Pulogalamu ya ProHoster > Blog > Ulamuliro > Kuthamanga seva ya VPN kumbuyo kwa NAT ya wothandizira

Kuthamanga seva ya VPN kumbuyo kwa NAT ya wothandizira

Nkhani yokhudza momwe ndinatha kuyendetsa seva ya VPN kumbuyo kwa NAT ya wothandizira kunyumba (popanda adilesi yoyera ya IP). Ndiroleni ine ndisungitse nthawi yomweyo: izo ntchito ya kukhazikitsidwa kumeneku mwachindunji zimadalira mtundu wa NAT wogwiritsidwa ntchito ndi wothandizira wanu, komanso rauta.
Chifukwa chake, ndimayenera kulumikiza kuchokera ku foni yam'manja ya Android kupita ku kompyuta yanga yakunyumba, zida zonse ziwiri zimalumikizidwa ndi intaneti kudzera pa NATs, kuphatikiza kompyutayo imalumikizidwa kudzera pa rauta yakunyumba, yomwe imalumikizananso ndi NATs.
Chiwembu chachikale chogwiritsa ntchito VPS / VDS yobwereketsa yokhala ndi adilesi yoyera ya IP, komanso kubwereka adilesi yoyera ya IP kuchokera kwa wothandizira, sikunaganizidwe pazifukwa zingapo.
Poganizira zokumana nazo m'nkhani zam'mbuyomu, atachita zoyeserera zingapo ndi STUNs ndi NATs of providers. Ndinaganiza zoyesera pang'ono poyendetsa lamulo pa rauta yakunyumba yomwe ikuyenda ndi OpenWRT firmware: 

$ stun stun.sipnet.ru

ndapeza zotsatira:

Mtundu wa kasitomala wa STUN 0.97
Pulayimale: Mapu Odziyimira Pawokha, Zosefera Zodziyimira pawokha, doko lachisawawa, lipanga tsitsi
Mtengo wobwerera ndi 0x000002

Kumasulira kwenikweni:
Mapu Odziyimira pawokha - kupanga mapu odziyimira pawokha
Zosefera Zodziyimira pawokha - fyuluta yodziyimira payokha
port mwachisawawa - doko lachisawawa
will hairpin - padzakhala hairpin
Ndikuyendetsa lamulo lofananalo pa PC yanga, ndili ndi:

Mtundu wa kasitomala wa STUN 0.97
Pulayimale: Mapu Odziyimira Pawokha, Zosefera Zodalira pa Port, doko losasinthika, lipanga tsitsi
Mtengo wobwerera ndi 0x000006

Zosefera Zodalira pa Port - fyuluta yodalira padoko
Kusiyana kwa zotsatira za lamuloli kunasonyeza kuti rauta yakunyumba ikupanga "chothandizira" panjira yotumizira mapaketi kuchokera pa intaneti; izi zidawonekera chifukwa popereka lamulo pakompyuta:

stun stun.sipnet.ru -p 11111 -v

Ndinali kupeza zotsatira:

...
MappedAddress = XX.1XX.1X4.2XX:4398
...

panthawiyi, gawo la UDP linatsegulidwa kwa nthawi ndithu, ngati panthawiyi mutumiza pempho la UDP (mwachitsanzo: netcat XX.1XX.1X4.2XX 4398 -u), ndiye pempholo linabwera ku rauta ya kunyumba, yomwe inali kutsimikiziridwa ndi TCPDump akuthamanga pa izo, koma pempho silinafike pa kompyuta - IPtables, monga NAT womasulira pa rauta, anagwetsa izo.
Kuthamanga seva ya VPN kumbuyo kwa NAT ya wothandizira
Koma mfundo yoti pempho la UDP lidadutsa mu NAT ya wothandizirayo idapereka chiyembekezo chakuchita bwino. Popeza rauta ili m'dera langa, ndidathetsa vutoli ndikulozera doko la UDP/11111 pakompyuta:

iptables -t nat -A PREROUTING -i eth1 -p udp -d 10.1XX.2XX.XXX --dport 11111 -j DNAT --to-destination 192.168.X.XXX

Motero, ndinatha kuyambitsa gawo la UDP ndi kulandira zopempha kuchokera pa intaneti kuchokera ku adiresi iliyonse ya IP. Panthawiyi, ndinayambitsa OpenVPN-server (ndinayikonza kale) kumvetsera ku doko la UDP / 11111, ndikuwonetsa adilesi yakunja ya IP ndi doko (XX.1XX.1X4.2XX:4398) pa foni yamakono ndikugwirizanitsa bwino kuchokera ku smartphone kupita kompyuta. Koma pakukhazikitsa uku kudabuka vuto: kunali kofunikira kuti mwanjira ina musunge gawo la UDP mpaka kasitomala wa OpenVPN atalumikizidwa ndi seva; Sindinakonde mwayi woyambitsa kasitomala wa STUN nthawi ndi nthawi - sindinkafuna kuwononga katunduyo. ma seva a STUN.
Ndinawonanso kuti "will hairpin - padzakhala hairpin", mode izi

Kupaka tsitsi kumalola makina amodzi pa netiweki yakumbuyo kwa NAT kuti apeze makina ena pamaneti omwewo pa adilesi yakunja ya rauta.

Kuthamanga seva ya VPN kumbuyo kwa NAT ya wothandizira
Zotsatira zake, ndinangothetsa vuto lakusunga gawo la UDP - ndinayambitsa kasitomala pa kompyuta yomweyo ndi seva.
Zinagwira ntchito motere:

  • adakhazikitsa kasitomala wa STUN padoko lapafupi 11111
  • adalandira yankho ndi adilesi yakunja ya IP ndi doko XX.1XX.1X4.2XX:4398
  • adatumiza deta ndi adilesi yakunja ya IP ndi doko ku imelo (utumiki wina uliwonse ndi wotheka) wokonzedwa pa smartphone
  • adayambitsa seva ya OpenVPN pakompyuta yomvera doko la UDP/11111
  • adakhazikitsa kasitomala wa OpenVPN pakompyuta pofotokoza XX.1XX.1X4.2XX:4398 kuti alumikizike
  • nthawi iliyonse idayambitsa kasitomala wa OpenVPN pa foni yam'manja yomwe ikuwonetsa adilesi ya IP ndi doko (kwa ine adilesi ya IP sinasinthe) kulumikiza

Kuthamanga seva ya VPN kumbuyo kwa NAT ya wothandizira
Mwanjira iyi ndidatha kulumikizana ndi kompyuta yanga kuchokera pa smartphone yanga. Kukhazikitsa uku kumakupatsani mwayi wolumikiza kasitomala aliyense wa OpenVPN.

Yesetsani

Zidzatenga: 

# apt install openvpn stun-client sendemail

Titalemba zolemba zingapo, mafayilo angapo osinthira, ndikupanga ziphaso zofunikira (popeza kasitomala pa foni yam'manja amagwira ntchito ndi ziphaso), timakhala ndi kukhazikitsa kwanthawi zonse kwa seva ya OpenVPN.

Main script pa kompyuta

# cat vpn11.sh

#!/bin/bash
until [[ -n "$iftosrv" ]]; do echo "$(date) ΠžΠΏΡ€Π΅Π΄Π΅Π»ΡΡŽ сСтСвой интСрфСйс"; iftosrv=`ip route get 8.8.8.8 | head -n 1 | sed 's|.*dev ||' | awk '{print $1}'`; sleep 5; done
ABSOLUTE_FILENAME=`readlink -f "$0"`
DIR=`dirname "$ABSOLUTE_FILENAME"`
localport=11111
until [[ $a ]]; do
	address=`stun stun.sipnet.ru -v -p $localport 2>&1 | grep "MappedAddress" | sort | uniq | head -n 1 | sed 's/:/ /g' | awk '{print $3" "$4}'`
        ip=`echo "$address" | awk {'print $1'}`
        port=`echo "$address" | awk {'print $2'}`
	srv="openvpn --config $DIR/server.conf --port $localport --daemon"
	$srv
	echo "$(date) Π‘Π΅Ρ€Π²Π΅Ρ€ Π·Π°ΠΏΡƒΡ‰Π΅Π½ с внСшним адрСсом $ip:$port"
	$DIR/sendemail.sh "OpenVPN-Server" "$ip:$port"
	sleep 1
	openvpn --config $DIR/client.conf --remote $ip --port $port
	echo "$(date) CΠΎΠ΅Π΄ΠΈΠ½Π΅Π½ΠΈΠ΅ ΠΊΠ»ΠΈΠ΅Π½Ρ‚Π° с сСрвСром Ρ€Π°Π·ΠΎΡ€Π²Π°Π½ΠΎ"
	for i in `ps xa | grep "$srv" | grep -v grep | awk '{print $1}'`; do
		kill $i && echo "$(date) Π—Π°Π²Π΅Ρ€ΡˆΠ΅Π½ процСсс сСрвСра $i ($srv)"
		done
	echo "Π–Π΄Ρƒ 15 сСк"
	sleep 15
	done

Script yotumiza deta ndi imelo:

# cat sendemail.sh 

#!/bin/bash
from="ΠžΡ‚ ΠΊΠΎΠ³ΠΎ"
pass="ΠŸΠ°Ρ€ΠΎΠ»ΡŒ"
to="ΠšΠΎΠΌΡƒ"
theme="$1"
message="$2"
server="smtp.yandex.ru:587"
sendEmail -o tls=yes -f "$from" -t "$to" -s "$server" -xu "$from" -xp "$pass" -u "$theme" -m "$message"

Fayilo yosinthira seva:

# cat server.conf

proto udp
dev tun
ca      /home/vpn11-srv/ca.crt
cert    /home/vpn11-srv/server.crt
key     /home/vpn11-srv/server.key
dh      /home/vpn11-srv/dh2048.pem
server 10.2.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
tls-server
tls-auth /home/vpn11-srv/ta.key 0
tls-timeout 60
auth    SHA256
cipher  AES-256-CBC
client-to-client
keepalive 10 30
comp-lzo
max-clients 10
user nobody
group nogroup
persist-key
persist-tun
log /var/log/vpn11-server.log
verb 3
mute 20

Fayilo yosinthira kasitomala:

# cat client.conf

client
dev tun
proto udp
ca      "/home/vpn11-srv/ca.crt"
cert    "/home/vpn11-srv/client1.crt"
key     "/home/vpn11-srv/client1.key"
tls-client
tls-auth "/home/vpn11-srv/ta.key" 1
auth SHA256
cipher AES-256-CBC
auth-nocache
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
log /var/log/vpn11-clent.log
verb 3
mute 20
ping 10
ping-exit 30

Satifiketi idapangidwa pogwiritsa ntchito nkhaniyi.
Kuyendetsa script:

# ./vpn11.sh

Poyambirira kuti ikwaniritsidwe 

# chmod +x vpn11.sh

Kumbali ya smartphone

Pokhazikitsa pulogalamu OpenVPN ya Android, atakopera fayilo yosinthira, satifiketi ndikuyikonza, zidakhala motere:
Ndimayang'ana imelo yanga pa smartphone yangaKuthamanga seva ya VPN kumbuyo kwa NAT ya wothandizira
Ine kusintha doko nambala mu zoikamoKuthamanga seva ya VPN kumbuyo kwa NAT ya wothandizira
Ndikuyambitsa kasitomala ndikulumikizaKuthamanga seva ya VPN kumbuyo kwa NAT ya wothandizira

Ndikulemba nkhaniyi, ndinasamutsa kasinthidwe kuchokera pa kompyuta yanga kupita ku Raspberry Pi 3 ndikuyesera kuyendetsa chinthu chonsecho pa modemu ya LTE, koma sizinagwire ntchito! Command Zotsatira 

# stun stun.ekiga.net -p 11111

Mtundu wa kasitomala wa STUN 0.97
Pulayimale: Mapu Odziyimira Pawokha, Zosefera Zodalira pa Port, doko losasinthika, lipanga tsitsi
Mtengo wobwerera ndi 0x000006

tanthauzo Zosefera Zodalira pa Port sanalole kuti dongosololi liyambe.
Koma wopereka kunyumba adalola kuti dongosololi liyambike pa Raspberry Pi 3 popanda vuto lililonse.
Molumikizana ndi webukamu, ndi VLC kwa
kupanga mtsinje wa RTSP kuchokera pa webcam

$ cvlc v4l2:///dev/video0:chroma=h264 :input-slave=alsa://hw:1,0 --sout '#transcode{vcodec=x264,venc=x264{preset=ultrafast,profile=baseline,level=31},vb=2048,fps=12,scale=1,acodec=mpga,ab=128,channels=2,samplerate=44100,scodec=none}:rtp{sdp=rtsp://10.2.0.1:8554/}' --no-sout-all --sout-keep

ndi VLC pa foni yamakono kuonera (mtsinje rtsp://10.2.0.1:8554/), kunakhala wabwino kutali kanema anaziika dongosolo, mukhoza kukhazikitsa Samba, njira magalimoto kudzera VPN, chowongolera kompyuta ndi zambiri. Zambiri...

Pomaliza

Monga momwe chizolowezi chawonetsera, kukonza seva ya VPN, mutha kuchita popanda adilesi yakunja ya IP yomwe muyenera kulipira, monga VPS / VDS yobwereka. Koma zonse zimatengera wopereka. Inde, ndimafuna kudziwa zambiri za opereka osiyanasiyana ndi mitundu ya NAT yomwe imagwiritsidwa ntchito, koma ichi ndi chiyambi chabe ...
Zikomo chifukwa cha chidwi chanu!

Source: www.habr.com

Kuwonjezera ndemanga