Nkhani yokhudza momwe ndinatha kuyendetsa seva ya VPN kumbuyo kwa NAT ya wothandizira kunyumba (popanda adilesi yoyera ya IP). Ndiroleni ine ndisungitse nthawi yomweyo: izo ntchito ya kukhazikitsidwa kumeneku mwachindunji zimadalira mtundu wa NAT wogwiritsidwa ntchito ndi wothandizira wanu, komanso rauta.
Chifukwa chake, ndimayenera kulumikiza kuchokera ku foni yam'manja ya Android kupita ku kompyuta yanga yakunyumba, zida zonse ziwiri zimalumikizidwa ndi intaneti kudzera pa NATs, kuphatikiza kompyutayo imalumikizidwa kudzera pa rauta yakunyumba, yomwe imalumikizananso ndi NATs.
Chiwembu chachikale chogwiritsa ntchito VPS / VDS yobwereketsa yokhala ndi adilesi yoyera ya IP, komanso kubwereka adilesi yoyera ya IP kuchokera kwa wothandizira, sikunaganizidwe pazifukwa zingapo.
Poganizira
$ stun stun.sipnet.ru
ndapeza zotsatira:
Mtundu wa kasitomala wa STUN 0.97
Pulayimale: Mapu Odziyimira Pawokha, Zosefera Zodziyimira pawokha, doko lachisawawa, lipanga tsitsi
Mtengo wobwerera ndi 0x000002
Kumasulira kwenikweni:
Mapu Odziyimira pawokha - kupanga mapu odziyimira pawokha
Zosefera Zodziyimira pawokha - fyuluta yodziyimira payokha
port mwachisawawa - doko lachisawawa
will hairpin - padzakhala hairpin
Ndikuyendetsa lamulo lofananalo pa PC yanga, ndili ndi:
Mtundu wa kasitomala wa STUN 0.97
Pulayimale: Mapu Odziyimira Pawokha, Zosefera Zodalira pa Port, doko losasinthika, lipanga tsitsi
Mtengo wobwerera ndi 0x000006
Zosefera Zodalira pa Port - fyuluta yodalira padoko
Kusiyana kwa zotsatira za lamuloli kunasonyeza kuti rauta yakunyumba ikupanga "chothandizira" panjira yotumizira mapaketi kuchokera pa intaneti; izi zidawonekera chifukwa popereka lamulo pakompyuta:
stun stun.sipnet.ru -p 11111 -v
Ndinali kupeza zotsatira:
...
MappedAddress = XX.1XX.1X4.2XX:4398
...
panthawiyi, gawo la UDP linatsegulidwa kwa nthawi ndithu, ngati panthawiyi mutumiza pempho la UDP (mwachitsanzo: netcat XX.1XX.1X4.2XX 4398 -u), ndiye pempholo linabwera ku rauta ya kunyumba, yomwe inali kutsimikiziridwa ndi TCPDump akuthamanga pa izo, koma pempho silinafike pa kompyuta - IPtables, monga NAT womasulira pa rauta, anagwetsa izo.
Koma mfundo yoti pempho la UDP lidadutsa mu NAT ya wothandizirayo idapereka chiyembekezo chakuchita bwino. Popeza rauta ili m'dera langa, ndidathetsa vutoli ndikulozera doko la UDP/11111 pakompyuta:
iptables -t nat -A PREROUTING -i eth1 -p udp -d 10.1XX.2XX.XXX --dport 11111 -j DNAT --to-destination 192.168.X.XXX
Motero, ndinatha kuyambitsa gawo la UDP ndi kulandira zopempha kuchokera pa intaneti kuchokera ku adiresi iliyonse ya IP. Panthawiyi, ndinayambitsa OpenVPN-server (ndinayikonza kale) kumvetsera ku doko la UDP / 11111, ndikuwonetsa adilesi yakunja ya IP ndi doko (XX.1XX.1X4.2XX:4398) pa foni yamakono ndikugwirizanitsa bwino kuchokera ku smartphone kupita kompyuta. Koma pakukhazikitsa uku kudabuka vuto: kunali kofunikira kuti mwanjira ina musunge gawo la UDP mpaka kasitomala wa OpenVPN atalumikizidwa ndi seva; Sindinakonde mwayi woyambitsa kasitomala wa STUN nthawi ndi nthawi - sindinkafuna kuwononga katunduyo. ma seva a STUN.
Ndinawonanso kuti "
Kupaka tsitsi kumalola makina amodzi pa netiweki yakumbuyo kwa NAT kuti apeze makina ena pamaneti omwewo pa adilesi yakunja ya rauta.
Zotsatira zake, ndinangothetsa vuto lakusunga gawo la UDP - ndinayambitsa kasitomala pa kompyuta yomweyo ndi seva.
Zinagwira ntchito motere:
- adakhazikitsa kasitomala wa STUN padoko lapafupi 11111
- adalandira yankho ndi adilesi yakunja ya IP ndi doko XX.1XX.1X4.2XX:4398
- adatumiza deta ndi adilesi yakunja ya IP ndi doko ku imelo (utumiki wina uliwonse ndi wotheka) wokonzedwa pa smartphone
- adayambitsa seva ya OpenVPN pakompyuta yomvera doko la UDP/11111
- adakhazikitsa kasitomala wa OpenVPN pakompyuta pofotokoza XX.1XX.1X4.2XX:4398 kuti alumikizike
- nthawi iliyonse idayambitsa kasitomala wa OpenVPN pa foni yam'manja yomwe ikuwonetsa adilesi ya IP ndi doko (kwa ine adilesi ya IP sinasinthe) kulumikiza
Mwanjira iyi ndidatha kulumikizana ndi kompyuta yanga kuchokera pa smartphone yanga. Kukhazikitsa uku kumakupatsani mwayi wolumikiza kasitomala aliyense wa OpenVPN.
Yesetsani
Zidzatenga:
# apt install openvpn stun-client sendemail
Titalemba zolemba zingapo, mafayilo angapo osinthira, ndikupanga ziphaso zofunikira (popeza kasitomala pa foni yam'manja amagwira ntchito ndi ziphaso), timakhala ndi kukhazikitsa kwanthawi zonse kwa seva ya OpenVPN.
Main script pa kompyuta
# cat vpn11.sh
#!/bin/bash
until [[ -n "$iftosrv" ]]; do echo "$(date) ΠΠΏΡΠ΅Π΄Π΅Π»ΡΡ ΡΠ΅ΡΠ΅Π²ΠΎΠΉ ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡ"; iftosrv=`ip route get 8.8.8.8 | head -n 1 | sed 's|.*dev ||' | awk '{print $1}'`; sleep 5; done
ABSOLUTE_FILENAME=`readlink -f "$0"`
DIR=`dirname "$ABSOLUTE_FILENAME"`
localport=11111
until [[ $a ]]; do
address=`stun stun.sipnet.ru -v -p $localport 2>&1 | grep "MappedAddress" | sort | uniq | head -n 1 | sed 's/:/ /g' | awk '{print $3" "$4}'`
ip=`echo "$address" | awk {'print $1'}`
port=`echo "$address" | awk {'print $2'}`
srv="openvpn --config $DIR/server.conf --port $localport --daemon"
$srv
echo "$(date) Π‘Π΅ΡΠ²Π΅Ρ Π·Π°ΠΏΡΡΠ΅Π½ Ρ Π²Π½Π΅ΡΠ½ΠΈΠΌ Π°Π΄ΡΠ΅ΡΠΎΠΌ $ip:$port"
$DIR/sendemail.sh "OpenVPN-Server" "$ip:$port"
sleep 1
openvpn --config $DIR/client.conf --remote $ip --port $port
echo "$(date) CΠΎΠ΅Π΄ΠΈΠ½Π΅Π½ΠΈΠ΅ ΠΊΠ»ΠΈΠ΅Π½ΡΠ° Ρ ΡΠ΅ΡΠ²Π΅ΡΠΎΠΌ ΡΠ°Π·ΠΎΡΠ²Π°Π½ΠΎ"
for i in `ps xa | grep "$srv" | grep -v grep | awk '{print $1}'`; do
kill $i && echo "$(date) ΠΠ°Π²Π΅ΡΡΠ΅Π½ ΠΏΡΠΎΡΠ΅ΡΡ ΡΠ΅ΡΠ²Π΅ΡΠ° $i ($srv)"
done
echo "ΠΠ΄Ρ 15 ΡΠ΅ΠΊ"
sleep 15
done
Script yotumiza deta ndi imelo:
# cat sendemail.sh
#!/bin/bash
from="ΠΡ ΠΊΠΎΠ³ΠΎ"
pass="ΠΠ°ΡΠΎΠ»Ρ"
to="ΠΠΎΠΌΡ"
theme="$1"
message="$2"
server="smtp.yandex.ru:587"
sendEmail -o tls=yes -f "$from" -t "$to" -s "$server" -xu "$from" -xp "$pass" -u "$theme" -m "$message"
Fayilo yosinthira seva:
# cat server.conf
proto udp
dev tun
ca /home/vpn11-srv/ca.crt
cert /home/vpn11-srv/server.crt
key /home/vpn11-srv/server.key
dh /home/vpn11-srv/dh2048.pem
server 10.2.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
tls-server
tls-auth /home/vpn11-srv/ta.key 0
tls-timeout 60
auth SHA256
cipher AES-256-CBC
client-to-client
keepalive 10 30
comp-lzo
max-clients 10
user nobody
group nogroup
persist-key
persist-tun
log /var/log/vpn11-server.log
verb 3
mute 20
Fayilo yosinthira kasitomala:
# cat client.conf
client
dev tun
proto udp
ca "/home/vpn11-srv/ca.crt"
cert "/home/vpn11-srv/client1.crt"
key "/home/vpn11-srv/client1.key"
tls-client
tls-auth "/home/vpn11-srv/ta.key" 1
auth SHA256
cipher AES-256-CBC
auth-nocache
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
log /var/log/vpn11-clent.log
verb 3
mute 20
ping 10
ping-exit 30
Satifiketi idapangidwa pogwiritsa ntchito
Kuyendetsa script:
# ./vpn11.sh
Poyambirira kuti ikwaniritsidwe
# chmod +x vpn11.sh
Kumbali ya smartphone
Pokhazikitsa pulogalamu OpenVPN ya Android, atakopera fayilo yosinthira, satifiketi ndikuyikonza, zidakhala motere:
Ndimayang'ana imelo yanga pa smartphone yanga
Ine kusintha doko nambala mu zoikamo
Ndikuyambitsa kasitomala ndikulumikiza
Ndikulemba nkhaniyi, ndinasamutsa kasinthidwe kuchokera pa kompyuta yanga kupita ku Raspberry Pi 3 ndikuyesera kuyendetsa chinthu chonsecho pa modemu ya LTE, koma sizinagwire ntchito! Command Zotsatira
# stun stun.ekiga.net -p 11111
Mtundu wa kasitomala wa STUN 0.97
Pulayimale: Mapu Odziyimira Pawokha, Zosefera Zodalira pa Port, doko losasinthika, lipanga tsitsi
Mtengo wobwerera ndi 0x000006
tanthauzo Zosefera Zodalira pa Port sanalole kuti dongosololi liyambe.
Koma wopereka kunyumba adalola kuti dongosololi liyambike pa Raspberry Pi 3 popanda vuto lililonse.
Molumikizana ndi webukamu, ndi VLC kwa
kupanga mtsinje wa RTSP kuchokera pa webcam
$ cvlc v4l2:///dev/video0:chroma=h264 :input-slave=alsa://hw:1,0 --sout '#transcode{vcodec=x264,venc=x264{preset=ultrafast,profile=baseline,level=31},vb=2048,fps=12,scale=1,acodec=mpga,ab=128,channels=2,samplerate=44100,scodec=none}:rtp{sdp=rtsp://10.2.0.1:8554/}' --no-sout-all --sout-keep
ndi VLC pa foni yamakono kuonera (mtsinje rtsp://10.2.0.1:8554/), kunakhala wabwino kutali kanema anaziika dongosolo, mukhoza kukhazikitsa Samba, njira magalimoto kudzera VPN, chowongolera kompyuta ndi zambiri. Zambiri...
Pomaliza
Monga momwe chizolowezi chawonetsera, kukonza seva ya VPN, mutha kuchita popanda adilesi yakunja ya IP yomwe muyenera kulipira, monga VPS / VDS yobwereka. Koma zonse zimatengera wopereka. Inde, ndimafuna kudziwa zambiri za opereka osiyanasiyana ndi mitundu ya NAT yomwe imagwiritsidwa ntchito, koma ichi ndi chiyambi chabe ...
Zikomo chifukwa cha chidwi chanu!
Source: www.habr.com