Salve!
In hoc articulo volo tibi dicere quomodo perficiatur.) Scriptum Bash pro duobus computers connectendis post NAT utens UDP foramine pulsandi technologiam utens Ubuntu/Debian OS in exemplum.
Connexio constituenda pluribus gradibus consistit;
- Proficiscens nodi et remotus nodi se paratos opperiens;
- Determinans externum IP oratio et UDP portum;
- Inscriptiones IP externam transferentes portum et UDP exercitum remotum;
- Adipiscendi IP oratio externa et portum UDP ab hospite remoto;
- Organization of an IPIP cuniculi;
- Connection vigilantia;
- Si nexus periit, IPIP cuniculum dele.
Diu cogitabam et adhuc cogitabam quid adhiberi possit ad notitias commutandas inter nodos, simplicissima et celerrima in me momento laborat per Yandex.disk.
- Uno modo facile est uti - opus 3 actus: crea, lege, delere. Cum Crispum hoc est;
Creare:curl -s -X MKCOL --user "$usename:$password" https://webdav.yandex.ru/$folderLegere:
curl -s --user "$usename:$password" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/$folderDelere:
curl -s -X DELETE --user "$usename:$password" https://webdav.yandex.ru/$folder - Secundo facile est instituere;
apt install curl
Ad constituendum externum IP oratio et UDP portum, imperio stun-clientis utere:
stun stun.sipnet.ru -v -p $1 2>&1 | grep "MappedAddress"Institutionem cum imperio:
apt install stun-clientAd cuniculum, vexillum OS instrumenta e sarcina iproute2 ordinanda adhibita sunt. Est quod levari potest utens vexillum significat (L2TPv3, GRE, etc.), sed IPIP elegi quia minimum additicium onus in systemate creat. Conatus sum L2TPv3 super UDP et frustratus est, celeritas 10 temporum omissa, sed hae variae restrictiones ad providers vel aliquid aliud referri possunt. Cum cuniculum IPIP in gradu IP operetur, FOU cuniculum ad UDP portum in plano operandum adhibetur. Ad cuniculum IPIP organize opus est:
- modulus FOU load:
modprobe fou- portum loci audi:
ip fou add port $localport ipproto 4- creare cuniculum;
ip link add name fou$name type ipip remote $remoteip local $localip encap fou encap-sport $localport encap-dport $remoteport- attollere cuniculum interface;
ip link set up dev fou$name- assignare locum internum et internum remotis inscriptionibus IP cuniculi;
ip addr add $intIP peer $peerip dev fou$nameCuniculum delere:
ip link del dev fou$nameip fou del port $localportStatus cuniculi monitorem per intervalla pingendo interna IP inscriptione nodi remoti cuniculi cum mandato:
ping -c 1 $peerip -s 0Pinga periodica imprimis ad alveum tuendum opus est, alioquin, cum cuniculum otiosum est, NAT tabulae in iter aperiri possunt et nexus frangi potest.
Si ping evanescit, tunc IPIP cuniculum deletur et promptitudinem exspectat ab hospite remoto.
Scriptum ipsum;
#!/bin/bash
username="[email protected]"
password="password"
folder="vpnid"
intip="10.0.0.1"
localport=`shuf -i 10000-65000 -n 1`
cid=`shuf -i 10000-99999 -n 1`
tid=`shuf -i 10-99 -n 1`
function yaread {
curl -s --user "$1:$2" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/$3 | sed 's/></>n</g' | grep "displayname" | sed 's/<d:displayname>//g' | sed 's/</d:displayname>//g' | grep -v $3 | grep -v $4 | sort -r
}
function yacreate {
curl -s -X MKCOL --user "$1:$2" https://webdav.yandex.ru/$3
}
function yadelete {
curl -s -X DELETE --user "$1:$2" https://webdav.yandex.ru/$3
}
function myipport {
stun stun.sipnet.ru -v -p $1 2>&1 | grep "MappedAddress" | sort | uniq | awk '{print $3}' | head -n1
}
function tunnel-up {
modprobe fou
ip fou add port $4 ipproto 4
ip link add name fou$7 type ipip remote $1 local $3 encap fou encap-sport $4 encap-dport $2
ip link set up dev fou$7
ip addr add $6 peer $5 dev fou$7
}
function tunnel-check {
sleep 10
pings=0
until [[ $pings == 4 ]]; do
if ping -c 1 $1 -s 0 &>/dev/null;
then echo -n .; n=0
else echo -n !; ((pings++))
fi
sleep 15
done
}
function tunnel-down {
ip link del dev fou$1
ip fou del port $2
}
trap 'echo -e "nDisconnecting..." && yadelete $username $password $folder; tunnel-down $tunnelid $localport; echo "IPIP tunnel disconnected!"; exit 1' 1 2 3 8 9 14 15
until [[ -n $end ]]; do
yacreate $username $password $folder
until [[ -n $ip ]]; do
mydate=`date +%s`
timeout="60"
list=`yaread $username $password $folder $cid | head -n1`
yacreate $username $password $folder/$mydate:$cid
for l in $list; do
if [ `echo $l | sed 's/:/ /g' | awk {'print $1'}` -ge $(($mydate-65)) ]; then
#echo $list
myipport=`myipport $localport`
yacreate $username $password $folder/$mydate:$cid:$myipport:$intip:$tid
timeout=$(( $timeout + `echo $l | sed 's/:/ /g' | awk {'print $1'}` - $mydate + 3 ))
ip=`echo $l | sed 's/:/ /g' | awk '{print $3}'`
port=`echo $l | sed 's/:/ /g' | awk '{print $4}'`
peerip=`echo $l | sed 's/:/ /g' | awk '{print $5}'`
peerid=`echo $l | sed 's/:/ /g' | awk '{print $6}'`
if [[ -n $peerid ]]; then tunnelid=$(($peerid*$tid)); fi
fi
done
if ( [[ -z "$ip" ]] && [ "$timeout" -gt 0 ] ) ; then
echo -n "!"
sleep $timeout
fi
done
localip=`ip route get $ip | head -n1 | sed 's|.*src ||' | cut -d' ' -f1`
tunnel-up $ip $port $localip $localport $peerip $intip $tunnelid
tunnel-check $peerip
tunnel-down $tunnelid $localport
yadelete $username $password $folder
unset ip port myipport
done
exit 0variables More, Password ΠΈ folder idem sit utrimque, sed intip - Varium, exempli causa: 10.0.0.1 et 10.0.0.2. Tempus in nodis synchronum esse debet. Scriptum est sic currere potes:
nohup script.sh &Velim ut animum advoces ad hoc cuniculum IPIP tutum non esse ab eo quod negotiatio non encryptatur, sed hoc facile solvetur utendo IPsec super simplex et comprehensibile mihi visum est.
Hoc scripto usus sum ad coniungere ad opus PC per aliquot septimanas nunc nec difficultates ullas animadverti. Commode in verbis collocandi et obliti.
Fortasse commentarios et suggestiones habebis, libenter audire.
Π‘ΠΏΠ°ΡΠΈΠ±ΠΎ Π·Π° Π²Π½ΠΈΠΌΠ°Π½ΠΈΠ΅!
Source: www.habr.com