ProHoster > Blog > Utongi > Kuvaka router muSOCKS palaptop ine Debian 10

Kuvaka router muSOCKS palaptop ine Debian 10

Kwegore rose (kana maviri) ndakarega kuburitsa chinyorwa ichi nechikonzero chikuru - ndakanga ndatoburitsa zvinyorwa zviviri umo ndakatsanangura maitiro ekugadzira router muSOCKS kubva kune yakajairika laptop neDebian.

Zvisinei, kubvira ipapo shanduro yakagadzikana yeDebian yakagadziridzwa kuBuster, nhamba yakakwana yevanhu yakandibata pachivande vachikumbira rubatsiro nekugadzirisa, izvo zvinoreva kuti zvinyorwa zvangu zvekare hazvina kukwana. Zvakanaka, ini pachangu ndakafungidzira kuti nzira dzakatsanangurwa mazviri hadziburitse zvizere hukasha hwekumisikidza Linux yekufambisa muSOCKS. Mukuwedzera, ivo vakanyorerwa Debian Stretch, uye mushure mekusimudzira kuBuster, mu systemd init system, ndakaona kuchinja kuduku mukubatana kwemasevhisi. Uye mune zvinyorwa pachazvo, ini handina kushandisa systemd-networkd, kunyangwe yakanyatsokodzera kune yakaoma network masisitimu.

Pamusoro pekuchinja kuri pamusoro, masevhisi anotevera akawedzerwa kune yangu gadziriso: hostapd - sevhisi yekuwana nzvimbo virtualization, ntp kuwiriranisa nguva yevatengi vemunharaunda network, dnscrypt-proxy encrypt zvinongedzo kuburikidza neDNS uye kudzima kushambadza pane yemuno network vatengi, uye zvakare, sezvandambotaura, systemd-networkd yekugadzirisa network interfaces.

Heino dhiyabhorosi yakapusa yechimiro chemukati cheiyo router.

Kuvaka router muSOCKS palaptop ine Debian 10

Saka, rega ndikuyeuchidze kuti zvinangwa zveiyi nhevedzano yezvinyorwa ndezvipi:

  1. Rongedza zvese zvinongedzo zveOS kuSOCKS, pamwe nekubatanidza kubva kune ese maturusi pane imwecheteyo network selaptop.
  2. Iyo laptop munyaya yangu inofanira kuramba yakanyatsofamba. Ndokunge, kupa mukana wekushandisa iyo desktop nharaunda uye kwete kusungirirwa kune chaiyo nzvimbo.
  3. Iyo yekupedzisira poindi inoreva kubatana uye routing chete kuburikidza neyakavakirwa-mukati isina waya interface.
  4. Zvakanaka, uye zvechokwadi, kusikwa kwegwaro rakazara, pamwe nekuongororwa kwematekinoroji akakodzera kune yakanakisa ruzivo rwangu rune mwero.

Chii chichakurukurwa munyaya ino:

  1. Git - dhawunirodha mapurojekiti ekuchengetedza tun2socksinodiwa kuendesa TCP traffic kuenda kuSOCKS, uye gadzira_ap - script kuti iite otomatiki kuseta kweiyo chaiyo yekuwana nzvimbo uchishandisa hostapd.
  2. tun2socks -vaka uye isa iyo systemd sevhisi pane system.
  3. systemd-networkd - gadzirisa isina waya uye chaiyo interfaces, static routing matafura uye packet redirection.
  4. gadzira_ap - isa iyo systemd sevhisi pane sisitimu, gadzirisa uye tanga chaiyo yekuwana nzvimbo.

Matanho esarudzo:

  • ntp - gadza uye gadzirisa sevha yekuwiriranisa nguva pane chaiyo yekuwana nzvimbo vatengi.
  • dnscrypt-proxy - Isu tichanyora zvikumbiro zveDNS, tozviendesa kuSOCKS uye kudzima nzvimbo dzekushambadzira kunetiweki yemuno.

Zvese izvi ndezvei?

Iyi ndiyo imwe yenzira dzekuchengetedza TCP kubatana pane network yemuno. Mukana mukuru ndewekuti zvese zvinongedzo zvinogadzirwa muSOCKS, kunze kwekunge nzira yakamira yakavakirwa ivo kuburikidza negedhi rekutanga. Izvi zvinoreva kuti haufanire kudoma maSOCKS server marongero ezvirongwa zvega kana vatengi panetiweki yemuno - vese vanoenda kuSOCKS nekukasira, sezvo iri iro gedhi rekutanga kusvika taratidza neimwe nzira.

Chaizvoizvo isu tinowedzera yechipiri encrypting router selaptop pamberi peiyo yekutanga router uye toshandisa yekutanga router's Internet yekubatanidza kune iyo laptop yatove yakavharirwa zvikumbiro zveSOCKS, iyo inozoita nzira uye encrypts zvikumbiro kubva kuLAN vatengi.

Kubva pakuona kweanopa, isu tinogara takabatana kune imwe sevha ine encrypted traffic.

Nekuda kweizvozvo, ese maturusi akabatana neiyo laptop's virtual access point.

Isa tun2socks pane system

Chero bedzi muchina wako uine internet, dhawunirodha ese maturusi anodiwa.

apt update
apt install git make cmake

Dhawunirodha iyo badvpn package

git clone https://github.com/ambrop72/badvpn

Folder ichaonekwa pane yako system badvpn. Gadzira yakaparadzana folda yekuvaka

mkdir badvpn-build

Enda kwairi

cd badvpn-build

Unganidza tun2socks

cmake ../badvpn -DBUILD_NOTHING_BY_DEFAULT=1 -DBUILD_TUN2SOCKS=1

Isa pane system

make install
  • Parameter -DBUILD_NOTHING_BY_DEFAULT=1 inodzima kuvakwa kwezvinhu zvese zve badvpn repository.
  • -DBUILD_TUN2SOCKS=1 inosanganisira chikamu mugungano tun2socks.
  • make install - ichaisa iyo tun2socks binary pane yako system pa /usr/local/bin/badvpn-tun2socks.

Isa iyo tun2socks sevhisi mu systemd

Gadzira faira /etc/systemd/system/tun2socks.service nezvinotevera zvirimo:

[Unit]
Description=SOCKS TCP Relay

[Service]
ExecStart=/usr/local/bin/badvpn-tun2socks --tundev tun2socks --netif-ipaddr 172.16.1.1 --netif-netmask 255.255.255.0 --socks-server-addr 127.0.0.1:9050

[Install]
WantedBy=multi-user.target
  • --tundev - inotora zita reiyo chaiyo interface yatinotanga ne systemd-networkd.
  • --netif-ipaddr - iyo network kero ye tun2socks "router" iyo iyo chaiyo interface yakabatana. Zviri nani kuita kuti zviparadzanise reserved subnet.
  • --socks-server-addr - inogamuchira socket (адрСс:ΠΏΠΎΡ€Ρ‚ SOCKS maseva).

Kana sevha yako yeSOCKS ichida kuvimbiswa, unogona kutsanangura maparameter --username ΠΈ --password.

Tevere, nyoresa sevhisi

systemctl daemon-reload

Uye ibatidze

systemctl enable tun2socks

Tisati tatanga sevhisi, tinozopa iyo ine virtual network interface.

Kuchinjira ku systemd-networkd

Isu tinosanganisira systemd-networkd:

systemctl enable systemd-networkd

Dzima mabasa etiweki aripo.

systemctl disable networking NetworkManager NetworkManager-wait-online
  • NetworkManager-kumirira-online ibasa rinomirira kubatanidza netiweki yekushanda systemd isati yaenderera mberi nekutanga mamwe masevhisi zvinoenderana nekuvapo kwetiweki. Isu tiri kuimisa patinenge tichichinjira kune systemd-networkd analogue.

Ngatiigonese izvozvi:

systemctl enable systemd-networkd-wait-online

Gadzira iyo isina waya network interface

Gadzira iyo systemd-networkd yekumisikidza faira kune isina waya network interface /etc/systemd/network/25-wlp6s0.network.

[Match]
Name=wlp6s0

[Network]
Address=192.168.1.2/24
IPForward=yes
  • zita ndiro zita rewireless interface yako. Zvizivise nemurairo ip a.
  • IPForward - dhairekitori rinogonesa packet redirection pane network interface.
  • adhiresi ine basa rekugovera IP kero kune isina waya interface. Isu tinozvitsanangura statically nekuti neyakaenzana dhairekitori DHCP=yes, systemd-networkd inogadzira gedhi rekutanga pane system. Ipapo traffic yese ichapfuura nepagedhi rekutanga, uye kwete kuburikidza neremangwana virtual interface pane imwe subnet yakasiyana. Iwe unogona kutarisa yazvino default gedhi nemirairo ip r

Gadzira yakamira nzira yeiyo iri kure SOCKS server

Kana sevha yako yeSOCKS isiri yemunharaunda, asi iri kure, saka iwe unofanirwa kugadzira static nzira yayo. Kuti uite izvi, wedzera chikamu Route kusvika kumagumo eiyo wireless interface yekumisikidza faira iwe yawakagadzira neinotevera zvirimo:

[Route]
Gateway=192.168.1.1
Destination=0.0.0.0
  • Gateway - iyi ndiyo gedhi rekutanga kana kero yenzvimbo yako yekutanga yekuwana.
  • Destination - SOCKS server kero.

Gadzirisa wpa_supplicant ye systemd-networkd

systemd-networkd inoshandisa wpa_supplicant kubatanidza kune yakachengeteka yekuwana nzvimbo. Paunenge uchiedza "kusimudza" iyo isina waya interface, systemd-networkd inotanga sevhisi wpa_supplicant@имяkupi zita ndiro zita rewireless interface. Kana usati washandisa systemd-networkd isati yasvika ino, saka sevhisi iyi ingangove isipo pane yako system.

Saka gadzira nemurairo:

systemctl enable wpa_supplicant@wlp6s0

Ndakashandisa wlp6s0 sezita reiyo wireless interface. Zita rako rinogona kunge rakasiyana. Unogona kuzviziva nemurairo ip l.

Iye zvino sevhisi yakagadzirwa wpa_supplicant@wlp6s0 ichatangwa kana iyo isina waya interface "yakasimudzwa", zvisinei, iyo, zvakare, ichatsvaga iyo SSID uye password marongero enzvimbo yekupinda mufaira. /etc/wpa_supplicant/wpa_supplicant-wlp6s0. Naizvozvo, iwe unofanirwa kuigadzira uchishandisa utility wpa_passphrase.

Kuti uite izvi, mhanya murairo:

wpa_passphrase SSID password>/etc/wpa_supplicant/wpa_supplicant-wlp6s0.conf

apo SSID ndiro zita renzvimbo yako yekupinda, password ndiyo password, uye wlp6s0 -zita reiyo isina waya yako interface.

Tanga iyo chaiyo interface ye tun2socks

Gadzira faira kuti utange itsva virtual interface muhurongwa/etc/systemd/network/25-tun2socks.netdev

[NetDev]
Name=tun2socks
Kind=tun
  • zita ndiro zita iro systemd-networkd ichapa kune ramangwana virtual interface kana yatangwa.
  • mhando imhando ye virtual interface. Kubva pazita reiyo tun2socks sevhisi, unogona kufungidzira kuti inoshandisa interface senge tun.
  • netdev ndiko kuwedzera kwemafaira ayo systemd-networkd Inoshandisa kutanga virtual network interfaces. Kero uye mamwe marongero etiweki eiyi mainterface anotsanangurwa mukati .com-mafaira.

Gadzira faira seizvi /etc/systemd/network/25-tun2socks.network nezvinotevera zvirimo:

[Match]
Name=tun2socks

[Network]
Address=172.16.1.2/24
Gateway=172.16.1.1
  • Name -zita reiyo chaiyo interface yawakatsanangura mairi netdev-file.
  • Address - IP kero iyo ichapihwa kune chaiyo interface. Inofanirwa kunge iri panetiweki yakafanana nekero yawakatsanangura mu tun2socks sevhisi
  • Gateway - IP kero ye "router" tun2socks, iyo yawakatsanangura paunenge uchigadzira iyo systemd sevhisi.

Saka iyo interface tun2socks ane kero 172.16.1.2, uye sevhisi tun2socks - 172.16.1.1, ndiko kuti, ndiyo gedhi rezvibatanidza zvese kubva kune chaiyo interface.

Misa nzvimbo yekuwana chaiyo

Install dependencies:

apt install util-linux procps hostapd iw haveged

Dhaunirodha repository create_ap kumota yako:

git clone https://github.com/oblique/create_ap

Enda kune repository folda pamushini wako:

cd create_ap

Isa pane system:

make install

A config ichaonekwa pane yako system /etc/create_ap.conf. Heano maitiro makuru ekugadzirisa:

  • GATEWAY=10.0.0.1 - zviri nani kuita kuti ive yakasiyana yakachengetwa subnet.
  • NO_DNS=1 - dzima, sezvo iyi parameter ichave inotungamirwa neiyo systemd-networkd virtual interface.
  • NO_DNSMASQ=1 - dzima nechikonzero chimwe chete.
  • WIFI_IFACE=wlp6s0 - Laptop isina waya interface.
  • INTERNET_IFACE=tun2socks - chaiyo interface yakagadzirirwa tun2socks.
  • SSID=hostapd - zita reiyo virtual access point.
  • PASSPHRASE=12345678 - pasiwedhi.

Usakanganwa kugonesa sevhisi:

systemctl enable create_ap

Gonesa DHCP server mu systemd-networkd

Basa create_ap inotanga virtual interface muhurongwa ap0. Mune dzidziso, dnsmasq inorembera pane iyi interface, asi sei kuisa mamwe masevhisi kana systemd-networkd ine yakavakirwa-mukati DHCP server?

Kuti tigone kuigonesa, isu ticha tsanangura iyo network marongero eiyo chaiyo point. Kuti uite izvi, gadzira faira /etc/systemd/network/25-ap0.network nezvinotevera zvirimo:

[Match]
Name=ap0

[Network]
Address=10.0.0.1/24
DHCPServer=yes

[DHCPServer]
EmitDNS=yes
DNS=10.0.0.1
EmitNTP=yes
NTP=10.0.0.1

Mushure mekugadzira_ap sevhisi inotanga iyo chaiyo interface ap0, systemd-networkd inongozvipa iyo IP kero uye inogonesa sevha yeDHCP.

Strings EmitDNS=yes ΠΈ DNS=10.0.0.1 fambisa DNS server marongero kumidziyo yakabatana nenzvimbo yekuwana.

Kana iwe usingaronge kushandisa yemuno DNS server - mune yangu iri dnscrypt-proxy - unogona kuisa DNS=10.0.0.1 Π² DNS=192.168.1.1kupi 192.168.1.1 - kero yegedhi rako rekutanga. Ipapo DNS zvikumbiro zvemugamuchiri wako uye netiweki yemuno inoenda isina kunyorwa kuburikidza nemaseva emupi.

EmitNTP=yes ΠΈ NTP=192.168.1.1 kutamisa NTP marongero.

Ndizvo zvinoenda kumutsara NTP=10.0.0.1.

Isa uye gadzirisa NTP server

Isa pane system:

apt install ntp

Rongedza iyo config /etc/ntp.conf. Rondedzera kero dzemadziva akajairwa:

#pool 0.debian.pool.ntp.org iburst
#pool 1.debian.pool.ntp.org iburst
#pool 2.debian.pool.ntp.org iburst
#pool 3.debian.pool.ntp.org iburst

Wedzera kero dzesevha yeruzhinji, semuenzaniso Google Public NTP:

server time1.google.com ibrust
server time2.google.com ibrust
server time3.google.com ibrust
server time4.google.com ibrust

Ipa mukana kune server kune vatengi panetiweki yako:

restrict 10.0.0.0 mask 255.255.255.0

Bvisa kutepfenyura kunetiweki yako:

broadcast 10.0.0.255

Pakupedzisira, wedzera kero dzemaseva aya kune iyo static routing tafura. Kuti uite izvi, vhura iyo isina wireless interface configuration file /etc/systemd/network/25-wlp6s0.network uye kuwedzera kumagumo echikamu Route.

[Route]
Gateway=192.168.1.1
Destination=216.239.35.0

[Route]
Gateway=192.168.1.1
Destination=216.239.35.4

[Route]
Gateway=192.168.1.1
Destination=216.239.35.8

[Route]
Gateway=192.168.1.1
Destination=216.239.35.12

Unogona kuwana kero dzeNTP maseva ako uchishandisa zvinoshandiswa host sezvinotevera:

host time1.google.com

Isa dnscrypt-proxy, bvisa ads uye uvanze DNS traffic kubva kumupi wako

apt install dnscrypt-proxy

Kushandira host uye yemunharaunda network DNS mibvunzo, gadzirisa socket /lib/systemd/system/dnscrypt-proxy.socket. Shandura mitsara inotevera:

ListenStream=0.0.0.0:53
ListenDatagram=0.0.0.0:53

Restart systemd:

systemctl daemon-reload

Rongedza iyo config /etc/dnscrypt-proxy/dnscrypt-proxy.toml:

server_names = ['adguard-dns']

Kufambisa dnscrypt-proxy yekubatanidza kuburikidza ne tun2socks, wedzera pazasi:

force_tcp = true

Rongedza iyo config /etc/resolv.conf, iyo inoudza sevha yeDNS kumuenzi.

nameserver 127.0.0.1
nameserver 192.168.1.1

Mutsara wekutanga unogonesa kushandiswa kwe dnscrypt-proxy, mutsara wechipiri unoshandisa gedhi rekutanga kana dnscrypt-proxy server isipo.

Yakaitwa!

Reboot kana kumisa kuita network masevhisi:

systemctl stop networking NetworkManager NetworkManager-wait-online

Uye tangazve zvese zvinodiwa:

systemctl restart systemd-networkd tun2socks create_ap dnscrypt-proxy ntp

Mushure mekutangazve kana kutangazve, iwe unenge uine yechipiri nzvimbo yekuwana iyo nzira iyo inomiririra uye LAN zvishandiso kuSOCKS.

Izvi ndizvo zvakaita kubuda ip a yenguva dzose laptop:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: tun2socks: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 500
    link/none 
    inet 172.16.1.2/24 brd 172.16.1.255 scope global tun2socks
       valid_lft forever preferred_lft forever
    inet6 fe80::122b:260:6590:1b0e/64 scope link stable-privacy 
       valid_lft forever preferred_lft forever
3: enp4s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
    link/ether e8:11:32:0e:01:50 brd ff:ff:ff:ff:ff:ff
4: wlp6s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 4c:ed:de:cb:cf:85 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.2/24 brd 192.168.1.255 scope global wlp6s0
       valid_lft forever preferred_lft forever
    inet6 fe80::4eed:deff:fecb:cf85/64 scope link 
       valid_lft forever preferred_lft forever
5: ap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 4c:ed:de:cb:cf:86 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.1/24 brd 10.0.0.255 scope global ap0
       valid_lft forever preferred_lft forever
    inet6 fe80::4eed:deff:fecb:cf86/64 scope link 
       valid_lft forever preferred_lft forever

Somugumisiro,

  1. Mupi anongoona iyo yakavharidzirwa yekubatanidza kune yako SOCKS server, zvinoreva kuti hapana chavanoona.
  2. Uye zvakadaro inoona zvikumbiro zvako zveNTP, kudzivirira izvi, bvisa static nzira dzeNTP maseva. Nekudaro, hazvina chokwadi kuti server yako yeSOCKS inobvumira iyo NTP protocol.

Crutch yakaonekwa paDebain 10

Kana iwe ukaedza kutangazve sevhisi yetiweki kubva kune koni, inokundikana nekukanganisa. Izvi zvinokonzerwa nekuti chikamu chayo muchimiro chechimiro chechimiro chakasungirirwa kune tun2socks sevhisi, zvinoreva kuti inoshandiswa. Kuti utangezve sevhisi yetiweki, unofanirwa kutanga wamisa iyo tun2socks sevhisi. Asi, ndinofunga, kana iwe ukaverenga kusvika kumagumo, iyi haisi dambudziko kwauri!

nezvakanyorwa

  1. Static routing paLinux - IBM
  2. systemd-networkd.service - Freedesktop.org
  3. Tun2socks Β· ambrop72/badvpn Wiki Β· GitHub
  4. oblique/create_ap: Ichi chinyorwa chinogadzira NATEd kana Bridged WiFi Access Point.
  5. dnscrypt-proxy 2 - Iyo inochinjika DNS proxy, ine rutsigiro rwe encrypted DNS protocol.

Source: www.habr.com