ProHoster > Blog > Pulega > Fa'atino se VPN server i tua o le NAT a le kamupani

Fa'atino se VPN server i tua o le NAT a le kamupani

O se tusiga e uiga i le auala na mafai ai ona ou faʻatautaia se VPN server i tua o le NAT o laʻu fale (e aunoa ma se tuatusi IP paʻepaʻe). Se'i ou faia loa se reservation: lena o le faʻatinoga o lenei faʻatinoga e faʻalagolago saʻo i le ituaiga NAT faʻaaogaina e lau kamupani, faʻapea foʻi ma le router.
O lea la, sa manaʻomia ona ou faʻafesoʻotaʻi mai laʻu telefoni feaveaʻi i laʻu komepiuta fale, o masini uma e lua e fesoʻotaʻi i luga ole Initaneti e ala ile NATs e tuʻuina atu, faʻatasi ai ma le komepiuta e fesoʻotaʻi atu i se telefoni ile fale, lea e fesoʻotaʻi ma NATs.
O le faʻataʻitaʻiga masani e faʻaaoga ai se VPS / VDS lisi ma se tuatusi IP paʻepaʻe, faʻapea foʻi ma le lisiina o se tuatusi IP paʻepaʻe mai se tagata e tuʻuina atu, e leʻi mafaufauina mo ni mafuaaga.
I le amanaia aafiaga mai tala ua mavae, i le fa'atinoina o le tele o fa'ata'ita'iga ma STUNs ma NATs a le 'au'aunaga. Na ou filifili e fai sina faʻataʻitaʻiga e ala i le faʻatonuina o le faʻatonuga i luga o se router ile fale o loʻo faʻaogaina OpenWRT firmware: 

$ stun stun.sipnet.ru

maua le i'uga:

STUN client version 0.97
Primary: Tuto'atasi Fa'afanua, Tuto'atasi Filter, va'aiga uafu, o le a pine lauulu
Fa'afo'i tau o le 0x000002

Fa'aliliuga moni:
Fa'afanua Tutoatasi - fa'afanua tuto'atasi
Tuto'atasi Filter - fa'amama tuto'atasi
tau fa'afuase'i - random port
e pine lauulu - o le ai ai se pine lauulu
Faʻatautaia se faʻatonuga tutusa i luga o laʻu PC, na ou mauaina:

STUN client version 0.97
Primary: Tuto'atasi Fa'afanua, Taulaga Fa'alagolago Filter, tau fa'afuase'i, o le a pine lauulu
Fa'afo'i tau o le 0x000006

Filifiliga Fa'alagolago i Taulaga - faamama fa'alagolago i le taulaga
O le eseesega i taunuuga o le faʻatonuga o loʻo faʻaalia ai o loʻo faia e le router i le fale "lana sao" i le faagasologa o le tuʻuina atu o pepa mai le Initaneti; na faʻaalia i le mea moni e faapea, pe a faʻatinoina le poloaiga i luga o le komepiuta:

stun stun.sipnet.ru -p 11111 -v

Na ou mauaina le taunuuga:

...
MappedAddress = XX.1XX.1X4.2XX:4398
...

i le taimi nei, na tatalaina se sauniga UDP mo sina taimi, pe afai o le taimi nei e te auina atu se talosaga UDP (mo se faʻataʻitaʻiga: netcat XX.1XX.1X4.2XX 4398 -u), ona oʻo mai lea o le talosaga i le router fale, lea na faʻamaonia e le TCPDump o loʻo tamoe i luga, ae o le talosaga e leʻi oʻo atu i le komepiuta - IPtables, o se faʻaliliuga NAT i luga o le router, na paʻu ai.
Fa'atino se VPN server i tua o le NAT a le kamupani
Ae o le mea moni lava o le talosaga a le UDP na pasia i le NAT a le kamupani na maua ai le faʻamoemoe mo le manuia. Talu ai o le router o loʻo i totonu o laʻu pulega, na ou foia le faʻafitauli e ala i le toe faʻafeiloaʻi o le UDP/11111 port i le komepiuta:

iptables -t nat -A PREROUTING -i eth1 -p udp -d 10.1XX.2XX.XXX --dport 11111 -j DNAT --to-destination 192.168.X.XXX

O lea, na mafai ai ona ou amataina se sauniga UDP ma maua talosaga mai le Initaneti mai soʻo se tuatusi IP. I le taimi nei, na ou faʻalauiloaina OpenVPN-server (ua uma ona faʻatulagaina muamua) faʻalogo i le UDP / 11111 port, faʻaalia le tuatusi IP fafo ma le taulaga (XX.1XX.1X4.2XX: 4398) i luga o le telefoni ma faʻafesoʻotaʻi lelei mai le telefoni i le telefoni. le komepiuta. Ae i lenei faʻatinoga na tulaʻi mai ai se faʻafitauli: e tatau ona tausia le sauniga UDP seia oʻo ina fesoʻotaʻi le OpenVPN client i le 'auʻaunaga; Ou te le fiafia i le filifiliga o le faʻalauiloaina o le STUN client i lea taimi ma lea taimi - Ou te le manaʻo e faʻaumatia le uta le 'au'aunaga STUN.
Na ou matauina foi le tala "e pine lauulu - o le ai ai se pine lauulu", lenei faiga

E fa'atagaina e se masini se tasi i luga o se feso'ota'iga fa'apitonu'u i tua atu o le NAT ona fa'aoga se isi masini i luga o le feso'ota'iga tutusa i le tuatusi pito i fafo o le router.

Fa'atino se VPN server i tua o le NAT a le kamupani
O se taunuuga, na ou foia le faafitauli o le tausia o se sauniga UDP - Na ou faʻalauiloaina le kalani i luga o le komepiuta lava e tasi ma le server.
Sa galue e pei o lenei:

  • fa'alauiloa le STUN client i luga o le taulaga 11111
  • maua se tali i se tuatusi IP fafo ma le taulaga XX.1XX.1X4.2XX:4398
  • auina atu faʻamatalaga ma se tuatusi IP fafo ma le taulaga i imeli (soʻo se isi auaunaga e mafai) faʻapipiʻiina i luga o le telefoni
  • faʻalauiloa le OpenVPN server i luga o se komepiuta faʻalogo ile UDP/11111 port
  • fa'alauiloa le OpenVPN client i luga o le komipiuta fa'amaoti XX.1XX.1X4.2XX:4398 mo feso'ota'iga
  • i soʻo se taimi faʻalauiloa le OpenVPN client i luga o le telefoni e faʻaalia ai le tuatusi IP ma le taulaga (i loʻu tulaga e leʻi suia le tuatusi IP) e faʻafesoʻotaʻi

Fa'atino se VPN server i tua o le NAT a le kamupani
O le auala lea na mafai ai ona ou faʻafesoʻotaʻi i laʻu komepiuta mai laʻu telefoni. O lenei faʻatinoga e mafai ai e oe ona faʻafesoʻotaʻi soʻo se tagata OpenVPN client.

Faataitai

O le a alu: 

# apt install openvpn stun-client sendemail

I le tusiaina o ni nai tusitusiga, ni faila faila, ma fatuina tusi faamaonia talafeagai (talu ai o le tagata o tausia i luga o se telefoni e galue naʻo tusi pasi), matou te maua le faʻatinoina masani o le OpenVPN server.

Tusi autu i luga o le komepiuta

# cat vpn11.sh

#!/bin/bash
until [[ -n "$iftosrv" ]]; do echo "$(date) Определяю сетевой интерфейс"; iftosrv=`ip route get 8.8.8.8 | head -n 1 | sed 's|.*dev ||' | awk '{print $1}'`; sleep 5; done
ABSOLUTE_FILENAME=`readlink -f "$0"`
DIR=`dirname "$ABSOLUTE_FILENAME"`
localport=11111
until [[ $a ]]; do
	address=`stun stun.sipnet.ru -v -p $localport 2>&1 | grep "MappedAddress" | sort | uniq | head -n 1 | sed 's/:/ /g' | awk '{print $3" "$4}'`
        ip=`echo "$address" | awk {'print $1'}`
        port=`echo "$address" | awk {'print $2'}`
	srv="openvpn --config $DIR/server.conf --port $localport --daemon"
	$srv
	echo "$(date) Сервер запущен с внешним адресом $ip:$port"
	$DIR/sendemail.sh "OpenVPN-Server" "$ip:$port"
	sleep 1
	openvpn --config $DIR/client.conf --remote $ip --port $port
	echo "$(date) Cоединение клиента с сервером разорвано"
	for i in `ps xa | grep "$srv" | grep -v grep | awk '{print $1}'`; do
		kill $i && echo "$(date) Завершен процесс сервера $i ($srv)"
		done
	echo "Жду 15 сек"
	sleep 15
	done

Fa'amatalaga mo le lafoina o fa'amatalaga ile imeli:

# cat sendemail.sh 

#!/bin/bash
from="От кого"
pass="Пароль"
to="Кому"
theme="$1"
message="$2"
server="smtp.yandex.ru:587"
sendEmail -o tls=yes -f "$from" -t "$to" -s "$server" -xu "$from" -xp "$pass" -u "$theme" -m "$message"

Fa'atonu faila faila:

# cat server.conf

proto udp
dev tun
ca      /home/vpn11-srv/ca.crt
cert    /home/vpn11-srv/server.crt
key     /home/vpn11-srv/server.key
dh      /home/vpn11-srv/dh2048.pem
server 10.2.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
tls-server
tls-auth /home/vpn11-srv/ta.key 0
tls-timeout 60
auth    SHA256
cipher  AES-256-CBC
client-to-client
keepalive 10 30
comp-lzo
max-clients 10
user nobody
group nogroup
persist-key
persist-tun
log /var/log/vpn11-server.log
verb 3
mute 20

faila fetuutuunaiga a tagata fai pisinisi:

# cat client.conf

client
dev tun
proto udp
ca      "/home/vpn11-srv/ca.crt"
cert    "/home/vpn11-srv/client1.crt"
key     "/home/vpn11-srv/client1.key"
tls-client
tls-auth "/home/vpn11-srv/ta.key" 1
auth SHA256
cipher AES-256-CBC
auth-nocache
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
log /var/log/vpn11-clent.log
verb 3
mute 20
ping 10
ping-exit 30

O tusi faamaonia na gaosia i le faʻaaogaina lenei tusiga.
Fa'atino le tala:

# ./vpn11.sh

E ala i le faia muamua o le executable 

# chmod +x vpn11.sh

I luga ole itu telefoni

E ala i le faʻapipiʻiina o le talosaga OpenVPN mo le Android, i le kopiina o le faila faila, tusi faamaonia ma faʻapipiʻi, na foliga mai e pei o lenei:
Ou te siaki la'u imeli i la'u telefoniFa'atino se VPN server i tua o le NAT a le kamupani
Ou te faʻasaʻo le numera o le taulaga i faʻatulagagaFa'atino se VPN server i tua o le NAT a le kamupani
Ou te tatalaina le kalani ma fesootaiFa'atino se VPN server i tua o le NAT a le kamupani

A o ou tusia lenei tusiga, na ou faʻafeiloaʻi le faʻatulagaga mai laʻu komepiuta i le Raspberry Pi 3 ma taumafai e faʻatautaia le mea atoa i luga o le modem LTE, ae e leʻi aoga! I'uga o Poloaiga 

# stun stun.ekiga.net -p 11111

STUN client version 0.97
Primary: Tuto'atasi Fa'afanua, Taulaga Fa'alagolago Filter, tau fa'afuase'i, o le a pine lauulu
Fa'afo'i tau o le 0x000006

uiga Filifiliga Faalagolago i Taulaga e le'i faatagaina le faiga e amata.
Ae na faʻatagaina e le fale e tuʻuina atu le polokalama e amata ile Raspberry Pi 3 e aunoa ma se faʻafitauli.
Faʻatasi ma se webcam, ma VLC mo
fatuina o se vaitafe RTSP mai se webcam

$ cvlc v4l2:///dev/video0:chroma=h264 :input-slave=alsa://hw:1,0 --sout '#transcode{vcodec=x264,venc=x264{preset=ultrafast,profile=baseline,level=31},vb=2048,fps=12,scale=1,acodec=mpga,ab=128,channels=2,samplerate=44100,scodec=none}:rtp{sdp=rtsp://10.2.0.1:8554/}' --no-sout-all --sout-keep

ma le VLC i luga o se telefoni mo le matamataina (stream rtsp://10.2.0.1:8554/), na avea ma se faiga mamao mamao mataʻituina vitio, e mafai foi ona e faʻapipiʻi Samba, auala feoaiga e ala i VPN, pulea mamao lau komepiuta ma tele. sili atu...

iʻuga

E pei ona faʻaalia e le faʻataʻitaʻiga, e faʻatulagaina se VPN server, e mafai ona e faia e aunoa ma se tuatusi IP fafo e te manaʻomia e totogi ai, e pei lava o se VPS / VDS totogi. Ae e faalagolago uma i le tagata e tuuina atu. Ioe, sa ou manaʻo e maua nisi faʻamatalaga e uiga i kamupani eseese ma ituaiga o NAT na faʻaaogaina, ae o le amataga lea...
Faafetai mo lau gauai!

puna: www.habr.com

Faaopoopo i ai se faamatalaga