Ena a ife sitigwiritsa ntchito intaneti popanda VPN pazifukwa zina: wina amafunikira IP yodzipatulira, ndipo n'zosavuta komanso zotsika mtengo kugula VPS yokhala ndi ma IP awiri kusiyana ndi kugula adiresi kuchokera kwa wothandizira, wina akufuna kupeza mawebusaiti onse. , osati okhawo omwe amaloledwa m'gawo la Russian Federation, ena amafunikira IPv6, koma woperekayo samapereka ...
Nthawi zambiri, kulumikizana kwa VPN kumakhazikitsidwa pa chipangizo chomwe chikugwiritsidwa ntchito panthawi inayake, zomwe zimamveka ngati muli ndi kompyuta imodzi ndi foni imodzi ndipo simuzigwiritsa ntchito nthawi imodzi. Ngati pali zida zambiri pamaneti yanu yakunyumba, kapena, mwachitsanzo, pali zina zomwe VPN sizingakhazikitsidwe, zingakhale bwino kupanga ngalande mwachindunji pa rauta yakunyumba kuti musaganize zokhazikitsa chipangizo chilichonse padera. .
Ngati mudayikapo OpenVPN pa rauta yanu, mwina mudadabwa kwambiri ndi momwe imagwirira ntchito. Ma SoCs a ma routers otsika mtengo amadutsa pafupi ndi gigabit traffic popanda vuto lililonse, chifukwa cha kusamutsa njira ndi ntchito za NAT kupita ku chipangizo china chopangidwira ntchitoyi, ndipo mapurosesa akuluakulu a ma routers ndi ofooka kwambiri, chifukwa. Palibe katundu pa iwo. Kunyengerera uku kumakupatsani mwayi wokwaniritsa liwiro la rauta ndikuchepetsa kwambiri mtengo wa chipangizo chomalizidwa - ma routers okhala ndi mapurosesa amphamvu amawononga kangapo, ndipo amayikidwa osati ngati bokosi logawira intaneti, komanso ngati NAS, torrent. otsitsira ndi nyumba matumizidwe ophatikizika amawu, nyimbo ndi zithunzi dongosolo.
Router yanga, TP-Link TL-WDR4300, singatchulidwe kuti yatsopano - chitsanzocho chinawonekera pakati pa 2012, ndipo chili ndi 560 MHz MIPS32 74Kc purosesa yomangamanga, yomwe mphamvu yake ndi yokwanira 20-23 Mb / s ya magalimoto obisika. kudzera pa OpenVPN, yomwe ili ndi miyezo Kuthamanga kwa intaneti yamakono kunyumba ndikotsika kwambiri.
Kodi tingawonjezere bwanji liwiro la ngalande yobisika? Router yanga imagwira ntchito, imathandizira 3x3 MIMO, ndipo nthawi zambiri imagwira ntchito bwino, sindingafune kuyisintha.
Popeza ndizozoloŵera kupanga masamba a intaneti a 10-megabyte, lembani mapulogalamu apakompyuta mu node.js ndikuwanyamula mu fayilo ya 100-megabyte, kuwonjezera mphamvu ya kompyuta m'malo mokonzekera, tidzachita chinthu choipa - tidzasamutsa kulumikizana kwa VPN ku. "kompyuta" yopangidwa ndi bolodi imodzi ya Orange Pi One, yomwe tidzayiyika mu rauta popanda kutenga ma netiweki omwe alipo komanso madoko a USB, $ 9.99 * yokha!
* + kutumiza, + misonkho, + mowa, + MicroSD.
OpenVPN
Purosesa ya rauta sangatchulidwe kuti ndi yofooka kwathunthu - imatha kubisa ndikusintha ma data pogwiritsa ntchito AES-128-CBC-SHA1 algorithm pa liwiro la 50 Mb/s, lomwe liri mwachangu kwambiri kuposa momwe OpenVPN imagwirira ntchito, komanso mtsinje wamakono wa CHACHA20. cipher yokhala ndi POLY1305 hash imafikira ma megabits 130 pamphindikati! Chifukwa chiyani liwiro la ngalande ya VPN ndilotsika kwambiri? Zonse zokhudzana ndi kusinthana pakati pa malo ogwiritsira ntchito ndi malo a kernel: OpenVPN imasunga kuchuluka kwa magalimoto ndikulankhulana ndi dziko lakunja malinga ndi momwe amagwiritsira ntchito, ndipo njirayo yokha imapezeka mu kernel. Makina ogwiritsira ntchito amayenera kusinthasintha mobwereza bwereza paketi iliyonse yolandilidwa kapena kutumizidwa, ndipo ntchitoyi imachedwa. Vutoli liri m'mapulogalamu onse a VPN omwe akuyenda kudzera pa dalaivala wa TUN / TAP, ndipo sitinganene kuti vuto la liwiro lotsika limayambitsidwa ndi kukhathamiritsa kwa OpenVPN (ngakhale, ndithudi, pali malo omwe akuyenera kukonzedwanso). Palibe kasitomala m'modzi wa VPN yemwe amapereka ngakhale gigabit yokhala ndi encryption yoyimitsidwa pa laputopu yanga, osasiyanso machitidwe okhala ndi purosesa yofooka.
Orange PiOne
Gulu limodzi la Orange Pi One lochokera ku Xunlong ndilopereka bwino kwambiri potengera magwiridwe antchito / chiŵerengero chamitengo pakadali pano. Pa $9.99* mumapeza purosesa yolimba ya quad-core ARM Cortex-A7 yomwe ikuyenda (yokhazikika) pa 1008 MHz, ndipo imaposa oyandikana nawo otsika mtengo Raspberry Pi Zero ndi Next Thing CHIP. Apa ndi pamene ubwino umathera. Kampani ya Xunlong imayang'anitsitsa zero ku mapulogalamu a matabwa ake, ndipo panthawi yomwe Imodzi idakhazikitsidwa kuti igulidwe, sinapereke ngakhale fayilo yokonzekera bolodi, osatchula zithunzi zopangidwa kale. Allwinner, wopanga SoC, nayenso samakhudzidwa kwambiri pothandizira malonda ake. Amangofuna kuchita zochepa mu Android 4.4.4 OS, zomwe zikutanthauza kuti timakakamizika kugwiritsa ntchito 3.4 kernel yokhala ndi zigamba za Android. Mwamwayi, pali okonda omwe amasonkhanitsa magawo, kusintha kernel, kulemba code kuti athandize matabwa mu kernel yaikulu, i.e. amagwiradi ntchito kwa wopanga, kupangitsa kuti zinthu zopanda pakezi zigwire ntchito movomerezeka. Pazifukwa zanga, ndidasankha kugawa kwa Armbian; imasinthidwa pafupipafupi komanso mosavuta (nsonga zatsopano zimayikidwa mwachindunji kudzera kwa woyang'anira phukusi, osati kukopera mafayilo kugawo lapadera, monga momwe zimakhalira ndi Allwinner), ndipo imathandizira kwambiri. zotumphukira, mosiyana ndi ena.
Router
Kuti tisalowetse purosesa yofooka ya rauta ndi encryption ndikufulumizitsa kulumikizana kwathu kwa VPN, titha kusintha ntchitoyi pamapewa a purosesa yamphamvu kwambiri ya Orange Pi poyilumikiza ndi rauta mwanjira ina. Kulumikiza kudzera pa Ethernet kapena USB kumabwera m'maganizo - zonse ziwirizi zimathandizidwa ndi zida zonse ziwiri, koma sindinkafuna kutenga madoko omwe analipo. Mwamwayi, pali njira yotulukira.
GL850G USB hub chip, yomwe imagwiritsidwa ntchito mu rauta, imathandizira ma doko 4 a USB, awiri omwe alibe waya. Sizikudziwika chifukwa chake wopanga sanawatsitsire, ndikuganiza, kuti aletse ogwiritsa ntchito kulumikiza zida 4 zomwe zimagwiritsidwa ntchito kwambiri (mwachitsanzo, ma hard drive) nthawi imodzi. Mphamvu yamagetsi ya rauta sinapangidwe kuti ikhale yolemetsa. Mulimonse mmene zingakhalire, zimenezi n’zopindulitsa kwa ife.
Kuti mupeze doko lina la USB, mumangofunika kugulitsa mawaya awiri ku mapini 8(D-) ndi 9(D+) kapena 11(D-) ndi 12(D+).
Komabe, sikokwanira kungolumikiza zida ziwiri za USB ndikuyembekeza kuti chilichonse chizigwira chokha, monga momwe zingachitire ndi Ethernet. Choyamba, tifunika kupanga imodzi mwazomwe zimagwira ntchito mu USB Client mode, osati USB Host, ndipo kachiwiri, tiyenera kusankha momwe zipangizozo zidzadziwirana. Pali madalaivala ambiri otchedwa USB Gadgets (otchedwa Linux kernel subsystem), omwe amakulolani kutsanzira mitundu yosiyanasiyana ya zida za USB: adapter network, audio card, keyboard ndi mbewa, flash drive, kamera, console kudzera mu serial. doko. Popeza chipangizo chathu chidzagwira ntchito ndi netiweki, kutengera adaputala ya Efaneti ndikoyenera kwa ife.
Pali miyezo itatu ya Ethernet-over-USB:
- Remote NDIS (RNDIS). Muyezo wachikale wochokera ku Microsoft, womwe umagwiritsidwa ntchito makamaka pa Windows XP.
- Ethernet Control Model (ECM). Muyezo wosavuta womwe umaphatikiza mafelemu a Ethernet mkati mwa mapaketi a USB. Zabwino kwa ma modemu olumikizidwa ndi USB, komwe ndikosavuta kusamutsa mafelemu popanda kukonzedwa, koma chifukwa cha kuphweka kwake komanso malire a basi ya USB, sikuthamanga kwambiri.
- Efaneti Emulation Model (EEM). Protocol yanzeru yomwe imaganizira malire a USB ndikuphatikiza mafelemu angapo kukhala imodzi, motero imakulitsa zotuluka.
- Network Control Model (NCM). Protocol yatsopano kwambiri. Ili ndi maubwino a EEM ndipo imakulitsa luso la basi.
Kuti tipeze ma protocol ena kuti agwire ntchito pagulu lathu, monga nthawi zonse, tidzakumana ndi zovuta. Chifukwa chakuti Allwinner amangokonda magawo a Android a kernel, Android Gadget yokha imagwira ntchito bwino - kachidindo komwe kamagwiritsa ntchito kulumikizana ndi adb, kutumiza chipangizocho kudzera pa protocol ya MTP ndikutengera kung'anima pazida za Android. Android Gadget palokha imathandiziranso protocol ya RNDIS, koma idasweka mu Allwinner kernel. Ngati muyesa kusonkhanitsa kernel ndi USB Gadget ina iliyonse, chipangizocho sichidzawoneka pa dongosolo, ziribe kanthu zomwe mungachite.
Kuti muthane ndi vutoli, mwamtendere, muyenera kupeza malo omwe chowongolera cha USB chimakhazikitsidwa mu code ya Android gadget android.c yosinthidwa ndi opanga, koma palinso njira yogwirira ntchito kuti mupange kutsanzira kwa Efaneti. USB ntchito:
--- sun8i/drivers/usb/sunxi_usb/udc/sunxi_udc.c 2016-04-16 15:01:40.427088792 +0300
+++ sun8i/drivers/usb/sunxi_usb/udc/sunxi_udc.c 2016-04-16 15:01:45.339088792 +0300
@@ -57,7 +57,7 @@
static sunxi_udc_io_t g_sunxi_udc_io;
static u32 usb_connect = 0;
static u32 is_controller_alive = 0;
-static u8 is_udc_enable = 0; /* is udc enable by gadget? */
+static u8 is_udc_enable = 1; /* is udc enable by gadget? */
#ifdef CONFIG_USB_SUNXI_USB0_OTG
static struct platform_device *g_udc_pdev = NULL;Chigambachi chimakakamiza kasitomala wa USB, kukulolani kugwiritsa ntchito Zida Zamagetsi za USB kuchokera ku Linux.
Tsopano muyenera kumanganso kernel ndi chigamba ichi ndi chida chofunikira. Ndinasankha EEM chifukwa ... Malinga ndi zotsatira za mayeso, zidakhala zopambana kuposa NCM.
Gulu la Armbian limapereka kwa matabwa onse othandizira omwe akugawira. Ingotsitsani, ikani chigamba chathu mkati userpatches/kernel/sun8i-default/otg.patch, sinthani pang'ono compile.sh ndikusankha chida chofunikira:
Kernel idzaphatikizidwa mu phukusi la deb, zomwe sizidzakhala zovuta kuziyika pa bolodi kudzera dpkg.
Zomwe zatsala ndikulumikiza bolodi kudzera pa USB ndikukonza adaputala yathu yatsopano ya netiweki kuti ilandire adilesi kudzera pa DHCP. Kuti muchite izi muyenera kuwonjezera zina monga zotsatirazi /etc/network/interfaces:
auto usb0
iface usb0 inet dhcp
hwaddress ether c2:46:98:49:3e:9d
pre-up /bin/sh -c 'echo 2 > /sys/bus/platform/devices/sunxi_usb_udc/otg_role'Ndikwabwino kukhazikitsa adilesi ya MAC pamanja, chifukwa ... zidzakhala mwachisawawa nthawi iliyonse chipangizo kuyambiransoko, zomwe zimakhala zovuta komanso zovuta.
Timalumikiza chingwe cha MicroUSB ku cholumikizira cha OTG, kulumikiza mphamvu kuchokera pa rauta (itha kuperekedwa ku zikhomo 2 ndi 3 za chisa, osati ku cholumikizira mphamvu).
Zomwe zatsala ndikukhazikitsa rauta. Ndikokwanira kukhazikitsa phukusi ndi dalaivala wa EEM ndikuwonjezera chipangizo chathu chatsopano cha USB pamlatho wamalo otchinga moto:
opkg install kmod-usb-net-cdc-eem
Kuti muyendetse magalimoto onse ku ngalande ya VPN, muyenera kuwonjezera lamulo la SNAT ku adilesi ya IP ya board kumbali ya rauta, kapena kugawa adilesi ya board ngati adilesi yachipata kudzera pa dnsmasq. Chotsatiracho chikuchitidwa powonjezera mzere wotsatirawu /etc/dnsmasq.conf:
dhcp-option = tag:lan, option:router, 192.168.1.100kumene 192.168.1.100 - Adilesi ya IP ya bolodi lanu. Musaiwale kuyika adilesi ya rauta muzokonda pamaneti pa bolodi lokha!
Siponji ya melamine idagwiritsidwa ntchito kulekanitsa zolumikizirana ndi ma rauta. Zinapezeka motere:
Pomaliza
Maukonde kudzera pa USB amagwira ntchito modabwitsa mwachangu: 100-120 Mb / s, ndimayembekezera zochepa. OpenVPN imadutsa pafupifupi 70 Mb / s ya magalimoto obisika, omwenso sali ochulukirapo, koma okwanira pazosowa zanga. Chivundikiro cha router sichimatseka mwamphamvu, ndikusiya kusiyana kochepa. Aesthetes amatha kuchotsa Ethernet ndi USB Host zolumikizira kuchokera pa bolodi, zomwe zidzalola kuti chivindikirocho chitseke kwathunthu ndikukhalabe ndi malo ena otsala.
Ndi bwino kuti musachite nawo zolaula zoterezi ndikugula .
Source: www.habr.com