Te hanga pouara ki SOCKS i runga i te pona me Debian 10
Mo te tau katoa (e rua ranei) ka mutu taku whakaputa i tenei tuhinga mo te take matua - kua oti kee au te whakaputa i nga tuhinga e rua i whakaahuahia e au te hanga i tetahi pouara ki SOCKS mai i tetahi pona noa me Debian.
Heoi, mai i tera wa kua whakahoutia te putanga pumau o Debian ki a Buster, he maha nga tangata i whakapā mai ki a au mo te tono mo te tatūnga, ko te tikanga ko aku tuhinga o mua kaore i te pau. Ae, i whakaaro ahau ko nga tikanga kua tuhia ki roto i a raatau kaore e tino whakaatu i nga ahuatanga katoa o te whakatuu Linux mo te arataki i roto i a SOCKS. I tua atu, kua tuhia mo Debian Stretch, a, i muri i te whakahou ki a Buster, i roto i te punaha init systemd, i kite ahau i nga huringa iti i roto i te taunekeneke o nga ratonga. A i roto i nga tuhinga ake, kaore au i whakamahi i te systemd-networkd, ahakoa he pai rawa atu mo nga whirihoranga whatunga uaua.
I tua atu i nga huringa i runga ake nei, ko nga ratonga e whai ake nei i taapirihia ki taku whirihoranga: hostapd - ratonga mo te mariko tohu uru, ntp ki te tukutahi i te wa o nga kiritaki whatunga rohe, dnscrypt-takawaenga ki te whakamuna hononga ma te DNS me te whakakore i nga panui i runga i nga kaihoko whatunga rohe, me hoki, pera i taku korero i mua, systemd-whatungad mo te whirihora i nga atanga whatunga.
Anei he hoahoa poraka ngawari o te hanganga o roto o taua pouara.
Na, me whakamahara ahau he aha nga whainga o tenei raupapa tuhinga:
Arataki i nga hononga OS katoa ki SOCKS, me nga hononga mai i nga taputapu katoa i runga i te whatunga kotahi me te pona.
Ko te pona kei roto i taku keehi me noho tino pūkoro. Arā, ki te hoatu i te whai waahi ki te whakamahi i te taiao papamahi me te kore e herea ki te waahi tinana.
Ko te tohu whakamutunga ko te hononga me te ararere anake ma te atanga ahokore i hangaia.
Ae ra, ko te hanga i tetahi aratohu matawhānui, me te tātaritanga o nga hangarau e tika ana ki te pai o taku mohiotanga iti.
He aha te korero i roto i tenei tuhinga:
git — tango i nga putunga kaupapa tun2sockse hiahiatia ana ki te tuku waka TCP ki SOCKS, a hanga_ap — he tuhinga hei whakaaunoa i te tatūnga o te waahi uru mariko ma te whakamahi hostapd.
tun2socks — hanga me te whakauru i te ratonga systemd ki te punaha.
systemd-whatungad — whirihora i nga atanga ahokore me te mariko, nga ripanga ararere pateko me te hurihanga o te paatete.
hanga_ap — whakauruhia te ratonga systemd ki te punaha, whirihora me te whakarewa i tetahi waahi uru mariko.
Ko nga taahiraa hei whiriwhiri:
ntp — tāuta me te whirihora i te tūmau hei tukutahi i te wā ki ngā kiritaki wāhi uru mariko.
dnscrypt-takawaenga — ka whakamunahia e matou nga tono DNS, ka tukuna ki nga SOCKS ka whakakorehia nga rohe panui mo te whatunga rohe.
He aha tenei katoa?
Koinei tetahi o nga huarahi hei whakapumau i nga hononga TCP i runga i te whatunga rohe. Ko te painga nui ko nga hononga katoa ka mahia ki SOCKS, mena ka hangaia he ara pateko mo ratou ma te kuaha taketake. Ko te tikanga tenei kaore koe e hiahia ki te tautuhi i nga tautuhinga tūmau SOCKS mo nga kaupapa takitahi, mo nga kiritaki ranei i runga i te whatunga rohe - ka haere katoa ki SOCKS ma te taunoa, na te mea ko te keti taunoa tae noa ki ta maatau e tohu.
Ko te tikanga ka taapirihia e matou he pouara whakamuna tuarua hei pona ki mua i te pouara taketake me te whakamahi i te hononga Ipurangi o te pouara taketake mo nga tono SOCKS kua whakamunatia a te pona, ka huri hei huarahi me te whakamuna i nga tono a nga kiritaki LAN.
Mai i te tirohanga a te kaiwhakarato, ka hono tonu matou ki tetahi tūmau me nga waka whakamuna.
Na reira, ka hono nga taputapu katoa ki te waahi uru mariko o te pona.
Tāutahia te tun2socks ki te punaha
I te mea kei te ipurangi to miihini, tangohia nga taputapu e tika ana.
apt update
apt install git make cmake
Tikiake i te mōkihi badvpn
git clone https://github.com/ambrop72/badvpn
Ka puta he kōpaki ki to punaha badvpn. Waihangahia he kōpaki motuhake mo te hanga
NetworkManager-tatari-ipurangi he ratonga e tatari ana mo te hononga whatunga mahi i mua i te tiimata o te systemd i etahi atu ratonga e whakawhirinaki ana ki te waahi o te whatunga. Kei te whakakorehia e matou i te wa e huri ana matou ki te raupaparorohiko systemd-networkd.
Kia taea e tatou i te reira tonu:
systemctl enable systemd-networkd-wait-online
Whakaritea te atanga whatunga ahokore
Waihangatia he konae whirihoranga systemd-networkd mo te atanga whatunga ahokore /etc/systemd/network/25-wlp6s0.network.
ingoa ko te ingoa o to atanga ahokore. Tautuhia me te whakahau ip a.
IPForward - he tohutohu e taea ai te huri i te paakete ki runga i te atanga whatunga.
Wāhitau kei a ia te kawenga mo te tautapa i tetahi wahitau IP ki te atanga ahokore. Ka whakapūtāhia e mātou nā te mea he rite tonu te tohutohu DHCP=yes, ka hangaia e systemd-networkd he kuaha taunoa i runga i te punaha. Na ka haere nga waka katoa ma te kuaha taketake, kaua ma te atanga mariko kei te heke mai i runga i te kupengaroto rereke. Ka taea e koe te tirotiro i te kuaha taunoa o naianei ma te whakahau ip r
Waihangatia he ara pateko mo te tūmau SOCKS mamao
Mēnā ehara tō tūmau SOCKS i te rohe, engari he mamao, me hanga e koe he ara pateko mo taua mea. Ki te mahi i tenei, taapirihia he waahanga Route ki te mutunga o te kōnae whirihoranga atanga ahokore i hanga e koe me nga ihirangi e whai ake nei:
[Route]
Gateway=192.168.1.1
Destination=0.0.0.0
Gateway — koinei te kuaha taunoa, te wahitau ranei o to waahi uru tuatahi.
Destination — Wāhitau tūmau SOCKS.
Whirihorahia te wpa_supplicant mo systemd-networkd
Ka whakamahia e te systemd-networkd te wpa_supplicant ki te hono atu ki tetahi waahi uru haumaru. I te wa e ngana ana ki te "whakaarahia" te atanga ahokore, ka tiimata te punaha-whatunga i te ratonga wpa_supplicant@имяte wahi имя ko te ingoa o te atanga ahokore. Mena kaore koe i whakamahi i te systemd-networkd i mua i tenei waahanga, ka ngaro pea tenei ratonga i to punaha.
Na, hangahia me te whakahau:
systemctl enable wpa_supplicant@wlp6s0
I whakamahia e ahau wlp6s0 ko te ingoa o tana atanga ahokore. He rereke pea to ingoa. Ka taea e koe te mohio me te whakahau ip l.
Inaianei ko te ratonga hanga wpa_supplicant@wlp6s0 ka whakarewahia ina "whakaarahia" te atanga ahokore, heoi, ka rapua e ia nga SSID me nga tautuhinga kupuhipa o te waahi uru i roto i te konae. /etc/wpa_supplicant/wpa_supplicant-wlp6s0. Na reira, me hanga e koe ma te whakamahi i te whaipainga wpa_passphrase.
te wahi SSID ko te ingoa o to waahi uru, ko te kupuhipa te kupuhipa, a wlp6s0 — te ingoa o to atanga ahokore.
Arawhiti te atanga mariko mo tun2socks
Waihangahia he konae hei arawhiti i tetahi atanga mariko hou i roto i te punaha/etc/systemd/network/25-tun2socks.netdev
[NetDev]
Name=tun2socks
Kind=tun
ingoa ko te ingoa ka tautapahia e systemd-networkd ki te atanga mariko a meake nei ina arawhitia.
Kind he momo atanga mariko. Mai i te ingoa o te ratonga tun2socks, ka taea e koe te whakaaro ka whakamahia e ia he atanga penei tun.
netdev Ko te toronga o nga konae e systemd-networkd Ka whakamahia hei arawhiti i nga atanga whatunga mariko. Ko te wahitau me etahi atu tautuhinga whatunga mo enei atanga kua tohua ki roto Tuhinga-kōnae.
Waihangahia he konae penei /etc/systemd/network/25-tun2socks.network me nga ihirangi e whai ake nei:
Name — te ingoa o te atanga mariko i tohua e koe netdev-kōnae.
Address — Wāhitau IP ka tohua ki te atanga mariko. Me noho i runga i te whatunga rite ki te wahitau i tohua e koe i roto i te ratonga tun2socks
Gateway - Wāhitau IP o te "pouara" tun2socks, i tohua e koe i te wa e hanga ana i te ratonga systemd.
Na te atanga tun2socks he wāhi noho 172.16.1.2, me te ratonga tun2socks - 172.16.1.1, ara, ko te kuaha mo nga hononga katoa mai i te atanga mariko.
Whakaritea he waahi uru mariko
Tāutahia ngā whakawhirinakitanga:
apt install util-linux procps hostapd iw haveged
Tikiake i te rokiroki waihanga_ap ki to waka:
git clone https://github.com/oblique/create_ap
Haere ki te kōpaki penapena i runga i to miihini:
cd create_ap
Tāutahia ki te pūnaha:
make install
Ka puta he whirihora ki to punaha /etc/create_ap.conf. Anei nga whiringa whakatika matua:
GATEWAY=10.0.0.1 — he pai ake kia waiho hei kupengaroto motuhake kua rahuitia.
NO_DNS=1 - mono, na te mea ka whakahaerehia tenei tawhā e te atanga mariko systemd-networkd.
NO_DNSMASQ=1 - whakawetohia mo te take ano.
WIFI_IFACE=wlp6s0 — atanga ahokore pona.
INTERNET_IFACE=tun2socks - he atanga mariko i hangaia mo tun2socks.
SSID=hostapd — ingoa o te waahi uru mariko.
PASSPHRASE=12345678 - kupuhipa.
Kaua e wareware ki te whakahohe i te ratonga:
systemctl enable create_ap
Whakahohehia te tūmau DHCP i te systemd-networkd
Ratonga create_ap ka arawhiti i te atanga mariko i roto i te punaha ap0. I roto i te ariā, e iri ana te dnsmasq ki runga i tenei atanga, engari he aha te whakauru i etahi atu ratonga mena kei roto i te systemd-networkd he tūmau DHCP kua hangaia?
Kia taea ai, ka tautuhia e matou nga tautuhinga whatunga mo te waahi mariko. Ki te mahi i tenei, hanga he konae /etc/systemd/network/25-ap0.network me nga ihirangi e whai ake nei:
I muri i te mahi create_ap ka arawhiti te atanga mariko ap0, ka tohua aunoatia e systemd-networkd he wāhitau IP ka taea te tūmau DHCP.
Nga aho EmitDNS=yes и DNS=10.0.0.1 tuku tautuhinga tūmau DNS ki nga taputapu e hono ana ki te waahi uru.
Mena kaore koe e whakamahere ki te whakamahi i tetahi tūmau DNS rohe - i taku keehi he dnscrypt-proxy - ka taea e koe te whakauru DNS=10.0.0.1 в DNS=192.168.1.1te wahi 192.168.1.1 — te wahitau o to kuwaha taketake. Katahi nga tono DNS mo to kaihautu me to whatunga paetata ka kore whakamuna i roto i nga kaitoro a te kaiwhakarato.
EmitNTP=yes и NTP=192.168.1.1 whakawhiti tautuhinga NTP.
He pera ano mo te raina NTP=10.0.0.1.
Tāuta me te whirihora i te tūmau NTP
Tāutahia ki te pūnaha:
apt install ntp
Whakatikaina te whirihora /etc/ntp.conf. Korerohia nga wahitau o nga puna paerewa:
Tāpiri wāhitau tūmau tūmatanui, hei tauira Google Public NTP:
server time1.google.com ibrust
server time2.google.com ibrust
server time3.google.com ibrust
server time4.google.com ibrust
Whakaratohia te uru ki te tūmau ki nga kiritaki o to whatunga:
restrict 10.0.0.0 mask 255.255.255.0
Whakahohe te haapurororaa ki to whatunga:
broadcast 10.0.0.255
Ka mutu, tāpirihia ngā wāhitau o ēnei tūmau ki te ripanga ararere pateko. Ki te mahi i tenei, whakatuwhera te kōnae whirihoranga atanga ahokore /etc/systemd/network/25-wlp6s0.network ka taapiri atu ki te mutunga o te waahanga Route.
Ka taea e koe te kimi i nga wahitau o o tūmau NTP ma te whakamahi i te taputapu host e whai ake nei:
host time1.google.com
Tāutahia te dnscrypt-proxy, tangohia nga panui me te huna i nga hokohoko DNS mai i to kaiwhakarato
apt install dnscrypt-proxy
Hei mahi i nga uiui DNS kaihautu me te whatunga rohe, whakatikahia te turanga /lib/systemd/system/dnscrypt-proxy.socket. Hurihia nga rarangi e whai ake nei:
ListenStream=0.0.0.0:53
ListenDatagram=0.0.0.0:53
Tīmata Anō systemd:
systemctl daemon-reload
Whakatikaina te whirihora /etc/dnscrypt-proxy/dnscrypt-proxy.toml:
server_names = ['adguard-dns']
Hei arai i nga hononga dnscrypt-takawaenga ma tun2socks, taapirihia ki raro:
force_tcp = true
Whakatikaina te whirihora /etc/resolv.conf, e korero ana ki te tūmau DNS ki te kaihautū.
nameserver 127.0.0.1
nameserver 192.168.1.1
Ko te rarangi tuatahi ka taea te whakamahi i te dnscrypt-proxy, ko te rarangi tuarua ka whakamahi i te keeti taketake mena karekau te tūmau dnscrypt-proxy i te waatea.
Kua oti!
Whakahoutia, whakamutua ranei te whakahaere ratonga whatunga:
I muri i te whakaara ano, i te whakaara ano ranei, ka whai waahi tuarua koe e arai ana i te kaihautu me nga taputapu LAN ki SOCKS.
Koinei te ahua o te putanga ip a pona auau:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: tun2socks: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 500
link/none
inet 172.16.1.2/24 brd 172.16.1.255 scope global tun2socks
valid_lft forever preferred_lft forever
inet6 fe80::122b:260:6590:1b0e/64 scope link stable-privacy
valid_lft forever preferred_lft forever
3: enp4s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
link/ether e8:11:32:0e:01:50 brd ff:ff:ff:ff:ff:ff
4: wlp6s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 4c:ed:de:cb:cf:85 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.2/24 brd 192.168.1.255 scope global wlp6s0
valid_lft forever preferred_lft forever
inet6 fe80::4eed:deff:fecb:cf85/64 scope link
valid_lft forever preferred_lft forever
5: ap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 4c:ed:de:cb:cf:86 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.1/24 brd 10.0.0.255 scope global ap0
valid_lft forever preferred_lft forever
inet6 fe80::4eed:deff:fecb:cf86/64 scope link
valid_lft forever preferred_lft forever
Ka rite ki te hua,
Ka kite noa te kaiwhakarato i te hononga whakamunatia ki to tūmau SOCKS, ko te tikanga karekau e kitea.
Heoi ano ka kite i o tono NTP, hei aukati i tenei, tangohia nga huarahi pateko mo nga tūmau NTP. Heoi, karekau i te tino mohio ka whakaaetia e to tūmau SOCKS te kawa NTP.
I kitea a Crutch i runga i a Debain 10
Mena ka ngana koe ki te whakaara ano i te ratonga whatunga mai i te papatohu, ka taka he hapa. Ko tenei na te mea ko tetahi waahanga o te ahua o te atanga mariko e herea ana ki te ratonga tun2socks, ko te tikanga ka whakamahia. Hei timata ano i te ratonga whatunga, me whakamutu i te ratonga tun2socks. Engari, ki taku whakaaro, mena ka panui koe ki te mutunga, karekau he raru mo koe!