Nguva yakanaka yezuva!
Muchikamu chino ndinoda kukuudza kuti ndakashandisa sei () chinyorwa cheBash chekubatanidza makomputa maviri kuseri kweNAT uchishandisa UDP hole punching tekinoroji uchishandisa Ubuntu/Debian OS semuenzaniso.
Kugadzira chinongedzo kune akati wandei matanho:
- Kutanga node uye kumirira kuti node iri kure igadzirire;
- Kusarudza yekunze IP kero uye UDP port;
- Kuendesa yekunze IP kero uye UDP chiteshi kune ari kure host;
- Kuwana yekunze IP kero uye UDP chiteshi kubva kune iri kure kutambira;
- Sangano reIPIP tunnel;
- Connection monitoring;
- Kana kubatana kukakarasika, bvisa IPIP mugero.
Ndakafunga kwenguva yakareba uye ndichiri kufunga kuti chii chingashandiswa kuchinjanisa data pakati penode, iyo iri nyore uye yakakurumidza kwandiri panguva ino iri kushanda kuburikidza neYandex.disk.
- Chekutanga, zviri nyore kushandisa - unoda 3 zviito: kugadzira, kuverenga, kubvisa. Ne curl izvi ndezvi:
Gadzira:curl -s -X MKCOL --user "$usename:$password" https://webdav.yandex.ru/$folderVerenga:
curl -s --user "$usename:$password" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/$folderDelete:
curl -s -X DELETE --user "$usename:$password" https://webdav.yandex.ru/$folder - Chechipiri, zviri nyore kuisa:
apt install curl
Kuti uone iyo yekunze IP kero uye UDP chiteshi, shandisa iyo stun-mutengi kuraira:
stun stun.sipnet.ru -v -p $1 2>&1 | grep "MappedAddress"Installation with command:
apt install stun-clientKuronga mugero, zvakajairwa OS maturusi kubva kune iproute2 package anoshandiswa. Uripo iyo inogona kusimudzwa uchishandisa yakajairwa nzira (L2TPv3, GRE, nezvimwewo), asi ini ndakasarudza IPIP nekuti inogadzira mudiki wekuwedzera mutoro pane system. Ndakaedza L2TPv3 pamusoro peUDP uye ndakaodzwa mwoyo, kukurumidza kwakadonha ka10, asi izvi zvinogona kuva zvirambidzo zvakasiyana-siyana zvine chokuita nevanopa kana chimwe chinhu. Sezvo IPIP tunnel ichishanda pa IP level, iyo FOU tunnel inoshandiswa kushanda paUDP port level. Kuronga IPIP mugero unoda:
-Rodha iyo FOU module:
modprobe fou- teerera kuchiteshi chenzvimbo:
ip fou add port $localport ipproto 4- gadzira tunnel:
ip link add name fou$name type ipip remote $remoteip local $localip encap fou encap-sport $localport encap-dport $remoteport-simudza iyo tunnel interface:
ip link set up dev fou$name- Govera yemukati uye yemukati kure kure IP kero yemugero:
ip addr add $intIP peer $peerip dev fou$nameDelete a tunnel:
ip link del dev fou$nameip fou del port $localportIyo tunnel state inotariswa nekupota ichipingudza iyo yemukati IP kero yeiyo iri kure node tunnel nemurairo:
ping -c 1 $peerip -s 0Periodic ping inodiwa zvakanyanya kuchengetedza chiteshi, zvikasadaro, kana mugero usingaite, matafura eNAT pamarouta anogona kucheneswa uye ipapo kubatana kunoputswa.
Kana iyo ping ikanyangarika, ipapo iyo IPIP mugero inobviswa uye inomirira kugadzirira kubva kune iri kure host.
Iyo script pachayo:
#!/bin/bash
username="[email protected]"
password="password"
folder="vpnid"
intip="10.0.0.1"
localport=`shuf -i 10000-65000 -n 1`
cid=`shuf -i 10000-99999 -n 1`
tid=`shuf -i 10-99 -n 1`
function yaread {
curl -s --user "$1:$2" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/$3 | sed 's/></>n</g' | grep "displayname" | sed 's/<d:displayname>//g' | sed 's/</d:displayname>//g' | grep -v $3 | grep -v $4 | sort -r
}
function yacreate {
curl -s -X MKCOL --user "$1:$2" https://webdav.yandex.ru/$3
}
function yadelete {
curl -s -X DELETE --user "$1:$2" https://webdav.yandex.ru/$3
}
function myipport {
stun stun.sipnet.ru -v -p $1 2>&1 | grep "MappedAddress" | sort | uniq | awk '{print $3}' | head -n1
}
function tunnel-up {
modprobe fou
ip fou add port $4 ipproto 4
ip link add name fou$7 type ipip remote $1 local $3 encap fou encap-sport $4 encap-dport $2
ip link set up dev fou$7
ip addr add $6 peer $5 dev fou$7
}
function tunnel-check {
sleep 10
pings=0
until [[ $pings == 4 ]]; do
if ping -c 1 $1 -s 0 &>/dev/null;
then echo -n .; n=0
else echo -n !; ((pings++))
fi
sleep 15
done
}
function tunnel-down {
ip link del dev fou$1
ip fou del port $2
}
trap 'echo -e "nDisconnecting..." && yadelete $username $password $folder; tunnel-down $tunnelid $localport; echo "IPIP tunnel disconnected!"; exit 1' 1 2 3 8 9 14 15
until [[ -n $end ]]; do
yacreate $username $password $folder
until [[ -n $ip ]]; do
mydate=`date +%s`
timeout="60"
list=`yaread $username $password $folder $cid | head -n1`
yacreate $username $password $folder/$mydate:$cid
for l in $list; do
if [ `echo $l | sed 's/:/ /g' | awk {'print $1'}` -ge $(($mydate-65)) ]; then
#echo $list
myipport=`myipport $localport`
yacreate $username $password $folder/$mydate:$cid:$myipport:$intip:$tid
timeout=$(( $timeout + `echo $l | sed 's/:/ /g' | awk {'print $1'}` - $mydate + 3 ))
ip=`echo $l | sed 's/:/ /g' | awk '{print $3}'`
port=`echo $l | sed 's/:/ /g' | awk '{print $4}'`
peerip=`echo $l | sed 's/:/ /g' | awk '{print $5}'`
peerid=`echo $l | sed 's/:/ /g' | awk '{print $6}'`
if [[ -n $peerid ]]; then tunnelid=$(($peerid*$tid)); fi
fi
done
if ( [[ -z "$ip" ]] && [ "$timeout" -gt 0 ] ) ; then
echo -n "!"
sleep $timeout
fi
done
localip=`ip route get $ip | head -n1 | sed 's|.*src ||' | cut -d' ' -f1`
tunnel-up $ip $port $localip $localport $peerip $intip $tunnelid
tunnel-check $peerip
tunnel-down $tunnelid $localport
yadelete $username $password $folder
unset ip port myipport
done
exit 0Misiyano Username, pasiwedhi ΠΈ folder inofanira kuva yakafanana kumativi ose, asi intip - zvakasiyana, semuenzaniso: 10.0.0.1 uye 10.0.0.2. Nguva iri pamanodhi inofanira kuwiriraniswa. Unogona kumhanyisa script seizvi:
nohup script.sh &Ndinoda kukwevera pfungwa dzako kune chokwadi chekuti IPIP tunnel haina kuchengetedzeka kubva pakuona kwekuti traffic haina kuvharirwa, asi izvi zvinogona kugadziriswa nyore nyore uchishandisa IPsec pamusoro. , zvaiita sezviri nyore uye zvainzwisisika kwandiri.
Ndanga ndichishandisa script iyi kubatana nePC yebasa kwemavhiki akati wandei uye handisati ndaona chero matambudziko. Yakanaka maererano nekuimisa uye kuikanganwa.
Zvichida iwe uchave nemhinduro uye mazano, ndichafara kuteerera.
Π‘ΠΏΠ°ΡΠΈΠ±ΠΎ Π·Π° Π²Π½ΠΈΠΌΠ°Π½ΠΈΠ΅!
Source: www.habr.com