ืืื ืืื ืฉื ืืื!
ืืืืืจ ืื ืื ื ืจืืฆื ืืกืคืจ ืืื ืืื ืืืฉืืชื (
ืืฆืืจืช ืงืฉืจ ืืืจืืืช ืืืกืคืจ ืฉืืืื:
- ืืคืขืืช ืฆืืืช ืืืืชื ื ืขื ืฉืืฆืืืช ืืืจืืืง ืืืื ืืืื;
- ืงืืืขืช ืืชืืืช ื-IP ืืืืฆืื ืืช ืืืฆืืืช UDP;
- ืืขืืจืช ืืชืืืช IP ืืืฆืื ืืช ืืืฆืืืช UDP ืืืืจื ืืจืืืง;
- ืืฉืืช ืืชืืืช IP ืืืฆืื ืืช ืืืฆืืืช UDP ืืืืจื โโืืจืืืง;
- ืืจืืื ืื ืืจืช IPIP;
- ื ืืืืจ ืืืืืจ;
- ืื ืืืืืืจ ืืื, ืืืง ืืช ืื ืืจืช ื-IPIP.
ืืฉืืชื ืืจืื ืืื ืืขืืืื ืืืฉื ืืื ืืคืฉืจ ืืืฉืชืืฉ ืืื ืืืืืืฃ ื ืชืื ืื ืืื ืฆืืชืื, ืืื ืคืฉืื ืืืืืจ ืขืืืจื ืืจืืข ืขืืื ืืจื Yandex.disk.
- ืจืืฉืืช, ืื ืงื ืืฉืืืืฉ - ืืชื ืฆืจืื 3 ืคืขืืืืช: ืืฆืืจื, ืงืจืืื, ืืืืงื. ืขื ืชืืชื ืื:
ืึดืืฆืึนืจ:curl -s -X MKCOL --user "$usename:$password" https://webdav.yandex.ru/$folder
ืืงืจืื:
curl -s --user "$usename:$password" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/$folder
ืึดืึฐืืึนืง:
curl -s -X DELETE --user "$usename:$password" https://webdav.yandex.ru/$folder
- ืฉื ืืช, ืงื ืืืชืงื ื:
apt install curl
ืืื ืืงืืืข ืืช ืืชืืืช ื-IP ืืืืฆืื ืืช ืืืฆืืืช UDP, ืืฉืชืืฉ ืืคืงืืื stun-client:
stun stun.sipnet.ru -v -p $1 2>&1 | grep "MappedAddress"
ืืชืงื ื ืขื ืคืงืืื:
apt install stun-client
ืืื ืืืจืื ืื ืืจื, ื ืขืฉื ืฉืืืืฉ ืืืื ืืขืจืืช ืืคืขืื ืกืื ืืจืืืื ืืืืืืช iproute2. ืงืืื
- ืืขื ืืช ืืืืื ื-FOU:
modprobe fou
- ืืืืื ื ืื ืื ืืงืืื:
ip fou add port $localport ipproto 4
- ืืืฆืืจ ืื ืืจื:
ip link add name fou$name type ipip remote $remoteip local $localip encap fou encap-sport $localport encap-dport $remoteport
- ืืืขืืืช ืืช ืืืฉืง ืืื ืืจื:
ip link set up dev fou$name
- ืืงืฆื ืืชืืืืช IP ืืงืืืืืช ืืคื ืืืืืช ืืจืืืงืืช ืคื ืืืืืช ืฉื ืืื ืืจื:
ip addr add $intIP peer $peerip dev fou$name
ืืืง ืื ืืจื:
ip link del dev fou$name
ip fou del port $localport
ืืฆื ืืื ืืจื ืื ืืืจ ืขื ืืื ืคืื ื ืืขืช ืืขืช ืืืชืืืช ื-IP ืืคื ืืืืช ืฉื ืื ืืจืช ืืฆืืืช ืืืจืืืงืช ืขื ืืคืงืืื:
ping -c 1 $peerip -s 0
ืืฉ ืฆืืจื ืืคืื ื ืชืงืืคืชื ืืขืืงืจ ืืื ืืชืืืง ืืช ืืขืจืืฅ, ืืืจืช, ืืืฉืจ ืืื ืืจื ืื ืคืขืืื, ืืืืืืช ื-NAT ืื ืชืืื ืขืฉืืืืช ืืืชื ืงืืช ืืื ืืืืืืจ ืืื ืชืง.
ืื ืืคืื ื ื ืขืื, ืื ืืจืช ื-IPIP ื ืืืงืช ืืืืชืื ื ืืืืื ืืช ืืืืืจื ืืืจืืืง.
ืืชืกืจืื ืขืฆืื:
#!/bin/bash
username="[email protected]"
password="password"
folder="vpnid"
intip="10.0.0.1"
localport=`shuf -i 10000-65000 -n 1`
cid=`shuf -i 10000-99999 -n 1`
tid=`shuf -i 10-99 -n 1`
function yaread {
curl -s --user "$1:$2" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/$3 | sed 's/></>n</g' | grep "displayname" | sed 's/<d:displayname>//g' | sed 's/</d:displayname>//g' | grep -v $3 | grep -v $4 | sort -r
}
function yacreate {
curl -s -X MKCOL --user "$1:$2" https://webdav.yandex.ru/$3
}
function yadelete {
curl -s -X DELETE --user "$1:$2" https://webdav.yandex.ru/$3
}
function myipport {
stun stun.sipnet.ru -v -p $1 2>&1 | grep "MappedAddress" | sort | uniq | awk '{print $3}' | head -n1
}
function tunnel-up {
modprobe fou
ip fou add port $4 ipproto 4
ip link add name fou$7 type ipip remote $1 local $3 encap fou encap-sport $4 encap-dport $2
ip link set up dev fou$7
ip addr add $6 peer $5 dev fou$7
}
function tunnel-check {
sleep 10
pings=0
until [[ $pings == 4 ]]; do
if ping -c 1 $1 -s 0 &>/dev/null;
then echo -n .; n=0
else echo -n !; ((pings++))
fi
sleep 15
done
}
function tunnel-down {
ip link del dev fou$1
ip fou del port $2
}
trap 'echo -e "nDisconnecting..." && yadelete $username $password $folder; tunnel-down $tunnelid $localport; echo "IPIP tunnel disconnected!"; exit 1' 1 2 3 8 9 14 15
until [[ -n $end ]]; do
yacreate $username $password $folder
until [[ -n $ip ]]; do
mydate=`date +%s`
timeout="60"
list=`yaread $username $password $folder $cid | head -n1`
yacreate $username $password $folder/$mydate:$cid
for l in $list; do
if [ `echo $l | sed 's/:/ /g' | awk {'print $1'}` -ge $(($mydate-65)) ]; then
#echo $list
myipport=`myipport $localport`
yacreate $username $password $folder/$mydate:$cid:$myipport:$intip:$tid
timeout=$(( $timeout + `echo $l | sed 's/:/ /g' | awk {'print $1'}` - $mydate + 3 ))
ip=`echo $l | sed 's/:/ /g' | awk '{print $3}'`
port=`echo $l | sed 's/:/ /g' | awk '{print $4}'`
peerip=`echo $l | sed 's/:/ /g' | awk '{print $5}'`
peerid=`echo $l | sed 's/:/ /g' | awk '{print $6}'`
if [[ -n $peerid ]]; then tunnelid=$(($peerid*$tid)); fi
fi
done
if ( [[ -z "$ip" ]] && [ "$timeout" -gt 0 ] ) ; then
echo -n "!"
sleep $timeout
fi
done
localip=`ip route get $ip | head -n1 | sed 's|.*src ||' | cut -d' ' -f1`
tunnel-up $ip $port $localip $localport $peerip $intip $tunnelid
tunnel-check $peerip
tunnel-down $tunnelid $localport
yadelete $username $password $folder
unset ip port myipport
done
exit 0
ืืฉืชื ืื ืฉื ืืฉืชืืฉ, ืกืืกืื ะธ ืชืืงืืื ืฆืจืื ืืืืืช ืืื ืืฉื ื ืืฆืืืื, ืืื ืืืค - ืฉืื ื, ืืืฉื: 10.0.0.1 ื-10.0.0.2. ืืืื ืขื ืืฆืืชืื ืืืื ืืืืืช ืืกืื ืืจื. ืืชื ืืืื ืืืจืืฅ ืืช ืืกืงืจืืคื ืื:
nohup script.sh &
ืืจืฆืื ื ืืืกื ืืช ืชืฉืืืช ืืืื ืืขืืืื ืฉืื ืืจืช IPIP ืืื ื ืืืืื ืื ืงืืืช ืืืื ืฉื ืืขืืืื ืฉืืชืขืืืจื ืืื ื ืืืฆืคื ืช, ืื ื ืืชื ืืคืชืืจ ืืืช ืืงืืืช ืืืืฆืขืืช IPsec over
ืื ื ืืฉืชืืฉ ืืกืงืจืืคื ืืื ืืื ืืืชืืืจ ืืืืฉื ืขืืืื ืืืจ ืืื ืฉืืืขืืช ืืื ืืืื ืชื ืืืขืืืช. ื ืื ืืืืื ืช ืืืืืืจ ืืืชื ืืืฉืืื ืืืชื.
ืืืื ืืืื ืื ืืขืจืืช ืืืฆืขืืช, ืื ื ืืฉืื ืืืงืฉืื.
ืชืืื ืื!
ืืงืืจ: www.habr.com