ProHoster > Π‘Π»ΠΎΠ³ > Kev tswj hwm > Khiav lub VPN server tom qab tus muab kev pabcuam NAT

Khiav lub VPN server tom qab tus muab kev pabcuam NAT

Ib tsab xov xwm hais txog yuav ua li cas kuv tau tswj kom khiav VPN server tom qab NAT ntawm kuv tus kws kho mob hauv tsev (tsis muaj chaw nyob IP dawb). Cia kuv ua ib tug reservation tam sim ntawd: uas Qhov kev ua tau zoo ntawm qhov kev siv no ncaj qha nyob ntawm hom NAT siv los ntawm koj tus kws kho mob, nrog rau lub router.
Yog li, kuv xav tau txuas los ntawm kuv lub xov tooj Android rau kuv lub khoos phis tawj hauv tsev, ob qho khoom siv txuas nrog Is Taws Nem los ntawm tus kws kho mob NATs, ntxiv rau lub khoos phis tawj txuas nrog lub router hauv tsev, uas tseem muaj kev sib txuas NATs.
Lub tswv yim classic siv VPS / VDS uas tau xauj nrog tus IP chaw nyob dawb, nrog rau kev xauj ib tus IP chaw nyob dawb los ntawm tus kws kho mob, tsis tau txiav txim siab rau ntau yam.
Noj rau hauv tus account kev paub dhau los ntawm cov ntawv dhau los, tau ua ntau qhov kev sim nrog STUNs thiab NATs ntawm cov chaw muab kev pabcuam. Kuv txiav txim siab ua ib qho kev sim me ntsis los ntawm kev khiav cov lus txib ntawm lub tsev router khiav OpenWRT firmware: 

$ stun stun.sipnet.ru

tau txais qhov tshwm sim:

STUN tus thov kev pabcuam 0.97
Lub hauv paus pib: Independent Map, Independent Lim, random chaw nres nkoj, yuav hairpin
Rov qab tus nqi yog 0x000002

Kev txhais cov ntawv:
Independent Map - Kev ua haujlwm ywj pheej
Independent Filter - Cov lim dej ywj pheej
random chaw nres nkoj - random chaw nres nkoj
yuav hairpin - yuav muaj hairpin
Ua haujlwm zoo sib xws ntawm kuv lub PC, kuv tau txais:

STUN tus thov kev pabcuam 0.97
Qhov Tseem Ceeb: Kev Ua Haujlwm Tsis Txaus Siab, Chaw Nres Nkoj Raws Lim Lim, chaw nres nkoj random, yuav hairpin
Rov qab tus nqi yog 0x000006

Port Dependent Filter - chaw nres nkoj dependent lim
Qhov sib txawv ntawm cov txiaj ntsig ntawm cov lus txib tso tawm tau qhia tias lub tsev router tau ua "nws txoj kev koom tes" rau cov txheej txheem xa cov pob ntawv los ntawm Is Taws Nem; qhov no tau tshwm sim nyob rau hauv qhov tseeb tias thaum ua tiav cov lus txib hauv lub computer:

stun stun.sipnet.ru -p 11111 -v

Kuv tau txais qhov tshwm sim:

...
MappedAddress = XX.1XX.1X4.2XX:4398
...

Lub sijhawm no, kev sib tham UDP tau qhib rau qee lub sijhawm, yog tias lub sijhawm no koj xa daim ntawv thov UDP (piv txwv li: netcat XX.1XX.1X4.2XX 4398 -u), ces qhov kev thov tuaj rau lub tsev router, uas yog lees paub los ntawm TCPDump khiav ntawm nws, tab sis qhov kev thov tsis ncav cuag lub khoos phis tawj - IPtables, ua tus txhais lus NAT ntawm lub router, poob nws.
Khiav lub VPN server tom qab tus muab kev pabcuam NAT
Tab sis qhov tseeb tias UDP thov dhau los ntawm tus kws kho mob NAT tau muab kev cia siab rau kev ua tiav. Txij li thaum lub router nyob hauv kuv txoj cai, kuv tau daws qhov teeb meem los ntawm redirecting UDP / 11111 chaw nres nkoj rau lub computer:

iptables -t nat -A PREROUTING -i eth1 -p udp -d 10.1XX.2XX.XXX --dport 11111 -j DNAT --to-destination 192.168.X.XXX

Yog li, kuv tuaj yeem pib qhov kev sib tham UDP thiab tau txais kev thov hauv Is Taws Nem los ntawm txhua qhov chaw nyob IP. Lub sijhawm no, kuv tau pib OpenVPN-neeg rau zaub mov (uas tau teeb tsa nws ua ntej) mloog UDP / 11111 chaw nres nkoj, qhia qhov chaw nyob IP sab nraud thiab chaw nres nkoj (XX.1XX.1X4.2XX: 4398) ntawm lub xov tooj smartphone thiab txuas tau zoo los ntawm lub smartphone mus rau lub computer. Tab sis nyob rau hauv qhov kev siv no ib qho teeb meem tshwm sim: nws yog ib qho tsim nyog yuav tsum tau tswj hwm qhov kev sib tham UDP kom txog rau thaum OpenVPN tus neeg siv txuas nrog lub server; Kuv tsis nyiam qhov kev xaiv ntawm lub sijhawm tso tawm STUN tus neeg siv khoom - Kuv tsis xav kom nkim lub load. STUN servers.
Kuv kuj pom qhov nkag "yuav hairpin - yuav muaj hairpin", this mode

Hairpinning tso cai rau ib lub tshuab ntawm lub network hauv zos tom qab NAT nkag mus rau lwm lub tshuab ntawm tib lub network ntawm router qhov chaw nyob sab nraud.

Khiav lub VPN server tom qab tus muab kev pabcuam NAT
Raws li qhov tshwm sim, kuv tsuas daws qhov teeb meem ntawm kev tswj hwm UDP kev sib ntsib - Kuv tau pib tus neeg siv khoom ntawm tib lub khoos phis tawj nrog lub server.
Nws ua haujlwm zoo li no:

  • launched STUN tus neeg siv khoom ntawm qhov chaw nres nkoj hauv zos 11111
  • tau txais cov lus teb nrog tus IP chaw nyob sab nraud thiab chaw nres nkoj XX.1XX.1X4.2XX:4398
  • xa cov ntaub ntawv nrog tus IP chaw nyob sab nraud thiab chaw nres nkoj rau email (txhua qhov kev pabcuam yog ua tau) teeb tsa ntawm lub smartphone
  • tso tawm OpenVPN server ntawm lub computer mloog UDP/11111 chaw nres nkoj
  • launched tus neeg siv OpenVPN ntawm lub computer uas qhia txog XX.1XX.1X4.2XX:4398 rau kev sib txuas
  • Thaum twg los tau qhib lub OpenVPN tus neeg siv khoom ntawm lub xov tooj smartphone qhia qhov chaw nyob IP thiab chaw nres nkoj (hauv kuv qhov xwm txheej tus IP tsis hloov pauv) los txuas

Khiav lub VPN server tom qab tus muab kev pabcuam NAT
Txoj kev no kuv tuaj yeem txuas rau kuv lub computer los ntawm kuv lub smartphone. Qhov kev siv no tso cai rau koj txuas rau txhua tus neeg siv khoom OpenVPN.

Xyaum ua haujlwm

Nws yuav siv: 

# apt install openvpn stun-client sendemail

Tau sau ob peb tsab ntawv, ob peb cov ntaub ntawv teeb tsa, thiab tsim cov ntawv pov thawj tsim nyog (vim tias tus neeg siv khoom ntawm lub xov tooj smartphone tsuas yog ua haujlwm nrog daim ntawv pov thawj), peb tau txais kev siv ib txwm siv ntawm OpenVPN server.

Main tsab ntawv nyob rau hauv lub computer

# cat vpn11.sh

#!/bin/bash
until [[ -n "$iftosrv" ]]; do echo "$(date) ΠžΠΏΡ€Π΅Π΄Π΅Π»ΡΡŽ сСтСвой интСрфСйс"; iftosrv=`ip route get 8.8.8.8 | head -n 1 | sed 's|.*dev ||' | awk '{print $1}'`; sleep 5; done
ABSOLUTE_FILENAME=`readlink -f "$0"`
DIR=`dirname "$ABSOLUTE_FILENAME"`
localport=11111
until [[ $a ]]; do
	address=`stun stun.sipnet.ru -v -p $localport 2>&1 | grep "MappedAddress" | sort | uniq | head -n 1 | sed 's/:/ /g' | awk '{print $3" "$4}'`
        ip=`echo "$address" | awk {'print $1'}`
        port=`echo "$address" | awk {'print $2'}`
	srv="openvpn --config $DIR/server.conf --port $localport --daemon"
	$srv
	echo "$(date) Π‘Π΅Ρ€Π²Π΅Ρ€ Π·Π°ΠΏΡƒΡ‰Π΅Π½ с внСшним адрСсом $ip:$port"
	$DIR/sendemail.sh "OpenVPN-Server" "$ip:$port"
	sleep 1
	openvpn --config $DIR/client.conf --remote $ip --port $port
	echo "$(date) CΠΎΠ΅Π΄ΠΈΠ½Π΅Π½ΠΈΠ΅ ΠΊΠ»ΠΈΠ΅Π½Ρ‚Π° с сСрвСром Ρ€Π°Π·ΠΎΡ€Π²Π°Π½ΠΎ"
	for i in `ps xa | grep "$srv" | grep -v grep | awk '{print $1}'`; do
		kill $i && echo "$(date) Π—Π°Π²Π΅Ρ€ΡˆΠ΅Π½ процСсс сСрвСра $i ($srv)"
		done
	echo "Π–Π΄Ρƒ 15 сСк"
	sleep 15
	done

Tsab ntawv rau xa cov ntaub ntawv los ntawm email:

# cat sendemail.sh 

#!/bin/bash
from="ΠžΡ‚ ΠΊΠΎΠ³ΠΎ"
pass="ΠŸΠ°Ρ€ΠΎΠ»ΡŒ"
to="ΠšΠΎΠΌΡƒ"
theme="$1"
message="$2"
server="smtp.yandex.ru:587"
sendEmail -o tls=yes -f "$from" -t "$to" -s "$server" -xu "$from" -xp "$pass" -u "$theme" -m "$message"

Server configuration file:

# cat server.conf

proto udp
dev tun
ca      /home/vpn11-srv/ca.crt
cert    /home/vpn11-srv/server.crt
key     /home/vpn11-srv/server.key
dh      /home/vpn11-srv/dh2048.pem
server 10.2.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
tls-server
tls-auth /home/vpn11-srv/ta.key 0
tls-timeout 60
auth    SHA256
cipher  AES-256-CBC
client-to-client
keepalive 10 30
comp-lzo
max-clients 10
user nobody
group nogroup
persist-key
persist-tun
log /var/log/vpn11-server.log
verb 3
mute 20

Client configuration file:

# cat client.conf

client
dev tun
proto udp
ca      "/home/vpn11-srv/ca.crt"
cert    "/home/vpn11-srv/client1.crt"
key     "/home/vpn11-srv/client1.key"
tls-client
tls-auth "/home/vpn11-srv/ta.key" 1
auth SHA256
cipher AES-256-CBC
auth-nocache
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
log /var/log/vpn11-clent.log
verb 3
mute 20
ping 10
ping-exit 30

Cov ntawv pov thawj tau tsim los siv qhov no tsab xov xwm.
Khiav tsab ntawv:

# ./vpn11.sh

Los ntawm thawj ua nws executable 

# chmod +x vpn11.sh

Nyob rau sab smartphone

Los ntawm kev txhim kho daim ntawv thov OpenVPN rau Android, tau theej cov ntaub ntawv configuration, daim ntawv pov thawj thiab configured nws, nws tig tawm zoo li no:
Kuv tshawb xyuas kuv email ntawm kuv lub smartphoneKhiav lub VPN server tom qab tus muab kev pabcuam NAT
Kuv kho tus lej chaw nres nkoj hauv qhov chawKhiav lub VPN server tom qab tus muab kev pabcuam NAT
Kuv tso tus neeg siv khoom thiab txuasKhiav lub VPN server tom qab tus muab kev pabcuam NAT

Thaum sau tsab xov xwm no, kuv xa cov teeb tsa los ntawm kuv lub computer mus rau Raspberry Pi 3 thiab sim khiav tag nrho ntawm LTE modem, tab sis nws tsis ua haujlwm! Lus txib 

# stun stun.ekiga.net -p 11111

STUN tus thov kev pabcuam 0.97
Qhov Tseem Ceeb: Kev Ua Haujlwm Tsis Txaus Siab, Chaw Nres Nkoj Raws Lim Lim, chaw nres nkoj random, yuav hairpin
Rov qab tus nqi yog 0x000006

lub ntsiab lus Port Dependent Filter tsis pub lub system pib.
Tab sis tus kws kho mob hauv tsev tau tso cai rau lub kaw lus pib ntawm Raspberry Pi 3 yam tsis muaj teeb meem.
Ua ke nrog lub webcam, nrog VLC rau
tsim RTSP kwj los ntawm lub vev xaib

$ cvlc v4l2:///dev/video0:chroma=h264 :input-slave=alsa://hw:1,0 --sout '#transcode{vcodec=x264,venc=x264{preset=ultrafast,profile=baseline,level=31},vb=2048,fps=12,scale=1,acodec=mpga,ab=128,channels=2,samplerate=44100,scodec=none}:rtp{sdp=rtsp://10.2.0.1:8554/}' --no-sout-all --sout-keep

thiab VLC ntawm lub xov tooj smartphone rau saib (kwj rtsp://10.2.0.1:8554/), nws tau dhau los ua qhov zoo tshaj plaws kev soj ntsuam video hauv thaj chaw deb, koj tuaj yeem nruab Samba, taug kev los ntawm VPN, tswj hwm koj lub computer thiab ntau yam. ntau...

xaus

Raws li kev xyaum tau qhia, txhawm rau txhim kho lub VPN server, koj tuaj yeem ua yam tsis muaj qhov chaw nyob IP sab nraud uas koj yuav tsum tau them, ib yam li tus nqi xauj tsev VPS / VDS. Tab sis txhua yam yog nyob ntawm tus neeg muab kev pab. Tau kawg, kuv xav tau cov ntaub ntawv ntau ntxiv txog cov chaw muab kev pabcuam sib txawv thiab hom NATs siv, tab sis qhov no tsuas yog qhov pib ...
Ua tsaug rau koj txoj kev paub!

Tau qhov twg los: www.hab.com

Ntxiv ib saib