable tun2socks

Ua ntej pib qhov kev pabcuam, peb yuav muab nws nrog virtual network interface.

Hloov mus rau systemd-networkd

Peb suav nrog systemd-networkd:

systemctl enable systemd-networkd

Disable tam sim no cov kev pab cuam network.

systemctl disable networking NetworkManager NetworkManager-wait-online
  • NetworkManager-tos-online yog ib qho kev pabcuam uas tos rau kev sib txuas ua haujlwm ua ntej systemd txuas ntxiv mus pib lwm yam kev pabcuam uas nyob ntawm seb muaj lub network. Peb tab tom cuam tshuam nws thaum peb hloov mus rau qhov systemd-networkd analogue.

Cia peb qhib nws tam sim ntawd:

systemctl enable systemd-networkd-wait-online

Teem lub wireless network interface

Tsim cov ntaub ntawv systemd-networkd configuration rau lub wireless network interface /etc/systemd/network/25-wlp6s0.network.

[Match]
Name=wlp6s0

[Network]
Address=192.168.1.2/24
IPForward=yes
  • lub npe yog lub npe ntawm koj lub wireless interface. Txheeb xyuas nws nrog cov lus txib ip a.
  • IPForward - cov lus qhia uas ua rau pob ntawv hloov pauv ntawm lub network interface.
  • chaw nyob yog lub luag haujlwm rau muab tus IP chaw nyob rau lub wireless interface. Peb qhia nws statically vim hais tias nrog cov lus qhia sib npaug DHCP=yes, systemd-networkd tsim lub rooj vag qub ntawm lub system. Tom qab ntawd tag nrho cov tsheb khiav yuav dhau los ntawm lub rooj vag qub, thiab tsis yog los ntawm lub neej yav tom ntej virtual interface ntawm lwm subnet. Koj tuaj yeem tshawb xyuas lub qhov rooj tam sim no nrog cov lus txib ip r

Tsim ib txoj hauv kev zoo li qub rau cov chaw taws teeb SOCKS server

Yog tias koj SOCKS server tsis nyob hauv zos, tab sis cov chaw taws teeb, ces koj yuav tsum tsim txoj hauv kev zoo li qub rau nws. Ua li no, ntxiv ib ntu Route mus rau qhov kawg ntawm lub wireless interface configuration file koj tsim nrog cov ntsiab lus hauv qab no:

[Route]
Gateway=192.168.1.1
Destination=0.0.0.0
  • Gateway - qhov no yog lub rooj vag qub lossis qhov chaw nyob ntawm koj qhov chaw nkag mus thawj.
  • Destination - SOCKS server chaw nyob.

Configure wpa_supplicant rau systemd-networkd

systemd-networkd siv wpa_supplicant los txuas rau qhov chaw nkag tau ruaj ntseg. Thaum sim "nce" lub wireless interface, systemd-networkd pib qhov kev pabcuam wpa_supplicant@имяqhov twg имя yog lub npe ntawm lub wireless interface. Yog tias koj tsis tau siv systemd-networkd ua ntej lub ntsiab lus no, ces qhov kev pabcuam no tej zaum yuav ploj ntawm koj lub cev.

Yog li tsim nws nrog cov lus txib:

systemctl enable wpa_supplicant@wlp6s0

kuv siv wlp6s0 raws li lub npe ntawm nws lub wireless interface. Koj lub npe yuav txawv. Koj tuaj yeem paub nws nrog cov lus txib ip l.

Tam sim no qhov kev pabcuam tsim wpa_supplicant@wlp6s0 yuav raug tso tawm thaum lub wireless interface yog "tso", txawm li cas los xij, nws, nyob rau hauv lem, yuav saib rau SSID thiab lo lus zais chaw ntawm qhov chaw nkag hauv cov ntaub ntawv. /etc/wpa_supplicant/wpa_supplicant-wlp6s0. Yog li ntawd, koj yuav tsum tsim nws siv cov khoom siv hluav taws xob wpa_passphrase.

Txhawm rau ua qhov no, khiav cov lus txib:

wpa_passphrase SSID password>/etc/wpa_supplicant/wpa_supplicant-wlp6s0.conf

qhov twg SSID yog lub npe ntawm koj qhov chaw nkag, tus password yog tus password, thiab wlp6s0 - lub npe ntawm koj lub wireless interface.

Pib lub virtual interface rau tun2socks

Tsim cov ntaub ntawv los pib qhov tshiab virtual interface hauv qhov system/etc/systemd/network/25-tun2socks.netdev

[NetDev]
Name=tun2socks
Kind=tun
  • lub npe yog lub npe uas systemd-networkd yuav muab rau yav tom ntej virtual interface thaum nws pib.
  • Hom yog hom virtual interface. Los ntawm lub npe ntawm cov kev pabcuam tun2socks, koj tuaj yeem kwv yees tias nws siv lub interface zoo li tun.
  • netdev yog qhov extension ntawm cov ntaub ntawv uas systemd-networkd Siv los pib ua haujlwm virtual network interfaces. Qhov chaw nyob thiab lwm qhov chaw network rau cov interfaces no tau teev tseg hauv .network- cov ntaub ntawv.

Tsim ib cov ntaub ntawv zoo li no /etc/systemd/network/25-tun2socks.network nrog cov ntsiab lus hauv qab no:

[Match]
Name=tun2socks

[Network]
Address=172.16.1.2/24
Gateway=172.16.1.1
  • Name - lub npe ntawm lub virtual interface uas koj teev nyob rau hauv netdev- ntaub ntawv.
  • Address - IP chaw nyob uas yuav raug muab rau hauv virtual interface. Yuav tsum nyob rau tib lub network raws li qhov chaw nyob uas koj tau teev hauv qhov kev pabcuam tun2socks
  • Gateway - IP chaw nyob ntawm "router" tun2 luj, uas koj tau teev thaum tsim cov kev pabcuam systemd.

Yog li ntawd lub interface tun2 luj muaj chaw nyob 172.16.1.2, thiab kev pabcuam tun2 luj - 172.16.1.1, uas yog, nws yog lub rooj vag rau tag nrho cov kev sib txuas los ntawm lub virtual interface.

Teem lub chaw nkag virtual

Install dependencies:

apt install util-linux procps hostapd iw haveged

Download tau lub repository tsim_ap rau koj lub tsheb:

git clone https://github.com/oblique/create_ap

Mus rau lub repository folder ntawm koj lub tshuab:

cd create_ap

Nruab rau ntawm qhov system:

make install

Ib qho config yuav tshwm sim ntawm koj qhov system /etc/create_ap.conf. Ntawm no yog lub ntsiab editing xaiv:

  • GATEWAY=10.0.0.1 - Nws yog qhov zoo dua los ua nws cais subnet tshwj xeeb.
  • NO_DNS=1 - lov tes taw, vim qhov parameter no yuav raug tswj los ntawm systemd-networkd virtual interface.
  • NO_DNSMASQ=1 - tua nws rau tib yam.
  • WIFI_IFACE=wlp6s0 - lub laptop wireless interface.
  • INTERNET_IFACE=tun2socks - lub virtual interface tsim rau tun2socks.
  • SSID=hostapd - lub npe ntawm qhov chaw nkag virtual.
  • PASSPHRASE=12345678 - tus password.

Tsis txhob hnov ​​​​qab qhib qhov kev pabcuam:

systemctl enable create_ap

Qhib DHCP server hauv systemd-networkd

Kev pab create_ap pib lub virtual interface hauv qhov system ap0. Hauv txoj kev xav, dnsmasq hangs ntawm qhov interface no, tab sis vim li cas thiaj li txhim kho cov kev pabcuam ntxiv yog tias systemd-networkd muaj cov neeg siv DHCP built-in?

Txhawm rau pab nws, peb yuav txhais cov chaw teeb tsa network rau lub ntsiab lus virtual. Ua li no, tsim ib cov ntaub ntawv /etc/systemd/network/25-ap0.network nrog cov ntsiab lus hauv qab no:

[Match]
Name=ap0

[Network]
Address=10.0.0.1/24
DHCPServer=yes

[DHCPServer]
EmitDNS=yes
DNS=10.0.0.1
EmitNTP=yes
NTP=10.0.0.1

Tom qab qhov kev pabcuam create_ap pib qhov kev sib tham virtual ap0, systemd-networkd yuav cia li muab nws tus IP chaw nyob thiab pab kom DHCP server.

Cov hlua EmitDNS=yes ΠΈ DNS=10.0.0.1 xa DNS server nqis rau cov khoom siv txuas nrog rau qhov chaw nkag.

Yog tias koj tsis npaj siv DNS server hauv zos - hauv kuv rooj plaub nws yog dnscrypt-proxy - koj tuaj yeem nruab DNS=10.0.0.1 Π² DNS=192.168.1.1qhov twg 192.168.1.1 - qhov chaw nyob ntawm koj lub rooj vag qub. Ces DNS thov rau koj tus tswv tsev thiab hauv zos network yuav mus unencrypted los ntawm tus neeg zov me nyuam cov servers.

EmitNTP=yes ΠΈ NTP=192.168.1.1 hloov NTP nqis.

Tib yam mus rau kab NTP=10.0.0.1.

Nruab thiab teeb tsa NTP server

Nruab rau ntawm qhov system:

apt install ntp

Kho qhov config /etc/ntp.conf. Qhia tawm qhov chaw nyob ntawm cov pas dej txheem:

#pool 0.debian.pool.ntp.org iburst
#pool 1.debian.pool.ntp.org iburst
#pool 2.debian.pool.ntp.org iburst
#pool 3.debian.pool.ntp.org iburst

Ntxiv cov chaw nyob rau pej xeem, piv txwv li Google Public NTP:

server time1.google.com ibrust
server time2.google.com ibrust
server time3.google.com ibrust
server time4.google.com ibrust

Muab kev nkag mus rau lub server rau cov neeg siv khoom hauv koj lub network:

restrict 10.0.0.0 mask 255.255.255.0

Qhib kev tshaj tawm rau koj lub network:

broadcast 10.0.0.255

Thaum kawg, ntxiv qhov chaw nyob ntawm cov servers no rau lub rooj sib tham zoo li qub. Ua li no, qhib lub wireless interface configuration file /etc/systemd/network/25-wlp6s0.network thiab ntxiv rau qhov kawg ntawm ntu Route.

[Route]
Gateway=192.168.1.1
Destination=216.239.35.0

[Route]
Gateway=192.168.1.1
Destination=216.239.35.4

[Route]
Gateway=192.168.1.1
Destination=216.239.35.8

[Route]
Gateway=192.168.1.1
Destination=216.239.35.12

Koj tuaj yeem tshawb pom qhov chaw nyob ntawm koj NTP servers siv cov khoom siv hluav taws xob host raws li nram no:

host time1.google.com

Nruab dnscrypt-proxy, tshem tawm cov tshaj tawm thiab zais DNS tsheb los ntawm koj tus kws kho mob

apt install dnscrypt-proxy

Txhawm rau pab tus tswv tsev thiab cov lus nug hauv zos DNS, kho lub qhov (socket). /lib/systemd/system/dnscrypt-proxy.socket. Hloov cov kab hauv qab no:

ListenStream=0.0.0.0:53
ListenDatagram=0.0.0.0:53

Rov pib dua systemd:

systemctl daemon-reload

Kho qhov config /etc/dnscrypt-proxy/dnscrypt-proxy.toml:

server_names = ['adguard-dns']

Txhawm rau xa dnscrypt-proxy kev sib txuas los ntawm tun2socks, ntxiv hauv qab no:

force_tcp = true

Kho qhov config /etc/resolv.conf, uas qhia DNS server rau tus tswv tsev.

nameserver 127.0.0.1
nameserver 192.168.1.1

Thawj kab tso cai rau kev siv dnscrypt-proxy, kab thib ob siv lub rooj vag qub thaum lub dnscrypt-proxy server tsis muaj.

Ua tiav!

Reboot lossis nres khiav kev pabcuam network:

systemctl stop networking NetworkManager NetworkManager-wait-online

Thiab rov pib dua txhua yam tsim nyog:

systemctl restart systemd-networkd tun2socks create_ap dnscrypt-proxy ntp

Tom qab rov pib dua lossis rov pib dua, koj yuav muaj qhov chaw nkag thib ob uas coj tus tswv tsev thiab LAN rau SOCKS.

Qhov no yog qhov tso zis zoo li ip a niaj hnub laptop:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: tun2socks: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 500
    link/none 
    inet 172.16.1.2/24 brd 172.16.1.255 scope global tun2socks
       valid_lft forever preferred_lft forever
    inet6 fe80::122b:260:6590:1b0e/64 scope link stable-privacy 
       valid_lft forever preferred_lft forever
3: enp4s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
    link/ether e8:11:32:0e:01:50 brd ff:ff:ff:ff:ff:ff
4: wlp6s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 4c:ed:de:cb:cf:85 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.2/24 brd 192.168.1.255 scope global wlp6s0
       valid_lft forever preferred_lft forever
    inet6 fe80::4eed:deff:fecb:cf85/64 scope link 
       valid_lft forever preferred_lft forever
5: ap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 4c:ed:de:cb:cf:86 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.1/24 brd 10.0.0.255 scope global ap0
       valid_lft forever preferred_lft forever
    inet6 fe80::4eed:deff:fecb:cf86/64 scope link 
       valid_lft forever preferred_lft forever

Thaum kawg

  1. Tus kws kho mob tsuas pom qhov kev sib txuas encrypted rau koj SOCKS server, uas txhais tau tias lawv tsis pom dab tsi.
  2. Thiab tseem nws pom koj qhov kev thov NTP, txhawm rau tiv thaiv qhov no, tshem tawm txoj hauv kev zoo li qub rau NTP servers. Txawm li cas los xij, nws tsis paub meej tias koj SOCKS server tso cai rau NTP raws tu qauv.

Crutch pom ntawm Debain 10

Yog tias koj sim rov pib qhov kev pabcuam network ntawm lub console, nws yuav ua tsis tiav nrog qhov yuam kev. Qhov no yog vim lub fact tias ib feem ntawm nws nyob rau hauv daim ntawv ntawm ib tug virtual interface yog khi rau tun2socks kev pab cuam, uas txhais tau tias nws yog siv. Txhawm rau rov pib qhov kev pabcuam network, koj yuav tsum ua ntej tso tseg qhov kev pabcuam tun2socks. Tab sis, kuv xav tias, yog tias koj nyeem txog qhov kawg, qhov no tsis yog qhov teeb meem rau koj!

ua tim khawv

  1. Static routing ntawm Linux - IBM
  2. systemd-networkd.service - Freedesktop.org
  3. Tun2socks Β· ambrop72/badvpn Wiki Β· GitHub
  4. oblique/create_ap: Tsab ntawv no tsim NATed lossis Bridged WiFi Access Point.
  5. dnscrypt-proxy 2 - Ib qho hloov pauv DNS npe, nrog kev txhawb nqa rau cov txheej txheem DNS encrypted.

Tau qhov twg los: www.hab.com