ProHoster > Блог > Whakahaerenga > Te hanga pouara ki SOCKS i runga i te pona me Debian 10

Te hanga pouara ki SOCKS i runga i te pona me Debian 10

Mo te tau katoa (e rua ranei) ka mutu taku whakaputa i tenei tuhinga mo te take matua - kua oti kee au te whakaputa i nga tuhinga e rua i whakaahuahia e au te hanga i tetahi pouara ki SOCKS mai i tetahi pona noa me Debian.

Heoi, mai i tera wa kua whakahoutia te putanga pumau o Debian ki a Buster, he maha nga tangata i whakapā mai ki a au mo te tono mo te tatūnga, ko te tikanga ko aku tuhinga o mua kaore i te pau. Ae, i whakaaro ahau ko nga tikanga kua tuhia ki roto i a raatau kaore e tino whakaatu i nga ahuatanga katoa o te whakatuu Linux mo te arataki i roto i a SOCKS. I tua atu, kua tuhia mo Debian Stretch, a, i muri i te whakahou ki a Buster, i roto i te punaha init systemd, i kite ahau i nga huringa iti i roto i te taunekeneke o nga ratonga. A i roto i nga tuhinga ake, kaore au i whakamahi i te systemd-networkd, ahakoa he pai rawa atu mo nga whirihoranga whatunga uaua.

I tua atu i nga huringa i runga ake nei, ko nga ratonga e whai ake nei i taapirihia ki taku whirihoranga: hostapd - ratonga mo te mariko tohu uru, ntp ki te tukutahi i te wa o nga kiritaki whatunga rohe, dnscrypt-takawaenga ki te whakamuna hononga ma te DNS me te whakakore i nga panui i runga i nga kaihoko whatunga rohe, me hoki, pera i taku korero i mua, systemd-whatungad mo te whirihora i nga atanga whatunga.

Anei he hoahoa poraka ngawari o te hanganga o roto o taua pouara.

Te hanga pouara ki SOCKS i runga i te pona me Debian 10

Na, me whakamahara ahau he aha nga whainga o tenei raupapa tuhinga:

  1. Arataki i nga hononga OS katoa ki SOCKS, me nga hononga mai i nga taputapu katoa i runga i te whatunga kotahi me te pona.
  2. Ko te pona kei roto i taku keehi me noho tino pūkoro. Arā, ki te hoatu i te whai waahi ki te whakamahi i te taiao papamahi me te kore e herea ki te waahi tinana.
  3. Ko te tohu whakamutunga ko te hononga me te ararere anake ma te atanga ahokore i hangaia.
  4. Ae ra, ko te hanga i tetahi aratohu matawhānui, me te tātaritanga o nga hangarau e tika ana ki te pai o taku mohiotanga iti.

He aha te korero i roto i tenei tuhinga:

  1. git — tango i nga putunga kaupapa tun2sockse hiahiatia ana ki te tuku waka TCP ki SOCKS, a hanga_ap — he tuhinga hei whakaaunoa i te tatūnga o te waahi uru mariko ma te whakamahi hostapd.
  2. tun2socks — hanga me te whakauru i te ratonga systemd ki te punaha.
  3. systemd-whatungad — whirihora i nga atanga ahokore me te mariko, nga ripanga ararere pateko me te hurihanga o te paatete.
  4. hanga_ap — whakauruhia te ratonga systemd ki te punaha, whirihora me te whakarewa i tetahi waahi uru mariko.

Ko nga taahiraa hei whiriwhiri:

  • ntp — tāuta me te whirihora i te tūmau hei tukutahi i te wā ki ngā kiritaki wāhi uru mariko.
  • dnscrypt-takawaenga — ka whakamunahia e matou nga tono DNS, ka tukuna ki nga SOCKS ka whakakorehia nga rohe panui mo te whatunga rohe.

He aha tenei katoa?

Koinei tetahi o nga huarahi hei whakapumau i nga hononga TCP i runga i te whatunga rohe. Ko te painga nui ko nga hononga katoa ka mahia ki SOCKS, mena ka hangaia he ara pateko mo ratou ma te kuaha taketake. Ko te tikanga tenei kaore koe e hiahia ki te tautuhi i nga tautuhinga tūmau SOCKS mo nga kaupapa takitahi, mo nga kiritaki ranei i runga i te whatunga rohe - ka haere katoa ki SOCKS ma te taunoa, na te mea ko te keti taunoa tae noa ki ta maatau e tohu.

Ko te tikanga ka taapirihia e matou he pouara whakamuna tuarua hei pona ki mua i te pouara taketake me te whakamahi i te hononga Ipurangi o te pouara taketake mo nga tono SOCKS kua whakamunatia a te pona, ka huri hei huarahi me te whakamuna i nga tono a nga kiritaki LAN.

Mai i te tirohanga a te kaiwhakarato, ka hono tonu matou ki tetahi tūmau me nga waka whakamuna.

Na reira, ka hono nga taputapu katoa ki te waahi uru mariko o te pona.

Tāutahia te tun2socks ki te punaha

I te mea kei te ipurangi to miihini, tangohia nga taputapu e tika ana.

apt update
apt install git make cmake

Tikiake i te mōkihi badvpn

git clone https://github.com/ambrop72/badvpn

Ka puta he kōpaki ki to punaha badvpn. Waihangahia he kōpaki motuhake mo te hanga

mkdir badvpn-build

Haere ki reira

cd badvpn-build

Kohikohi tun2socks

cmake ../badvpn -DBUILD_NOTHING_BY_DEFAULT=1 -DBUILD_TUN2SOCKS=1

Tāutahia ki te punaha

make install
  • Taumahi -DBUILD_NOTHING_BY_DEFAULT=1 ka whakakorehia te hanga o nga waahanga katoa o te putunga badvpn.
  • -DBUILD_TUN2SOCKS=1 kei roto tetahi waahanga o te huihuinga tun2socks.
  • make install — ka whakauru i te tun2socks rua ki to punaha i /usr/local/bin/badvpn-tun2socks.

Tāutahia te ratonga tun2socks ki te systemd

Waihangatia he kōnae /etc/systemd/system/tun2socks.service me nga ihirangi e whai ake nei:

[Unit]
Description=SOCKS TCP Relay

[Service]
ExecStart=/usr/local/bin/badvpn-tun2socks --tundev tun2socks --netif-ipaddr 172.16.1.1 --netif-netmask 255.255.255.0 --socks-server-addr 127.0.0.1:9050

[Install]
WantedBy=multi-user.target
  • --tundev - ka mau te ingoa o te atanga mariko i arawhitia e matou ki te systemd-networkd.
  • --netif-ipaddr — te wahitau whatunga o te "pouara" tun2socks e hono ana te atanga mariko. He pai ake me wehe ke kupengaroto kua rahuitia.
  • --socks-server-addr - ka whakaae ki te turanga (адрес:порт nga tūmau SOCKS).

Mena kei te hiahia motuhēhēnga tō tūmau SOCKS, ka taea e koe te tohu i ngā tawhā --username и --password.

I muri mai, rēhitatia te ratonga

systemctl daemon-reload

A huri i te reira

systemctl enable tun2socks

I mua i te tiimata i te ratonga, ka tukuna e matou he atanga whatunga mariko.

Te huri ki te systemd-networkd

Whakauru matou systemd-networkd:

systemctl enable systemd-networkd

Monokia nga ratonga whatunga o naianei.

systemctl disable networking NetworkManager NetworkManager-wait-online
  • NetworkManager-tatari-ipurangi he ratonga e tatari ana mo te hononga whatunga mahi i mua i te tiimata o te systemd i etahi atu ratonga e whakawhirinaki ana ki te waahi o te whatunga. Kei te whakakorehia e matou i te wa e huri ana matou ki te raupaparorohiko systemd-networkd.

Kia taea e tatou i te reira tonu:

systemctl enable systemd-networkd-wait-online

Whakaritea te atanga whatunga ahokore

Waihangatia he konae whirihoranga systemd-networkd mo te atanga whatunga ahokore /etc/systemd/network/25-wlp6s0.network.

[Match]
Name=wlp6s0

[Network]
Address=192.168.1.2/24
IPForward=yes
  • ingoa ko te ingoa o to atanga ahokore. Tautuhia me te whakahau ip a.
  • IPForward - he tohutohu e taea ai te huri i te paakete ki runga i te atanga whatunga.
  • Wāhitau kei a ia te kawenga mo te tautapa i tetahi wahitau IP ki te atanga ahokore. Ka whakapūtāhia e mātou nā te mea he rite tonu te tohutohu DHCP=yes, ka hangaia e systemd-networkd he kuaha taunoa i runga i te punaha. Na ka haere nga waka katoa ma te kuaha taketake, kaua ma te atanga mariko kei te heke mai i runga i te kupengaroto rereke. Ka taea e koe te tirotiro i te kuaha taunoa o naianei ma te whakahau ip r

Waihangatia he ara pateko mo te tūmau SOCKS mamao

Mēnā ehara tō tūmau SOCKS i te rohe, engari he mamao, me hanga e koe he ara pateko mo taua mea. Ki te mahi i tenei, taapirihia he waahanga Route ki te mutunga o te kōnae whirihoranga atanga ahokore i hanga e koe me nga ihirangi e whai ake nei:

[Route]
Gateway=192.168.1.1
Destination=0.0.0.0
  • Gateway — koinei te kuaha taunoa, te wahitau ranei o to waahi uru tuatahi.
  • Destination — Wāhitau tūmau SOCKS.

Whirihorahia te wpa_supplicant mo systemd-networkd

Ka whakamahia e te systemd-networkd te wpa_supplicant ki te hono atu ki tetahi waahi uru haumaru. I te wa e ngana ana ki te "whakaarahia" te atanga ahokore, ka tiimata te punaha-whatunga i te ratonga wpa_supplicant@имяte wahi имя ko te ingoa o te atanga ahokore. Mena kaore koe i whakamahi i te systemd-networkd i mua i tenei waahanga, ka ngaro pea tenei ratonga i to punaha.

Na, hangahia me te whakahau:

systemctl enable wpa_supplicant@wlp6s0

I whakamahia e ahau wlp6s0 ko te ingoa o tana atanga ahokore. He rereke pea to ingoa. Ka taea e koe te mohio me te whakahau ip l.

Inaianei ko te ratonga hanga wpa_supplicant@wlp6s0 ka whakarewahia ina "whakaarahia" te atanga ahokore, heoi, ka rapua e ia nga SSID me nga tautuhinga kupuhipa o te waahi uru i roto i te konae. /etc/wpa_supplicant/wpa_supplicant-wlp6s0. Na reira, me hanga e koe ma te whakamahi i te whaipainga wpa_passphrase.

Hei mahi i tenei, whakahaerehia te whakahau:

wpa_passphrase SSID password>/etc/wpa_supplicant/wpa_supplicant-wlp6s0.conf

te wahi SSID ko te ingoa o to waahi uru, ko te kupuhipa te kupuhipa, a wlp6s0 — te ingoa o to atanga ahokore.

Arawhiti te atanga mariko mo tun2socks

Waihangahia he konae hei arawhiti i tetahi atanga mariko hou i roto i te punaha/etc/systemd/network/25-tun2socks.netdev

[NetDev]
Name=tun2socks
Kind=tun
  • ingoa ko te ingoa ka tautapahia e systemd-networkd ki te atanga mariko a meake nei ina arawhitia.
  • Kind he momo atanga mariko. Mai i te ingoa o te ratonga tun2socks, ka taea e koe te whakaaro ka whakamahia e ia he atanga penei tun.
  • netdev Ko te toronga o nga konae e systemd-networkd Ka whakamahia hei arawhiti i nga atanga whatunga mariko. Ko te wahitau me etahi atu tautuhinga whatunga mo enei atanga kua tohua ki roto Tuhinga-kōnae.

Waihangahia he konae penei /etc/systemd/network/25-tun2socks.network me nga ihirangi e whai ake nei:

[Match]
Name=tun2socks

[Network]
Address=172.16.1.2/24
Gateway=172.16.1.1
  • Name — te ingoa o te atanga mariko i tohua e koe netdev-kōnae.
  • Address — Wāhitau IP ka tohua ki te atanga mariko. Me noho i runga i te whatunga rite ki te wahitau i tohua e koe i roto i te ratonga tun2socks
  • Gateway - Wāhitau IP o te "pouara" tun2socks, i tohua e koe i te wa e hanga ana i te ratonga systemd.

Na te atanga tun2socks he wāhi noho 172.16.1.2, me te ratonga tun2socks - 172.16.1.1, ara, ko te kuaha mo nga hononga katoa mai i te atanga mariko.

Whakaritea he waahi uru mariko

Tāutahia ngā whakawhirinakitanga:

apt install util-linux procps hostapd iw haveged

Tikiake i te rokiroki waihanga_ap ki to waka:

git clone https://github.com/oblique/create_ap

Haere ki te kōpaki penapena i runga i to miihini:

cd create_ap

Tāutahia ki te pūnaha:

make install

Ka puta he whirihora ki to punaha /etc/create_ap.conf. Anei nga whiringa whakatika matua:

  • GATEWAY=10.0.0.1 — he pai ake kia waiho hei kupengaroto motuhake kua rahuitia.
  • NO_DNS=1 - mono, na te mea ka whakahaerehia tenei tawhā e te atanga mariko systemd-networkd.
  • NO_DNSMASQ=1 - whakawetohia mo te take ano.
  • WIFI_IFACE=wlp6s0 — atanga ahokore pona.
  • INTERNET_IFACE=tun2socks - he atanga mariko i hangaia mo tun2socks.
  • SSID=hostapd — ingoa o te waahi uru mariko.
  • PASSPHRASE=12345678 - kupuhipa.

Kaua e wareware ki te whakahohe i te ratonga:

systemctl enable create_ap

Whakahohehia te tūmau DHCP i te systemd-networkd

Ratonga create_ap ka arawhiti i te atanga mariko i roto i te punaha ap0. I roto i te ariā, e iri ana te dnsmasq ki runga i tenei atanga, engari he aha te whakauru i etahi atu ratonga mena kei roto i te systemd-networkd he tūmau DHCP kua hangaia?

Kia taea ai, ka tautuhia e matou nga tautuhinga whatunga mo te waahi mariko. Ki te mahi i tenei, hanga he konae /etc/systemd/network/25-ap0.network me nga ihirangi e whai ake nei:

[Match]
Name=ap0

[Network]
Address=10.0.0.1/24
DHCPServer=yes

[DHCPServer]
EmitDNS=yes
DNS=10.0.0.1
EmitNTP=yes
NTP=10.0.0.1

I muri i te mahi create_ap ka arawhiti te atanga mariko ap0, ka tohua aunoatia e systemd-networkd he wāhitau IP ka taea te tūmau DHCP.

Nga aho EmitDNS=yes и DNS=10.0.0.1 tuku tautuhinga tūmau DNS ki nga taputapu e hono ana ki te waahi uru.

Mena kaore koe e whakamahere ki te whakamahi i tetahi tūmau DNS rohe - i taku keehi he dnscrypt-proxy - ka taea e koe te whakauru DNS=10.0.0.1 в DNS=192.168.1.1te wahi 192.168.1.1 — te wahitau o to kuwaha taketake. Katahi nga tono DNS mo to kaihautu me to whatunga paetata ka kore whakamuna i roto i nga kaitoro a te kaiwhakarato.

EmitNTP=yes и NTP=192.168.1.1 whakawhiti tautuhinga NTP.

He pera ano mo te raina NTP=10.0.0.1.

Tāuta me te whirihora i te tūmau NTP

Tāutahia ki te pūnaha:

apt install ntp

Whakatikaina te whirihora /etc/ntp.conf. Korerohia nga wahitau o nga puna paerewa:

#pool 0.debian.pool.ntp.org iburst
#pool 1.debian.pool.ntp.org iburst
#pool 2.debian.pool.ntp.org iburst
#pool 3.debian.pool.ntp.org iburst

Tāpiri wāhitau tūmau tūmatanui, hei tauira Google Public NTP:

server time1.google.com ibrust
server time2.google.com ibrust
server time3.google.com ibrust
server time4.google.com ibrust

Whakaratohia te uru ki te tūmau ki nga kiritaki o to whatunga:

restrict 10.0.0.0 mask 255.255.255.0

Whakahohe te haapurororaa ki to whatunga:

broadcast 10.0.0.255

Ka mutu, tāpirihia ngā wāhitau o ēnei tūmau ki te ripanga ararere pateko. Ki te mahi i tenei, whakatuwhera te kōnae whirihoranga atanga ahokore /etc/systemd/network/25-wlp6s0.network ka taapiri atu ki te mutunga o te waahanga Route.

[Route]
Gateway=192.168.1.1
Destination=216.239.35.0

[Route]
Gateway=192.168.1.1
Destination=216.239.35.4

[Route]
Gateway=192.168.1.1
Destination=216.239.35.8

[Route]
Gateway=192.168.1.1
Destination=216.239.35.12

Ka taea e koe te kimi i nga wahitau o o tūmau NTP ma te whakamahi i te taputapu host e whai ake nei:

host time1.google.com

Tāutahia te dnscrypt-proxy, tangohia nga panui me te huna i nga hokohoko DNS mai i to kaiwhakarato

apt install dnscrypt-proxy

Hei mahi i nga uiui DNS kaihautu me te whatunga rohe, whakatikahia te turanga /lib/systemd/system/dnscrypt-proxy.socket. Hurihia nga rarangi e whai ake nei:

ListenStream=0.0.0.0:53
ListenDatagram=0.0.0.0:53

Tīmata Anō systemd:

systemctl daemon-reload

Whakatikaina te whirihora /etc/dnscrypt-proxy/dnscrypt-proxy.toml:

server_names = ['adguard-dns']

Hei arai i nga hononga dnscrypt-takawaenga ma tun2socks, taapirihia ki raro:

force_tcp = true

Whakatikaina te whirihora /etc/resolv.conf, e korero ana ki te tūmau DNS ki te kaihautū.

nameserver 127.0.0.1
nameserver 192.168.1.1

Ko te rarangi tuatahi ka taea te whakamahi i te dnscrypt-proxy, ko te rarangi tuarua ka whakamahi i te keeti taketake mena karekau te tūmau dnscrypt-proxy i te waatea.

Kua oti!

Whakahoutia, whakamutua ranei te whakahaere ratonga whatunga:

systemctl stop networking NetworkManager NetworkManager-wait-online

Na ka timata ano nga mea katoa e tika ana:

systemctl restart systemd-networkd tun2socks create_ap dnscrypt-proxy ntp

I muri i te whakaara ano, i te whakaara ano ranei, ka whai waahi tuarua koe e arai ana i te kaihautu me nga taputapu LAN ki SOCKS.

Koinei te ahua o te putanga ip a pona auau:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: tun2socks: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 500
    link/none 
    inet 172.16.1.2/24 brd 172.16.1.255 scope global tun2socks
       valid_lft forever preferred_lft forever
    inet6 fe80::122b:260:6590:1b0e/64 scope link stable-privacy 
       valid_lft forever preferred_lft forever
3: enp4s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
    link/ether e8:11:32:0e:01:50 brd ff:ff:ff:ff:ff:ff
4: wlp6s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 4c:ed:de:cb:cf:85 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.2/24 brd 192.168.1.255 scope global wlp6s0
       valid_lft forever preferred_lft forever
    inet6 fe80::4eed:deff:fecb:cf85/64 scope link 
       valid_lft forever preferred_lft forever
5: ap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 4c:ed:de:cb:cf:86 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.1/24 brd 10.0.0.255 scope global ap0
       valid_lft forever preferred_lft forever
    inet6 fe80::4eed:deff:fecb:cf86/64 scope link 
       valid_lft forever preferred_lft forever

Ka rite ki te hua,

  1. Ka kite noa te kaiwhakarato i te hononga whakamunatia ki to tūmau SOCKS, ko te tikanga karekau e kitea.
  2. Heoi ano ka kite i o tono NTP, hei aukati i tenei, tangohia nga huarahi pateko mo nga tūmau NTP. Heoi, karekau i te tino mohio ka whakaaetia e to tūmau SOCKS te kawa NTP.

I kitea a Crutch i runga i a Debain 10

Mena ka ngana koe ki te whakaara ano i te ratonga whatunga mai i te papatohu, ka taka he hapa. Ko tenei na te mea ko tetahi waahanga o te ahua o te atanga mariko e herea ana ki te ratonga tun2socks, ko te tikanga ka whakamahia. Hei timata ano i te ratonga whatunga, me whakamutu i te ratonga tun2socks. Engari, ki taku whakaaro, mena ka panui koe ki te mutunga, karekau he raru mo koe!

tohutoro

  1. Ararere pateko i runga i te Linux - IBM
  2. systemd-networkd.service - Freedesktop.org
  3. Tun2socks · ambrop72/badvpn Wiki · GitHub
  4. oblique/create_ap: Ka hangaia e tenei tuhinga he WIFI WIFI NATed or Bridged Access Point.
  5. dnscrypt-proxy 2 — He takawaenga DNS ngawari, me te tautoko mo nga kawa DNS whakamunatia.

Source: will.com