ProHoster > Блог > Nchịkwa > Jiri Debian 10 wulite rawụta na SOCKS na laptọọpụ

Jiri Debian 10 wulite rawụta na SOCKS na laptọọpụ

Ruo otu afọ (ma ọ bụ abụọ) akwụsịla m ibipụta akụkọ a maka isi ihe kpatara ya - ebipụtala m akụkọ abụọ nke m kọwara usoro nke ịmepụta rawụta na SOCKS site na laptọọpụ nkịtị na Debian.

Agbanyeghị, kemgbe ahụ emelitere ụdị Debian kwụsiri ike na Buster, ọnụọgụ mmadụ zuru ezu akpọtụrụ m na nzuzo na-arịọ maka enyemaka na nhazi ahụ, nke pụtara na akụkọ m gara aga anaghị agwụ agwụ. Ọ dị mma, mụ onwe m chere na ụzọ ndị akọwapụtara n'ime ha anaghị ekpughe nke ọma mgbagwoju anya nke ịtọlite ​​​​Linux maka ịgbagharị na SOCKS. Na mgbakwunye, edere ha maka Debian Stretch, na mgbe emelitechara na Buster, na sistemụ init sistemu, achọpụtara m obere mgbanwe na mmekọrịta nke ọrụ. Na n'ime isiokwu ndị ahụ n'onwe ha, ejighị m systemd-networkd, ọ bụ ezie na ọ kacha mma maka nhazi netwọk dị mgbagwoju anya.

Na mgbakwunye na mgbanwe ndị a dị n'elu, agbakwunyere ọrụ ndị a na nhazi m: nnabata - ọrụ maka ohere ohere virtualization, ntp iji mekọrịta oge nke ndị ahịa netwọkụ mpaghara, dnscrypt-proxy iji zoo njikọ site na DNS wee gbanyụọ mgbasa ozi na ndị ahịa netwọkụ mpaghara, yana kwa, dịka m kwuru na mbụ, sistemu-netwọk maka configuring netwọk interfaces.

Nke a bụ eserese ngọngọ dị mfe nke usoro ime nke rawụta dị otú ahụ.

Jiri Debian 10 wulite rawụta na SOCKS na laptọọpụ

Yabụ, ka m chetara gị ihe ebumnuche nke usoro isiokwu a bụ:

  1. Megharịa njikọ OS niile na SOCKS, yana njikọ sitere na ngwaọrụ niile dị n'otu netwọkụ dị na laptọọpụ.
  2. Laptọọpụ n'ọnọdụ m kwesịrị ịdị na-agagharị kpamkpam. Ya bụ, inye ohere iji gburugburu desktọọpụ ma ghara ijikọta ya na ọnọdụ anụ ahụ.
  3. Isi ihe ikpeazụ na-egosi njikọ na ntugharị naanị site na interface ikuku arụnyere n'ime ya.
  4. Ọfọn, na n'ezie, ịmepụta nduzi zuru oke, yana nyocha nke teknụzụ ndị dị mkpa na ihe ọmụma m dị ntakịrị.

Kedu ihe a ga-atụle n'isiokwu a:

  1. gaa - budata ebe nchekwa ọrụ tun2 sọksachọrọ iji ụzọ okporo ụzọ TCP gaa SOCKS, yana imepụta_ap - edemede iji megharịa ntọala nke ebe nnweta mebere site na iji nnabata.
  2. tun2 sọks - wuo ma wụnye ọrụ sistemu na sistemụ.
  3. sistemu-netwọk - Hazie ikuku ikuku na oghere mebere, tebụl ntụgharị kwụ ọtọ na ntugharị ngwugwu.
  4. imepụta_ap - wụnye ọrụ sistemu na sistemụ, hazie ma malite ebe nnweta mebere.

Usoro nhọrọ:

  • ntp - wụnye na hazie ihe nkesa ka mekọrịta oge na mebere ohere ebe ahịa.
  • dnscrypt-proxy - anyị ga-ezochi arịrịọ DNS, kpọga ha na SOCKS wee gbanyụọ ngalaba mgbasa ozi maka netwọkụ mpaghara.

Gịnị bụ ihe a niile?

Nke a bụ otu n'ime ụzọ isi chekwaa njikọ TCP na netwọkụ mpaghara. Isi uru bụ na a na-eme njikọ niile na SOCKS, ọ gwụla ma ewuru ha ụzọ kwụ ọtọ site na ọnụ ụzọ mbụ. Nke a pụtara na ịgaghị ezipụta ntọala nkesa SOCKS maka mmemme nke ọ bụla ma ọ bụ ndị ahịa na netwọkụ mpaghara - ha niile na-aga SOCKS na ndabara, ebe ọ bụ ọnụ ụzọ ndabara ruo mgbe anyị gosipụtara ihe ọzọ.

N'ikpeazụ, anyị na-agbakwunye rawụta nke abụọ dị ka laptọọpụ n'ihu rawụta mbụ wee jiri njikọ ịntanetị nke rawụta mbụ maka arịrịọ SOCKS nke laptọọpụ ezoro ezo, nke n'aka nke ya na-aga ma na-ezochi arịrịọ sitere n'aka ndị ahịa LAN.

Site n'echiche nke onye na-eweta, anyị na-ejikọta ya na otu sava nwere okporo ụzọ ezoro ezo.

N'ihi ya, a na-ejikọta ngwaọrụ niile na ebe ịnweta ohere nke laptọọpụ.

Wụnye tun2socks na sistemụ

Ọ bụrụhaala na igwe gị nwere ịntanetị, budata ngwaọrụ niile dị mkpa.

apt update
apt install git make cmake

Budata ngwugwu badvpn

git clone https://github.com/ambrop72/badvpn

Otu nchekwa ga-apụta na sistemụ gị badvpn. Mepụta folda dị iche maka ihe nrụpụta

mkdir badvpn-build

Gaa na ya

cd badvpn-build

Anakọta tun2socks

cmake ../badvpn -DBUILD_NOTHING_BY_DEFAULT=1 -DBUILD_TUN2SOCKS=1

Wụnye na sistemụ

make install
  • Ogologo -DBUILD_NOTHING_BY_DEFAULT=1 na-egbochi iwulite akụkụ niile nke ebe nchekwa badvpn.
  • -DBUILD_TUN2SOCKS=1 na-agụnye akụkụ na mgbakọ tun2 sọks.
  • make install - ga-etinye ọnụọgụ abụọ tun2socks na sistemụ gị na /usr/local/bin/badvpn-tun2socks.

Wụnye ọrụ tun2socks na systemd

Mepụta faịlụ /etc/systemd/system/tun2socks.service ya na ọdịnaya ndị a:

[Unit]
Description=SOCKS TCP Relay

[Service]
ExecStart=/usr/local/bin/badvpn-tun2socks --tundev tun2socks --netif-ipaddr 172.16.1.1 --netif-netmask 255.255.255.0 --socks-server-addr 127.0.0.1:9050

[Install]
WantedBy=multi-user.target
  • --tundev - na-ewe aha nke mebere interface nke anyị na-eji systemd-networkd malite.
  • --netif-ipaddr - adreesị netwọk nke tun2socks "router" nke ejikọrọ mebere interface. Ọ ka mma ime ya iche echekwabara subnet.
  • --socks-server-addr - anabata oghere (адрес:порт sava SOCKS).

Ọ bụrụ na ihe nkesa SOCKS gị chọrọ nyocha, ị nwere ike ịkọwapụta paramita --username и --password.

Na-esote, deba aha ọrụ ahụ

systemctl daemon-reload

Ma gbanye ya

systemctl enable tun2socks

Tupu ịmalite ọrụ ahụ, anyị ga-enye ya interface netwọk mebere.

Ịgbanwe na sistemụ-netwọk

Anyị gụnyere systemd-networkd:

systemctl enable systemd-networkd

Gbanyụọ ọrụ netwọk ugbu a.

systemctl disable networking NetworkManager NetworkManager-wait-online
  • Onye njikwa netwọkụ-echere-online bụ ọrụ na-echere njikọ netwọkụ na-arụ ọrụ tupu systemd aga n'ihu ịmalite ọrụ ndị ọzọ dabere na ọnụnọ netwọkụ. Anyị na-agbanyụ ya ka anyị na-atụgharị gaa na analog nke netwọk sistemụ.

Ka anyị mee ya ozugbo:

systemctl enable systemd-networkd-wait-online

Hazie interface netwọk ikuku

Mepụta faịlụ nhazi sistemu-netwọk maka interface netwọk ikuku /etc/systemd/network/25-wlp6s0.network.

[Match]
Name=wlp6s0

[Network]
Address=192.168.1.2/24
IPForward=yes
  • aha bụ aha interface ikuku gị. Jiri iwu mara ya ip a.
  • IPForward - ntuziaka na-enyere aka ntugharị ngwugwu na interface netwọk.
  • Address Ọ bụ ya na-ahụ maka ikenye adreesị IP na ikuku ikuku. Anyị na-akọwapụta ya n'ụzọ kwụ ọtọ n'ihi na site na ntụzịaka yiri ya DHCP=yes, systemd-networkd na-emepụta ụzọ ndabara na sistemụ. Mgbe ahụ, okporo ụzọ niile ga-esi na ụzọ ámá mbụ, ọ bụghị site na interface mebere n'ọdịnihu na subnet dị iche. Ị nwere ike ịlele ọnụ ụzọ ámá ndabara ugbu a site na iji iwu ahụ ip r

Mepụta ụzọ kwụ ọtọ maka sava SOCKS dịpụrụ adịpụ

Ọ bụrụ na ihe nkesa SOCKS gị abụghị mpaghara, kama ọ dịpụrụ adịpụ, mgbe ahụ ịkwesịrị ịmepụtara ya ụzọ kwụ ọtọ. Iji mee nke a, tinye akụkụ Route ruo na njedebe nke faịlụ nhazi ihu igwe ikuku ị jiri ọdịnaya ndị a mepụta:

[Route]
Gateway=192.168.1.1
Destination=0.0.0.0
  • Gateway - nke a bụ ọnụ ụzọ ámá ndabara ma ọ bụ adreesị nke ebe nnweta mbụ gị.
  • Destination - adreesị nkesa SOCKS.

Hazie wpa_supplicant maka sistemu-netwọk

systemd-networkd na-eji wpa_supplicant jikọọ na ebe nnweta echekwara. Mgbe ị na-agbalị 'ebuli' ikuku ikuku, systemd-networkd na-amalite ọrụ ahụ wpa_supplicant@имяebe Ọzọ bụ aha nke ikuku interface. Ọ bụrụ na ijibeghị sistemu-netwọk tupu oge a, mgbe ahụ ọrụ a nwere ike na-efu na sistemụ gị.

Ya mere mepụta ya na iwu:

systemctl enable wpa_supplicant@wlp6s0

Eji m ya wlp6s0 dị ka aha nke ikuku interface ya. Aha gị nwere ike ịdị iche. Ị nwere ike iji iwu ahụ mata ya ip l.

Ugbu a ọrụ emepụtara wpa_supplicant@wlp6s0 ga-amalite mgbe ikuku ikuku "buliri", Otú ọ dị, ya, n'aka nke ya, ga-achọ SSID na paswọọdụ ntọala nke ebe ohere na faịlụ. /etc/wpa_supplicant/wpa_supplicant-wlp6s0. Ya mere, ịkwesịrị ịmepụta ya site na iji ọrụ wpa_passphrase.

Iji mee nke a, gbanye iwu:

wpa_passphrase SSID password>/etc/wpa_supplicant/wpa_supplicant-wlp6s0.conf

ebe SSID bụ aha ebe ịnweta gị, paswọọdụ bụ paswọọdụ, na wl6s0 - aha interface ikuku gị.

Bido interface mebere maka tun2socks

Mepụta faịlụ ka ịmalite interface mebere ọhụrụ na sistemụ/etc/systemd/network/25-tun2socks.netdev

[NetDev]
Name=tun2socks
Kind=tun
  • aha bụ aha nke systemd-networkd ga-ekenye na interface mebere n'ọdịnihu mgbe ebido ya.
  • ụdị bụ ụdị nke mebere interface. Site na aha ọrụ tun2socks, ị nwere ike iche na ọ na-eji interface dị ka tun.
  • Ubueze bụ ndọtị nke faịlụ na systemd-networkd Na-eji ibido oghere netwọkụ mebere. A na-akọwapụta adreesị na ntọala netwọkụ ndị ọzọ maka oghere ndị a .netwọk- faịlụ.

Mepụta faịlụ dị ka nke a /etc/systemd/network/25-tun2socks.network ya na ọdịnaya ndị a:

[Match]
Name=tun2socks

[Network]
Address=172.16.1.2/24
Gateway=172.16.1.1
  • Name - aha nke mebere interface nke ị kwuru na Ubueze- faịlụ.
  • Address - adreesị IP ga-ekenye na mebere interface. Ga-abụrịrị n'otu netwọkụ ahụ dịka adreesị nke akọwapụtara na ọrụ tun2socks
  • Gateway - adreesị IP nke "Router" tun2 sọks, nke ị kọwapụtara mgbe ị na-emepụta ọrụ sistemu.

Ya mere interface ahụ tun2 sọks nwere adreesị 172.16.1.2, na ọrụ tun2 sọks - 172.16.1.1, ya bụ, ọ bụ ọnụ ụzọ maka njikọ niile sitere na interface mebere.

Hazie ebe nnweta mebere

Wụnye ndabere:

apt install util-linux procps hostapd iw haveged

Budata ebe nchekwa mepụta_ap gaa ụgbọ ala gị:

git clone https://github.com/oblique/create_ap

Gaa na nchekwa nchekwa dị na igwe gị:

cd create_ap

Wụnye na sistemụ:

make install

Otu nhazi ga-apụta na sistemụ gị /etc/create_ap.conf. Nke a bụ nhọrọ ndezi isi:

  • GATEWAY=10.0.0.1 - ọ ka mma ime ya subnet edobere iche.
  • NO_DNS=1 - gbanyụọ, ebe ọ bụ na a ga-ejikwa sistemụ arụmọrụ netwọọdụ sistemu.
  • NO_DNSMASQ=1 - gbanyụọ ya maka otu ihe kpatara ya.
  • WIFI_IFACE=wlp6s0 - Laptọọpụ ikuku interface.
  • INTERNET_IFACE=tun2socks - mebere interface emebere maka tun2socks.
  • SSID=hostapd - aha nke mebere ohere ebe.
  • PASSPHRASE=12345678 - paswọọdụ.

Echefula ime ka ọrụ ahụ rụọ ọrụ:

systemctl enable create_ap

Kwado ihe nkesa DHCP na sistemu-netwọk

Ọrụ ahụ create_ap malite interface mebere na sistemụ ahụ ap0. Na tiori, dnsmasq kwụgidere na interface a, mana gịnị kpatara ịwụnye mgbakwunye ọrụ ma ọ bụrụ na sistemụ netwọkụ nwere ihe nkesa DHCP arụnyere n'ime ya?

Iji mee ya, anyị ga-akọwapụta ntọala netwọk maka ebe mebere. Iji mee nke a, mepụta faịlụ /etc/systemd/network/25-ap0.network ya na ọdịnaya ndị a:

[Match]
Name=ap0

[Network]
Address=10.0.0.1/24
DHCPServer=yes

[DHCPServer]
EmitDNS=yes
DNS=10.0.0.1
EmitNTP=yes
NTP=10.0.0.1

Mgbe ọrụ create_ap na-amalite interface mebere ap0, systemd-networkd ga-ekenye ya adreesị IP ozugbo wee mee ka ihe nkesa DHCP rụọ ọrụ.

Ụdọ EmitDNS=yes и DNS=10.0.0.1 nyefee ntọala nkesa DNS na ngwaọrụ ejikọrọ na ebe nnweta.

Ọ bụrụ na ị naghị eme atụmatụ iji sava DNS mpaghara - n'ọnọdụ m ọ bụ dnscrypt-proxy - ị nwere ike iwunye. DNS=10.0.0.1 в DNS=192.168.1.1ebe 192.168.1.1 - adreesị nke ọnụ ụzọ ámá mbụ gị. Mgbe ahụ, arịrịọ DNS maka ndị ọbịa gị na netwọkụ mpaghara ga-aga ezoro ezo site na sava ndị na-eweta ya.

EmitNTP=yes и NTP=192.168.1.1 nyefee ntọala NTP.

Otu na-aga maka ahịrị NTP=10.0.0.1.

Wụnye ma hazie sava NTP

Wụnye na sistemụ:

apt install ntp

Dezie nhazi /etc/ntp.conf. Kwupụta adreesị nke ọdọ mmiri ọkọlọtọ:

#pool 0.debian.pool.ntp.org iburst
#pool 1.debian.pool.ntp.org iburst
#pool 2.debian.pool.ntp.org iburst
#pool 3.debian.pool.ntp.org iburst

Tinye adreesị nkesa ọha, dịka ọmụmaatụ Google Public NTP:

server time1.google.com ibrust
server time2.google.com ibrust
server time3.google.com ibrust
server time4.google.com ibrust

Nye ndị ahịa ohere ịnweta ihe nkesa na netwọk gị:

restrict 10.0.0.0 mask 255.255.255.0

Kwado mgbasa ozi na netwọk gị:

broadcast 10.0.0.255

N'ikpeazụ, tinye adreesị nke sava ndị a na tebụl ntụgharị kwụ ọtọ. Iji mee nke a, mepee faịlụ nhazi nhazi ikuku ikuku /etc/systemd/network/25-wlp6s0.network ma gbakwunye na njedebe nke ngalaba Route.

[Route]
Gateway=192.168.1.1
Destination=216.239.35.0

[Route]
Gateway=192.168.1.1
Destination=216.239.35.4

[Route]
Gateway=192.168.1.1
Destination=216.239.35.8

[Route]
Gateway=192.168.1.1
Destination=216.239.35.12

Ị nwere ike chọpụta adreesị nke sava NTP gị site na iji ngwa host dị ka ndị a:

host time1.google.com

Wụnye dnscrypt-proxy, wepụ mgbasa ozi ma zoo okporo ụzọ DNS n'aka onye na-eweta gị

apt install dnscrypt-proxy

Iji jee ozi ajụjụ DNS onye ọbịa na netwọkụ mpaghara, dezie oghere /lib/systemd/system/dnscrypt-proxy.socket. Gbanwee ahịrị ndị a:

ListenStream=0.0.0.0:53
ListenDatagram=0.0.0.0:53

Malitegharịa ekwentị systemd:

systemctl daemon-reload

Dezie nhazi /etc/dnscrypt-proxy/dnscrypt-proxy.toml:

server_names = ['adguard-dns']

Iji megharịa njikọ dnscrypt-proxy site na tun2socks, tinye n'okpuru:

force_tcp = true

Dezie nhazi /etc/resolv.conf, nke na-agwa ihe nkesa DNS nye onye ọbịa.

nameserver 127.0.0.1
nameserver 192.168.1.1

Ahịrị nke mbụ na-enyere aka iji dnscrypt-proxy, ahịrị nke abụọ na-eji ọnụ ụzọ mbụ ahụ ma ọ bụrụ na sava dnscrypt-proxy adịghị.

Emela!

Malitegharịa ma ọ bụ kwụsị ịgba ọsọ ọrụ netwọk:

systemctl stop networking NetworkManager NetworkManager-wait-online

Ma malitegharịa ihe niile dị mkpa:

systemctl restart systemd-networkd tun2socks create_ap dnscrypt-proxy ntp

Mgbe ịmalitegharịa ma ọ bụ malitegharịa, ị ga-enwe ohere ịnweta nke abụọ na-eduga ndị ọbịa na ngwaọrụ LAN gaa SOCKS.

Nke a bụ ihe mmepụta ahụ dị ip a laptọọpụ oge niile:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: tun2socks: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 500
    link/none 
    inet 172.16.1.2/24 brd 172.16.1.255 scope global tun2socks
       valid_lft forever preferred_lft forever
    inet6 fe80::122b:260:6590:1b0e/64 scope link stable-privacy 
       valid_lft forever preferred_lft forever
3: enp4s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
    link/ether e8:11:32:0e:01:50 brd ff:ff:ff:ff:ff:ff
4: wlp6s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 4c:ed:de:cb:cf:85 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.2/24 brd 192.168.1.255 scope global wlp6s0
       valid_lft forever preferred_lft forever
    inet6 fe80::4eed:deff:fecb:cf85/64 scope link 
       valid_lft forever preferred_lft forever
5: ap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 4c:ed:de:cb:cf:86 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.1/24 brd 10.0.0.255 scope global ap0
       valid_lft forever preferred_lft forever
    inet6 fe80::4eed:deff:fecb:cf86/64 scope link 
       valid_lft forever preferred_lft forever

N'ihi ya,

  1. Onye na-eweta ya na-ahụ naanị njikọ ezoro ezo na sava SOCKS gị, nke pụtara na ha ahụghị ihe ọ bụla.
  2. Ma ọ na-ahụ arịrịọ NTP gị, iji gbochie nke a, wepụ ụzọ kwụ ọtọ maka sava NTP. Agbanyeghị, ejighi n'aka na sava SOCKS gị na-enye ohere maka usoro NTP.

Crutch hụrụ na Debain 10

Ọ bụrụ na ị nwaa ịmalitegharịa ọrụ netwọk site na njikwa, ọ ga-ada na mperi. Nke a bụ n'ihi na akụkụ nke ya n'ụdị nke mebere interface na-ejikọta na ọrụ tun2socks, nke pụtara na-eji ya. Ka ịmalitegharịa ọrụ netwọk, ị ga-ebu ụzọ kwụsị ọrụ tun2socks. Ma, echere m, ọ bụrụ na ị gụọ ruo ọgwụgwụ, nke a abụghị nsogbu maka gị!

zoro

  1. Ntugharị kwụ ọtọ na Linux - IBM
  2. systemd-networkd.service - Freedesktop.org
  3. Tun2socks · ambrop72/badvpn Wiki · GitHub
  4. oblique/create_ap: Edemede a na-emepụta NATed ma ọ bụ Bridged WiFi Access Point.
  5. dnscrypt-proxy 2 - Onye nnọchi anya DNS na-agbanwe agbanwe, yana nkwado maka protocol DNS ezoro ezo.

isi: www.habr.com