Salve!
In hoc articulo volo tibi dicere quomodo perficiatur.
Connexio constituenda pluribus gradibus consistit;
- Proficiscens nodi et remotus nodi se paratos opperiens;
- Determinans externum IP oratio et UDP portum;
- Inscriptiones IP externam transferentes portum et UDP exercitum remotum;
- Adipiscendi IP oratio externa et portum UDP ab hospite remoto;
- Organization of an IPIP cuniculi;
- Connection vigilantia;
- Si nexus periit, IPIP cuniculum dele.
Diu cogitabam et adhuc cogitabam quid adhiberi possit ad notitias commutandas inter nodos, simplicissima et celerrima in me momento laborat per Yandex.disk.
- Uno modo facile est uti - opus 3 actus: crea, lege, delere. Cum Crispum hoc est;
Creare:curl -s -X MKCOL --user "$usename:$password" https://webdav.yandex.ru/$folder
Legere:
curl -s --user "$usename:$password" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/$folder
Delere:
curl -s -X DELETE --user "$usename:$password" https://webdav.yandex.ru/$folder
- Secundo facile est instituere;
apt install curl
Ad constituendum externum IP oratio et UDP portum, imperio stun-clientis utere:
stun stun.sipnet.ru -v -p $1 2>&1 | grep "MappedAddress"
Institutionem cum imperio:
apt install stun-client
Ad cuniculum, vexillum OS instrumenta e sarcina iproute2 ordinanda adhibita sunt. Est
- modulus FOU load:
modprobe fou
- portum loci audi:
ip fou add port $localport ipproto 4
- creare cuniculum;
ip link add name fou$name type ipip remote $remoteip local $localip encap fou encap-sport $localport encap-dport $remoteport
- attollere cuniculum interface;
ip link set up dev fou$name
- assignare locum internum et internum remotis inscriptionibus IP cuniculi;
ip addr add $intIP peer $peerip dev fou$name
Cuniculum delere:
ip link del dev fou$name
ip fou del port $localport
Status cuniculi monitorem per intervalla pingendo interna IP inscriptione nodi remoti cuniculi cum mandato:
ping -c 1 $peerip -s 0
Pinga periodica imprimis ad alveum tuendum opus est, alioquin, cum cuniculum otiosum est, NAT tabulae in iter aperiri possunt et nexus frangi potest.
Si ping evanescit, tunc IPIP cuniculum deletur et promptitudinem exspectat ab hospite remoto.
Scriptum ipsum;
#!/bin/bash
username="[email protected]"
password="password"
folder="vpnid"
intip="10.0.0.1"
localport=`shuf -i 10000-65000 -n 1`
cid=`shuf -i 10000-99999 -n 1`
tid=`shuf -i 10-99 -n 1`
function yaread {
curl -s --user "$1:$2" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/$3 | sed 's/></>n</g' | grep "displayname" | sed 's/<d:displayname>//g' | sed 's/</d:displayname>//g' | grep -v $3 | grep -v $4 | sort -r
}
function yacreate {
curl -s -X MKCOL --user "$1:$2" https://webdav.yandex.ru/$3
}
function yadelete {
curl -s -X DELETE --user "$1:$2" https://webdav.yandex.ru/$3
}
function myipport {
stun stun.sipnet.ru -v -p $1 2>&1 | grep "MappedAddress" | sort | uniq | awk '{print $3}' | head -n1
}
function tunnel-up {
modprobe fou
ip fou add port $4 ipproto 4
ip link add name fou$7 type ipip remote $1 local $3 encap fou encap-sport $4 encap-dport $2
ip link set up dev fou$7
ip addr add $6 peer $5 dev fou$7
}
function tunnel-check {
sleep 10
pings=0
until [[ $pings == 4 ]]; do
if ping -c 1 $1 -s 0 &>/dev/null;
then echo -n .; n=0
else echo -n !; ((pings++))
fi
sleep 15
done
}
function tunnel-down {
ip link del dev fou$1
ip fou del port $2
}
trap 'echo -e "nDisconnecting..." && yadelete $username $password $folder; tunnel-down $tunnelid $localport; echo "IPIP tunnel disconnected!"; exit 1' 1 2 3 8 9 14 15
until [[ -n $end ]]; do
yacreate $username $password $folder
until [[ -n $ip ]]; do
mydate=`date +%s`
timeout="60"
list=`yaread $username $password $folder $cid | head -n1`
yacreate $username $password $folder/$mydate:$cid
for l in $list; do
if [ `echo $l | sed 's/:/ /g' | awk {'print $1'}` -ge $(($mydate-65)) ]; then
#echo $list
myipport=`myipport $localport`
yacreate $username $password $folder/$mydate:$cid:$myipport:$intip:$tid
timeout=$(( $timeout + `echo $l | sed 's/:/ /g' | awk {'print $1'}` - $mydate + 3 ))
ip=`echo $l | sed 's/:/ /g' | awk '{print $3}'`
port=`echo $l | sed 's/:/ /g' | awk '{print $4}'`
peerip=`echo $l | sed 's/:/ /g' | awk '{print $5}'`
peerid=`echo $l | sed 's/:/ /g' | awk '{print $6}'`
if [[ -n $peerid ]]; then tunnelid=$(($peerid*$tid)); fi
fi
done
if ( [[ -z "$ip" ]] && [ "$timeout" -gt 0 ] ) ; then
echo -n "!"
sleep $timeout
fi
done
localip=`ip route get $ip | head -n1 | sed 's|.*src ||' | cut -d' ' -f1`
tunnel-up $ip $port $localip $localport $peerip $intip $tunnelid
tunnel-check $peerip
tunnel-down $tunnelid $localport
yadelete $username $password $folder
unset ip port myipport
done
exit 0
variables More, Password ΠΈ folder idem sit utrimque, sed intip - Varium, exempli causa: 10.0.0.1 et 10.0.0.2. Tempus in nodis synchronum esse debet. Scriptum est sic currere potes:
nohup script.sh &
Velim ut animum advoces ad hoc cuniculum IPIP tutum non esse ab eo quod negotiatio non encryptatur, sed hoc facile solvetur utendo IPsec super
Hoc scripto usus sum ad coniungere ad opus PC per aliquot septimanas nunc nec difficultates ullas animadverti. Commode in verbis collocandi et obliti.
Fortasse commentarios et suggestiones habebis, libenter audire.
Π‘ΠΏΠ°ΡΠΈΠ±ΠΎ Π·Π° Π²Π½ΠΈΠΌΠ°Π½ΠΈΠ΅!
Source: www.habr.com