Nguva yakanaka yezuva!
Muchikamu chino ndinoda kukuudza kuti ndakashandisa sei (
Kugadzira chinongedzo kune akati wandei matanho:
- Kutanga node uye kumirira kuti node iri kure igadzirire;
- Kusarudza yekunze IP kero uye UDP port;
- Kuendesa yekunze IP kero uye UDP chiteshi kune ari kure host;
- Kuwana yekunze IP kero uye UDP chiteshi kubva kune iri kure kutambira;
- Sangano reIPIP tunnel;
- Connection monitoring;
- Kana kubatana kukakarasika, bvisa IPIP mugero.
Ndakafunga kwenguva yakareba uye ndichiri kufunga kuti chii chingashandiswa kuchinjanisa data pakati penode, iyo iri nyore uye yakakurumidza kwandiri panguva ino iri kushanda kuburikidza neYandex.disk.
- Chekutanga, zviri nyore kushandisa - unoda 3 zviito: kugadzira, kuverenga, kubvisa. Ne curl izvi ndezvi:
Gadzira:curl -s -X MKCOL --user "$usename:$password" https://webdav.yandex.ru/$folder
Verenga:
curl -s --user "$usename:$password" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/$folder
Delete:
curl -s -X DELETE --user "$usename:$password" https://webdav.yandex.ru/$folder
- Chechipiri, zviri nyore kuisa:
apt install curl
Kuti uone iyo yekunze IP kero uye UDP chiteshi, shandisa iyo stun-mutengi kuraira:
stun stun.sipnet.ru -v -p $1 2>&1 | grep "MappedAddress"
Installation with command:
apt install stun-client
Kuronga mugero, zvakajairwa OS maturusi kubva kune iproute2 package anoshandiswa. Uripo
-Rodha iyo FOU module:
modprobe fou
- teerera kuchiteshi chenzvimbo:
ip fou add port $localport ipproto 4
- gadzira tunnel:
ip link add name fou$name type ipip remote $remoteip local $localip encap fou encap-sport $localport encap-dport $remoteport
-simudza iyo tunnel interface:
ip link set up dev fou$name
- Govera yemukati uye yemukati kure kure IP kero yemugero:
ip addr add $intIP peer $peerip dev fou$name
Delete a tunnel:
ip link del dev fou$name
ip fou del port $localport
Iyo tunnel state inotariswa nekupota ichipingudza iyo yemukati IP kero yeiyo iri kure node tunnel nemurairo:
ping -c 1 $peerip -s 0
Periodic ping inodiwa zvakanyanya kuchengetedza chiteshi, zvikasadaro, kana mugero usingaite, matafura eNAT pamarouta anogona kucheneswa uye ipapo kubatana kunoputswa.
Kana iyo ping ikanyangarika, ipapo iyo IPIP mugero inobviswa uye inomirira kugadzirira kubva kune iri kure host.
Iyo script pachayo:
#!/bin/bash
username="[email protected]"
password="password"
folder="vpnid"
intip="10.0.0.1"
localport=`shuf -i 10000-65000 -n 1`
cid=`shuf -i 10000-99999 -n 1`
tid=`shuf -i 10-99 -n 1`
function yaread {
curl -s --user "$1:$2" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/$3 | sed 's/></>n</g' | grep "displayname" | sed 's/<d:displayname>//g' | sed 's/</d:displayname>//g' | grep -v $3 | grep -v $4 | sort -r
}
function yacreate {
curl -s -X MKCOL --user "$1:$2" https://webdav.yandex.ru/$3
}
function yadelete {
curl -s -X DELETE --user "$1:$2" https://webdav.yandex.ru/$3
}
function myipport {
stun stun.sipnet.ru -v -p $1 2>&1 | grep "MappedAddress" | sort | uniq | awk '{print $3}' | head -n1
}
function tunnel-up {
modprobe fou
ip fou add port $4 ipproto 4
ip link add name fou$7 type ipip remote $1 local $3 encap fou encap-sport $4 encap-dport $2
ip link set up dev fou$7
ip addr add $6 peer $5 dev fou$7
}
function tunnel-check {
sleep 10
pings=0
until [[ $pings == 4 ]]; do
if ping -c 1 $1 -s 0 &>/dev/null;
then echo -n .; n=0
else echo -n !; ((pings++))
fi
sleep 15
done
}
function tunnel-down {
ip link del dev fou$1
ip fou del port $2
}
trap 'echo -e "nDisconnecting..." && yadelete $username $password $folder; tunnel-down $tunnelid $localport; echo "IPIP tunnel disconnected!"; exit 1' 1 2 3 8 9 14 15
until [[ -n $end ]]; do
yacreate $username $password $folder
until [[ -n $ip ]]; do
mydate=`date +%s`
timeout="60"
list=`yaread $username $password $folder $cid | head -n1`
yacreate $username $password $folder/$mydate:$cid
for l in $list; do
if [ `echo $l | sed 's/:/ /g' | awk {'print $1'}` -ge $(($mydate-65)) ]; then
#echo $list
myipport=`myipport $localport`
yacreate $username $password $folder/$mydate:$cid:$myipport:$intip:$tid
timeout=$(( $timeout + `echo $l | sed 's/:/ /g' | awk {'print $1'}` - $mydate + 3 ))
ip=`echo $l | sed 's/:/ /g' | awk '{print $3}'`
port=`echo $l | sed 's/:/ /g' | awk '{print $4}'`
peerip=`echo $l | sed 's/:/ /g' | awk '{print $5}'`
peerid=`echo $l | sed 's/:/ /g' | awk '{print $6}'`
if [[ -n $peerid ]]; then tunnelid=$(($peerid*$tid)); fi
fi
done
if ( [[ -z "$ip" ]] && [ "$timeout" -gt 0 ] ) ; then
echo -n "!"
sleep $timeout
fi
done
localip=`ip route get $ip | head -n1 | sed 's|.*src ||' | cut -d' ' -f1`
tunnel-up $ip $port $localip $localport $peerip $intip $tunnelid
tunnel-check $peerip
tunnel-down $tunnelid $localport
yadelete $username $password $folder
unset ip port myipport
done
exit 0
Misiyano Username, pasiwedhi ΠΈ folder inofanira kuva yakafanana kumativi ose, asi intip - zvakasiyana, semuenzaniso: 10.0.0.1 uye 10.0.0.2. Nguva iri pamanodhi inofanira kuwiriraniswa. Unogona kumhanyisa script seizvi:
nohup script.sh &
Ndinoda kukwevera pfungwa dzako kune chokwadi chekuti IPIP tunnel haina kuchengetedzeka kubva pakuona kwekuti traffic haina kuvharirwa, asi izvi zvinogona kugadziriswa nyore nyore uchishandisa IPsec pamusoro.
Ndanga ndichishandisa script iyi kubatana nePC yebasa kwemavhiki akati wandei uye handisati ndaona chero matambudziko. Yakanaka maererano nekuimisa uye kuikanganwa.
Zvichida iwe uchave nemhinduro uye mazano, ndichafara kuteerera.
Π‘ΠΏΠ°ΡΠΈΠ±ΠΎ Π·Π° Π²Π½ΠΈΠΌΠ°Π½ΠΈΠ΅!
Source: www.habr.com