Pulogalamu ya ProHoster > Blog > Ulamuliro > Kupanga rauta mu SOCKS pa laputopu ndi Debian 10

Kupanga rauta mu SOCKS pa laputopu ndi Debian 10

Kwa chaka chathunthu (kapena ziwiri) ndidasiya kusindikiza nkhaniyi pazifukwa zazikulu - ndinali nditasindikiza kale zolemba ziwiri momwe ndidafotokozera njira yopangira rauta mu SOCKS kuchokera pa laputopu wamba ndi Debian.

Komabe, kuyambira nthawi imeneyo mtundu wokhazikika wa Debian wasinthidwa ku Buster, chiwerengero chokwanira cha anthu chandilumikizana ndi ine mwachinsinsi kupempha thandizo pakukhazikitsa, zomwe zikutanthauza kuti zolemba zanga zam'mbuyo sizikutha. Chabwino, ine ndekha ndimaganiza kuti njira zomwe zafotokozedwamo sizikuwululira zovuta zonse zakukhazikitsa Linux yoyendetsera mu SOCKS. Kuonjezera apo, iwo amalembedwa kwa Debian Stretch, ndipo nditatha kupititsa patsogolo ku Buster, mu systemd init system, ndinawona kusintha kwakung'ono pakuyanjana kwa mautumiki. Ndipo m'nkhani zomwe, sindinagwiritse ntchito systemd-networkd, ngakhale kuti ndizoyenera kwambiri kusinthika kwa maukonde.

Kuphatikiza pa zosintha zomwe zili pamwambapa, mautumiki otsatirawa adawonjezedwa pakusintha kwanga: hostapd - service for access point virtualization, ntp kulunzanitsa nthawi yamakasitomala amdera lanu, dnscrypt-proxy kubisa maulumikizidwe kudzera pa DNS ndikuletsa kutsatsa kwamakasitomala amderali, komanso, monga ndanena kale, systemd-networkd pokonza zolumikizira netiweki.

Nayi chithunzi chosavuta cha block chamkati cha rauta yotere.

Kupanga rauta mu SOCKS pa laputopu ndi Debian 10

Choncho, ndiroleni ndikukumbutseni zolinga za nkhanizi:

  1. Sinthani maulumikizidwe onse a OS kupita ku SOCKS, komanso maulumikizidwe ochokera kuzipangizo zonse pamanetiweki omwewo monga laputopu.
  2. Laputopu kwa ine iyenera kukhalabe yokhazikika. Ndiko kuti, kupereka mwayi wogwiritsa ntchito malo apakompyuta komanso osamangirizidwa ku malo enieni.
  3. Mfundo yomaliza imatanthawuza kulumikiza ndi kuyendetsa kokha kudzera mu mawonekedwe opanda zingwe.
  4. Chabwino, ndipo ndithudi, kupangidwa kwa kalozera wokwanira, komanso kusanthula kwa matekinoloje oyenerera kuti ndidziwe bwino kwambiri.

Zomwe zidzafotokozedwe m'nkhaniyi:

  1. Pitani - tsitsani nkhokwe za polojekiti 2 masokosiyofunikira kuyendetsa magalimoto a TCP kupita ku SOCKS, ndi pangani_ap - script yosinthira kukhazikitsidwa kwa malo ofikira ogwiritsa ntchito hostapd.
  2. 2 masokosi - pangani ndikukhazikitsa ntchito ya systemd padongosolo.
  3. systemd-networkd - Konzani zolumikizira zopanda zingwe ndi zenizeni, matebulo oyenda osasunthika ndikusinthanso paketi.
  4. pangani_ap - khazikitsani ntchito ya systemd pamakina, sinthani ndikuyambitsa malo ofikira.

Zosankha zomwe mungafune:

  • ntp - khazikitsani ndikusintha seva kuti igwirizanitse nthawi pamakasitomala ofikira.
  • dnscrypt-proxy - tidzalembera zopempha za DNS, kuzitumiza ku SOCKS ndikuletsa madera otsatsa pamanetiweki.

Kodi zonsezi ndi za chiyani?

Iyi ndi imodzi mwa njira zotetezera kulumikizidwa kwa TCP pa netiweki yakomweko. Ubwino waukulu ndikuti maulumikizidwe onse amapangidwa mu SOCKS, pokhapokha ngati njira yokhazikika imapangidwira kudzera pachipata choyambirira. Izi zikutanthauza kuti simuyenera kufotokozera makonda a seva ya SOCKS pamapulogalamu apawokha kapena makasitomala pamanetiweki - onse amapita ku SOCKS mwachisawawa, chifukwa ndiye khomo lolowera mpaka titawonetsa.

Kwenikweni timawonjezera rauta yachiwiri yotsekera ngati laputopu kutsogolo kwa rauta yoyambirira ndikugwiritsa ntchito intaneti ya rauta yoyambirira pazofunsira za SOCKS zosungidwa kale za laputopu, zomwe zimatsata ndikusunga zopempha kuchokera kwa makasitomala a LAN.

Kuchokera kumalingaliro a operekera, timalumikizidwa nthawi zonse ndi seva imodzi yokhala ndi magalimoto obisika.

Chifukwa chake, zida zonse zimalumikizidwa ndi malo ofikira a laputopu.

Ikani tun2socks pa dongosolo

Malingana ngati makina anu ali ndi intaneti, tsitsani zida zonse zofunika.

apt update
apt install git make cmake

Tsitsani phukusi la badvpn

git clone https://github.com/ambrop72/badvpn

Foda idzawonekera pa dongosolo lanu badvpn. Pangani chikwatu chosiyana cha kumanga

mkdir badvpn-build

Pitani kwa izo

cd badvpn-build

Sungani tun2socks

cmake ../badvpn -DBUILD_NOTHING_BY_DEFAULT=1 -DBUILD_TUN2SOCKS=1

Kukhazikitsa pa dongosolo

make install
  • chizindikiro -DBUILD_NOTHING_BY_DEFAULT=1 imalepheretsa kumanga kwa zigawo zonse za badvpn repository.
  • -DBUILD_TUN2SOCKS=1 zikuphatikizapo gawo mu msonkhano 2 masokosi.
  • make install - ikhazikitsa binary ya tun2socks pakompyuta yanu /usr/local/bin/badvpn-tun2socks.

Ikani ntchito ya tun2socks mu systemd

Pangani fayilo /etc/systemd/system/tun2socks.service ndi izi:

[Unit]
Description=SOCKS TCP Relay

[Service]
ExecStart=/usr/local/bin/badvpn-tun2socks --tundev tun2socks --netif-ipaddr 172.16.1.1 --netif-netmask 255.255.255.0 --socks-server-addr 127.0.0.1:9050

[Install]
WantedBy=multi-user.target
  • --tundev - imatenga dzina la mawonekedwe omwe timayambitsa ndi systemd-networkd.
  • --netif-ipaddr - adilesi ya netiweki ya "router" ya tun2socks yomwe mawonekedwe ake amalumikizidwa. Ndi bwino kupatukana subnet yosungidwa.
  • --socks-server-addr - amavomereza socket (адрСс:ΠΏΠΎΡ€Ρ‚ SOCKS seva).

Ngati seva yanu ya SOCKS ikufuna kutsimikizika, mutha kufotokozera magawo --username ΠΈ --password.

Kenako, lembani utumiki

systemctl daemon-reload

Ndi kuyatsa

systemctl enable tun2socks

Tisanayambe ntchitoyo, tidzapereka mawonekedwe a netiweki.

Kusintha kwa systemd-networkd

Yatsani systemd-networkd:

systemctl enable systemd-networkd

Letsani ntchito zapaintaneti zapano.

systemctl disable networking NetworkManager NetworkManager-wait-online
  • NetworkManager-dikirani-paintaneti ndi ntchito yomwe imadikirira kulumikizana kwa netiweki yogwira ntchito systemd isanapitirize kuyambitsa ntchito zina zomwe zimadalira kukhalapo kwa netiweki. Timayimitsa pamene tikusinthira ku analogue ya systemd-networkd.

Tiyeni tiyatse nthawi yomweyo:

systemctl enable systemd-networkd-wait-online

Konzani mawonekedwe a netiweki opanda zingwe

Pangani fayilo yosinthika ya systemd-networkd ya mawonekedwe opanda zingwe /etc/systemd/network/25-wlp6s0.network.

[Match]
Name=wlp6s0

[Network]
Address=192.168.1.2/24
IPForward=yes
  • dzina ndi dzina la mawonekedwe anu opanda zingwe. Chizindikiritseni ndi lamulo ip a.
  • IPForward - chitsogozo chomwe chimathandizira kuwongolera paketi pamanetiweki.
  • Address ali ndi udindo wopereka adilesi ya IP ku mawonekedwe opanda zingwe. Timazifotokoza mokhazikika chifukwa ndi malangizo ofanana DHCP=yes, systemd-networkd imapanga chipata chokhazikika pamakina. Ndiye magalimoto onse adzadutsa pachipata choyambirira, osati kupyolera mu mawonekedwe amtsogolo pa subnet yosiyana. Mutha kuyang'ana chipata chomwe chilipo pano ndi lamulo ip r

Pangani njira yokhazikika ya seva yakutali ya SOCKS

Ngati seva yanu ya SOCKS siili yakwanuko, koma yakutali, ndiye kuti muyenera kupanga njira yokhazikika. Kuti muchite izi, yonjezerani gawo Route mpaka kumapeto kwa fayilo yosinthira mawonekedwe opanda zingwe yomwe mudapanga ndi izi:

[Route]
Gateway=192.168.1.1
Destination=0.0.0.0
  • Gateway - iyi ndiye khomo lokhazikika kapena adilesi ya malo anu oyamba olowera.
  • Destination - adilesi ya seva ya SOCKS.

Konzani wpa_supplicant kwa systemd-networkd

systemd-networkd imagwiritsa ntchito wpa_supplicant kuti ilumikizane ndi malo otetezedwa. Mukayesa "kukweza" mawonekedwe opanda zingwe, systemd-networkd imayamba ntchitoyo wpa_supplicant@имяkumene dzina ndi dzina la mawonekedwe opanda zingwe. Ngati simunagwiritse ntchito systemd-networkd izi zisanachitike, ndiye kuti ntchitoyi ikusowa pa dongosolo lanu.

Chifukwa chake pangani ndi lamulo:

systemctl enable wpa_supplicant@wlp6s0

Ndinagwiritsa ntchito wlp6s0 monga dzina la mawonekedwe ake opanda zingwe. Dzina lanu likhoza kukhala losiyana. Mutha kuzindikira ndi lamulo ip l.

Tsopano ntchito yopangidwa wpa_supplicant@wlp6s0 idzayambitsidwa pomwe mawonekedwe opanda zingwe "akwezedwa", komabe, nawonso, adzayang'ana ma SSID ndi ma password a malo olowera mufayilo. /etc/wpa_supplicant/wpa_supplicant-wlp6s0. Chifukwa chake, muyenera kupanga pogwiritsa ntchito zofunikira wpa_passphrase.

Kuti muchite izi, yendetsani lamulo:

wpa_passphrase SSID password>/etc/wpa_supplicant/wpa_supplicant-wlp6s0.conf

kumene SSID ndi dzina la malo anu olowera, mawu achinsinsi ndi achinsinsi, ndi chiilo - dzina la mawonekedwe anu opanda zingwe.

Yambitsani mawonekedwe enieni a tun2socks

Pangani fayilo kuti muyambe mawonekedwe atsopano mudongosolo/etc/systemd/network/25-tun2socks.netdev

[NetDev]
Name=tun2socks
Kind=tun
  • dzina ndi dzina lomwe systemd-networkd idzapereka mawonekedwe amtsogolo ikadzakhazikitsidwa.
  • mtundu ndi mtundu wa mawonekedwe enieni. Kuchokera pa dzina la ntchito ya tun2socks, mutha kulingalira kuti imagwiritsa ntchito mawonekedwe ngati tun.
  • zoo ndiye kuwonjezera mafayilo omwe systemd-networkd Amagwiritsidwa ntchito poyambitsa zolumikizira netiweki. Ma adilesi ndi zosintha zina za netiweki zapaintaneti izi zafotokozedwa ntchito- mafayilo.

Pangani fayilo ngati iyi /etc/systemd/network/25-tun2socks.network ndi izi:

[Match]
Name=tun2socks

[Network]
Address=172.16.1.2/24
Gateway=172.16.1.1
  • Name - dzina la mawonekedwe enieni omwe mudatchulapo zoo-fayilo.
  • Address - IP adilesi yomwe idzaperekedwa ku mawonekedwe enieni. Iyenera kukhala pa netiweki yomweyi ndi adilesi yomwe mwatchula mu sevisi ya tun2socks
  • Gateway - adilesi ya IP ya "rauta" 2 masokosi, zomwe mudazitchula popanga ntchito ya systemd.

Choncho mawonekedwe 2 masokosi ali ndi adilesi 172.16.1.2, ndi utumiki 2 masokosi - 172.16.1.1, ndiko kuti, ndi chipata cha maulumikizidwe onse kuchokera ku mawonekedwe enieni.

Konzani malo ofikira

Ikani zodalira:

apt install util-linux procps hostapd iw haveged

Tsitsani nkhokwe pangani_ap ku galimoto yanu:

git clone https://github.com/oblique/create_ap

Pitani ku chikwatu chosungira pamakina anu:

cd create_ap

Ikani padongosolo:

make install

Zosintha zidzawonekera pa dongosolo lanu /etc/create_ap.conf. Nazi njira zazikulu zosinthira:

  • GATEWAY=10.0.0.1 - Ndikwabwino kupanga subnet yosungidwa yosiyana.
  • NO_DNS=1 - zimitsani, popeza gawoli lidzayendetsedwa ndi mawonekedwe a systemd-networkd.
  • NO_DNSMASQ=1 - zimitsani chifukwa chomwecho.
  • WIFI_IFACE=wlp6s0 - mawonekedwe opanda zingwe a laputopu.
  • INTERNET_IFACE=tun2socks - mawonekedwe enieni opangidwira tun2socks.
  • SSID=hostapd - dzina la malo ofikira.
  • PASSPHRASE=12345678 - password.

Musaiwale kuyatsa ntchitoyi:

systemctl enable create_ap

Yambitsani seva ya DHCP mu systemd-networkd

Utumiki create_ap imayambitsa mawonekedwe enieni mu dongosolo ap0. Mwachidziwitso, dnsmasq imapachikidwa pamawonekedwe awa, koma bwanji kukhazikitsa mautumiki owonjezera ngati systemd-networkd ili ndi seva yomangidwa mu DHCP?

Kuti tichite izi, tidzafotokozera makonda a netiweki a point virtual. Kuti muchite izi, pangani fayilo /etc/systemd/network/25-ap0.network ndi izi:

[Match]
Name=ap0

[Network]
Address=10.0.0.1/24
DHCPServer=yes

[DHCPServer]
EmitDNS=yes
DNS=10.0.0.1
EmitNTP=yes
NTP=10.0.0.1

Pambuyo pa create_ap service imayambitsa mawonekedwe enieni ap0, systemd-networkd idzazipatsa zokha adilesi ya IP ndikuyambitsa seva ya DHCP.

Zingwe EmitDNS=yes ΠΈ DNS=10.0.0.1 tumizani zoikamo za seva ya DNS kuzipangizo zolumikizidwa ndi malo ofikira.

Ngati simukukonzekera kugwiritsa ntchito seva yapafupi ya DNS - kwa ine ndi dnscrypt-proxy - mutha kukhazikitsa DNS=10.0.0.1 Π² DNS=192.168.1.1kumene 192.168.1.1 - adilesi yachipata chanu choyambirira. Kenako zopempha za DNS za omwe akukulandirani komanso netiweki yakomweko sizikhala zobisika kudzera pa seva za woperekayo.

EmitNTP=yes ΠΈ NTP=192.168.1.1 kusamutsa makonda a NTP.

Zomwezo zimapitanso pamzere NTP=10.0.0.1.

Ikani ndikusintha seva ya NTP

Ikani padongosolo:

apt install ntp

Sinthani config /etc/ntp.conf. Ndemanga za maadiresi a madzi osambira:

#pool 0.debian.pool.ntp.org iburst
#pool 1.debian.pool.ntp.org iburst
#pool 2.debian.pool.ntp.org iburst
#pool 3.debian.pool.ntp.org iburst

Onjezani ma adilesi a seva, mwachitsanzo Google Public NTP:

server time1.google.com ibrust
server time2.google.com ibrust
server time3.google.com ibrust
server time4.google.com ibrust

Perekani mwayi wofikira ku seva kwa makasitomala pa netiweki yanu:

restrict 10.0.0.0 mask 255.255.255.0

Yambitsani kuwulutsa ku netiweki yanu:

broadcast 10.0.0.255

Pomaliza, onjezani maadiresi a masevawa patebulo lokhazikika. Kuti muchite izi, tsegulani fayilo yosinthira mawonekedwe opanda zingwe /etc/systemd/network/25-wlp6s0.network ndi kuwonjezera kumapeto kwa gawolo Route.

[Route]
Gateway=192.168.1.1
Destination=216.239.35.0

[Route]
Gateway=192.168.1.1
Destination=216.239.35.4

[Route]
Gateway=192.168.1.1
Destination=216.239.35.8

[Route]
Gateway=192.168.1.1
Destination=216.239.35.12

Mutha kudziwa ma adilesi a seva yanu ya NTP pogwiritsa ntchito zofunikira host motere:

host time1.google.com

Ikani dnscrypt-proxy, chotsani zotsatsa ndikubisa traffic ya DNS kwa omwe akukupatsani

apt install dnscrypt-proxy

Kuti mutumize mafunso a DNS amdera lanu komanso amdera lanu, sinthani socket /lib/systemd/system/dnscrypt-proxy.socket. Sinthani mizere iyi:

ListenStream=0.0.0.0:53
ListenDatagram=0.0.0.0:53

Yambitsaninso systemd:

systemctl daemon-reload

Sinthani config /etc/dnscrypt-proxy/dnscrypt-proxy.toml:

server_names = ['adguard-dns']

Kuti mulumikizane ndi dnscrypt-proxy kudzera mu tun2socks, onjezani pansipa:

force_tcp = true

Sinthani config /etc/resolv.conf, yomwe imauza seva ya DNS kwa wolandirayo.

nameserver 127.0.0.1
nameserver 192.168.1.1

Mzere woyamba umathandizira kugwiritsa ntchito dnscrypt-proxy, mzere wachiwiri umagwiritsa ntchito chipata choyambirira ngati seva ya dnscrypt-proxy sikupezeka.

Zachitika!

Yambitsaninso kapena siyani kugwiritsa ntchito ma netiweki:

systemctl stop networking NetworkManager NetworkManager-wait-online

Ndipo yambitsaninso zonse zofunika:

systemctl restart systemd-networkd tun2socks create_ap dnscrypt-proxy ntp

Mukayambiranso kapena kuyambiranso, mudzakhala ndi malo achiwiri olowera omwe amayendetsa zida ndi zida za LAN ku SOCKS.

Izi ndi momwe zotuluka zimawonekera ip a laputopu wamba:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: tun2socks: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 500
    link/none 
    inet 172.16.1.2/24 brd 172.16.1.255 scope global tun2socks
       valid_lft forever preferred_lft forever
    inet6 fe80::122b:260:6590:1b0e/64 scope link stable-privacy 
       valid_lft forever preferred_lft forever
3: enp4s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
    link/ether e8:11:32:0e:01:50 brd ff:ff:ff:ff:ff:ff
4: wlp6s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 4c:ed:de:cb:cf:85 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.2/24 brd 192.168.1.255 scope global wlp6s0
       valid_lft forever preferred_lft forever
    inet6 fe80::4eed:deff:fecb:cf85/64 scope link 
       valid_lft forever preferred_lft forever
5: ap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 4c:ed:de:cb:cf:86 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.1/24 brd 10.0.0.255 scope global ap0
       valid_lft forever preferred_lft forever
    inet6 fe80::4eed:deff:fecb:cf86/64 scope link 
       valid_lft forever preferred_lft forever

Pamapeto pake

  1. Wothandizira amangowona kulumikizidwa kwachinsinsi ku seva yanu ya SOCKS, zomwe zikutanthauza kuti sawona chilichonse.
  2. Ndipo komabe ikuwona zopempha zanu za NTP, kuti mupewe izi, chotsani njira zokhazikika zamaseva a NTP. Komabe, sizotsimikizika kuti seva yanu ya SOCKS imalola protocol ya NTP.

Crutch adawonekera pa Debain 10

Ngati muyesa kuyambitsanso ntchito yapaintaneti kuchokera ku kontena, idzalephera ndi cholakwika. Izi ndichifukwa choti gawo lina mu mawonekedwe a mawonekedwe owoneka bwino limamangiriridwa ku ntchito ya tun2socks, kutanthauza kuti imagwiritsidwa ntchito. Kuti muyambitsenso ntchito ya netiweki, muyenera kuyimitsa kaye tun2socks. Koma, ndikuganiza, ngati muwerenga mpaka kumapeto, izi siziri vuto kwa inu!

powatsimikizira

  1. Static Routing pa Linux - IBM
  2. systemd-networkd.service - Freedesktop.org
  3. Tun2socks Β· ambrop72/badvpn Wiki Β· GitHub
  4. oblique/create_ap: Cholemba ichi chimapanga NATed kapena Bridged WiFi Access Point.
  5. dnscrypt-proxy 2 - Woyimira wosinthika wa DNS, wothandizidwa ndi ma protocol otetezedwa a DNS.

Source: www.habr.com