Articulus quomodo potui currere a servo VPN post NAT provisoris domus meae (sine IP inscriptione alba). Fac me statim reservatio: quod exsecutio huius exsecutionis directe dependet a provisore tuo provisoris NAT, sicut et in via itineris.
Itaque opus erat coniungere ex mea Android Mauris quis felis cum domum meam computantem, ambae machinis per provisorem NATs Interreti connectuntur, plus computatorium per iter itineris coniungitur, quod etiam NATs hospites.
Ordo rerum usus VPS/VDS conducto cum inscriptione IP alba, et inscriptionem IP albam ex provisore locavit, pluribus de causis non reputatum est.
Attentis
$ stun stun.sipnet.ru
obtinuit exitum;
STUN client version 0.97
Primaria: Mapping independens, Filter Independens, portus temere, voluntas derepta
Redi valorem is 0x000002
Interpretatio litteralis:
Independens Mapping - independens mapping
Filtrum independens - filter independens
temere portum - temere portum
et derepta - erunt derepta
Currens simile mandatum de PC meo, accepi;
STUN client version 0.97
Primaria: Independens Mapping, Portus Filtrum dependens, portum temere, voluntas derepta
Redi valorem is 0x000006
Portus Filtrum Dependens - Portus dependens Filtrum
Differentia in eventus mandati output significavit iter itineris domesticum "conlationem suam" facere ad processum transmittendi ex interreti, quod in eo manifestatum est quod mandatum in computatorio exsequens:
stun stun.sipnet.ru -p 11111 -v
Questus sum effectus;
...
MappedAddress = XX.1XX.1X4.2XX:4398
...
hoc momento, UDP sessionis aliquandiu aperta est, si hoc momento petitionem UDP mittes (exempli gratia: netcat XX.1XX.1X4.2XX 4398 -u), petitio tunc venit ad iter itineris, quod erat. confirmatum per TCPDump in ea currit, sed petitio computatrum - IPtables non peruenit, ut NAT interpres itineris, omissa est.
Sed hoc ipsum quod postulatio UDP per provisoris NAT spem eveni dedit. Cum iter itineris in mea iurisdictione positum est, problema solvi UDP/11111 portum ad computatorium reducendo:
iptables -t nat -A PREROUTING -i eth1 -p udp -d 10.1XX.2XX.XXX --dport 11111 -j DNAT --to-destination 192.168.X.XXX
Ita sessionem UDP inchoare potui et petitiones recipere ab aliqua IP inscriptione interreti. Hoc momento, OpenVPN-servatorem (prius figuratum) audientem UDP/11111 excussi, externam IP inscriptionem et portum (XX.1XX.1X4.2XX:4398) in felis conexum et feliciter connexum e mauris in computer. Sed in hac exsecutione quaestio orta est: oportuit aliquo modo ponere sessionem UDP usque ad clientem OpenVPN cum servo connexum, nolui optionem periodice deducendi STUN clientem - nolui onus perdere in servientibus Atton.
Ego quoque animadvertit ingressum "
Hairpinning permittit unam machinam in retis localis post NAT accedere aliam machinam in eadem retis in inscriptione externa itineris.
Quam ob rem problema UDP sessionis servandi simpliciter solvi - clientem in eodem computatrum cum servo deduci.
Hoc sic fecit:
- STO clientem in portum launched 11111 loci "
- responsum accepit cum inscriptione externa IP et portu XX.1XX.1X4.2XX:4398
- IP notitia externa misit ad portum et inscriptio (quodlibet aliud officium fieri potest) felis in felis
- launched in OpenVPN servo in computatrale audire UDP / 11111 portum
- launched OpenVPN clientem in computatrum ratione XX.1XX.1X4.2XX: (CDXCVIII ad nexum)
- quandocumque clientem OpenVPN deiecerunt in felis demonstrando IP oratio et portum (me in casu IP oratio non mutavit) coniungere
Hoc modo potui coniungere cum computatro meo ex Mauris quis felis. Haec exsecutio permittit ut aliquem OpenVPN clientem coniungere.
praxi
Vos mos postulo:
# apt install openvpn stun-client sendemail
Conscriptis duobus scriptis, duobus fasciculis configurationis, ac necessarios testimoniales generasse (cum cliens in quis felis tantum cum libellis operatur), solitam exsecutionem servi OpenVPN consecuti sumus.
Pelagus scriptum in computatrum
# cat vpn11.sh
#!/bin/bash
until [[ -n "$iftosrv" ]]; do echo "$(date) ΠΠΏΡΠ΅Π΄Π΅Π»ΡΡ ΡΠ΅ΡΠ΅Π²ΠΎΠΉ ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡ"; iftosrv=`ip route get 8.8.8.8 | head -n 1 | sed 's|.*dev ||' | awk '{print $1}'`; sleep 5; done
ABSOLUTE_FILENAME=`readlink -f "$0"`
DIR=`dirname "$ABSOLUTE_FILENAME"`
localport=11111
until [[ $a ]]; do
address=`stun stun.sipnet.ru -v -p $localport 2>&1 | grep "MappedAddress" | sort | uniq | head -n 1 | sed 's/:/ /g' | awk '{print $3" "$4}'`
ip=`echo "$address" | awk {'print $1'}`
port=`echo "$address" | awk {'print $2'}`
srv="openvpn --config $DIR/server.conf --port $localport --daemon"
$srv
echo "$(date) Π‘Π΅ΡΠ²Π΅Ρ Π·Π°ΠΏΡΡΠ΅Π½ Ρ Π²Π½Π΅ΡΠ½ΠΈΠΌ Π°Π΄ΡΠ΅ΡΠΎΠΌ $ip:$port"
$DIR/sendemail.sh "OpenVPN-Server" "$ip:$port"
sleep 1
openvpn --config $DIR/client.conf --remote $ip --port $port
echo "$(date) CΠΎΠ΅Π΄ΠΈΠ½Π΅Π½ΠΈΠ΅ ΠΊΠ»ΠΈΠ΅Π½ΡΠ° Ρ ΡΠ΅ΡΠ²Π΅ΡΠΎΠΌ ΡΠ°Π·ΠΎΡΠ²Π°Π½ΠΎ"
for i in `ps xa | grep "$srv" | grep -v grep | awk '{print $1}'`; do
kill $i && echo "$(date) ΠΠ°Π²Π΅ΡΡΠ΅Π½ ΠΏΡΠΎΡΠ΅ΡΡ ΡΠ΅ΡΠ²Π΅ΡΠ° $i ($srv)"
done
echo "ΠΠ΄Ρ 15 ΡΠ΅ΠΊ"
sleep 15
done
Scriptum mittendi notitia inscriptio:
# cat sendemail.sh
#!/bin/bash
from="ΠΡ ΠΊΠΎΠ³ΠΎ"
pass="ΠΠ°ΡΠΎΠ»Ρ"
to="ΠΠΎΠΌΡ"
theme="$1"
message="$2"
server="smtp.yandex.ru:587"
sendEmail -o tls=yes -f "$from" -t "$to" -s "$server" -xu "$from" -xp "$pass" -u "$theme" -m "$message"
Configurationis file Servo:
# cat server.conf
proto udp
dev tun
ca /home/vpn11-srv/ca.crt
cert /home/vpn11-srv/server.crt
key /home/vpn11-srv/server.key
dh /home/vpn11-srv/dh2048.pem
server 10.2.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
tls-server
tls-auth /home/vpn11-srv/ta.key 0
tls-timeout 60
auth SHA256
cipher AES-256-CBC
client-to-client
keepalive 10 30
comp-lzo
max-clients 10
user nobody
group nogroup
persist-key
persist-tun
log /var/log/vpn11-server.log
verb 3
mute 20
Configuratio clientis lima:
# cat client.conf
client
dev tun
proto udp
ca "/home/vpn11-srv/ca.crt"
cert "/home/vpn11-srv/client1.crt"
key "/home/vpn11-srv/client1.key"
tls-client
tls-auth "/home/vpn11-srv/ta.key" 1
auth SHA256
cipher AES-256-CBC
auth-nocache
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
log /var/log/vpn11-clent.log
verb 3
mute 20
ping 10
ping-exit 30
Testimonia generata usura
Cursor script;
# ./vpn11.sh
Per primum illud exsecutabile
# chmod +x vpn11.sh
Mauris quis felis
Installing applicatione OpenVPN pro Androidexscriptus, fasciculus, testimoniales et configuratus, ita evenit:
Ego reprehendo meum email felis a me
Ego recensere portum numerus in occasus
Et coniungere client et launch
Dum hunc articulum scribebam, configurationem ex computatro meo ad Raspberry Pi 3 transtuli et totam rem in LTE modem currere conatus sum, sed non laboravit! Mandatum Proventus
# stun stun.ekiga.net -p 11111
STUN client version 0.97
Primaria: Independens Mapping, Portus Filtrum dependens, portum temere, voluntas derepta
Redi valorem is 0x000006
idest Portus dependens Filter ratio incipere non permisit.
Sed provisor provisor domum suam systema in Raspberry Pi 3 sine ullis quaestionibus committitur.
Coniuncta cum webcam, cum VLC for
creando RTSP amnis webcam
$ cvlc v4l2:///dev/video0:chroma=h264 :input-slave=alsa://hw:1,0 --sout '#transcode{vcodec=x264,venc=x264{preset=ultrafast,profile=baseline,level=31},vb=2048,fps=12,scale=1,acodec=mpga,ab=128,channels=2,samplerate=44100,scodec=none}:rtp{sdp=rtsp://10.2.0.1:8554/}' --no-sout-all --sout-keep
et VLC in Mauris quis felis ad videndum (rtsp://10.2.0.1:8554/ rivum), evenit ut bona ratio custodiae video remotae, etiam Samba instituere potes, iter negotiationis per VPN, remotius computatrum tuum et multum moderare. plus...
conclusio,
Ut praxis ostendit, servo VPN ordinare, facere potes sine inscriptione externa IP pro qua reddere debes, sicut pro conducto VPS/VDS. Sed id ex tellus. Sane plura volui de diversis provisoribus et generibus NATs uti, sed hoc est principium...
Π‘ΠΏΠ°ΡΠΈΠ±ΠΎ Π·Π° Π²Π½ΠΈΠΌΠ°Π½ΠΈΠ΅!
Source: www.habr.com