Tsiku labwino!
M'nkhaniyi ndikufuna ndikuuzeni momwe ndinachitira () script ya Bash yolumikiza makompyuta awiri omwe ali kuseri kwa NAT pogwiritsa ntchito UDP hole punching teknoloji pogwiritsa ntchito Ubuntu/Debian OS monga chitsanzo.
Kukhazikitsa kulumikizana kumakhala ndi njira zingapo:
- Kuyambitsa node ndikudikirira kuti node yakutali ikhale yokonzeka;
- Kusankha adilesi yakunja ya IP ndi doko la UDP;
- Kusamutsa adilesi yakunja ya IP ndi doko la UDP kupita ku gulu lakutali;
- Kupeza adilesi yakunja ya IP ndi doko la UDP kuchokera kwa omwe ali kutali;
- Kukonzekera kwa njira ya IPIP;
- Kuyang'anira kugwirizana;
- Ngati kugwirizana kwatayika, chotsani njira ya IPIP.
Ndinaganiza kwa nthawi yayitali ndikuganizabe zomwe zingagwiritsidwe ntchito kusinthanitsa deta pakati pa mfundo, zosavuta komanso zachangu kwa ine panthawiyi zikugwira ntchito kudzera mu Yandex.disk.
- Choyamba, ndichosavuta kugwiritsa ntchito - muyenera kuchita 3: pangani, werengani, chotsani. Ndi ma curl izi:
Pangani:curl -s -X MKCOL --user "$usename:$password" https://webdav.yandex.ru/$folderWerengani:
curl -s --user "$usename:$password" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/$folderChotsani:
curl -s -X DELETE --user "$usename:$password" https://webdav.yandex.ru/$folder - Kachiwiri, ndikosavuta kukhazikitsa:
apt install curl
Kuti mudziwe adilesi yakunja ya IP ndi doko la UDP, gwiritsani ntchito lamulo la stun-client:
stun stun.sipnet.ru -v -p $1 2>&1 | grep "MappedAddress"Kuyika ndi lamulo:
apt install stun-clientKukonzekera ngalande, zida zokhazikika za OS kuchokera pa phukusi la iproute2 zimagwiritsidwa ntchito. Lilipo zomwe zitha kukwezedwa pogwiritsa ntchito njira zofananira (L2TPv3, GRE, etc.), koma ndidasankha IPIP chifukwa imapanga zochulukirapo zowonjezera pamakina. Ndinayesa L2TPv3 pa UDP ndipo ndinakhumudwa, liwiro linatsika nthawi za 10, koma izi zikhoza kukhala zoletsa zosiyanasiyana zokhudzana ndi opereka chithandizo kapena china. Popeza njira ya IPIP imagwira ntchito pamlingo wa IP, njira ya FOU imagwiritsidwa ntchito pamlingo wa doko la UDP. Kuti mukonze njira ya IPIP muyenera:
- Kwezani gawo la FOU:
modprobe fou- mverani doko lapafupi:
ip fou add port $localport ipproto 4- pangani ngalande:
ip link add name fou$name type ipip remote $remoteip local $localip encap fou encap-sport $localport encap-dport $remoteport- kwezani mawonekedwe a tunnel:
ip link set up dev fou$name- Gawirani ma adilesi amkati amkati ndi amkati a IP a mumsewu:
ip addr add $intIP peer $peerip dev fou$nameChotsani tunnel:
ip link del dev fou$nameip fou del port $localportMsewuwu umayang'aniridwa nthawi ndi nthawi ndikuyimba adilesi ya IP yapakati panjira yakutali ndi lamulo:
ping -c 1 $peerip -s 0Ping yanthawi ndi nthawi imafunika makamaka kuti njanji isungidwe, apo ayi, ngati ngalandeyo ilibe kanthu, matebulo a NAT pa ma routers amatha kuchotsedwa kenako kulumikizana kumasweka.
Ngati ping isowa, ndiye kuti njira ya IPIP imachotsedwa ndikudikirira kukonzekera kuchokera kwa omwe ali kutali.
Script yokha:
#!/bin/bash
username="[email protected]"
password="password"
folder="vpnid"
intip="10.0.0.1"
localport=`shuf -i 10000-65000 -n 1`
cid=`shuf -i 10000-99999 -n 1`
tid=`shuf -i 10-99 -n 1`
function yaread {
curl -s --user "$1:$2" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/$3 | sed 's/></>n</g' | grep "displayname" | sed 's/<d:displayname>//g' | sed 's/</d:displayname>//g' | grep -v $3 | grep -v $4 | sort -r
}
function yacreate {
curl -s -X MKCOL --user "$1:$2" https://webdav.yandex.ru/$3
}
function yadelete {
curl -s -X DELETE --user "$1:$2" https://webdav.yandex.ru/$3
}
function myipport {
stun stun.sipnet.ru -v -p $1 2>&1 | grep "MappedAddress" | sort | uniq | awk '{print $3}' | head -n1
}
function tunnel-up {
modprobe fou
ip fou add port $4 ipproto 4
ip link add name fou$7 type ipip remote $1 local $3 encap fou encap-sport $4 encap-dport $2
ip link set up dev fou$7
ip addr add $6 peer $5 dev fou$7
}
function tunnel-check {
sleep 10
pings=0
until [[ $pings == 4 ]]; do
if ping -c 1 $1 -s 0 &>/dev/null;
then echo -n .; n=0
else echo -n !; ((pings++))
fi
sleep 15
done
}
function tunnel-down {
ip link del dev fou$1
ip fou del port $2
}
trap 'echo -e "nDisconnecting..." && yadelete $username $password $folder; tunnel-down $tunnelid $localport; echo "IPIP tunnel disconnected!"; exit 1' 1 2 3 8 9 14 15
until [[ -n $end ]]; do
yacreate $username $password $folder
until [[ -n $ip ]]; do
mydate=`date +%s`
timeout="60"
list=`yaread $username $password $folder $cid | head -n1`
yacreate $username $password $folder/$mydate:$cid
for l in $list; do
if [ `echo $l | sed 's/:/ /g' | awk {'print $1'}` -ge $(($mydate-65)) ]; then
#echo $list
myipport=`myipport $localport`
yacreate $username $password $folder/$mydate:$cid:$myipport:$intip:$tid
timeout=$(( $timeout + `echo $l | sed 's/:/ /g' | awk {'print $1'}` - $mydate + 3 ))
ip=`echo $l | sed 's/:/ /g' | awk '{print $3}'`
port=`echo $l | sed 's/:/ /g' | awk '{print $4}'`
peerip=`echo $l | sed 's/:/ /g' | awk '{print $5}'`
peerid=`echo $l | sed 's/:/ /g' | awk '{print $6}'`
if [[ -n $peerid ]]; then tunnelid=$(($peerid*$tid)); fi
fi
done
if ( [[ -z "$ip" ]] && [ "$timeout" -gt 0 ] ) ; then
echo -n "!"
sleep $timeout
fi
done
localip=`ip route get $ip | head -n1 | sed 's|.*src ||' | cut -d' ' -f1`
tunnel-up $ip $port $localip $localport $peerip $intip $tunnelid
tunnel-check $peerip
tunnel-down $tunnelid $localport
yadelete $username $password $folder
unset ip port myipport
done
exit 0Zosintha lolowera, achinsinsi ΠΈ foda ziyenera kukhala zofanana mbali zonse, koma chidziwitso - zosiyana, mwachitsanzo: 10.0.0.1 ndi 10.0.0.2. Nthawi pa node iyenera kugwirizanitsidwa. Mutha kuyendetsa script motere:
nohup script.sh &Ndikufuna ndikuwonetseni kuti njira ya IPIP ndi yopanda chitetezo chifukwa chakuti magalimoto sanasungidwe, koma izi zitha kuthetsedwa mosavuta pogwiritsa ntchito IPsec over. , zinkaoneka ngati zosavuta komanso zomveka kwa ine.
Ndakhala ndikugwiritsa ntchito script iyi kuti ndilumikizane ndi PC yantchito kwa milungu ingapo tsopano ndipo sindinazindikire vuto lililonse. Zosavuta poyiyika ndikuyiwala.
Mwina mudzakhala ndi ndemanga ndi malingaliro, ndidzakhala wokondwa kumvetsera.
Zikomo chifukwa cha chidwi chanu!
Source: www.habr.com