Tsiku labwino!
M'nkhaniyi ndikufuna ndikuuzeni momwe ndinachitira (
Kukhazikitsa kulumikizana kumakhala ndi njira zingapo:
- Kuyambitsa node ndikudikirira kuti node yakutali ikhale yokonzeka;
- Kusankha adilesi yakunja ya IP ndi doko la UDP;
- Kusamutsa adilesi yakunja ya IP ndi doko la UDP kupita ku gulu lakutali;
- Kupeza adilesi yakunja ya IP ndi doko la UDP kuchokera kwa omwe ali kutali;
- Kukonzekera kwa njira ya IPIP;
- Kuyang'anira kugwirizana;
- Ngati kugwirizana kwatayika, chotsani njira ya IPIP.
Ndinaganiza kwa nthawi yayitali ndikuganizabe zomwe zingagwiritsidwe ntchito kusinthanitsa deta pakati pa mfundo, zosavuta komanso zachangu kwa ine panthawiyi zikugwira ntchito kudzera mu Yandex.disk.
- Choyamba, ndichosavuta kugwiritsa ntchito - muyenera kuchita 3: pangani, werengani, chotsani. Ndi ma curl izi:
Pangani:curl -s -X MKCOL --user "$usename:$password" https://webdav.yandex.ru/$folder
Werengani:
curl -s --user "$usename:$password" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/$folder
Chotsani:
curl -s -X DELETE --user "$usename:$password" https://webdav.yandex.ru/$folder
- Kachiwiri, ndikosavuta kukhazikitsa:
apt install curl
Kuti mudziwe adilesi yakunja ya IP ndi doko la UDP, gwiritsani ntchito lamulo la stun-client:
stun stun.sipnet.ru -v -p $1 2>&1 | grep "MappedAddress"
Kuyika ndi lamulo:
apt install stun-client
Kukonzekera ngalande, zida zokhazikika za OS kuchokera pa phukusi la iproute2 zimagwiritsidwa ntchito. Lilipo
- Kwezani gawo la FOU:
modprobe fou
- mverani doko lapafupi:
ip fou add port $localport ipproto 4
- pangani ngalande:
ip link add name fou$name type ipip remote $remoteip local $localip encap fou encap-sport $localport encap-dport $remoteport
- kwezani mawonekedwe a tunnel:
ip link set up dev fou$name
- Gawirani ma adilesi amkati amkati ndi amkati a IP a mumsewu:
ip addr add $intIP peer $peerip dev fou$name
Chotsani tunnel:
ip link del dev fou$name
ip fou del port $localport
Msewuwu umayang'aniridwa nthawi ndi nthawi ndikuyimba adilesi ya IP yapakati panjira yakutali ndi lamulo:
ping -c 1 $peerip -s 0
Ping yanthawi ndi nthawi imafunika makamaka kuti njanji isungidwe, apo ayi, ngati ngalandeyo ilibe kanthu, matebulo a NAT pa ma routers amatha kuchotsedwa kenako kulumikizana kumasweka.
Ngati ping isowa, ndiye kuti njira ya IPIP imachotsedwa ndikudikirira kukonzekera kuchokera kwa omwe ali kutali.
Script yokha:
#!/bin/bash
username="[email protected]"
password="password"
folder="vpnid"
intip="10.0.0.1"
localport=`shuf -i 10000-65000 -n 1`
cid=`shuf -i 10000-99999 -n 1`
tid=`shuf -i 10-99 -n 1`
function yaread {
curl -s --user "$1:$2" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/$3 | sed 's/></>n</g' | grep "displayname" | sed 's/<d:displayname>//g' | sed 's/</d:displayname>//g' | grep -v $3 | grep -v $4 | sort -r
}
function yacreate {
curl -s -X MKCOL --user "$1:$2" https://webdav.yandex.ru/$3
}
function yadelete {
curl -s -X DELETE --user "$1:$2" https://webdav.yandex.ru/$3
}
function myipport {
stun stun.sipnet.ru -v -p $1 2>&1 | grep "MappedAddress" | sort | uniq | awk '{print $3}' | head -n1
}
function tunnel-up {
modprobe fou
ip fou add port $4 ipproto 4
ip link add name fou$7 type ipip remote $1 local $3 encap fou encap-sport $4 encap-dport $2
ip link set up dev fou$7
ip addr add $6 peer $5 dev fou$7
}
function tunnel-check {
sleep 10
pings=0
until [[ $pings == 4 ]]; do
if ping -c 1 $1 -s 0 &>/dev/null;
then echo -n .; n=0
else echo -n !; ((pings++))
fi
sleep 15
done
}
function tunnel-down {
ip link del dev fou$1
ip fou del port $2
}
trap 'echo -e "nDisconnecting..." && yadelete $username $password $folder; tunnel-down $tunnelid $localport; echo "IPIP tunnel disconnected!"; exit 1' 1 2 3 8 9 14 15
until [[ -n $end ]]; do
yacreate $username $password $folder
until [[ -n $ip ]]; do
mydate=`date +%s`
timeout="60"
list=`yaread $username $password $folder $cid | head -n1`
yacreate $username $password $folder/$mydate:$cid
for l in $list; do
if [ `echo $l | sed 's/:/ /g' | awk {'print $1'}` -ge $(($mydate-65)) ]; then
#echo $list
myipport=`myipport $localport`
yacreate $username $password $folder/$mydate:$cid:$myipport:$intip:$tid
timeout=$(( $timeout + `echo $l | sed 's/:/ /g' | awk {'print $1'}` - $mydate + 3 ))
ip=`echo $l | sed 's/:/ /g' | awk '{print $3}'`
port=`echo $l | sed 's/:/ /g' | awk '{print $4}'`
peerip=`echo $l | sed 's/:/ /g' | awk '{print $5}'`
peerid=`echo $l | sed 's/:/ /g' | awk '{print $6}'`
if [[ -n $peerid ]]; then tunnelid=$(($peerid*$tid)); fi
fi
done
if ( [[ -z "$ip" ]] && [ "$timeout" -gt 0 ] ) ; then
echo -n "!"
sleep $timeout
fi
done
localip=`ip route get $ip | head -n1 | sed 's|.*src ||' | cut -d' ' -f1`
tunnel-up $ip $port $localip $localport $peerip $intip $tunnelid
tunnel-check $peerip
tunnel-down $tunnelid $localport
yadelete $username $password $folder
unset ip port myipport
done
exit 0
Zosintha lolowera, achinsinsi ΠΈ foda ziyenera kukhala zofanana mbali zonse, koma chidziwitso - zosiyana, mwachitsanzo: 10.0.0.1 ndi 10.0.0.2. Nthawi pa node iyenera kugwirizanitsidwa. Mutha kuyendetsa script motere:
nohup script.sh &
Ndikufuna ndikuwonetseni kuti njira ya IPIP ndi yopanda chitetezo chifukwa chakuti magalimoto sanasungidwe, koma izi zitha kuthetsedwa mosavuta pogwiritsa ntchito IPsec over.
Ndakhala ndikugwiritsa ntchito script iyi kuti ndilumikizane ndi PC yantchito kwa milungu ingapo tsopano ndipo sindinazindikire vuto lililonse. Zosavuta poyiyika ndikuyiwala.
Mwina mudzakhala ndi ndemanga ndi malingaliro, ndidzakhala wokondwa kumvetsera.
Zikomo chifukwa cha chidwi chanu!
Source: www.habr.com