fanitarana momba ny fomba nahavitako nandamina tonelina VPN mivantana teo anelanelan'ny solosaina roa ao ambadiky ny mpamatsy NAT. Ny lahatsoratra teo aloha dia nanoritsoritra ny fizotran'ny fandaminana fifandraisana miaraka amin'ny fanampian'ny antoko fahatelo - mpanelanelana (VPS nohofana miasa toy ny server STUN sy mpandefa data node ho an'ny fifandraisana). Ato amin'ity lahatsoratra ity dia holazaiko aminao ny fomba nitantanako tsy nisy VPS, fa nijanona ny mpanelanelana ary izy ireo dia ny mpizara STUN sy Yandex.Disk...
fampidirana
Rehefa avy namaky ny fanehoan-kevitra tao amin'ny lahatsoratra teo aloha, dia tsapako fa ny tena tsy fahampian'ny fampiharana dia ny fampiasana mpanelanelana - antoko fahatelo (VPS) izay manondro ny masontsivana amin'izao fotoana izao ny node, ny toerana sy ny fomba hifandraisana. Raha jerena ny tolo-kevitra hampiasana ity STUN ity () mba hamaritana ny mari-pamantarana fifandraisana ankehitriny. Voalohany indrindra, nanapa-kevitra ny hampiasa TCPDump aho mba hijerena ny votoatin'ny fonosana rehefa niasa tamin'ny mpanjifa ny mpizara STUN ary nahazo votoaty tsy azo vakina tanteraka. Googling ny protocole hitako . Tsapako fa tsy afaka mametraka fangatahana amin'ny mpizara STUN irery aho ary mametraka ilay hevitra ao anaty "boaty lavitra".
-kevitra
Vao haingana aho no tsy maintsy nametraka mpizara STUN amin'ny Debian avy amin'ny fonosana
# apt install stun-serverary tao amin'ny fiankinan-doha dia hitako ilay fonosana stun-client, saingy tsy niraharaha izany aho. Saingy taty aoriana dia nahatsiaro ny fonosana stun-client aho ary nanapa-kevitra ny hamantatra ny fomba fiasany, rehefa avy nijery sy nikaroka tao amin'ny Yandex aho dia nahazo:
# apt install stun-client
# stun stun.ekiga.net -p 21234 -v
Ho valin'izany dia nahazo aho:
STUN mpanjifa kinova 0.97
Nanokatra port 21234 miaraka amin'ny fd 3
Nanokatra port 21235 miaraka amin'ny fd 4
Fanodinana hafatra manaitra:
Fanodinana ChangeRequest: 0Saika handefa ny len 28 amin'ny 216.93.246.18:3478
Fanodinana hafatra manaitra:
Fanodinana ChangeRequest: 4Saika handefa ny len 28 amin'ny 216.93.246.18:3478
Fanodinana hafatra manaitra:
Fanodinana ChangeRequest: 2Saika handefa ny len 28 amin'ny 216.93.246.18:3478
Naharay hafatra manaitra: 92 bytes
MappedAddress = <My IP>:2885
SourceAddress = 216.93.246.18:3478
ChangedAddress = 216.93.246.17:3479
Toetra tsy fantatra: 32800
ServerName = Vovida.org 0.98-CPC
Nahazo hafatra karazana 257 id=1
Fanodinana hafatra manaitra:
Fanodinana ChangeRequest: 0Saika handefa ny len 28 amin'ny 216.93.246.17:3478
Fanodinana hafatra manaitra:
Fanodinana ChangeRequest: 4Saika handefa ny len 28 amin'ny 216.93.246.18:3478
Fanodinana hafatra manaitra:
Fanodinana ChangeRequest: 2Saika handefa ny len 28 amin'ny 216.93.246.18:3478
Fanodinana hafatra manaitra:
Fanodinana ChangeRequest: 0Handefa hafatra amin'ny len 28 amin'ny <My IP>:2885
Naharay hafatra manaitra: 28 bytes
ChangeRequest = 0
Nahazo hafatra karazana 1 id=11
Fanodinana hafatra manaitra:
Fanodinana ChangeRequest: 0Saika handefa ny len 28 amin'ny 216.93.246.17:3478
Fanodinana hafatra manaitra:
Fanodinana ChangeRequest: 4Saika handefa ny len 28 amin'ny 216.93.246.18:3478
Fanodinana hafatra manaitra:
Fanodinana ChangeRequest: 2Saika handefa ny len 28 amin'ny 216.93.246.18:3478
Naharay hafatra manaitra: 92 bytes
MappedAddress = <My IP>:2885
SourceAddress = 216.93.246.17:3479
ChangedAddress = 216.93.246.18:3478
Toetra tsy fantatra: 32800
ServerName = Vovida.org 0.98-CPC
Nahazo hafatra karazana 257 id=10
Fanodinana hafatra manaitra:
Fanodinana ChangeRequest: 4Saika handefa ny len 28 amin'ny 216.93.246.18:3478
Fanodinana hafatra manaitra:
Fanodinana ChangeRequest: 2Saika handefa ny len 28 amin'ny 216.93.246.18:3478
Fanodinana hafatra manaitra:
Fanodinana ChangeRequest: 4Saika handefa ny len 28 amin'ny 216.93.246.18:3478
Fanodinana hafatra manaitra:
Fanodinana ChangeRequest: 2Saika handefa ny len 28 amin'ny 216.93.246.18:3478
Fanodinana hafatra manaitra:
Fanodinana ChangeRequest: 4Saika handefa ny len 28 amin'ny 216.93.246.18:3478
Fanodinana hafatra manaitra:
Fanodinana ChangeRequest: 2Saika handefa ny len 28 amin'ny 216.93.246.18:3478
Fanodinana hafatra manaitra:
Fanodinana ChangeRequest: 4Saika handefa ny len 28 amin'ny 216.93.246.18:3478
Fanodinana hafatra manaitra:
Fanodinana ChangeRequest: 2Saika handefa ny len 28 amin'ny 216.93.246.18:3478
Fanodinana hafatra manaitra:
Fanodinana ChangeRequest: 4Saika handefa ny len 28 amin'ny 216.93.246.18:3478
Fanodinana hafatra manaitra:
Fanodinana ChangeRequest: 2Saika handefa ny len 28 amin'ny 216.93.246.18:3478
test I = 1
test II = 0
fitsapana III = 0
fitsapana I(2) = 1
dia nat = 1
sarintany IP mitovy = 1
volo = 1
seranan-tsambo mpitahiry = 0
Kilonga: Sarintany mahaleo tena, sivana miankina amin'ny seranan-tsambo, seranan-tsambo kisendrasendra, dia hihety volo
Ny sandan'ny fiverenana dia 0x000006
Tady misy sanda
MappedAddress = <My IP>:2885
izay ilainao ihany! Nasehony ny sata misy amin'izao fotoana izao ho an'ny fifandraisana amin'ny seranan-tsambo UDP 21234 eo an-toerana. Saingy antsasa-manilan'ny ady ihany no nipoitra ny fanontaniana momba ny fomba hamindrana ity data ity amin'ny mpampiantrano lavitra ary mandamina fifandraisana VPN. Mampiasa ny protocol mail, na angamba Telegram?! Betsaka ny safidy ary nanapa-kevitra ny hampiasa ny Yandex.disk aho, hatramin'ny nahitako azy . Rehefa avy nieritreritra momba ny fampiharana aho dia tonga tamin'ity drafitra manaraka ity:
- Famantarana fa ny nodes dia vonona ny hametraka fifandraisana amin'ny fisian'ny rakitra manokana miaraka amin'ny timestamp ao amin'ny Yandex.disk;
- Raha efa vonona ny nodes, dia raiso ny masontsivana ankehitriny avy amin'ny mpizara STUN;
- Alefaso any amin'ny Yandex.disk ny fanovana ankehitriny;
- Jereo ny fisiana ary vakio ny mari-pamantarana amin'ny node lavitra avy amin'ny rakitra ao amin'ny Yandex.disk;
- Mametraka fifandraisana amin'ny mpampiantrano lavitra mampiasa OpenVPN.
fampiharana
Rehefa avy nieritreritra kely aho, rehefa nandinika ny zavatra niainanβilay lahatsoratra farany, dia nanoratra lahatsoratra haingana aho. Mila:
# apt install openvpn stun-client curl Ny script mihitsy:
version original
# cat vpn8.sh#!/bin/bash
######################## ΠΠ°Π΄Π°Π΅ΠΌ ΡΠ²Π΅ΡΠ½ΠΎΠΉ ΡΠ΅ΠΊΡΡ ###
WARN='33[37;1;41m' #
END='33[0m' #
RED='33[0;31m' # ${RED} #
GREEN='33[0;32m' # ${GREEN} #
#################################################
####################### ΠΡΠΎΠ²Π΅ΡΡΠ΅ΠΌ Π½Π°Π»ΠΈΡΠΈΠ΅ Π½Π΅ΠΎΠ±Ρ
ΠΎΠ΄ΡΠΌΠΈΡ
ΠΏΡΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΠΉ #########################################################
al="echo readlink dirname grep awk md5sum shuf nc curl sleep openvpn cat stun"
ch=0
for i in $al; do which $i > /dev/null || echo -e "${WARN}ΠΠ»Ρ ΡΠ°Π±ΠΎΡΡ Π½Π΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌ $i ${END}"; which $i > /dev/null || ch=1; done
if (( $ch > 0 )); then echo -e "${WARN}ΠΠΉ, ΠΎΡΡΡΡΡΡΠ²ΡΡΡ Π½Π΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌΡΠ΅ Π΄Π»Ρ ΠΊΠΎΡΡΠ΅ΠΊΡΠ½ΠΎΠΉ ΡΠ°Π±ΠΎΡΡ ΠΏΡΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΡ${END}"; exit; fi
#######################################################################################################################
if [[ $1 == '' ]]; then echo -e "${WARN}ΠΠ²Π΅Π΄ΠΈΡΠ΅ ΠΈΠ΄Π΅Π½ΡΠΈΡΠΈΠΊΠ°ΡΠΎΡ ΡΠΎΠ΅Π΄ΠΈΠ½Π΅Π½ΠΈΡ (Π»ΡΠ±ΠΎΠ΅ ΡΠ½ΠΈΠΊΠ°Π»ΡΠ½ΠΎΠ΅ ΡΠ»ΠΎΠ²ΠΎ, Π΄ΠΎΠ»ΠΆΠ½ΠΎ Π±ΡΡΡ ΠΎΠ΄ΠΈΠ½Π°ΠΊΠΎΠ²ΠΎΠ΅ Ρ Π΄Π²ΡΡ
ΡΡΠΎΡΠΎΠ½!) ${END} t
${GREEN}ΠΠ»Ρ Π·Π°ΠΏΡΡΠΊΠ° Π² Π°Π²ΡΠΎΠΌΠ°ΡΠΈΡΠ΅ΡΠΊΠΎΠΌ ΡΠ΅ΠΆΠΈΠΌΠ΅ ΠΏΡΠΈ Π²ΠΊΠ»ΡΡΠ΅Π½ΠΈΠΈ ΠΊΠΎΠΌΠΏΡΡΡΠ΅ΡΠ° ΠΌΠΎΠΆΠ½ΠΎ ΠΏΡΠΎΠΏΠΈΡΠ°ΡΡ Π² /etc/rc.local ΡΡΡΠΎΠΊΡ nohup /<ΠΏΡΡΡ ΠΊ ΡΠ°ΠΉΠ»Ρ>/vpn8.sh > /var/log/vpn8.log 2>/dev/hull & ${END}"; exit; fi
ABSOLUTE_FILENAME=`readlink -f "$0"` # ΠΏΠΎΠ»Π½ΡΠΉ ΠΏΡΡΡ Π΄ΠΎ ΡΠΊΡΠΈΠΏΡΠ°
DIR=`dirname "$ABSOLUTE_FILENAME"` # ΠΊΠ°ΡΠ°Π»ΠΎΠ³ Π² ΠΊΠΎΡΠΎΡΠΎΠΌ Π»Π΅ΠΆΠΈΡ ΡΠΊΡΠΈΠΏΡ
############################### ΠΡΠΎΠ²Π΅ΡΠΊΠ° Π½Π°Π»ΠΈΡΠΈΡ ΡΠ΅ΠΊΡΠ΅ΡΠ½ΠΎΠ³ΠΎ ΠΊΠ»ΡΡΠ° ##################################
key="$DIR/secret.key"
if [ ! -f "$key" ]; then
echo -e "${WARN}Π‘Π΅ΠΊΡΠ΅ΡΠ½ΡΠΉ ΠΊΠ»ΡΡ VPN-ΡΠΎΠ΅Π΄ΠΈΠ½Π΅Π½ΠΈΡ Π½Π΅ Π½Π°ΠΉΠ΄Π΅Π½, Π΄Π»Ρ Π³Π΅Π½Π΅ΡΠ°ΡΠΈΠΈ ΠΊΠ»ΡΡΠ° Π²ΡΠΏΠΎΠ»Π½ΠΈΡΠ΅:
openvpn --genkey --secret secret.key ΠΠ½ΠΈΠΌΠ°Π½ΠΈΠ΅: ΠΊΠ»ΡΡ ΠΈΡΠΏΠΎΠ»ΡΠ·ΡΠ΅ΡΡΡ Π΄Π»Ρ Π°Π²ΡΠΎΡΠΈΠ·Π°ΡΠΈΠΈ ΠΈ Π΄ΠΎΠ»ΠΆΠ΅Π½
Π±ΡΡΡ ΠΎΠ΄ΠΈΠ½Π°ΠΊΠΎΠ²ΡΠΌ Ρ Π΄Π²ΡΡ
ΡΡΠΎΡΠΎΠ½!!!${END}
# ls -l secret.key
-rw------- 1 root root 637 Π½ΠΎΡ 27 11:12 secret.key
# chmod 600 secret.key";
exit;
fi
########################################################################################################################
ABSOLUTE_FILENAME=`readlink -f "$0"` # ΠΏΠΎΠ»Π½ΡΠΉ ΠΏΡΡΡ Π΄ΠΎ ΡΠΊΡΠΈΠΏΡΠ°
DIR=`dirname "$ABSOLUTE_FILENAME"` # ΠΊΠ°ΡΠ°Π»ΠΎΠ³ Π² ΠΊΠΎΡΠΎΡΠΎΠΌ Π»Π΅ΠΆΠΈΡ ΡΠΊΡΠΈΠΏΡ
name=$(uname -n | md5sum | awk '{print $1}')
vpn=$(echo $1 | md5sum | awk '{print $1}')
stun="stun.ekiga.net" # STUN ΡΠ΅ΡΠ²Π΅Ρ
username="Yandex" # ΠΠΎΠ³ΠΈΠ½ ΠΎΡ Π―Π½Π΄Π΅ΠΊΡ.Π΄ΠΈΡΠΊΠ°
password="Password" # ΠΠ°ΡΠΎΠ»Ρ ΠΎΡ Π―Π½Π΄Π΅ΠΊΡ.Π΄ΠΈΡΠΊΠ°
localport=`shuf -i 20000-65000 -n 1` # Π³Π΅Π½Π΅ΡΠ°ΡΠΈΡ Π»ΠΎΠΊΠ°Π»ΡΠ½ΠΎΠ³ΠΎ ΠΏΠΎΡΡΠ°
echo "$(date) Π‘ΠΎΠ·Π΄Π°Ρ ΠΏΠ°ΠΏΠΊΡ Π½Π° Π―Π½Π΄Π΅ΠΊΡ.Π΄ΠΈΡΠΊΠ΅"
curl -X MKCOL --user "${username}:${password}" https://webdav.yandex.ru/vpn-$vpn
echo "$(date) ΠΡΠΈΡΠ°Ρ ΠΏΠ°ΠΏΠΊΡ ΠΎΡ Π²ΡΡΠΊΠΎΠ³ΠΎ ΠΌΡΡΠΎΡΠ°"
for i in `curl --silent --user "$username:$password" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/vpn-$vpn/ | sed 's/></n/g' | grep "d:displayname" | sed 's/d:displayname//g' | sed 's/>//g' | sed 's/<//' | sed 's////g' | grep -v $(date +%Y-%m-%d-%H-%M)`; do
echo "$(date) Delete: $i"
curl -X DELETE --user "${username}:${password}" https://webdav.yandex.ru/vpn-$vpn/$i
done
until [ $c ];do
until [[ $b ]]; do
echo "$(date) ΠΡΠΎΠ²Π΅ΡΡΡ ΠΏΠ°ΠΏΠΊΡ"
date=`date +%Y-%m-%d-%H-%M`
mydata=`curl --silent --user "${username}:${password}" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/vpn-$vpn/ | sed 's/></>n</g' | grep $name | grep $date | grep "d:displayname"`
if [[ -z $mydata ]]; then
echo "$(date) Π€Π°ΠΉΠ» Π³ΠΎΡΠΎΠ²Π½ΠΎΡΡΠΈ ΡΠΎΠ·Π΄Π°Π½"
echo "$date" > "/tmp/$date-$name-ready.txt"
curl -T "/tmp/$date-$name-ready.txt" --user "$username:$password" https://webdav.yandex.ru/vpn-$vpn/$date-$name-ready.txt
else
echo "$(date) Π€Π°ΠΉΠ» Π³ΠΎΡΠΎΠ²Π½ΠΎΡΡΠΈ ΡΠΆΠ΅ ΡΡΡΠ΅ΡΡΠ²ΡΠ΅Ρ - $date"
fi
remote=`curl --silent --user "${username}:${password}" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/vpn-$vpn/ | sed 's/></>n</g' | grep -v $name | grep $date | grep "d:displayname"`
if [[ -z $remote ]]; then
echo -e "$(date) ${RED} Π£Π΄Π°Π»Π΅Π½Π½ΡΠΉ ΡΠ·Π΅Π» Π½Π΅ Π³ΠΎΡΠΎΠ² ${END}"
echo "$(date) ΠΠ΄Ρ"
sleep 20
else
echo -e "$(date) ${GREEN} Π£Π΄Π°Π»Π΅Π½Π½ΡΠΉ ΡΠ·Π΅Π» Π³ΠΎΡΠΎΠ² ${END}"
b=1
a=''
fi
done
until [ $a ]; do
echo "$(date) ΠΠΎΠ΄ΠΊΠ»ΡΡΠ΅Π½ΠΈΠ΅ ΠΈ ΠΏΠΎΠ»ΡΡΠ΅Π½ΠΈΠ΅ Π΄Π°Π½Π½ΡΡ
ΠΎΡ STUN ΡΠ΅ΡΠ²Π΅ΡΠ°: $stun"
mydata=`stun $stun -p $localport -v 2>&1 | grep MappedAddress | sort | uniq`
echo -e "$(date) ${GREEN}ΠΠΎΠΈ Π΄Π°Π½Π½ΡΠ΅ ΡΠΎΠ΅Π΄ΠΈΠ½Π΅Π½ΠΈΡ: $mydata${END}"
echo "$mydata" > "$DIR/mydata"
echo "$(date) ΠΠ°Π³ΡΡΠ·ΠΊΠ° Π΄Π°Π½Π½ΡΡ
Π½Π° Π―Π½Π΄Π΅ΠΊΡ.Π΄ΠΈΡΠΊ"
curl -T "$DIR/mydata" --user "$username:$password" https://webdav.yandex.ru/vpn-$vpn/$name.txt
echo "$(date) ΠΠΎΠ»ΡΡΠ΅Π½ΠΈΠ΅ ΡΠ°ΠΉΠ»Π° Π΄Π°Π½Π½ΡΡ
ΡΠ΄Π°Π»Π΅Π½Π½ΠΎΠ³ΠΎ ΡΠ·Π»Π°"
filename=$(curl --silent --user "${username}:${password}" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/vpn-$vpn/ | sed 's/></n/g' | grep "d:displayname>" | grep "txt" | grep -v "$name" | grep -v "ready" | sed 's|.*d:displayname>||' | sed 's/</ /g' | awk '{print $1}')
echo "$(date) Π§ΡΠ΅Π½ΠΈΠ΅ ΡΠ°ΠΉΠ»Π° Π΄Π°Π½Π½ΡΡ
ΡΠ΄Π°Π»Π΅Π½Π½ΠΎΠ³ΠΎ ΡΠ·Π»Π°: $filename"
address=$(curl --silent --user "$username:$password" https://webdav.yandex.ru/vpn-$vpn/$filename | sort | uniq | head -n1 | sed 's/:/ /g')
echo "$(date) ΠΠΏΡΠ΅Π΄Π΅Π»Π΅Π½ΠΈΠ΅ IP-Π°Π΄ΡΠ΅ΡΠ° ΠΈ ΠΏΠΎΡΡΠ°"
ip=$(echo "$address" | awk '{print $3}')
port=$(echo "$address" | awk '{print $4}')
if [[ -n "$ip" && -n "$port" ]]; then
echo -e "$(date) ${GREEN} Π‘ΠΎΠ΅Π΄ΠΈΠ½Π΅Π½ΠΈΠ΅ $ip $port ${END}"
openvpn --remote $ip --rport $port --lport $localport
--proto udp --dev tap --float --auth-nocache --verb 3 --mute 20
--ifconfig 10.45.54.2 255.255.255.252
--secret "$DIR/secret.key"
--auth SHA256 --cipher AES-256-CBC
--ncp-disable --ping 10 --ping-exit 30
--comp-lzo yes
echo -e "$(date) ${WARN} Π‘ΠΎΠ΅Π΄ΠΈΠ½Π΅Π½ΠΈΠ΅ ΡΠ°Π·ΠΎΡΠ²Π°Π½ΠΎ${END}"
a=1
b=''
else
a=1
b=''
fi
done
doneMba hiasa ny script dia mila:
- Adikao amin'ny takelaka ary apetaho amin'ny mpanonta, ohatra:
# nano vpn8.sh - mamaritra ny solon'anarana sy ny tenimiafina ho an'ny Yandex.disk.
- ao amin'ny saha "βifconfig 10.45.54.(1 na 2) 255.255.255.252" mamaritra ny adiresy IP anatiny an'ny interface
- MANANGANA tsiambaratelo.key baiko:
# openvpn --genkey --secret secret.key - ataovy azo tanterahina ny script:
# chmod +x vpn8.sh - mandehana ny script:
# ./vpn8.sh nZbVGBuX5dtturDizay nZbVGBuX5dtturD dia ny fifandraisana ID novokarina
Amin'ny node lavitra, ataovy mitovy daholo ny zava-drehetra afa-tsy ny famoronana secret.key sy ID fifandraisana, tsy maintsy mitovy izy ireo.
Dika nohavaozina (tsy maintsy ampifanarahina amin'ny asa marina ny fotoana):
cat vpn10.sh#!/bin/bash
stuns="stun.sipnet.ru stun.ekiga.net" # Π‘ΠΏΠΈΡΠΎΠΊ STUN ΡΠ΅ΡΠ²Π΅ΡΠΎΠ² ΡΠ΅ΡΠ΅Π· ΠΏΡΠΎΠ±Π΅Π»
username=" Login " # ΠΠΎΠ³ΠΈΠ½ ΠΎΡ Π―Π½Π΄Π΅ΠΊΡ.Π΄ΠΈΡΠΊΠ°
password=" Password " # ΠΠ°ΡΠΎΠ»Ρ ΠΎΡ Π―Π½Π΄Π΅ΠΊΡ.Π΄ΠΈΡΠΊΠ°
intip="10.23.22.1" # IP-Π°Π΄ΡΠ΅Ρ Π²Π½ΡΡΡΠ΅Π½Π½Π΅Π³ΠΎ ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡΠ°
WARN='33[37;1;41m'
END='33[0m'
RED='33[0;31m'
GREEN='33[0;32m'
al="ip echo readlink dirname grep awk md5sum openssl sha256sum shuf curl sleep openvpn cat stun"
ch=0
for i in $al; do which $i > /dev/null || echo -e "${WARN}ΠΠ»Ρ ΡΠ°Π±ΠΎΡΡ Π½Π΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌ $i ${END}"; which $i > /dev/null || ch=1; done
if (( $ch > 0 )); then echo -e "${WARN}ΠΠΉ, ΠΎΡΡΡΡΡΡΠ²ΡΡΡ Π½Π΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌΡΠ΅ Π΄Π»Ρ ΠΊΠΎΡΡΠ΅ΠΊΡΠ½ΠΎΠΉ ΡΠ°Π±ΠΎΡΡ ΠΏΡΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΡ${END}"; exit; fi
if [[ $1 == '' ]];
then
echo -e "${WARN}ΠΠ²Π΅Π΄ΠΈΡΠ΅ ΠΈΠ΄Π΅Π½ΡΠΈΡΠΈΠΊΠ°ΡΠΎΡ ΡΠΎΠ΅Π΄ΠΈΠ½Π΅Π½ΠΈΡ (Π»ΡΠ±ΠΎΠ΅ ΡΠ½ΠΈΠΊΠ°Π»ΡΠ½ΠΎΠ΅ ΡΠ»ΠΎΠ²ΠΎ, Π΄ΠΎΠ»ΠΆΠ½ΠΎ Π±ΡΡΡ ΠΎΠ΄ΠΈΠ½Π°ΠΊΠΎΠ²ΠΎΠ΅ Ρ Π΄Π²ΡΡ
ΡΡΠΎΡΠΎΠ½!) ${END} t
${GREEN}ΠΠ»Ρ Π·Π°ΠΏΡΡΠΊΠ° Π² Π°Π²ΡΠΎΠΌΠ°ΡΠΈΡΠ΅ΡΠΊΠΎΠΌ ΡΠ΅ΠΆΠΈΠΌΠ΅ ΠΏΡΠΈ Π²ΠΊΠ»ΡΡΠ΅Π½ΠΈΠΈ ΠΊΠΎΠΌΠΏΡΡΡΠ΅ΡΠ° ΠΌΠΎΠΆΠ½ΠΎ ΠΏΡΠΎΠΏΠΈΡΠ°ΡΡ Π² /etc/rc.local ΡΡΡΠΎΠΊΡ nohup /<ΠΏΡΡΡ ΠΊ ΡΠ°ΠΉΠ»Ρ>/vpn10.sh > /var/log/vpn10.log 2>/dev/hull & ${END}"
exit
fi
ABSOLUTE_FILENAME=`readlink -f "$0"` # ΠΏΠΎΠ»Π½ΡΠΉ ΠΏΡΡΡ Π΄ΠΎ ΡΠΊΡΠΈΠΏΡΠ°
DIR=`dirname "$ABSOLUTE_FILENAME"` # ΠΊΠ°ΡΠ°Π»ΠΎΠ³ Π² ΠΊΠΎΡΠΎΡΠΎΠΌ Π»Π΅ΠΆΠΈΡ ΡΠΊΡΠΈΠΏΡ
key="$DIR/secret.key"
until [[ -n "$iftosrv" ]]
do
echo "$(date) ΠΠΏΡΠ΅Π΄Π΅Π»ΡΡ ΡΠ΅ΡΠ΅Π²ΠΎΠΉ ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡ"; iftosrv=`ip route get 8.8.8.8 | head -n 1 | sed 's|.*dev ||' | awk '{print $1}'`
sleep 5
done
timedatectl
name=$(uname -n | md5sum | awk '{print $1}')
vpn=$(echo $1 | md5sum | awk '{print $1}')
echo "$(date) Π‘ΠΎΠ·Π΄Π°Ρ ΠΏΠ°ΠΏΠΊΡ Π½Π° Π―Π½Π΄Π΅ΠΊΡ.Π΄ΠΈΡΠΊΠ΅"
curl -X MKCOL --user "${username}:${password}" https://webdav.yandex.ru/vpn-$vpn
echo "$(date) ID Π½Π° Π΄ΠΈΡΠΊΠ΅: $vpn"
until [ $c ];do
echo "$(date) ΠΡΠΈΡΠ°Ρ ΠΏΠ°ΠΏΠΊΡ ΠΎΡ Π²ΡΡΠΊΠΎΠ³ΠΎ ΠΌΡΡΠΎΡΠ°"
for i in `curl --silent --user "$username:$password" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/vpn-$vpn/ | sed 's/></n/g' | grep "d:displayname" | sed 's/d:displayname//g' | sed 's/>//g' | sed 's/<//' | sed 's////g' | grep -v $(date +%Y-%m-%d-%H-%M)`
do
echo -e "$(date)${RED} Π£Π΄Π°Π»ΡΡ ΡΡΠ°ΡΡΠΉ ΡΠ°ΠΉΠ»: $i${END}"
curl -X DELETE --user "${username}:${password}" https://webdav.yandex.ru/vpn-$vpn/$i
done
echo "$(date) ID Π½Π° Π΄ΠΈΡΠΊΠ΅: $vpn"
openvpn --genkey --secret "$key"
passwd=`echo "$vpn-tt" | sha256sum | awk '{print $1}'`
openssl AES-256-CBC -e -in "$key" -out "$DIR/file.enc" -k "$passwd" -base64
curl -T "$DIR/file.enc" --user "$username:$password" https://webdav.yandex.ru/vpn-$vpn/key.enc
rm "$DIR"/file.enc
echo -e "$(date) ${GREEN}Π€Π°Π·Π° 1 - ΠΠΎΠ»ΡΡΠ΅Π½ΠΈΠ΅ Π³ΠΎΡΠΎΠ²Π½ΠΎΡΡΠΈ ΡΠ΄Π°Π»Π΅Π½Π½ΠΎΠ³ΠΎ ΡΠ·Π»Π°${END}"
go=3
localport=`shuf -i 20000-65000 -n 1` # Π³Π΅Π½Π΅ΡΠ°ΡΠΈΡ Π»ΠΎΠΊΠ°Π»ΡΠ½ΠΎΠ³ΠΎ ΠΏΠΎΡΡΠ°
start=''
remote=''
timeout1=''
nextcheck=''
timestart=''
until [[ $b ]]
do
echo "$(date) ΠΡΠΎΠ²Π΅ΡΡΡ ΠΏΠ°ΠΏΠΊΡ"
date=`date +%s`
timeout1=60
echo "$(date) Π‘ΠΎΠ·Π΄Π°Π½ΠΈΠ΅ ΡΠ°ΠΉΠ»Π° Π³ΠΎΡΠΎΠ²Π½ΠΎΡΡΠΈ $date"
echo "$date" > "/tmp/ready-$date-$name.txt"
curl -T "/tmp/ready-$date-$name.txt" --user "$username:$password" https://webdav.yandex.ru/vpn-$vpn/ready-$name.txt
readyfile=`curl --silent --user "${username}:${password}" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/vpn-$vpn/ | sed 's/></>n</g' | grep -v $name | grep "ready" | grep "d:displayname" | sed 's/<d:displayname>//g' | sed 's/</d:displayname>//g'`
if [[ -z $readyfile ]]
then
echo -e "$(date) ${RED} Π£Π΄Π°Π»Π΅Π½Π½ΡΠΉ ΡΠ·Π΅Π» Π½Π΅ Π³ΠΎΡΠΎΠ² ${END}"
echo "$(date) ΠΠ΄Ρ 60 ΡΠ΅ΠΊΡΠ½Π΄"
sleep $timeout1
else
remote=$(curl --silent --user "$username:$password" https://webdav.yandex.ru/vpn-$vpn/$readyfile)
echo -e "$(date) ${GREEN} Π£Π΄Π°Π»Π΅Π½Π½ΡΠΉ ΡΠ·Π΅Π» Π³ΠΎΡΠΎΠ² ${END}"
start=`curl --silent --user "${username}:${password}" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/vpn-$vpn/ | sed 's/></>n</g' | grep "start" | grep "d:displayname" | sed 's/-/ /g' | awk '{print $2}'`
if [[ -z $start ]]
then
let nextcheck=$timeout1-$date+$remote
let timestart=$date+$timeout1-$nextcheck
go=$nextcheck
echo "$timestart" > "/tmp/start-$date-$name.txt"
curl -T "/tmp/start-$date-$name.txt" --user "$username:$password" https://webdav.yandex.ru/vpn-$vpn/start-$date-$name.txt
else
echo "$(date) ΠΆΠ΄Ρ $go ΡΠ΅ΠΊΡΠ½Π΄"
sleep $go
b=1
a=''
fi
fi
done
echo -e "$(date) ${GREEN}Π€Π°Π·Π° 2 - ΠΠ±ΠΌΠ΅Π½ Π΄Π°Π½Π½ΡΠΌΠΈ ΠΈ ΡΡΡΠ°Π½ΠΎΠ²ΠΊΠ° ΡΠΎΠ΅Π΄ΠΈΠ½Π΅Π½ΠΈΡ${END}"
mydata=''
filename=''
address=''
myip=''
ip=''
port=''
ex=0
until [ $a ]; do
until [[ -n "$mydata" ]]; do
k=`echo "$stuns" | wc -w`
x=1
z=`shuf -i 1-$k -n 1`
for st in $stuns; do
if [[ $x == $z ]]; then
stun=$st;
fi;
(( x++ ));
done
echo "$(date) ΠΠΎΠ΄ΠΊΠ»ΡΡΠ΅Π½ΠΈΠ΅ ΠΈ ΠΏΠΎΠ»ΡΡΠ΅Π½ΠΈΠ΅ Π΄Π°Π½Π½ΡΡ
ΠΎΡ STUN ΡΠ΅ΡΠ²Π΅ΡΠ°: $stun"
sleep 5 && for pid in $(ps xa | grep "stun "$stun" 1 -p "$localport" -v" | grep -v grep | awk '{print $1}'); do kill $pid; done &
mydata=`stun "$stun" 1 -p "$localport" -v 2>&1 | grep "MappedAddress" | sort | uniq`
done
echo -e "$(date) ${GREEN}ΠΠΎΠΈ Π΄Π°Π½Π½ΡΠ΅ ΡΠΎΠ΅Π΄ΠΈΠ½Π΅Π½ΠΈΡ: $mydata${END}"
echo "$(date) ΠΠ°Π³ΡΡΠ·ΠΊΠ° Π΄Π°Π½Π½ΡΡ
Π½Π° Π―Π½Π΄Π΅ΠΊΡ.Π΄ΠΈΡΠΊ"
echo "$mydata" > "$DIR/mydata"
echo "IntIP $intip" >> "$DIR/mydata"
curl -T "$DIR/mydata" --user "$username:$password" https://webdav.yandex.ru/vpn-$vpn/$name-ipport.txt
rm "$DIR/mydata"
sleep 5
echo "$(date) ΠΠΎΠ»ΡΡΠ΅Π½ΠΈΠ΅ ΡΠ°ΠΉΠ»Π° Π΄Π°Π½Π½ΡΡ
ΡΠ΄Π°Π»Π΅Π½Π½ΠΎΠ³ΠΎ ΡΠ·Π»Π°"
filename=$(curl --silent --user "${username}:${password}" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/vpn-$vpn/ | sed 's/></n/g' | grep "d:displayname>" | grep "ipport" | grep -v "$name" | sed 's|.*d:displayname>||' | sed 's/</ /g' | awk '{print $1}')
if [[ -n "$filename" ]]
then
echo "$(date) Π§ΡΠ΅Π½ΠΈΠ΅ ΡΠ°ΠΉΠ»Π° Π΄Π°Π½Π½ΡΡ
ΡΠ΄Π°Π»Π΅Π½Π½ΠΎΠ³ΠΎ ΡΠ·Π»Π°: $filename"
address=$(curl --silent --user "$username:$password" https://webdav.yandex.ru/vpn-$vpn/$filename | grep "MappedAddress" | head -n1 | sed 's/:/ /g')
intip2=$(curl --silent --user "$username:$password" https://webdav.yandex.ru/vpn-$vpn/$filename | grep "IntIP" | head -n1 | awk '{print $2}')
echo "$(date) ΠΠΏΡΠ΅Π΄Π΅Π»Π΅Π½ΠΈΠ΅ IP-Π°Π΄ΡΠ΅ΡΠ° ΠΈ ΠΏΠΎΡΡΠ°: $address $sesid2 $tunid2"
ip=$(echo "$address" | awk '{print $3}')
port=$(echo "$address" | awk '{print $4}')
myip=`ip route get "$ip" | head -n 1 | sed 's|.*src ||' | awk '{print $1}'`
if [[ -n "$ip" && -n "$port" && -n "$myip" && -n "$localport" ]];
then
echo -e "$(date) ${GREEN} Π‘ΠΎΠ΅Π΄ΠΈΠ½Π΅Π½ΠΈΠ΅ $ip $port ${END}"
echo -e "`date` ${GREEN} $myip:$localport -> $ip:$port ${END}"
curl --silent --user "$username:$password" https://webdav.yandex.ru/vpn-$vpn/key.enc > "$DIR/secret.enc"
openssl AES-256-CBC -d -in "$DIR/secret.enc" -out "$key" -k "$passwd" -base64
chmod 600 "$key"
rm "$DIR/secret.enc"
openvpn --remote $ip --rport $port --lport $localport
--proto udp --dev tun --float --auth-nocache --verb 3 --mute 20
--ifconfig "$intip" "$intip2"
--secret "$key"
--auth SHA256 --cipher AES-256-CBC
--ncp-disable --ping 10 --ping-exit 20
--comp-lzo yes
a=1
b=''
fi
else
if (( $ex >= 5 ))
then
echo "$(date) Π‘Π±ΡΠΎΡ"
a=1
b=''
fi
(( ex++ ))
sleep 5
fi
done
done
Mba hiasa ny script dia mila:
- Adikao amin'ny takelaka ary apetaho amin'ny mpanonta, ohatra:
# nano vpn10.sh - manondro ny fidirana (andalana faha-2) sy ny tenimiafina ho an'ny Yandex.disk (andalana faha-3).
- mamaritra ny adiresy IP anatiny amin'ny tonelina (andalana faha-4).
- ataovy azo tanterahina ny script:
# chmod +x vpn10.sh - mandehana ny script:
# ./vpn10.sh nZbVGBuX5dtturDizay nZbVGBuX5dtturD dia ny fifandraisana ID novokarina
Ao amin'ny node lavitra, manaova toy izany koa, mamaritra ny adiresy IP anatiny mifanaraka amin'ny tonelina sy ny fifandraisana ID.
Mba hamerenana ny script rehefa mandeha dia mampiasa ny baiko aho "nohup /<lalana mankany amin'ny script>/vpn10.sh nZbVGBuX5dtturD > /var/log/vpn10.log 2>/dev/null &" voarakitra ao amin'ny rakitra /etc/ rc.local
famaranana
Ny script dia miasa, nosedraina tamin'ny Ubuntu (18.04, 19.10, 20.04) ary Debian 9. Azonao atao ny mampiasa serivisy hafa ho toy ny mpandefa, fa noho ny traikefa dia nampiasa Yandex.disk.
Nandritra ny andrana dia hita fa misy karazana mpamatsy NAT tsy mamela ny fametrahana fifandraisana. Avy amin'ny mpandraharaha finday izay voasakana ny torrent.
Mikasa ny hanatsara aho amin'ny lafiny:
- Famoronana mandeha ho azy ny secret.key isaky ny manomboka ianao, asio encryption ary kopia ao amin'ny Yandex.disk mba hafindra any amin'ny node lavitra (Raha jerena ny dikan-teny nohavaozina)
- Fametrahana ho azy ny adiresy IP an'ny interface
- Fametahana angona alohan'ny hampidirana ao amin'ny Yandex.disk
- Optimization kaody
Aoka hisy IPv6 isaky ny trano!
Nohavaozina! Ny rakitra farany sy ny fonosana DEB eto -
Source: www.habr.com