Edemede gbasara otu m siri mee ihe nkesa VPN n'azụ NAT nke ndị na-eweta ụlọ m (na-enweghị adreesị IP ọcha). Ka m mee ndoputa ozugbo: nke ahụ arụmọrụ nke mmejuputa a dabere na ụdị NAT nke onye na-eweta gị na-eji, yana rawụta.
Yabụ, achọrọ m ijikọ site na ekwentị gam akporo m na kọmpụta ụlọ m, ngwaọrụ abụọ ahụ jikọtara na ịntanetị site na ndị na-eweta NAT, gbakwunyere na kọmputa jikọtara site na onye na-ahụ maka ụlọ, nke nwekwara njikọ NAT.
Atụmatụ kpochapụrụ na-eji VPS/VDS mgbazinye nwere adreesị IP ọcha, yana ịgbazite adreesị IP ọcha site n'aka onye na-eweta ya, echeghị maka ọtụtụ ihe kpatara ya.
N'iburu n'uche
$ stun stun.sipnet.ru
nwetara nsonaazụ:
Ndị ahịa STUN 0.97
Isi: Maapụ nọọrọ onwe ya, nzacha nọọrọ onwe ya, ọdụ ụgbọ mmiri na-enweghị usoro, ga-akpụ ntutu
Uru nloghachi bụ 0X000002
Ntụgharị asụsụ nkịtị:
Nkewa nọọrọ onwe - maapụ nọọrọ onwe ya
Nzacha nọọrọ onwe ya - nzacha nọọrọ onwe ya
ọdụ ụgbọ mmiri - random ọdụ ụgbọ mmiri
ga ntutupin - a ga-enwe ntutu isi
Na-agba ọsọ otu iwu na PC m, enwetara m:
Ndị ahịa STUN 0.97
Isi: Maapụ nọọrọ onwe ya, Filter Dependent Port, ọdụ ụgbọ mmiri, ga-akpụ ntutu
Uru nloghachi bụ 0X000006
Filter Dependent Port - nzacha dabere ọdụ ụgbọ mmiri
Ihe dị iche na nsonaazụ nke mmepụta iwu gosiri na onye na-ahụ maka ụlọ na-enye "onyinye" na usoro nke ịnyefe ngwugwu site na Ịntanetị; nke a gosipụtara n'eziokwu na mgbe ị na-eme iwu na kọmputa:
stun stun.sipnet.ru -p 11111 -v
M na-enweta nsonaazụ:
...
MappedAdreesị = XX.1XX.1X4.2XX:4398
...
n'oge a, e meghere nnọkọ UDP ruo oge ụfọdụ, ma ọ bụrụ na n'oge a ị na-eziga arịrịọ UDP (dịka ọmụmaatụ: netcat XX.1XX.1X4.2XX 4398 -u), mgbe ahụ, arịrịọ ahụ bịara na rawụta ụlọ, nke bụ. kwadoro site na TCPDump na-agba ọsọ na ya, ma arịrịọ ahụ eruteghị kọmputa - IPtables, dị ka onye ntụgharị NAT na rawụta, tụpụrụ ya.
Mana eziokwu ahụ bụ na arịrịọ UDP gafere site na NAT onye na-eweta ya nyere olileanya maka ịga nke ọma. Ebe ọ bụ na rawụta dị na ikike m, edozira m nsogbu ahụ site na ibugharị ọdụ ụgbọ mmiri UDP/11111 na kọmpụta:
iptables -t nat -A PREROUTING -i eth1 -p udp -d 10.1XX.2XX.XXX --dport 11111 -j DNAT --to-destination 192.168.X.XXX
Ya mere, enwere m ike ịmalite nnọkọ UDP ma nweta arịrịọ sitere na Ịntanetị site na adreesị IP ọ bụla. N'oge a, m ulo oru OpenVPN-ihe nkesa (na mbụ ahazi ya) na-ege ntị UDP / 11111 ọdụ ụgbọ mmiri, gosiri na mpụga adreesị IP na ọdụ ụgbọ mmiri (XX.1XX.1X4.2XX: 4398) na smartphone na nke ọma jikọọ na smartphone ka smartphone. kọmputa. Ma na mmejuputa atumatu a, nsogbu bilitere: ọ dị mkpa idobe nnọkọ UDP ruo mgbe onye ahịa OpenVPN jikọọ na ihe nkesa ahụ; Enweghị m mmasị na nhọrọ nke ịmalite onye ahịa STUN kwa oge - Achọghị m ịla n'iyi ahụ. sava STUN.
Achọpụtakwara m ntinye”
Ịcha ntutu na-enye ohere ka otu igwe dị na netwọkụ mpaghara n'azụ NAT nweta igwe ọzọ n'otu netwọkụ ahụ na adreesị mpụta nke rawụta.
N'ihi ya, m na-edozi nsogbu nke ịnọgide na-enwe nnọkọ UDP - M malitere onye ahịa ahụ n'otu kọmputa ahụ na ihe nkesa ahụ.
Ọ rụrụ ọrụ dị ka nke a:
- weputara onye ahịa STUN na ọdụ ụgbọ mmiri mpaghara 11111
- natara nzaghachi na adreesị IP mpụga na ọdụ ụgbọ mmiri XX.1XX.1X4.2XX:4398
- ezigara data na adreesị IP mpụga na ọdụ ụgbọ mmiri na email (ọrụ ọ bụla ọzọ ga-ekwe omume) ahaziri na ama
- weputara sava OpenVPN na kọmpụta na-ege ọdụ ụgbọ mmiri UDP/11111
- bidoro onye ahịa OpenVPN na kọmpụta na-akọwapụta XX.1XX.1X4.2XX:4398 maka njikọ.
- n'oge ọ bụla ewepụtara onye ahịa OpenVPN na ama ama na-egosi adreesị IP na ọdụ ụgbọ mmiri (n'ọnọdụ m, adreesị IP agbanweghị) iji jikọọ
Otu a ka m nwere ike jikọọ na kọmputa m site na smartphone m. Mmejuputa a na-enye gị ohere ijikọ ndị ahịa OpenVPN ọ bụla.
Mee ihe
Ọ ga - ewe:
# apt install openvpn stun-client sendemail
N'ịbụ onye dere edemede ole na ole, faịlụ nhazi abụọ, wee mepụta asambodo ndị dị mkpa (ebe ọ bụ na onye ahịa na smartphone na-arụ ọrụ naanị na asambodo), anyị nwetara mmejuputa ihe nkesa OpenVPN.
Isi edemede na kọmputa
# cat vpn11.sh
#!/bin/bash
until [[ -n "$iftosrv" ]]; do echo "$(date) Определяю сетевой интерфейс"; iftosrv=`ip route get 8.8.8.8 | head -n 1 | sed 's|.*dev ||' | awk '{print $1}'`; sleep 5; done
ABSOLUTE_FILENAME=`readlink -f "$0"`
DIR=`dirname "$ABSOLUTE_FILENAME"`
localport=11111
until [[ $a ]]; do
address=`stun stun.sipnet.ru -v -p $localport 2>&1 | grep "MappedAddress" | sort | uniq | head -n 1 | sed 's/:/ /g' | awk '{print $3" "$4}'`
ip=`echo "$address" | awk {'print $1'}`
port=`echo "$address" | awk {'print $2'}`
srv="openvpn --config $DIR/server.conf --port $localport --daemon"
$srv
echo "$(date) Сервер запущен с внешним адресом $ip:$port"
$DIR/sendemail.sh "OpenVPN-Server" "$ip:$port"
sleep 1
openvpn --config $DIR/client.conf --remote $ip --port $port
echo "$(date) Cоединение клиента с сервером разорвано"
for i in `ps xa | grep "$srv" | grep -v grep | awk '{print $1}'`; do
kill $i && echo "$(date) Завершен процесс сервера $i ($srv)"
done
echo "Жду 15 сек"
sleep 15
done
Ederede maka izipu data site na email:
# cat sendemail.sh
#!/bin/bash
from="От кого"
pass="Пароль"
to="Кому"
theme="$1"
message="$2"
server="smtp.yandex.ru:587"
sendEmail -o tls=yes -f "$from" -t "$to" -s "$server" -xu "$from" -xp "$pass" -u "$theme" -m "$message"
Faịlụ nhazi nkesa:
# cat server.conf
proto udp
dev tun
ca /home/vpn11-srv/ca.crt
cert /home/vpn11-srv/server.crt
key /home/vpn11-srv/server.key
dh /home/vpn11-srv/dh2048.pem
server 10.2.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
tls-server
tls-auth /home/vpn11-srv/ta.key 0
tls-timeout 60
auth SHA256
cipher AES-256-CBC
client-to-client
keepalive 10 30
comp-lzo
max-clients 10
user nobody
group nogroup
persist-key
persist-tun
log /var/log/vpn11-server.log
verb 3
mute 20
Faịlụ nhazi onye ahịa:
# cat client.conf
client
dev tun
proto udp
ca "/home/vpn11-srv/ca.crt"
cert "/home/vpn11-srv/client1.crt"
key "/home/vpn11-srv/client1.key"
tls-client
tls-auth "/home/vpn11-srv/ta.key" 1
auth SHA256
cipher AES-256-CBC
auth-nocache
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
log /var/log/vpn11-clent.log
verb 3
mute 20
ping 10
ping-exit 30
Ejiri iji nweta asambodo
Na-eme edemede ahụ:
# ./vpn11.sh
Site n'ibu ụzọ mee ka ọ rụọ ọrụ
# chmod +x vpn11.sh
N'akụkụ smartphone
Site na ịwụnye ngwa Mepee VPN maka gam akporo, ka o depụtaghachiri faịlụ nhazi, asambodo ma hazie ya, ọ tụgharịrị dị ka nke a:
Ana m elele email m na ekwentị m
Ana m edezi nọmba ọdụ ụgbọ mmiri na ntọala
M malite onye ahịa wee jikọọ
Mgbe m na-ede akụkọ a, m bufere nhazi site na kọmputa m na Raspberry Pi 3 wee gbalịa mee ihe niile na modem LTE, mana ọ naghị arụ ọrụ! Nsonaazụ iwu
# stun stun.ekiga.net -p 11111
Ndị ahịa STUN 0.97
Isi: Maapụ nọọrọ onwe ya, Filter Dependent Port, ọdụ ụgbọ mmiri, ga-akpụ ntutu
Uru nloghachi bụ 0X000006
pụtara Filter dabere Port ekweghi ka usoro malite.
Ma onye na-ahụ maka ụlọ kwere ka usoro ahụ malite na Raspberry Pi 3 n'enweghị nsogbu ọ bụla.
Na njikọ na kamera weebụ, yana VLC maka
ịmepụta iyi RTSP site na kamera weebụ
$ cvlc v4l2:///dev/video0:chroma=h264 :input-slave=alsa://hw:1,0 --sout '#transcode{vcodec=x264,venc=x264{preset=ultrafast,profile=baseline,level=31},vb=2048,fps=12,scale=1,acodec=mpga,ab=128,channels=2,samplerate=44100,scodec=none}:rtp{sdp=rtsp://10.2.0.1:8554/}' --no-sout-all --sout-keep
na VLC na ama maka ikiri (iyi rtsp://10.2.0.1:8554/), ọ tụgharịrị bụrụ ezigbo usoro onyunyo vidiyo dịpụrụ adịpụ, ị nwekwara ike wụnye Samba, okporo ụzọ okporo ụzọ site na VPN, na-achịkwa kọmputa gị na ọtụtụ ihe. Ọzọ...
nkwubi
Dịka omume gosipụtara, iji hazie ihe nkesa VPN, ị nwere ike ime na-enweghị adreesị IP mpụga nke ịchọrọ ịkwụ ụgwọ, dịka maka VPS/VDS mgbazinye. Mana ihe niile dabere na onye na-eweta ya. N'ezie, achọrọ m ịnweta ozi ndị ọzọ gbasara ndị na-enye ọrụ dị iche iche na ụdị NAT ejiri mee ihe, mana nke a bụ mmalite mmalite ...
Gwa anyị ihe ị ga-eme!
isi: www.habr.com