äžž XNUMX 幎 (ãŸã㯠XNUMX 幎) ãã®éããã®èšäºã®å ¬éã延æããã®ã¯äž»ãªçç±ã§ããDebian ã䜿çšããããæ®éã®ã©ããããããã SOCKS ã§ã«ãŒã¿ãŒãäœæããããã»ã¹ã説æãã XNUMX ã€ã®èšäºããã§ã«å ¬éããŠããŸããã
ãããããã以æ¥ãDebian ã®å®å®çã Buster ã«æŽæ°ãããããªãã®æ°ã®äººãç§ã«å人çã«ã»ããã¢ããã®æ¯æŽãæ±ããŠé£çµ¡ããããŸãããã€ãŸããç§ã®ä»¥åã®èšäºããã¹ãŠã網çŸ
ããŠããããã§ã¯ãããŸããã ããã§ãããç§èªèº«ã¯ãããã«æŠèª¬ãããŠããæ¹æ³ã§ã¯ãSOCKS ã§ã®ã«ãŒãã£ã³ã°çšã« Linux ãã»ããã¢ããããè€éãã®ãã¹ãŠãå®å
šã«æããã«ããããšã¯ã§ããªããšæšæž¬ããŠããŸããã ããã«ãããã㯠Debian Stretch çšã«æžãããŠãããBuster ã«ã¢ããã°ã¬ãŒãããåŸãsystemd init ã·ã¹ãã ã§ãµãŒãã¹ã®çžäºäœçšã«å°ããªå€åãããããšã«æ°ã¥ããŸããã ãŸããèšäºèªäœã§ã¯ systemd-networkd ã䜿çšããŸããã§ããããsystemd-networkd ã¯è€éãªãããã¯ãŒã¯æ§æã«æé©ã§ãã
äžèšã®å€æŽã«å ããŠã次ã®ãµãŒãã¹ãæ§æã«è¿œå ãããŸããã hostapd - ã¢ã¯ã»ã¹ãã€ã³ãä»®æ³åãµãŒãã¹ã ntp ããŒã«ã«ãããã¯ãŒã¯ã¯ã©ã€ã¢ã³ãã®æå»ãåæããããã dnscrypt-ãããã· DNS çµç±ã§æ¥ç¶ãæå·åããããŒã«ã« ãããã¯ãŒã¯ ã¯ã©ã€ã¢ã³ãäžã®åºåãç¡å¹ã«ããããããŸããåè¿°ããããã«ã systemd-networkd ãããã¯ãŒã¯ã€ã³ã¿ãŒãã§ãŒã¹ã®èšå®ã«äœ¿çšããŸãã
以äžã¯ããã®ãããªã«ãŒã¿ãŒã®å éšæ§é ã®ç°¡åãªãããã¯å³ã§ãã
ããã§ããã®äžé£ã®èšäºã®ç®æšãæãåºããŠãã ããã
- ãã¹ãŠã® OS æ¥ç¶ã SOCKS ã«ã«ãŒãã£ã³ã°ããã©ããããããšåããããã¯ãŒã¯äžã®ãã¹ãŠã®ããã€ã¹ããã®æ¥ç¶ãã«ãŒãã£ã³ã°ããŸãã
- ç§ã®å Žåãã©ãããããã¯å®å šã«ã¢ãã€ã«ã®ãŸãŸã§ãªããã°ãªããŸããã ã€ãŸããç©ççãªå Žæã«çžãããããã¹ã¯ãããç°å¢ã䜿çšããæ©äŒãäžããããšã§ãã
- æåŸã®ç¹ã¯ãå èµã¯ã€ã€ã¬ã¹ ã€ã³ã¿ãŒãã§ã€ã¹ã®ã¿ãä»ããæ¥ç¶ãšã«ãŒãã£ã³ã°ãæå³ããŸãã
- ãã¡ãããå æ¬çãªã¬ã€ãã®äœæãšãç§ã®ãããããªç¥èã®éãã®é¢é£ãã¯ãããžãŒã®åæãå¿ èŠã§ãã
ãã®èšäºã§èª¬æããå 容ã¯æ¬¡ã®ãšããã§ãã
- git â ãããžã§ã¯ããªããžããªãããŠã³ããŒããã ã¿ã³2ãœãã¯ã¹TCP ãã©ãã£ãã¯ã SOCKS ã«ã«ãŒãã£ã³ã°ããããã«å¿ èŠã§ãã äœæ_ap â ã䜿çšããŠä»®æ³ã¢ã¯ã»ã¹ ãã€ã³ãã®ã»ããã¢ãããèªååããã¹ã¯ãªãã hostapd.
- ã¿ã³2ãœãã¯ã¹ â systemd ãµãŒãã¹ãã·ã¹ãã ã«æ§ç¯ããŠã€ã³ã¹ããŒã«ããŸãã
- systemd-networkd â ã¯ã€ã€ã¬ã¹ããã³ä»®æ³ã€ã³ã¿ãŒãã§ã€ã¹ãéçã«ãŒãã£ã³ã° ããŒãã«ããã±ãã ãªãã€ã¬ã¯ããæ§æããŸãã
- äœæ_ap â systemd ãµãŒãã¹ãã·ã¹ãã ã«ã€ã³ã¹ããŒã«ããä»®æ³ã¢ã¯ã»ã¹ ãã€ã³ããæ§æããŠèµ·åããŸãã
ãªãã·ã§ã³ã®æé :
- ntp â ä»®æ³ã¢ã¯ã»ã¹ ãã€ã³ã ã¯ã©ã€ã¢ã³ãã®æå»ãåæããããã«ãµãŒããŒãã€ã³ã¹ããŒã«ããŠæ§æããŸãã
- dnscrypt-ãããã· â DNS ãªã¯ãšã¹ããæå·åã㊠SOCKS ã«ã«ãŒãã£ã³ã°ããããŒã«ã« ãããã¯ãŒã¯ã®åºåãã¡ã€ã³ãç¡å¹ã«ããŸãã
ãªãã§ããïŒ
ããã¯ãããŒã«ã« ãããã¯ãŒã¯äžã§ TCP æ¥ç¶ãä¿è·ããæ¹æ³ã® XNUMX ã€ã§ãã äž»ãªå©ç¹ã¯ãå ã®ã²ãŒããŠã§ã€ãä»ããŠéçã«ãŒããæ§ç¯ãããªãéãããã¹ãŠã®æ¥ç¶ã SOCKS ã§è¡ãããããšã§ãã ããã¯ãããŒã«ã« ãããã¯ãŒã¯äžã®åã ã®ããã°ã©ã ãŸãã¯ã¯ã©ã€ã¢ã³ãã®ããããã«å¯Ÿã㊠SOCKS ãµãŒããŒèšå®ãæå®ããå¿ èŠããªãããšãæå³ããŸããç¹ã«æå®ããªãéããSOCKS ãããã©ã«ã ã²ãŒããŠã§ã€ã§ããããããããã¯ãã¹ãŠããã©ã«ã㧠SOCKS ã«éãããŸãã
åºæ¬çã«ãXNUMX çªç®ã®æå·åã«ãŒã¿ãŒãå ã®ã«ãŒã¿ãŒã®åã«ã©ããããããšããŠè¿œå ããã©ãããããã®æ¢ã«æå·åããã SOCKS ãªã¯ãšã¹ãã«å ã®ã«ãŒã¿ãŒã®ã€ã³ã¿ãŒãããæ¥ç¶ã䜿çšããŸããããã«ãããLAN ã¯ã©ã€ã¢ã³ãããã®ãªã¯ãšã¹ããã«ãŒãã£ã³ã°ãããæå·åãããŸãã
ãããã€ããŒã®èŠ³ç¹ããèŠããšãç§ãã¡ã¯æå·åããããã©ãã£ãã¯ã§ XNUMX ã€ã®ãµãŒããŒã«åžžã«æ¥ç¶ãããŠããŸãã
ãããã£ãŠããã¹ãŠã®ããã€ã¹ãã©ãããããã®ä»®æ³ã¢ã¯ã»ã¹ ãã€ã³ãã«æ¥ç¶ãããŸãã
ã·ã¹ãã ã« tun2socks ãã€ã³ã¹ããŒã«ããŸã
ãã·ã³ã«ã€ã³ã¿ãŒããããæ¥ç¶ãããŠããéããå¿ èŠãªããŒã«ããã¹ãŠããŠã³ããŒãããŠãã ããã
apt update
apt install git make cmake
badvpn ããã±ãŒãžãããŠã³ããŒããã
git clone https://github.com/ambrop72/badvpn
ã·ã¹ãã äžã«ãã©ã«ããŒã衚瀺ãããŸã badvpn
ã ãã«ãçšã«å¥ã®ãã©ã«ããŒãäœæãã
mkdir badvpn-build
ããã«è¡ã£ãŠãã ãã
cd badvpn-build
åé tun2socks
cmake ../badvpn -DBUILD_NOTHING_BY_DEFAULT=1 -DBUILD_TUN2SOCKS=1
ã·ã¹ãã ã«ã€ã³ã¹ããŒã«ãã
make install
- ãã©ã¡ãŒã¿ãŒ
-DBUILD_NOTHING_BY_DEFAULT=1
badvpn ãªããžããªã®ãã¹ãŠã®ã³ã³ããŒãã³ãã®ãã«ããç¡å¹ã«ããŸãã - -
DBUILD_TUN2SOCKS=1
ã¢ã»ã³ããªã«ã³ã³ããŒãã³ããå«ãŸããŠããŸã ã¿ã³2ãœãã¯ã¹. make install
â tun2socks ãã€ããªãã·ã¹ãã ã«ã€ã³ã¹ããŒã«ããŸã/usr/local/bin/badvpn-tun2socks
.
systemd ã« tun2socks ãµãŒãã¹ãã€ã³ã¹ããŒã«ããŸã
ãã¡ã€ã«ãäœæãã /etc/systemd/system/tun2socks.service
次ã®å
容ã§ïŒ
[Unit]
Description=SOCKS TCP Relay
[Service]
ExecStart=/usr/local/bin/badvpn-tun2socks --tundev tun2socks --netif-ipaddr 172.16.1.1 --netif-netmask 255.255.255.0 --socks-server-addr 127.0.0.1:9050
[Install]
WantedBy=multi-user.target
--tundev
- systemd-networkd ã§åæåããä»®æ³ã€ã³ã¿ãŒãã§ã€ã¹ã®ååãååŸããŸãã--netif-ipaddr
â ä»®æ³ã€ã³ã¿ãŒãã§ã€ã¹ãæ¥ç¶ãããŠãã tun2socks ãã«ãŒã¿ãŒãã®ãããã¯ãŒã¯ ã¢ãã¬ã¹ã åããã»ãããããäºçŽæžã¿ãµãããã .--socks-server-addr
- ãœã±ãããåãå ¥ããŸã (аЎÑеÑ:пПÑÑ
SOCKS ãµãŒããŒ)ã
SOCKS ãµãŒããŒãèªèšŒãå¿
èŠãšããå Žåã¯ããã©ã¡ãŒã¿ãæå®ã§ããŸãã --username
О --password
.
次ã«ãµãŒãã¹ãç»é²ããŸã
systemctl daemon-reload
ãããŠããããªã³ã«ããŸã
systemctl enable tun2socks
ãµãŒãã¹ãéå§ããåã«ãä»®æ³ãããã¯ãŒã¯ ã€ã³ã¿ãŒãã§ã€ã¹ãæäŸããŸãã
systemd-networkd ãžã®åãæ¿ã
ãªã³ã«ãã systemd-networkd
:
systemctl enable systemd-networkd
çŸåšã®ãããã¯ãŒã¯ ãµãŒãã¹ãç¡å¹ã«ããŸãã
systemctl disable networking NetworkManager NetworkManager-wait-online
- NetworkManager-åŸ æ©-ãªã³ã©ã€ã³ systemd ããããã¯ãŒã¯ã®ååšã«äŸåããä»ã®ãµãŒãã¹ã®éå§ãç¶è¡ããåã«ããããã¯ãŒã¯æ¥ç¶ãæ©èœãããŸã§åŸ æ©ãããµãŒãã¹ã§ãã systemd-networkd ã¢ããã°ã«åãæ¿ããããããããç¡å¹ã«ããŸãã
ããã«æå¹ã«ããŠã¿ãŸããã:
systemctl enable systemd-networkd-wait-online
ã¯ã€ã€ã¬ã¹ãããã¯ãŒã¯ã€ã³ã¿ãŒãã§ãŒã¹ãèšå®ãã
ã¯ã€ã€ã¬ã¹ ãããã¯ãŒã¯ ã€ã³ã¿ãŒãã§ã€ã¹çšã® systemd-networkd æ§æãã¡ã€ã«ãäœæãã /etc/systemd/network/25-wlp6s0.network
.
[Match]
Name=wlp6s0
[Network]
Address=192.168.1.2/24
IPForward=yes
- åå ã¯ã¯ã€ã€ã¬ã¹ã€ã³ã¿ãŒãã§ã€ã¹ã®ååã§ãã ã³ãã³ãã§ç¹å®ãã
ip a
. - IPãã©ã¯ãŒã - ãããã¯ãŒã¯ ã€ã³ã¿ãŒãã§ã€ã¹ã§ã®ãã±ãã ãªãã€ã¬ã¯ããæå¹ã«ãããã£ã¬ã¯ãã£ãã
- äœæ ç¡ç·ã€ã³ã¿ãŒãã§ã€ã¹ã« IP ã¢ãã¬ã¹ãå²ãåœãŠã責任ããããŸãã åçã®ãã£ã¬ã¯ãã£ãããããããéçã«æå®ããŸãã
DHCP=yes
, systemd-networkd ã¯ã·ã¹ãã äžã«ããã©ã«ã ã²ãŒããŠã§ã€ãäœæããŸãã ããããã°ããã¹ãŠã®ãã©ãã£ãã¯ã¯ãå¥ã®ãµããããäžã®å°æ¥ã®ä»®æ³ã€ã³ã¿ãŒãã§ã€ã¹ãçµç±ããã«ãå ã®ã²ãŒããŠã§ã€ãçµç±ããããã«ãªããŸãã çŸåšã®ããã©ã«ãã²ãŒããŠã§ã€ã¯æ¬¡ã®ã³ãã³ãã§ç¢ºèªã§ããŸããip r
ãªã¢ãŒã SOCKS ãµãŒããŒã®éçã«ãŒããäœæãã
SOCKS ãµãŒããŒãããŒã«ã«ã§ã¯ãªããªã¢ãŒãã«ããå Žåã¯ããã®ãµãŒããŒçšã®éçã«ãŒããäœæããå¿
èŠããããŸãã ãããè¡ãã«ã¯ãã»ã¯ã·ã§ã³ãè¿œå ããŸã Route
次ã®å
容ã§äœæããã¯ã€ã€ã¬ã¹ ã€ã³ã¿ãŒãã§ã€ã¹æ§æãã¡ã€ã«ã®æ«å°Ÿã«è¿œå ããŸãã
[Route]
Gateway=192.168.1.1
Destination=0.0.0.0
Gateway
â ããã¯ããã©ã«ã ã²ãŒããŠã§ã€ãŸãã¯å ã®ã¢ã¯ã»ã¹ ãã€ã³ãã®ã¢ãã¬ã¹ã§ããDestination
â SOCKS ãµãŒããŒã®ã¢ãã¬ã¹ã
systemd-networkd ã® wpa_supplicant ãæ§æãã
systemd-networkd ã¯ãwpa_supplicant ã䜿çšããŠå®å
šãªã¢ã¯ã»ã¹ ãã€ã³ãã«æ¥ç¶ããŸãã ã¯ã€ã€ã¬ã¹ã€ã³ã¿ãŒãã§ã€ã¹ããèµ·åãããããšãããšãsystemd-networkd ããµãŒãã¹ãéå§ããŸã wpa_supplicant@ОЌÑ
ã©ã åå ç¡ç·ã€ã³ã¿ãŒãã§ãŒã¹ã®ååã§ãã ãã®æç¹ãŸã§ã« systemd-networkd ã䜿çšããããšããªãå Žåã¯ããã®ãµãŒãã¹ãã·ã¹ãã ã«ååšããªãå¯èœæ§ããããŸãã
ãããã£ãŠã次ã®ã³ãã³ãã§äœæããŸãã
systemctl enable wpa_supplicant@wlp6s0
䜿çšããŸãã wlp6s0
ã¯ã€ã€ã¬ã¹ã€ã³ã¿ãŒãã§ãŒã¹ã®ååãšããŠã ãååã¯éããããããŸããã ã³ãã³ãã§èªèã§ãã ip l
.
ããã§äœæããããµãŒãã¹ã¯ wpa_supplicant@wlp6s0
ã¯ã€ã€ã¬ã¹ ã€ã³ã¿ãŒãã§ã€ã¹ããèµ·åãããããšèµ·åãããŸããããã¡ã€ã«å
ã®ã¢ã¯ã»ã¹ ãã€ã³ãã® SSID ãšãã¹ã¯ãŒãã®èšå®ãæ€çŽ¢ãããŸãã /etc/wpa_supplicant/wpa_supplicant-wlp6s0
ã ãããã£ãŠããŠãŒãã£ãªãã£ã䜿çšããŠäœæããå¿
èŠããããŸã wpa_passphrase
.
ãããè¡ãã«ã¯ã次ã®ã³ãã³ããå®è¡ããŸãã
wpa_passphrase SSID password>/etc/wpa_supplicant/wpa_supplicant-wlp6s0.conf
ã©ã SSID ã¯ã¢ã¯ã»ã¹ ãã€ã³ãã®ååãpassword ã¯ãã¹ã¯ãŒãã wlp6s0 â ã¯ã€ã€ã¬ã¹ã€ã³ã¿ãŒãã§ã€ã¹ã®ååã
tun2socks ã®ä»®æ³ã€ã³ã¿ãŒãã§ãŒã¹ãåæåãã
ã·ã¹ãã å
ã®æ°ããä»®æ³ã€ã³ã¿ãŒãã§ã€ã¹ãåæåãããã¡ã€ã«ãäœæããŸãã/etc/systemd/network/25-tun2socks.netdev
[NetDev]
Name=tun2socks
Kind=tun
- åå ããã¯ãsystemd-networkd ãå°æ¥ã®ä»®æ³ã€ã³ã¿ãŒãã§ã€ã¹ã®åæåæã«å²ãåœãŠãååã§ãã
- çš®é¡ ä»®æ³ã€ã³ã¿ãŒãã§ã€ã¹ã®äžçš®ã§ãã tun2socks ãµãŒãã¹ã®ååããã次ã®ãããªã€ã³ã¿ãŒãã§ã€ã¹ã䜿çšããŠããããšãæšæž¬ã§ããŸãã
tun
. - netdev ãã¡ã€ã«ã®æ¡åŒµåã¯
systemd-networkd
ä»®æ³ãããã¯ãŒã¯ã€ã³ã¿ãŒãã§ã€ã¹ãåæåããããã«äœ¿çšããŸãã ãããã®ã€ã³ã¿ãŒãã§ã€ã¹ã®ã¢ãã¬ã¹ãšãã®ä»ã®ãããã¯ãŒã¯èšå®ã¯ã次ã®ããã«æå®ãããŸãã ãé信網-ãã¡ã€ã«ã
ãã®ãããªãã¡ã€ã«ãäœæããŸã /etc/systemd/network/25-tun2socks.network
次ã®å
容ã§ïŒ
[Match]
Name=tun2socks
[Network]
Address=172.16.1.2/24
Gateway=172.16.1.1
Name
â ã§æå®ããä»®æ³ã€ã³ã¿ãŒãã§ã€ã¹ã®åå netdev-ãã¡ã€ã«ãAddress
â ä»®æ³ã€ã³ã¿ãŒãã§ã€ã¹ã«å²ãåœãŠããã IP ã¢ãã¬ã¹ã tun2socks ãµãŒãã¹ã§æå®ããã¢ãã¬ã¹ãšåããããã¯ãŒã¯äžã«ããå¿ èŠããããŸãGateway
â ãã«ãŒã¿ãŒãã®IPã¢ãã¬ã¹ ã¿ã³2ãœãã¯ã¹ããã¯ãsystemd ãµãŒãã¹ã®äœææã«æå®ãããã®ã§ãã
ãããã£ãŠãã€ã³ã¿ãŒãã§ãŒã¹ã¯ ã¿ã³2ãœãã¯ã¹ äœæããã 172.16.1.2
ããããŠãµãŒãã¹ ã¿ã³2ãœãã¯ã¹ - 172.16.1.1
ã€ãŸããä»®æ³ã€ã³ã¿ãŒãã§ã€ã¹ããã®ãã¹ãŠã®æ¥ç¶ã®ã²ãŒããŠã§ã€ã§ãã
ä»®æ³ã¢ã¯ã»ã¹ãã€ã³ããèšå®ãã
äŸåé¢ä¿ãã€ã³ã¹ããŒã«ããŸãã
apt install util-linux procps hostapd iw haveged
ãªããžããªãããŠã³ããŒããã äœæ_ap ããªãã®è»ãžïŒ
git clone https://github.com/oblique/create_ap
ãã·ã³äžã®ãªããžã㪠ãã©ã«ããŒã«ç§»åããŸãã
cd create_ap
ã·ã¹ãã ã«ã€ã³ã¹ããŒã«ããŸãã
make install
èšå®ãã·ã¹ãã ã«è¡šç€ºãããŸã /etc/create_ap.conf
ã äž»ãªç·šéãªãã·ã§ã³ã¯æ¬¡ã®ãšããã§ãã
GATEWAY=10.0.0.1
â å¥ã®äºçŽæžã¿ãµããããã«ããæ¹ãè¯ãã§ããããNO_DNS=1
- ãã®ãã©ã¡ãŒã¿ã¯ systemd-networkd ä»®æ³ã€ã³ã¿ãŒãã§ã€ã¹ã«ãã£ãŠç®¡çããããããç¡å¹ã«ããŸããNO_DNSMASQ=1
- åãçç±ã§ãªãã«ããŸããWIFI_IFACE=wlp6s0
â ã©ãããããã®ã¯ã€ã€ã¬ã¹ ã€ã³ã¿ãŒãã§ã€ã¹ãINTERNET_IFACE=tun2socks
- tun2socks çšã«äœæãããä»®æ³ã€ã³ã¿ãŒãã§ã€ã¹ãSSID=hostapd
â ä»®æ³ã¢ã¯ã»ã¹ ãã€ã³ãã®ååãPASSPHRASE=12345678
- ãã¹ã¯ãŒãã
ãµãŒãã¹ãæå¹ã«ããããšãå¿ããªãã§ãã ããã
systemctl enable create_ap
systemd-networkd 㧠DHCP ãµãŒããŒãæå¹ã«ãã
ãµãŒãã¹ create_ap
ã·ã¹ãã å
ã®ä»®æ³ã€ã³ã¿ãŒãã§ã€ã¹ãåæåããŸã ap0ã çè«çã«ã¯ãdnsmasq ã¯ãã®ã€ã³ã¿ãŒãã§ã€ã¹ã§ãã³ã°ããŸãããsystemd-networkd ã« DHCP ãµãŒããŒãçµã¿èŸŒãŸããŠããå Žåããªãè¿œå ã®ãµãŒãã¹ãã€ã³ã¹ããŒã«ããã®ã§ãããã?
ãããæå¹ã«ããã«ã¯ãä»®æ³ãã€ã³ãã®ãããã¯ãŒã¯èšå®ãå®çŸ©ããŸãã ãããè¡ãã«ã¯ããã¡ã€ã«ãäœæããŸã /etc/systemd/network/25-ap0.network
次ã®å
容ã§ïŒ
[Match]
Name=ap0
[Network]
Address=10.0.0.1/24
DHCPServer=yes
[DHCPServer]
EmitDNS=yes
DNS=10.0.0.1
EmitNTP=yes
NTP=10.0.0.1
create_ap ãµãŒãã¹ãä»®æ³ã€ã³ã¿ãŒãã§ã€ã¹ãåæåããåŸ ap0
, systemd-networkd ã¯èªåçã« IP ã¢ãã¬ã¹ãå²ãåœãŠãDHCP ãµãŒããŒãæå¹ã«ããŸãã
æåå EmitDNS=yes
О DNS=10.0.0.1
DNS ãµãŒããŒã®èšå®ãã¢ã¯ã»ã¹ ãã€ã³ãã«æ¥ç¶ãããŠããããã€ã¹ã«éä¿¡ããŸãã
ããŒã«ã« DNS ãµãŒããŒã䜿çšããäºå®ããªãå Žå (ç§ã®å Žå㯠dnscrypt-proxy ã§ã)ãã€ã³ã¹ããŒã«ã§ããŸãã DNS=10.0.0.1
в DNS=192.168.1.1
ã©ã 192.168.1.1 â å
ã®ã²ãŒããŠã§ã€ã®ã¢ãã¬ã¹ã ããããã°ããã¹ããšããŒã«ã« ãããã¯ãŒã¯ã«å¯Ÿãã DNS ãªã¯ãšã¹ãã¯æå·åãããã«ãããã€ããŒã®ãµãŒããŒãééããŸãã
EmitNTP=yes
О NTP=192.168.1.1
NTPèšå®ã転éããŸãã
ã©ã€ã³ãåæ§ã§ã NTP=10.0.0.1
.
NTPãµãŒããŒã®ã€ã³ã¹ããŒã«ãšæ§æ
ã·ã¹ãã ã«ã€ã³ã¹ããŒã«ããŸãã
apt install ntp
æ§æãç·šéãã /etc/ntp.conf
ã æšæºããŒã«ã®ã¢ãã¬ã¹ãã³ã¡ã³ãã¢ãŠãããŸãã
#pool 0.debian.pool.ntp.org iburst
#pool 1.debian.pool.ntp.org iburst
#pool 2.debian.pool.ntp.org iburst
#pool 3.debian.pool.ntp.org iburst
ãããªã㯠ãµãŒã㌠ã¢ãã¬ã¹ (Google Public NTP ãªã©) ãè¿œå ããŸãã
server time1.google.com ibrust
server time2.google.com ibrust
server time3.google.com ibrust
server time4.google.com ibrust
ãããã¯ãŒã¯äžã®ã¯ã©ã€ã¢ã³ãã«ãµãŒããŒãžã®ã¢ã¯ã»ã¹ãæäŸããŸãã
restrict 10.0.0.0 mask 255.255.255.0
ãããã¯ãŒã¯ãžã®ãããŒããã£ã¹ããæå¹ã«ããŸãã
broadcast 10.0.0.255
æåŸã«ããããã®ãµãŒããŒã®ã¢ãã¬ã¹ãéçã«ãŒãã£ã³ã° ããŒãã«ã«è¿œå ããŸãã ãããè¡ãã«ã¯ãã¯ã€ã€ã¬ã¹ ã€ã³ã¿ãŒãã§ã€ã¹æ§æãã¡ã€ã«ãéããŸãã /etc/systemd/network/25-wlp6s0.network
ã»ã¯ã·ã§ã³ã®æåŸã«è¿œå ããŸã Route
.
[Route]
Gateway=192.168.1.1
Destination=216.239.35.0
[Route]
Gateway=192.168.1.1
Destination=216.239.35.4
[Route]
Gateway=192.168.1.1
Destination=216.239.35.8
[Route]
Gateway=192.168.1.1
Destination=216.239.35.12
ãŠãŒãã£ãªãã£ã䜿çšã㊠NTP ãµãŒããŒã®ã¢ãã¬ã¹ã確èªã§ããŸãã host
次ã®ããã«ããŸãã
host time1.google.com
dnscrypt-proxy ãã€ã³ã¹ããŒã«ããåºåãåé€ãããããã€ããŒããã® DNS ãã©ãã£ãã¯ãé衚瀺ã«ããŸã
apt install dnscrypt-proxy
ãã¹ãããã³ããŒã«ã« ãããã¯ãŒã¯ã® DNS ã¯ãšãªãåŠçããã«ã¯ããœã±ãããç·šéããŸã /lib/systemd/system/dnscrypt-proxy.socket
ã 次ã®è¡ãå€æŽããŸãã
ListenStream=0.0.0.0:53
ListenDatagram=0.0.0.0:53
åèµ·å systemd
:
systemctl daemon-reload
æ§æãç·šéãã /etc/dnscrypt-proxy/dnscrypt-proxy.toml
:
server_names = ['adguard-dns']
dnscrypt-proxy æ¥ç¶ã tun2socks çµç±ã§ã«ãŒãã£ã³ã°ããã«ã¯ã以äžãè¿œå ããŸãã
force_tcp = true
æ§æãç·šéãã /etc/resolv.conf
ããã«ãããDNS ãµãŒããŒããã¹ãã«éç¥ãããŸãã
nameserver 127.0.0.1
nameserver 192.168.1.1
æåã®è¡ã§ã¯ dnscrypt-proxy ã®äœ¿çšãæå¹ã«ããXNUMX è¡ç®ã§ã¯ dnscrypt-proxy ãµãŒããŒãå©çšã§ããªãå Žåã«åããŠå ã®ã²ãŒããŠã§ã€ã䜿çšããŸãã
å®äºïŒ
åèµ·åããããå®è¡äžã®ãããã¯ãŒã¯ ãµãŒãã¹ãåæ¢ããŸãã
systemctl stop networking NetworkManager NetworkManager-wait-online
ãããŠãå¿ èŠãªãã®ããã¹ãŠåèµ·åããŸãã
systemctl restart systemd-networkd tun2socks create_ap dnscrypt-proxy ntp
åèµ·åãŸãã¯åèµ·ååŸããã¹ããš LAN ããã€ã¹ã SOCKS ã«ã«ãŒãã£ã³ã°ãã XNUMX çªç®ã®ã¢ã¯ã»ã¹ ãã€ã³ããäœæãããŸãã
åºåã¯æ¬¡ã®ããã«ãªããŸã ip a
éåžžã®ã©ããããã:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: tun2socks: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 500
link/none
inet 172.16.1.2/24 brd 172.16.1.255 scope global tun2socks
valid_lft forever preferred_lft forever
inet6 fe80::122b:260:6590:1b0e/64 scope link stable-privacy
valid_lft forever preferred_lft forever
3: enp4s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
link/ether e8:11:32:0e:01:50 brd ff:ff:ff:ff:ff:ff
4: wlp6s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 4c:ed:de:cb:cf:85 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.2/24 brd 192.168.1.255 scope global wlp6s0
valid_lft forever preferred_lft forever
inet6 fe80::4eed:deff:fecb:cf85/64 scope link
valid_lft forever preferred_lft forever
5: ap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 4c:ed:de:cb:cf:86 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.1/24 brd 10.0.0.255 scope global ap0
valid_lft forever preferred_lft forever
inet6 fe80::4eed:deff:fecb:cf86/64 scope link
valid_lft forever preferred_lft forever
çµæãšããŠã
- ãããã€ããŒã¯ SOCKS ãµãŒããŒãžã®æå·åãããæ¥ç¶ã®ã¿ãèªèããŸããã€ãŸããäœãèªèããŸããã
- ããã§ããNTP ãªã¯ãšã¹ãã¯èªèãããããããããé²ãã«ã¯ãNTP ãµãŒããŒã®éçã«ãŒããåé€ããŸãã ãã ããSOCKS ãµãŒããŒã NTP ãããã³ã«ãèš±å¯ããŠãããã©ããã¯ããããŸããã
Debain 10 ã§æŸèæãçºèŠããã
ã³ã³ãœãŒã«ãããããã¯ãŒã¯ ãµãŒãã¹ãåèµ·åããããšãããšããšã©ãŒãçºçããŠå€±æããŸãã ããã¯ããã®äžéšãä»®æ³ã€ã³ã¿ãŒãã§ã€ã¹ã®åœ¢åŒã§ tun2socks ãµãŒãã¹ã«é¢é£ä»ããããŠãããã€ãŸã䜿çšãããŠãããšããäºå®ã«ãããã®ã§ãã ãããã¯ãŒã¯ ãµãŒãã¹ãåèµ·åããã«ã¯ããŸã tun2socks ãµãŒãã¹ãåæ¢ããå¿ èŠããããŸãã ã§ããæåŸãŸã§èªãã§ããã ããã°ã決ããŠåé¡ãªããšæããŸãïŒ
ãªãã¡ã¬ã³ã¹
Linux ã§ã®éçã«ãŒãã£ã³ã° - IBM systemd-networkd.service - Freedesktop.org Tun2socks · ambrop72/badvpn Wiki · GitHub oblique/create_ap: ãã®ã¹ã¯ãªããã¯ãNAT ãŸãã¯ããªããž WiFi ã¢ã¯ã»ã¹ ãã€ã³ããäœæããŸãã dnscrypt-proxy 2 â æå·åããã DNS ãããã³ã«ããµããŒãããæè»ãª DNS ãããã·ã
åºæïŒ habr.com