Lanjutan bab carane aku ngatur kanggo ngatur trowongan VPN langsung antarane loro komputer dumunung konco panyedhiya NAT. Artikel sadurunge nerangake proses ngatur sambungan kanthi bantuan pihak katelu - perantara (VPS sing disewakake minangka server STUN lan pemancar data simpul kanggo sambungan kasebut). Ing artikel iki aku bakal pitutur marang kowe carane aku ngatur tanpa VPS, nanging perantara tetep lan padha server STUN lan Yandex.Disk...
Pambuka
Sawise maca komentar saka kiriman sadurunge, aku nyadari yen kekurangan utama implementasine yaiku nggunakake perantara - pihak katelu (VPS) sing nuduhake paramèter saiki simpul, ing ngendi lan cara nyambungake. Ngelingi rekomendasi kanggo nggunakake STUN iki () kanggo nemtokake paramèter sambungan saiki. Kaping pisanan, aku mutusake nggunakake TCPDump kanggo ndeleng isi paket nalika server STUN nggarap klien lan nampa konten sing ora bisa diwaca. Googling protokol aku ketemu . Aku temen maujud sing aku ora bisa ngleksanakake panjalukan kanggo server STUN ing dhewe lan sijine idea ing "kotak adoh".
Teori
Bubar aku kudu nginstal server STUN ing Debian saka paket kasebut
# apt install stun-serverlan ing dependensi aku weruh paket stun-klien, nanging piye wae aku ora mbayar manungsa waΓ© kanggo. Nanging mengko aku kelingan babagan paket stun-klien lan mutusake kanggo nemtokake cara kerjane, sawise googling lan nggoleki ing Yandex aku entuk:
# apt install stun-client
# stun stun.ekiga.net -p 21234 -v
Nanggepi aku nampa:
Klien STUN versi 0.97
Mbukak port 21234 karo fd 3
Mbukak port 21235 karo fd 4
Encoding pesen stun:
Encoding ChangeRequest: 0Babagan ngirim pesen saka len 28 menyang 216.93.246.18:3478
Encoding pesen stun:
Encoding ChangeRequest: 4Babagan ngirim pesen saka len 28 menyang 216.93.246.18:3478
Encoding pesen stun:
Encoding ChangeRequest: 2Babagan ngirim pesen saka len 28 menyang 216.93.246.18:3478
Ditampa pesen stun: 92 bita
MappedAddress = <IP Kula>:2885
SumberAlamat = 216.93.246.18:3478
ChangedAddress = 216.93.246.17:3479
Atribut sing ora dingerteni: 32800
Jeneng Server = Vovida.org 0.98-CPC
Ditampa pesen jinis 257 id=1
Encoding pesen stun:
Encoding ChangeRequest: 0Babagan ngirim pesen saka len 28 menyang 216.93.246.17:3478
Encoding pesen stun:
Encoding ChangeRequest: 4Babagan ngirim pesen saka len 28 menyang 216.93.246.18:3478
Encoding pesen stun:
Encoding ChangeRequest: 2Babagan ngirim pesen saka len 28 menyang 216.93.246.18:3478
Encoding pesen stun:
Encoding ChangeRequest: 0Bakal ngirim pesen saka len 28 menyang <My IP>:2885
Ditampa pesen stun: 28 bita
ChangeRequest = 0
Ditampa pesen jinis 1 id=11
Encoding pesen stun:
Encoding ChangeRequest: 0Babagan ngirim pesen saka len 28 menyang 216.93.246.17:3478
Encoding pesen stun:
Encoding ChangeRequest: 4Babagan ngirim pesen saka len 28 menyang 216.93.246.18:3478
Encoding pesen stun:
Encoding ChangeRequest: 2Babagan ngirim pesen saka len 28 menyang 216.93.246.18:3478
Ditampa pesen stun: 92 bita
MappedAddress = <IP Kula>:2885
SumberAlamat = 216.93.246.17:3479
ChangedAddress = 216.93.246.18:3478
Atribut sing ora dingerteni: 32800
Jeneng Server = Vovida.org 0.98-CPC
Ditampa pesen jinis 257 id=10
Encoding pesen stun:
Encoding ChangeRequest: 4Babagan ngirim pesen saka len 28 menyang 216.93.246.18:3478
Encoding pesen stun:
Encoding ChangeRequest: 2Babagan ngirim pesen saka len 28 menyang 216.93.246.18:3478
Encoding pesen stun:
Encoding ChangeRequest: 4Babagan ngirim pesen saka len 28 menyang 216.93.246.18:3478
Encoding pesen stun:
Encoding ChangeRequest: 2Babagan ngirim pesen saka len 28 menyang 216.93.246.18:3478
Encoding pesen stun:
Encoding ChangeRequest: 4Babagan ngirim pesen saka len 28 menyang 216.93.246.18:3478
Encoding pesen stun:
Encoding ChangeRequest: 2Babagan ngirim pesen saka len 28 menyang 216.93.246.18:3478
Encoding pesen stun:
Encoding ChangeRequest: 4Babagan ngirim pesen saka len 28 menyang 216.93.246.18:3478
Encoding pesen stun:
Encoding ChangeRequest: 2Babagan ngirim pesen saka len 28 menyang 216.93.246.18:3478
Encoding pesen stun:
Encoding ChangeRequest: 4Babagan ngirim pesen saka len 28 menyang 216.93.246.18:3478
Encoding pesen stun:
Encoding ChangeRequest: 2Babagan ngirim pesen saka len 28 menyang 216.93.246.18:3478
tes I = 1
tes II = 0
tes III = 0
tes I(2) = 1
punika nat = 1
dipetakan IP padha = 1
jepit rambut = 1
port pengawet = 0
Utama: Mapping Independent, Filter gumantung Port, port acak, bakal hairpin
Nilai bali yaiku 0x000006
String kanthi nilai
MappedAddress = <IP Kula>:2885
mung apa sing perlu! Iki nuduhake status saiki kanggo sambungan ing port UDP lokal 21234. Nanging iki mung setengah perang, pitakonan muncul babagan carane nransfer data iki menyang host remot lan ngatur sambungan VPN. Nggunakake protokol mail, utawa mungkin Telegram?! Ana akeh opsi lan aku mutusake kanggo nggunakake Yandex.disk, wiwit aku ketemu . Sawise mikir babagan implementasine, aku nggawe skema ing ngisor iki:
- Sinyal yen simpul siap nggawe sambungan kanthi anane file tartamtu kanthi stempel wektu ing Yandex.disk;
- Yen simpul wis siyap, banjur tampa paramèter saiki saka server STUN;
- Unggah setelan saiki menyang Yandex.disk;
- Priksa ngarsane lan maca paramèter saka simpul remot saka file ing Yandex.disk;
- Nggawe sambungan karo host remot nggunakake OpenVPN.
Praktek
Sawise mikir sethithik, njupuk pengalaman saka artikel pungkasan, aku cepet-cepet nulis naskah. Kita bakal butuh:
# apt install openvpn stun-client curl Skrip dhewe:
versi asli
# cat vpn8.sh#!/bin/bash
######################## ΠΠ°Π΄Π°Π΅ΠΌ ΡΠ²Π΅ΡΠ½ΠΎΠΉ ΡΠ΅ΠΊΡΡ ###
WARN='33[37;1;41m' #
END='33[0m' #
RED='33[0;31m' # ${RED} #
GREEN='33[0;32m' # ${GREEN} #
#################################################
####################### ΠΡΠΎΠ²Π΅ΡΡΠ΅ΠΌ Π½Π°Π»ΠΈΡΠΈΠ΅ Π½Π΅ΠΎΠ±Ρ
ΠΎΠ΄ΡΠΌΠΈΡ
ΠΏΡΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΠΉ #########################################################
al="echo readlink dirname grep awk md5sum shuf nc curl sleep openvpn cat stun"
ch=0
for i in $al; do which $i > /dev/null || echo -e "${WARN}ΠΠ»Ρ ΡΠ°Π±ΠΎΡΡ Π½Π΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌ $i ${END}"; which $i > /dev/null || ch=1; done
if (( $ch > 0 )); then echo -e "${WARN}ΠΠΉ, ΠΎΡΡΡΡΡΡΠ²ΡΡΡ Π½Π΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌΡΠ΅ Π΄Π»Ρ ΠΊΠΎΡΡΠ΅ΠΊΡΠ½ΠΎΠΉ ΡΠ°Π±ΠΎΡΡ ΠΏΡΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΡ${END}"; exit; fi
#######################################################################################################################
if [[ $1 == '' ]]; then echo -e "${WARN}ΠΠ²Π΅Π΄ΠΈΡΠ΅ ΠΈΠ΄Π΅Π½ΡΠΈΡΠΈΠΊΠ°ΡΠΎΡ ΡΠΎΠ΅Π΄ΠΈΠ½Π΅Π½ΠΈΡ (Π»ΡΠ±ΠΎΠ΅ ΡΠ½ΠΈΠΊΠ°Π»ΡΠ½ΠΎΠ΅ ΡΠ»ΠΎΠ²ΠΎ, Π΄ΠΎΠ»ΠΆΠ½ΠΎ Π±ΡΡΡ ΠΎΠ΄ΠΈΠ½Π°ΠΊΠΎΠ²ΠΎΠ΅ Ρ Π΄Π²ΡΡ
ΡΡΠΎΡΠΎΠ½!) ${END} t
${GREEN}ΠΠ»Ρ Π·Π°ΠΏΡΡΠΊΠ° Π² Π°Π²ΡΠΎΠΌΠ°ΡΠΈΡΠ΅ΡΠΊΠΎΠΌ ΡΠ΅ΠΆΠΈΠΌΠ΅ ΠΏΡΠΈ Π²ΠΊΠ»ΡΡΠ΅Π½ΠΈΠΈ ΠΊΠΎΠΌΠΏΡΡΡΠ΅ΡΠ° ΠΌΠΎΠΆΠ½ΠΎ ΠΏΡΠΎΠΏΠΈΡΠ°ΡΡ Π² /etc/rc.local ΡΡΡΠΎΠΊΡ nohup /<ΠΏΡΡΡ ΠΊ ΡΠ°ΠΉΠ»Ρ>/vpn8.sh > /var/log/vpn8.log 2>/dev/hull & ${END}"; exit; fi
ABSOLUTE_FILENAME=`readlink -f "$0"` # ΠΏΠΎΠ»Π½ΡΠΉ ΠΏΡΡΡ Π΄ΠΎ ΡΠΊΡΠΈΠΏΡΠ°
DIR=`dirname "$ABSOLUTE_FILENAME"` # ΠΊΠ°ΡΠ°Π»ΠΎΠ³ Π² ΠΊΠΎΡΠΎΡΠΎΠΌ Π»Π΅ΠΆΠΈΡ ΡΠΊΡΠΈΠΏΡ
############################### ΠΡΠΎΠ²Π΅ΡΠΊΠ° Π½Π°Π»ΠΈΡΠΈΡ ΡΠ΅ΠΊΡΠ΅ΡΠ½ΠΎΠ³ΠΎ ΠΊΠ»ΡΡΠ° ##################################
key="$DIR/secret.key"
if [ ! -f "$key" ]; then
echo -e "${WARN}Π‘Π΅ΠΊΡΠ΅ΡΠ½ΡΠΉ ΠΊΠ»ΡΡ VPN-ΡΠΎΠ΅Π΄ΠΈΠ½Π΅Π½ΠΈΡ Π½Π΅ Π½Π°ΠΉΠ΄Π΅Π½, Π΄Π»Ρ Π³Π΅Π½Π΅ΡΠ°ΡΠΈΠΈ ΠΊΠ»ΡΡΠ° Π²ΡΠΏΠΎΠ»Π½ΠΈΡΠ΅:
openvpn --genkey --secret secret.key ΠΠ½ΠΈΠΌΠ°Π½ΠΈΠ΅: ΠΊΠ»ΡΡ ΠΈΡΠΏΠΎΠ»ΡΠ·ΡΠ΅ΡΡΡ Π΄Π»Ρ Π°Π²ΡΠΎΡΠΈΠ·Π°ΡΠΈΠΈ ΠΈ Π΄ΠΎΠ»ΠΆΠ΅Π½
Π±ΡΡΡ ΠΎΠ΄ΠΈΠ½Π°ΠΊΠΎΠ²ΡΠΌ Ρ Π΄Π²ΡΡ
ΡΡΠΎΡΠΎΠ½!!!${END}
# ls -l secret.key
-rw------- 1 root root 637 Π½ΠΎΡ 27 11:12 secret.key
# chmod 600 secret.key";
exit;
fi
########################################################################################################################
ABSOLUTE_FILENAME=`readlink -f "$0"` # ΠΏΠΎΠ»Π½ΡΠΉ ΠΏΡΡΡ Π΄ΠΎ ΡΠΊΡΠΈΠΏΡΠ°
DIR=`dirname "$ABSOLUTE_FILENAME"` # ΠΊΠ°ΡΠ°Π»ΠΎΠ³ Π² ΠΊΠΎΡΠΎΡΠΎΠΌ Π»Π΅ΠΆΠΈΡ ΡΠΊΡΠΈΠΏΡ
name=$(uname -n | md5sum | awk '{print $1}')
vpn=$(echo $1 | md5sum | awk '{print $1}')
stun="stun.ekiga.net" # STUN ΡΠ΅ΡΠ²Π΅Ρ
username="Yandex" # ΠΠΎΠ³ΠΈΠ½ ΠΎΡ Π―Π½Π΄Π΅ΠΊΡ.Π΄ΠΈΡΠΊΠ°
password="Password" # ΠΠ°ΡΠΎΠ»Ρ ΠΎΡ Π―Π½Π΄Π΅ΠΊΡ.Π΄ΠΈΡΠΊΠ°
localport=`shuf -i 20000-65000 -n 1` # Π³Π΅Π½Π΅ΡΠ°ΡΠΈΡ Π»ΠΎΠΊΠ°Π»ΡΠ½ΠΎΠ³ΠΎ ΠΏΠΎΡΡΠ°
echo "$(date) Π‘ΠΎΠ·Π΄Π°Ρ ΠΏΠ°ΠΏΠΊΡ Π½Π° Π―Π½Π΄Π΅ΠΊΡ.Π΄ΠΈΡΠΊΠ΅"
curl -X MKCOL --user "${username}:${password}" https://webdav.yandex.ru/vpn-$vpn
echo "$(date) ΠΡΠΈΡΠ°Ρ ΠΏΠ°ΠΏΠΊΡ ΠΎΡ Π²ΡΡΠΊΠΎΠ³ΠΎ ΠΌΡΡΠΎΡΠ°"
for i in `curl --silent --user "$username:$password" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/vpn-$vpn/ | sed 's/></n/g' | grep "d:displayname" | sed 's/d:displayname//g' | sed 's/>//g' | sed 's/<//' | sed 's////g' | grep -v $(date +%Y-%m-%d-%H-%M)`; do
echo "$(date) Delete: $i"
curl -X DELETE --user "${username}:${password}" https://webdav.yandex.ru/vpn-$vpn/$i
done
until [ $c ];do
until [[ $b ]]; do
echo "$(date) ΠΡΠΎΠ²Π΅ΡΡΡ ΠΏΠ°ΠΏΠΊΡ"
date=`date +%Y-%m-%d-%H-%M`
mydata=`curl --silent --user "${username}:${password}" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/vpn-$vpn/ | sed 's/></>n</g' | grep $name | grep $date | grep "d:displayname"`
if [[ -z $mydata ]]; then
echo "$(date) Π€Π°ΠΉΠ» Π³ΠΎΡΠΎΠ²Π½ΠΎΡΡΠΈ ΡΠΎΠ·Π΄Π°Π½"
echo "$date" > "/tmp/$date-$name-ready.txt"
curl -T "/tmp/$date-$name-ready.txt" --user "$username:$password" https://webdav.yandex.ru/vpn-$vpn/$date-$name-ready.txt
else
echo "$(date) Π€Π°ΠΉΠ» Π³ΠΎΡΠΎΠ²Π½ΠΎΡΡΠΈ ΡΠΆΠ΅ ΡΡΡΠ΅ΡΡΠ²ΡΠ΅Ρ - $date"
fi
remote=`curl --silent --user "${username}:${password}" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/vpn-$vpn/ | sed 's/></>n</g' | grep -v $name | grep $date | grep "d:displayname"`
if [[ -z $remote ]]; then
echo -e "$(date) ${RED} Π£Π΄Π°Π»Π΅Π½Π½ΡΠΉ ΡΠ·Π΅Π» Π½Π΅ Π³ΠΎΡΠΎΠ² ${END}"
echo "$(date) ΠΠ΄Ρ"
sleep 20
else
echo -e "$(date) ${GREEN} Π£Π΄Π°Π»Π΅Π½Π½ΡΠΉ ΡΠ·Π΅Π» Π³ΠΎΡΠΎΠ² ${END}"
b=1
a=''
fi
done
until [ $a ]; do
echo "$(date) ΠΠΎΠ΄ΠΊΠ»ΡΡΠ΅Π½ΠΈΠ΅ ΠΈ ΠΏΠΎΠ»ΡΡΠ΅Π½ΠΈΠ΅ Π΄Π°Π½Π½ΡΡ
ΠΎΡ STUN ΡΠ΅ΡΠ²Π΅ΡΠ°: $stun"
mydata=`stun $stun -p $localport -v 2>&1 | grep MappedAddress | sort | uniq`
echo -e "$(date) ${GREEN}ΠΠΎΠΈ Π΄Π°Π½Π½ΡΠ΅ ΡΠΎΠ΅Π΄ΠΈΠ½Π΅Π½ΠΈΡ: $mydata${END}"
echo "$mydata" > "$DIR/mydata"
echo "$(date) ΠΠ°Π³ΡΡΠ·ΠΊΠ° Π΄Π°Π½Π½ΡΡ
Π½Π° Π―Π½Π΄Π΅ΠΊΡ.Π΄ΠΈΡΠΊ"
curl -T "$DIR/mydata" --user "$username:$password" https://webdav.yandex.ru/vpn-$vpn/$name.txt
echo "$(date) ΠΠΎΠ»ΡΡΠ΅Π½ΠΈΠ΅ ΡΠ°ΠΉΠ»Π° Π΄Π°Π½Π½ΡΡ
ΡΠ΄Π°Π»Π΅Π½Π½ΠΎΠ³ΠΎ ΡΠ·Π»Π°"
filename=$(curl --silent --user "${username}:${password}" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/vpn-$vpn/ | sed 's/></n/g' | grep "d:displayname>" | grep "txt" | grep -v "$name" | grep -v "ready" | sed 's|.*d:displayname>||' | sed 's/</ /g' | awk '{print $1}')
echo "$(date) Π§ΡΠ΅Π½ΠΈΠ΅ ΡΠ°ΠΉΠ»Π° Π΄Π°Π½Π½ΡΡ
ΡΠ΄Π°Π»Π΅Π½Π½ΠΎΠ³ΠΎ ΡΠ·Π»Π°: $filename"
address=$(curl --silent --user "$username:$password" https://webdav.yandex.ru/vpn-$vpn/$filename | sort | uniq | head -n1 | sed 's/:/ /g')
echo "$(date) ΠΠΏΡΠ΅Π΄Π΅Π»Π΅Π½ΠΈΠ΅ IP-Π°Π΄ΡΠ΅ΡΠ° ΠΈ ΠΏΠΎΡΡΠ°"
ip=$(echo "$address" | awk '{print $3}')
port=$(echo "$address" | awk '{print $4}')
if [[ -n "$ip" && -n "$port" ]]; then
echo -e "$(date) ${GREEN} Π‘ΠΎΠ΅Π΄ΠΈΠ½Π΅Π½ΠΈΠ΅ $ip $port ${END}"
openvpn --remote $ip --rport $port --lport $localport
--proto udp --dev tap --float --auth-nocache --verb 3 --mute 20
--ifconfig 10.45.54.2 255.255.255.252
--secret "$DIR/secret.key"
--auth SHA256 --cipher AES-256-CBC
--ncp-disable --ping 10 --ping-exit 30
--comp-lzo yes
echo -e "$(date) ${WARN} Π‘ΠΎΠ΅Π΄ΠΈΠ½Π΅Π½ΠΈΠ΅ ΡΠ°Π·ΠΎΡΠ²Π°Π½ΠΎ${END}"
a=1
b=''
else
a=1
b=''
fi
done
doneKanggo skrip bisa digunakake, sampeyan butuh:
- Salin menyang clipboard lan tempel menyang editor, contone:
# nano vpn8.sh - nemtokake jeneng pangguna lan sandhi kanggo Yandex.disk.
- ing lapangan "-ifconfig 10.45.54. (1 utawa 2) 255.255.255.252" nemtokake alamat IP internal antarmuka
- nggawe rahasia.kunci dhawuh:
# openvpn --genkey --secret secret.key - nggawe skrip bisa dieksekusi:
# chmod +x vpn8.sh - mbukak skrip:
# ./vpn8.sh nZbVGBuX5dtturDngendi nZbVGBuX5dtturD punika ID sambungan kui
Ing simpul remot, nindakake kabeh sing padha kajaba kanggo ngasilake secret.key lan ID sambungan, kudu padha.
Versi sing dianyari (wektu kudu disinkronake kanggo operasi sing bener):
cat vpn10.sh#!/bin/bash
stuns="stun.sipnet.ru stun.ekiga.net" # Π‘ΠΏΠΈΡΠΎΠΊ STUN ΡΠ΅ΡΠ²Π΅ΡΠΎΠ² ΡΠ΅ΡΠ΅Π· ΠΏΡΠΎΠ±Π΅Π»
username=" Login " # ΠΠΎΠ³ΠΈΠ½ ΠΎΡ Π―Π½Π΄Π΅ΠΊΡ.Π΄ΠΈΡΠΊΠ°
password=" Password " # ΠΠ°ΡΠΎΠ»Ρ ΠΎΡ Π―Π½Π΄Π΅ΠΊΡ.Π΄ΠΈΡΠΊΠ°
intip="10.23.22.1" # IP-Π°Π΄ΡΠ΅Ρ Π²Π½ΡΡΡΠ΅Π½Π½Π΅Π³ΠΎ ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡΠ°
WARN='33[37;1;41m'
END='33[0m'
RED='33[0;31m'
GREEN='33[0;32m'
al="ip echo readlink dirname grep awk md5sum openssl sha256sum shuf curl sleep openvpn cat stun"
ch=0
for i in $al; do which $i > /dev/null || echo -e "${WARN}ΠΠ»Ρ ΡΠ°Π±ΠΎΡΡ Π½Π΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌ $i ${END}"; which $i > /dev/null || ch=1; done
if (( $ch > 0 )); then echo -e "${WARN}ΠΠΉ, ΠΎΡΡΡΡΡΡΠ²ΡΡΡ Π½Π΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌΡΠ΅ Π΄Π»Ρ ΠΊΠΎΡΡΠ΅ΠΊΡΠ½ΠΎΠΉ ΡΠ°Π±ΠΎΡΡ ΠΏΡΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΡ${END}"; exit; fi
if [[ $1 == '' ]];
then
echo -e "${WARN}ΠΠ²Π΅Π΄ΠΈΡΠ΅ ΠΈΠ΄Π΅Π½ΡΠΈΡΠΈΠΊΠ°ΡΠΎΡ ΡΠΎΠ΅Π΄ΠΈΠ½Π΅Π½ΠΈΡ (Π»ΡΠ±ΠΎΠ΅ ΡΠ½ΠΈΠΊΠ°Π»ΡΠ½ΠΎΠ΅ ΡΠ»ΠΎΠ²ΠΎ, Π΄ΠΎΠ»ΠΆΠ½ΠΎ Π±ΡΡΡ ΠΎΠ΄ΠΈΠ½Π°ΠΊΠΎΠ²ΠΎΠ΅ Ρ Π΄Π²ΡΡ
ΡΡΠΎΡΠΎΠ½!) ${END} t
${GREEN}ΠΠ»Ρ Π·Π°ΠΏΡΡΠΊΠ° Π² Π°Π²ΡΠΎΠΌΠ°ΡΠΈΡΠ΅ΡΠΊΠΎΠΌ ΡΠ΅ΠΆΠΈΠΌΠ΅ ΠΏΡΠΈ Π²ΠΊΠ»ΡΡΠ΅Π½ΠΈΠΈ ΠΊΠΎΠΌΠΏΡΡΡΠ΅ΡΠ° ΠΌΠΎΠΆΠ½ΠΎ ΠΏΡΠΎΠΏΠΈΡΠ°ΡΡ Π² /etc/rc.local ΡΡΡΠΎΠΊΡ nohup /<ΠΏΡΡΡ ΠΊ ΡΠ°ΠΉΠ»Ρ>/vpn10.sh > /var/log/vpn10.log 2>/dev/hull & ${END}"
exit
fi
ABSOLUTE_FILENAME=`readlink -f "$0"` # ΠΏΠΎΠ»Π½ΡΠΉ ΠΏΡΡΡ Π΄ΠΎ ΡΠΊΡΠΈΠΏΡΠ°
DIR=`dirname "$ABSOLUTE_FILENAME"` # ΠΊΠ°ΡΠ°Π»ΠΎΠ³ Π² ΠΊΠΎΡΠΎΡΠΎΠΌ Π»Π΅ΠΆΠΈΡ ΡΠΊΡΠΈΠΏΡ
key="$DIR/secret.key"
until [[ -n "$iftosrv" ]]
do
echo "$(date) ΠΠΏΡΠ΅Π΄Π΅Π»ΡΡ ΡΠ΅ΡΠ΅Π²ΠΎΠΉ ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡ"; iftosrv=`ip route get 8.8.8.8 | head -n 1 | sed 's|.*dev ||' | awk '{print $1}'`
sleep 5
done
timedatectl
name=$(uname -n | md5sum | awk '{print $1}')
vpn=$(echo $1 | md5sum | awk '{print $1}')
echo "$(date) Π‘ΠΎΠ·Π΄Π°Ρ ΠΏΠ°ΠΏΠΊΡ Π½Π° Π―Π½Π΄Π΅ΠΊΡ.Π΄ΠΈΡΠΊΠ΅"
curl -X MKCOL --user "${username}:${password}" https://webdav.yandex.ru/vpn-$vpn
echo "$(date) ID Π½Π° Π΄ΠΈΡΠΊΠ΅: $vpn"
until [ $c ];do
echo "$(date) ΠΡΠΈΡΠ°Ρ ΠΏΠ°ΠΏΠΊΡ ΠΎΡ Π²ΡΡΠΊΠΎΠ³ΠΎ ΠΌΡΡΠΎΡΠ°"
for i in `curl --silent --user "$username:$password" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/vpn-$vpn/ | sed 's/></n/g' | grep "d:displayname" | sed 's/d:displayname//g' | sed 's/>//g' | sed 's/<//' | sed 's////g' | grep -v $(date +%Y-%m-%d-%H-%M)`
do
echo -e "$(date)${RED} Π£Π΄Π°Π»ΡΡ ΡΡΠ°ΡΡΠΉ ΡΠ°ΠΉΠ»: $i${END}"
curl -X DELETE --user "${username}:${password}" https://webdav.yandex.ru/vpn-$vpn/$i
done
echo "$(date) ID Π½Π° Π΄ΠΈΡΠΊΠ΅: $vpn"
openvpn --genkey --secret "$key"
passwd=`echo "$vpn-tt" | sha256sum | awk '{print $1}'`
openssl AES-256-CBC -e -in "$key" -out "$DIR/file.enc" -k "$passwd" -base64
curl -T "$DIR/file.enc" --user "$username:$password" https://webdav.yandex.ru/vpn-$vpn/key.enc
rm "$DIR"/file.enc
echo -e "$(date) ${GREEN}Π€Π°Π·Π° 1 - ΠΠΎΠ»ΡΡΠ΅Π½ΠΈΠ΅ Π³ΠΎΡΠΎΠ²Π½ΠΎΡΡΠΈ ΡΠ΄Π°Π»Π΅Π½Π½ΠΎΠ³ΠΎ ΡΠ·Π»Π°${END}"
go=3
localport=`shuf -i 20000-65000 -n 1` # Π³Π΅Π½Π΅ΡΠ°ΡΠΈΡ Π»ΠΎΠΊΠ°Π»ΡΠ½ΠΎΠ³ΠΎ ΠΏΠΎΡΡΠ°
start=''
remote=''
timeout1=''
nextcheck=''
timestart=''
until [[ $b ]]
do
echo "$(date) ΠΡΠΎΠ²Π΅ΡΡΡ ΠΏΠ°ΠΏΠΊΡ"
date=`date +%s`
timeout1=60
echo "$(date) Π‘ΠΎΠ·Π΄Π°Π½ΠΈΠ΅ ΡΠ°ΠΉΠ»Π° Π³ΠΎΡΠΎΠ²Π½ΠΎΡΡΠΈ $date"
echo "$date" > "/tmp/ready-$date-$name.txt"
curl -T "/tmp/ready-$date-$name.txt" --user "$username:$password" https://webdav.yandex.ru/vpn-$vpn/ready-$name.txt
readyfile=`curl --silent --user "${username}:${password}" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/vpn-$vpn/ | sed 's/></>n</g' | grep -v $name | grep "ready" | grep "d:displayname" | sed 's/<d:displayname>//g' | sed 's/</d:displayname>//g'`
if [[ -z $readyfile ]]
then
echo -e "$(date) ${RED} Π£Π΄Π°Π»Π΅Π½Π½ΡΠΉ ΡΠ·Π΅Π» Π½Π΅ Π³ΠΎΡΠΎΠ² ${END}"
echo "$(date) ΠΠ΄Ρ 60 ΡΠ΅ΠΊΡΠ½Π΄"
sleep $timeout1
else
remote=$(curl --silent --user "$username:$password" https://webdav.yandex.ru/vpn-$vpn/$readyfile)
echo -e "$(date) ${GREEN} Π£Π΄Π°Π»Π΅Π½Π½ΡΠΉ ΡΠ·Π΅Π» Π³ΠΎΡΠΎΠ² ${END}"
start=`curl --silent --user "${username}:${password}" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/vpn-$vpn/ | sed 's/></>n</g' | grep "start" | grep "d:displayname" | sed 's/-/ /g' | awk '{print $2}'`
if [[ -z $start ]]
then
let nextcheck=$timeout1-$date+$remote
let timestart=$date+$timeout1-$nextcheck
go=$nextcheck
echo "$timestart" > "/tmp/start-$date-$name.txt"
curl -T "/tmp/start-$date-$name.txt" --user "$username:$password" https://webdav.yandex.ru/vpn-$vpn/start-$date-$name.txt
else
echo "$(date) ΠΆΠ΄Ρ $go ΡΠ΅ΠΊΡΠ½Π΄"
sleep $go
b=1
a=''
fi
fi
done
echo -e "$(date) ${GREEN}Π€Π°Π·Π° 2 - ΠΠ±ΠΌΠ΅Π½ Π΄Π°Π½Π½ΡΠΌΠΈ ΠΈ ΡΡΡΠ°Π½ΠΎΠ²ΠΊΠ° ΡΠΎΠ΅Π΄ΠΈΠ½Π΅Π½ΠΈΡ${END}"
mydata=''
filename=''
address=''
myip=''
ip=''
port=''
ex=0
until [ $a ]; do
until [[ -n "$mydata" ]]; do
k=`echo "$stuns" | wc -w`
x=1
z=`shuf -i 1-$k -n 1`
for st in $stuns; do
if [[ $x == $z ]]; then
stun=$st;
fi;
(( x++ ));
done
echo "$(date) ΠΠΎΠ΄ΠΊΠ»ΡΡΠ΅Π½ΠΈΠ΅ ΠΈ ΠΏΠΎΠ»ΡΡΠ΅Π½ΠΈΠ΅ Π΄Π°Π½Π½ΡΡ
ΠΎΡ STUN ΡΠ΅ΡΠ²Π΅ΡΠ°: $stun"
sleep 5 && for pid in $(ps xa | grep "stun "$stun" 1 -p "$localport" -v" | grep -v grep | awk '{print $1}'); do kill $pid; done &
mydata=`stun "$stun" 1 -p "$localport" -v 2>&1 | grep "MappedAddress" | sort | uniq`
done
echo -e "$(date) ${GREEN}ΠΠΎΠΈ Π΄Π°Π½Π½ΡΠ΅ ΡΠΎΠ΅Π΄ΠΈΠ½Π΅Π½ΠΈΡ: $mydata${END}"
echo "$(date) ΠΠ°Π³ΡΡΠ·ΠΊΠ° Π΄Π°Π½Π½ΡΡ
Π½Π° Π―Π½Π΄Π΅ΠΊΡ.Π΄ΠΈΡΠΊ"
echo "$mydata" > "$DIR/mydata"
echo "IntIP $intip" >> "$DIR/mydata"
curl -T "$DIR/mydata" --user "$username:$password" https://webdav.yandex.ru/vpn-$vpn/$name-ipport.txt
rm "$DIR/mydata"
sleep 5
echo "$(date) ΠΠΎΠ»ΡΡΠ΅Π½ΠΈΠ΅ ΡΠ°ΠΉΠ»Π° Π΄Π°Π½Π½ΡΡ
ΡΠ΄Π°Π»Π΅Π½Π½ΠΎΠ³ΠΎ ΡΠ·Π»Π°"
filename=$(curl --silent --user "${username}:${password}" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/vpn-$vpn/ | sed 's/></n/g' | grep "d:displayname>" | grep "ipport" | grep -v "$name" | sed 's|.*d:displayname>||' | sed 's/</ /g' | awk '{print $1}')
if [[ -n "$filename" ]]
then
echo "$(date) Π§ΡΠ΅Π½ΠΈΠ΅ ΡΠ°ΠΉΠ»Π° Π΄Π°Π½Π½ΡΡ
ΡΠ΄Π°Π»Π΅Π½Π½ΠΎΠ³ΠΎ ΡΠ·Π»Π°: $filename"
address=$(curl --silent --user "$username:$password" https://webdav.yandex.ru/vpn-$vpn/$filename | grep "MappedAddress" | head -n1 | sed 's/:/ /g')
intip2=$(curl --silent --user "$username:$password" https://webdav.yandex.ru/vpn-$vpn/$filename | grep "IntIP" | head -n1 | awk '{print $2}')
echo "$(date) ΠΠΏΡΠ΅Π΄Π΅Π»Π΅Π½ΠΈΠ΅ IP-Π°Π΄ΡΠ΅ΡΠ° ΠΈ ΠΏΠΎΡΡΠ°: $address $sesid2 $tunid2"
ip=$(echo "$address" | awk '{print $3}')
port=$(echo "$address" | awk '{print $4}')
myip=`ip route get "$ip" | head -n 1 | sed 's|.*src ||' | awk '{print $1}'`
if [[ -n "$ip" && -n "$port" && -n "$myip" && -n "$localport" ]];
then
echo -e "$(date) ${GREEN} Π‘ΠΎΠ΅Π΄ΠΈΠ½Π΅Π½ΠΈΠ΅ $ip $port ${END}"
echo -e "`date` ${GREEN} $myip:$localport -> $ip:$port ${END}"
curl --silent --user "$username:$password" https://webdav.yandex.ru/vpn-$vpn/key.enc > "$DIR/secret.enc"
openssl AES-256-CBC -d -in "$DIR/secret.enc" -out "$key" -k "$passwd" -base64
chmod 600 "$key"
rm "$DIR/secret.enc"
openvpn --remote $ip --rport $port --lport $localport
--proto udp --dev tun --float --auth-nocache --verb 3 --mute 20
--ifconfig "$intip" "$intip2"
--secret "$key"
--auth SHA256 --cipher AES-256-CBC
--ncp-disable --ping 10 --ping-exit 20
--comp-lzo yes
a=1
b=''
fi
else
if (( $ex >= 5 ))
then
echo "$(date) Π‘Π±ΡΠΎΡ"
a=1
b=''
fi
(( ex++ ))
sleep 5
fi
done
done
Kanggo skrip bisa digunakake, sampeyan butuh:
- Salin menyang clipboard lan tempel menyang editor, contone:
# nano vpn10.sh - nuduhake login (baris 2) lan sandhi kanggo Yandex.disk (baris kaping 3).
- nemtokake alamat IP internal trowongan (baris kaping 4).
- nggawe skrip bisa dieksekusi:
# chmod +x vpn10.sh - mbukak skrip:
# ./vpn10.sh nZbVGBuX5dtturDngendi nZbVGBuX5dtturD punika ID sambungan kui
Ing simpul remot, tindakake padha, nemtokake alamat IP internal cocog trowongan lan ID sambungan.
Kanggo autorun skrip nalika diuripake, aku nggunakake printah "nohup /<path to the script>/vpn10.sh nZbVGBuX5dtturD > /var/log/vpn10.log 2>/dev/null &" sing ana ing file /etc/ rc.lokal
kesimpulan
Skrip bisa digunakake, dites ing Ubuntu (18.04, 19.10, 20.04) lan Debian 9. Sampeyan bisa nggunakake layanan liyane minangka pemancar, nanging kanggo pengalaman aku nggunakake Yandex.disk.
Sajrone eksperimen, ditemokake sawetara jinis panyedhiya NAT ora ngidini nggawe sambungan. Utamane saka operator seluler ing ngendi torrents diblokir.
Aku rencana kanggo nambah ing syarat-syarat:
- Generasi otomatis secret.key saben-saben sampeyan miwiti, enkripsi lan nyalin menyang Yandex.disk kanggo transfer menyang simpul remot (Nggatekake versi sing dianyari)
- Tugas otomatis alamat IP antarmuka
- Enkripsi data sadurunge diunggah menyang Yandex.disk
- Optimasi kode
Ayo ana IPv6 ing saben omah!
Dianyari! File paling anyar lan paket DEB ing kene -
Source: www.habr.com