Kwegore rose (kana maviri) ndakarega kuburitsa chinyorwa ichi nechikonzero chikuru - ndakanga ndatoburitsa zvinyorwa zviviri umo ndakatsanangura maitiro ekugadzira router muSOCKS kubva kune yakajairika laptop neDebian.
Zvisinei, kubvira ipapo shanduro yakagadzikana yeDebian yakagadziridzwa kuBuster, nhamba yakakwana yevanhu yakandibata pachivande vachikumbira rubatsiro nekugadzirisa, izvo zvinoreva kuti zvinyorwa zvangu zvekare hazvina kukwana. Zvakanaka, ini pachangu ndakafungidzira kuti nzira dzakatsanangurwa mazviri hadziburitse zvizere hukasha hwekumisikidza Linux yekufambisa muSOCKS. Mukuwedzera, ivo vakanyorerwa Debian Stretch, uye mushure mekusimudzira kuBuster, mu systemd init system, ndakaona kuchinja kuduku mukubatana kwemasevhisi. Uye mune zvinyorwa pachazvo, ini handina kushandisa systemd-networkd, kunyangwe yakanyatsokodzera kune yakaoma network masisitimu.
Pamusoro pekuchinja kuri pamusoro, masevhisi anotevera akawedzerwa kune yangu gadziriso: hostapd - sevhisi yekuwana nzvimbo virtualization, ntp kuwiriranisa nguva yevatengi vemunharaunda network, dnscrypt-proxy encrypt zvinongedzo kuburikidza neDNS uye kudzima kushambadza pane yemuno network vatengi, uye zvakare, sezvandambotaura, systemd-networkd yekugadzirisa network interfaces.
Heino dhiyabhorosi yakapusa yechimiro chemukati cheiyo router.
Saka, rega ndikuyeuchidze kuti zvinangwa zveiyi nhevedzano yezvinyorwa ndezvipi:
- Rongedza zvese zvinongedzo zveOS kuSOCKS, pamwe nekubatanidza kubva kune ese maturusi pane imwecheteyo network selaptop.
- Iyo laptop munyaya yangu inofanira kuramba yakanyatsofamba. Ndokunge, kupa mukana wekushandisa iyo desktop nharaunda uye kwete kusungirirwa kune chaiyo nzvimbo.
- Iyo yekupedzisira poindi inoreva kubatana uye routing chete kuburikidza neyakavakirwa-mukati isina waya interface.
- Zvakanaka, uye zvechokwadi, kusikwa kwegwaro rakazara, pamwe nekuongororwa kwematekinoroji akakodzera kune yakanakisa ruzivo rwangu rune mwero.
Chii chichakurukurwa munyaya ino:
- Git - dhawunirodha mapurojekiti ekuchengetedza tun2socksinodiwa kuendesa TCP traffic kuenda kuSOCKS, uye gadzira_ap - script kuti iite otomatiki kuseta kweiyo chaiyo yekuwana nzvimbo uchishandisa hostapd.
- tun2socks -vaka uye isa iyo systemd sevhisi pane system.
- systemd-networkd - gadzirisa isina waya uye chaiyo interfaces, static routing matafura uye packet redirection.
- gadzira_ap - isa iyo systemd sevhisi pane sisitimu, gadzirisa uye tanga chaiyo yekuwana nzvimbo.
Matanho esarudzo:
- ntp - gadza uye gadzirisa sevha yekuwiriranisa nguva pane chaiyo yekuwana nzvimbo vatengi.
- dnscrypt-proxy - Isu tichanyora zvikumbiro zveDNS, tozviendesa kuSOCKS uye kudzima nzvimbo dzekushambadzira kunetiweki yemuno.
Zvese izvi ndezvei?
Iyi ndiyo imwe yenzira dzekuchengetedza TCP kubatana pane network yemuno. Mukana mukuru ndewekuti zvese zvinongedzo zvinogadzirwa muSOCKS, kunze kwekunge nzira yakamira yakavakirwa ivo kuburikidza negedhi rekutanga. Izvi zvinoreva kuti haufanire kudoma maSOCKS server marongero ezvirongwa zvega kana vatengi panetiweki yemuno - vese vanoenda kuSOCKS nekukasira, sezvo iri iro gedhi rekutanga kusvika taratidza neimwe nzira.
Chaizvoizvo isu tinowedzera yechipiri encrypting router selaptop pamberi peiyo yekutanga router uye toshandisa yekutanga router's Internet yekubatanidza kune iyo laptop yatove yakavharirwa zvikumbiro zveSOCKS, iyo inozoita nzira uye encrypts zvikumbiro kubva kuLAN vatengi.
Kubva pakuona kweanopa, isu tinogara takabatana kune imwe sevha ine encrypted traffic.
Nekuda kweizvozvo, ese maturusi akabatana neiyo laptop's virtual access point.
Isa tun2socks pane system
Chero bedzi muchina wako uine internet, dhawunirodha ese maturusi anodiwa.
apt update
apt install git make cmake
Dhawunirodha iyo badvpn package
git clone https://github.com/ambrop72/badvpn
Folder ichaonekwa pane yako system badvpn
. Gadzira yakaparadzana folda yekuvaka
mkdir badvpn-build
Enda kwairi
cd badvpn-build
Unganidza tun2socks
cmake ../badvpn -DBUILD_NOTHING_BY_DEFAULT=1 -DBUILD_TUN2SOCKS=1
Isa pane system
make install
- Parameter
-DBUILD_NOTHING_BY_DEFAULT=1
inodzima kuvakwa kwezvinhu zvese zve badvpn repository. - -
DBUILD_TUN2SOCKS=1
inosanganisira chikamu mugungano tun2socks. make install
- ichaisa iyo tun2socks binary pane yako system pa/usr/local/bin/badvpn-tun2socks
.
Isa iyo tun2socks sevhisi mu systemd
Gadzira faira /etc/systemd/system/tun2socks.service
nezvinotevera zvirimo:
[Unit]
Description=SOCKS TCP Relay
[Service]
ExecStart=/usr/local/bin/badvpn-tun2socks --tundev tun2socks --netif-ipaddr 172.16.1.1 --netif-netmask 255.255.255.0 --socks-server-addr 127.0.0.1:9050
[Install]
WantedBy=multi-user.target
--tundev
- inotora zita reiyo chaiyo interface yatinotanga ne systemd-networkd.--netif-ipaddr
- iyo network kero ye tun2socks "router" iyo iyo chaiyo interface yakabatana. Zviri nani kuita kuti zviparadzanisereserved subnet .--socks-server-addr
- inogamuchira socket (Π°Π΄ΡΠ΅Ρ:ΠΏΠΎΡΡ
SOCKS maseva).
Kana sevha yako yeSOCKS ichida kuvimbiswa, unogona kutsanangura maparameter --username
ΠΈ --password
.
Tevere, nyoresa sevhisi
systemctl daemon-reload
Uye ibatidze
systemctl enable tun2socks
Tisati tatanga sevhisi, tinozopa iyo ine virtual network interface.
Kuchinjira ku systemd-networkd
Isu tinosanganisira systemd-networkd
:
systemctl enable systemd-networkd
Dzima mabasa etiweki aripo.
systemctl disable networking NetworkManager NetworkManager-wait-online
- NetworkManager-kumirira-online ibasa rinomirira kubatanidza netiweki yekushanda systemd isati yaenderera mberi nekutanga mamwe masevhisi zvinoenderana nekuvapo kwetiweki. Isu tiri kuimisa patinenge tichichinjira kune systemd-networkd analogue.
Ngatiigonese izvozvi:
systemctl enable systemd-networkd-wait-online
Gadzira iyo isina waya network interface
Gadzira iyo systemd-networkd yekumisikidza faira kune isina waya network interface /etc/systemd/network/25-wlp6s0.network
.
[Match]
Name=wlp6s0
[Network]
Address=192.168.1.2/24
IPForward=yes
- zita ndiro zita rewireless interface yako. Zvizivise nemurairo
ip a
. - IPForward - dhairekitori rinogonesa packet redirection pane network interface.
- adhiresi ine basa rekugovera IP kero kune isina waya interface. Isu tinozvitsanangura statically nekuti neyakaenzana dhairekitori
DHCP=yes
, systemd-networkd inogadzira gedhi rekutanga pane system. Ipapo traffic yese ichapfuura nepagedhi rekutanga, uye kwete kuburikidza neremangwana virtual interface pane imwe subnet yakasiyana. Iwe unogona kutarisa yazvino default gedhi nemirairoip r
Gadzira yakamira nzira yeiyo iri kure SOCKS server
Kana sevha yako yeSOCKS isiri yemunharaunda, asi iri kure, saka iwe unofanirwa kugadzira static nzira yayo. Kuti uite izvi, wedzera chikamu Route
kusvika kumagumo eiyo wireless interface yekumisikidza faira iwe yawakagadzira neinotevera zvirimo:
[Route]
Gateway=192.168.1.1
Destination=0.0.0.0
Gateway
- iyi ndiyo gedhi rekutanga kana kero yenzvimbo yako yekutanga yekuwana.Destination
- SOCKS server kero.
Gadzirisa wpa_supplicant ye systemd-networkd
systemd-networkd inoshandisa wpa_supplicant kubatanidza kune yakachengeteka yekuwana nzvimbo. Paunenge uchiedza "kusimudza" iyo isina waya interface, systemd-networkd inotanga sevhisi wpa_supplicant@ΠΈΠΌΡ
kupi zita ndiro zita rewireless interface. Kana usati washandisa systemd-networkd isati yasvika ino, saka sevhisi iyi ingangove isipo pane yako system.
Saka gadzira nemurairo:
systemctl enable wpa_supplicant@wlp6s0
Ndakashandisa wlp6s0
sezita reiyo wireless interface. Zita rako rinogona kunge rakasiyana. Unogona kuzviziva nemurairo ip l
.
Iye zvino sevhisi yakagadzirwa wpa_supplicant@wlp6s0
ichatangwa kana iyo isina waya interface "yakasimudzwa", zvisinei, iyo, zvakare, ichatsvaga iyo SSID uye password marongero enzvimbo yekupinda mufaira. /etc/wpa_supplicant/wpa_supplicant-wlp6s0
. Naizvozvo, iwe unofanirwa kuigadzira uchishandisa utility wpa_passphrase
.
Kuti uite izvi, mhanya murairo:
wpa_passphrase SSID password>/etc/wpa_supplicant/wpa_supplicant-wlp6s0.conf
apo SSID ndiro zita renzvimbo yako yekupinda, password ndiyo password, uye wlp6s0 -zita reiyo isina waya yako interface.
Tanga iyo chaiyo interface ye tun2socks
Gadzira faira kuti utange itsva virtual interface muhurongwa/etc/systemd/network/25-tun2socks.netdev
[NetDev]
Name=tun2socks
Kind=tun
- zita ndiro zita iro systemd-networkd ichapa kune ramangwana virtual interface kana yatangwa.
- mhando imhando ye virtual interface. Kubva pazita reiyo tun2socks sevhisi, unogona kufungidzira kuti inoshandisa interface senge
tun
. - netdev ndiko kuwedzera kwemafaira ayo
systemd-networkd
Inoshandisa kutanga virtual network interfaces. Kero uye mamwe marongero etiweki eiyi mainterface anotsanangurwa mukati .com-mafaira.
Gadzira faira seizvi /etc/systemd/network/25-tun2socks.network
nezvinotevera zvirimo:
[Match]
Name=tun2socks
[Network]
Address=172.16.1.2/24
Gateway=172.16.1.1
Name
-zita reiyo chaiyo interface yawakatsanangura mairi netdev-file.Address
- IP kero iyo ichapihwa kune chaiyo interface. Inofanirwa kunge iri panetiweki yakafanana nekero yawakatsanangura mu tun2socks sevhisiGateway
- IP kero ye "router" tun2socks, iyo yawakatsanangura paunenge uchigadzira iyo systemd sevhisi.
Saka iyo interface tun2socks ane kero 172.16.1.2
, uye sevhisi tun2socks - 172.16.1.1
, ndiko kuti, ndiyo gedhi rezvibatanidza zvese kubva kune chaiyo interface.
Misa nzvimbo yekuwana chaiyo
Install dependencies:
apt install util-linux procps hostapd iw haveged
Dhaunirodha repository create_ap kumota yako:
git clone https://github.com/oblique/create_ap
Enda kune repository folda pamushini wako:
cd create_ap
Isa pane system:
make install
A config ichaonekwa pane yako system /etc/create_ap.conf
. Heano maitiro makuru ekugadzirisa:
GATEWAY=10.0.0.1
- zviri nani kuita kuti ive yakasiyana yakachengetwa subnet.NO_DNS=1
- dzima, sezvo iyi parameter ichave inotungamirwa neiyo systemd-networkd virtual interface.NO_DNSMASQ=1
- dzima nechikonzero chimwe chete.WIFI_IFACE=wlp6s0
- Laptop isina waya interface.INTERNET_IFACE=tun2socks
- chaiyo interface yakagadzirirwa tun2socks.SSID=hostapd
- zita reiyo virtual access point.PASSPHRASE=12345678
- pasiwedhi.
Usakanganwa kugonesa sevhisi:
systemctl enable create_ap
Gonesa DHCP server mu systemd-networkd
Basa create_ap
inotanga virtual interface muhurongwa ap0. Mune dzidziso, dnsmasq inorembera pane iyi interface, asi sei kuisa mamwe masevhisi kana systemd-networkd ine yakavakirwa-mukati DHCP server?
Kuti tigone kuigonesa, isu ticha tsanangura iyo network marongero eiyo chaiyo point. Kuti uite izvi, gadzira faira /etc/systemd/network/25-ap0.network
nezvinotevera zvirimo:
[Match]
Name=ap0
[Network]
Address=10.0.0.1/24
DHCPServer=yes
[DHCPServer]
EmitDNS=yes
DNS=10.0.0.1
EmitNTP=yes
NTP=10.0.0.1
Mushure mekugadzira_ap sevhisi inotanga iyo chaiyo interface ap0
, systemd-networkd inongozvipa iyo IP kero uye inogonesa sevha yeDHCP.
Strings EmitDNS=yes
ΠΈ DNS=10.0.0.1
fambisa DNS server marongero kumidziyo yakabatana nenzvimbo yekuwana.
Kana iwe usingaronge kushandisa yemuno DNS server - mune yangu iri dnscrypt-proxy - unogona kuisa DNS=10.0.0.1
Π² DNS=192.168.1.1
kupi 192.168.1.1 - kero yegedhi rako rekutanga. Ipapo DNS zvikumbiro zvemugamuchiri wako uye netiweki yemuno inoenda isina kunyorwa kuburikidza nemaseva emupi.
EmitNTP=yes
ΠΈ NTP=192.168.1.1
kutamisa NTP marongero.
Ndizvo zvinoenda kumutsara NTP=10.0.0.1
.
Isa uye gadzirisa NTP server
Isa pane system:
apt install ntp
Rongedza iyo config /etc/ntp.conf
. Rondedzera kero dzemadziva akajairwa:
#pool 0.debian.pool.ntp.org iburst
#pool 1.debian.pool.ntp.org iburst
#pool 2.debian.pool.ntp.org iburst
#pool 3.debian.pool.ntp.org iburst
Wedzera kero dzesevha yeruzhinji, semuenzaniso Google Public NTP:
server time1.google.com ibrust
server time2.google.com ibrust
server time3.google.com ibrust
server time4.google.com ibrust
Ipa mukana kune server kune vatengi panetiweki yako:
restrict 10.0.0.0 mask 255.255.255.0
Bvisa kutepfenyura kunetiweki yako:
broadcast 10.0.0.255
Pakupedzisira, wedzera kero dzemaseva aya kune iyo static routing tafura. Kuti uite izvi, vhura iyo isina wireless interface configuration file /etc/systemd/network/25-wlp6s0.network
uye kuwedzera kumagumo echikamu Route
.
[Route]
Gateway=192.168.1.1
Destination=216.239.35.0
[Route]
Gateway=192.168.1.1
Destination=216.239.35.4
[Route]
Gateway=192.168.1.1
Destination=216.239.35.8
[Route]
Gateway=192.168.1.1
Destination=216.239.35.12
Unogona kuwana kero dzeNTP maseva ako uchishandisa zvinoshandiswa host
sezvinotevera:
host time1.google.com
Isa dnscrypt-proxy, bvisa ads uye uvanze DNS traffic kubva kumupi wako
apt install dnscrypt-proxy
Kushandira host uye yemunharaunda network DNS mibvunzo, gadzirisa socket /lib/systemd/system/dnscrypt-proxy.socket
. Shandura mitsara inotevera:
ListenStream=0.0.0.0:53
ListenDatagram=0.0.0.0:53
Restart systemd
:
systemctl daemon-reload
Rongedza iyo config /etc/dnscrypt-proxy/dnscrypt-proxy.toml
:
server_names = ['adguard-dns']
Kufambisa dnscrypt-proxy yekubatanidza kuburikidza ne tun2socks, wedzera pazasi:
force_tcp = true
Rongedza iyo config /etc/resolv.conf
, iyo inoudza sevha yeDNS kumuenzi.
nameserver 127.0.0.1
nameserver 192.168.1.1
Mutsara wekutanga unogonesa kushandiswa kwe dnscrypt-proxy, mutsara wechipiri unoshandisa gedhi rekutanga kana dnscrypt-proxy server isipo.
Yakaitwa!
Reboot kana kumisa kuita network masevhisi:
systemctl stop networking NetworkManager NetworkManager-wait-online
Uye tangazve zvese zvinodiwa:
systemctl restart systemd-networkd tun2socks create_ap dnscrypt-proxy ntp
Mushure mekutangazve kana kutangazve, iwe unenge uine yechipiri nzvimbo yekuwana iyo nzira iyo inomiririra uye LAN zvishandiso kuSOCKS.
Izvi ndizvo zvakaita kubuda ip a
yenguva dzose laptop:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: tun2socks: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 500
link/none
inet 172.16.1.2/24 brd 172.16.1.255 scope global tun2socks
valid_lft forever preferred_lft forever
inet6 fe80::122b:260:6590:1b0e/64 scope link stable-privacy
valid_lft forever preferred_lft forever
3: enp4s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
link/ether e8:11:32:0e:01:50 brd ff:ff:ff:ff:ff:ff
4: wlp6s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 4c:ed:de:cb:cf:85 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.2/24 brd 192.168.1.255 scope global wlp6s0
valid_lft forever preferred_lft forever
inet6 fe80::4eed:deff:fecb:cf85/64 scope link
valid_lft forever preferred_lft forever
5: ap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 4c:ed:de:cb:cf:86 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.1/24 brd 10.0.0.255 scope global ap0
valid_lft forever preferred_lft forever
inet6 fe80::4eed:deff:fecb:cf86/64 scope link
valid_lft forever preferred_lft forever
Somugumisiro,
- Mupi anongoona iyo yakavharidzirwa yekubatanidza kune yako SOCKS server, zvinoreva kuti hapana chavanoona.
- Uye zvakadaro inoona zvikumbiro zvako zveNTP, kudzivirira izvi, bvisa static nzira dzeNTP maseva. Nekudaro, hazvina chokwadi kuti server yako yeSOCKS inobvumira iyo NTP protocol.
Crutch yakaonekwa paDebain 10
Kana iwe ukaedza kutangazve sevhisi yetiweki kubva kune koni, inokundikana nekukanganisa. Izvi zvinokonzerwa nekuti chikamu chayo muchimiro chechimiro chechimiro chakasungirirwa kune tun2socks sevhisi, zvinoreva kuti inoshandiswa. Kuti utangezve sevhisi yetiweki, unofanirwa kutanga wamisa iyo tun2socks sevhisi. Asi, ndinofunga, kana iwe ukaverenga kusvika kumagumo, iyi haisi dambudziko kwauri!
nezvakanyorwa
Static routing paLinux - IBM systemd-networkd.service - Freedesktop.org Tun2socks Β· ambrop72/badvpn Wiki Β· GitHub oblique/create_ap: Ichi chinyorwa chinogadzira NATEd kana Bridged WiFi Access Point. dnscrypt-proxy 2 - Iyo inochinjika DNS proxy, ine rutsigiro rwe encrypted DNS protocol.
Source: www.habr.com