Vamwe vedu hatishandisi Indaneti pasina VPN nokuda kwechikonzero chimwe kana chimwe: mumwe munhu anoda IP yakatsaurirwa, uye zviri nyore uye zvakachipa kutenga VPS ine maviri IPs pane kutenga kero kubva kune anopa, mumwe munhu anoda kuwana mawebsite ose. , uye kwete chete avo vanobvumirwa munharaunda yeRussian Federation, vamwe vanoda IPv6, asi mupi haapi ...
Kazhinji, kubatana kweVPN kunotangwa pachigadzirwa pachacho chiri kushandiswa pane imwe nguva, izvo zvine musoro kana uine komputa imwe chete nefoni imwe uye usingawanzozvishandisa panguva imwe chete. Kana pane zvishandiso zvakawanda mumusha wako wetiweki, kana, semuenzaniso, pane zvimwe izvo VPN isingagadziriswe, zvingave zviri nyore kugadzira mugero wakananga parouter yekumba kuitira kuti usafunge nezve kumisikidza mudziyo wega wega. .
Kana iwe wakamboisa OpenVPN pane yako router, iwe unogona kunge wakashamisika zvisingafadzi nekumhanya kwainoita. Iwo maSoCs eiyo kunyange yakachipa ma routers anopfuura nepamusoro pegigabit traffic pasina chero dambudziko, nekuda kwekufambiswa kwenzira uye NAT mabasa kune yakaparadzana chip yakagadzirirwa chete basa iri, uye iwo makuru processors eakadaro haana kusimba, nekuti. Hapana kana mutoro pavari. Izvi zvinokutendera kuti uwane kumhanya kwakanyanya kweiyo router uye kuderedza zvakanyanya mutengo wechigadzirwa chakapedzwa - ma routers ane simba processors anodhura zvakapetwa kakawanda, uye anoiswa kwete chete sebhokisi rekuparadzira iyo Internet, asiwo seNAS, torrent. downloader uye imba multimedia system.
Router yangu, TP-Link TL-WDR4300, haigone kunzi nyowani - iyo modhi yakaonekwa pakati pe2012, uye ine 560 MHz MIPS32 74Kc architecture processor, iro simba rayo rinongokwana 20-23 Mb/s ye encrypted traffic. kuburikidza neOpenVPN, inova nezviyero Kumhanyisa kweInternet kumba kwemazuva ano kwakadzikira.
Tinogona sei kuwedzera kumhanya kweiyo encrypted tunnel? Router yangu inoshanda chaizvo, inotsigira 3x3 MIMO, uye kazhinji inoshanda nemazvo, handingade kuichinja.
Sezvo ikozvino yave tsika kugadzira 10-megabyte mapeji eInternet, nyora maapplication edesktop mu node.js uye woaisa mu100-megabyte faira, kuwedzera komputa simba pane optimization, isu tichaita chinhu chinotyisa - isu tichaendesa iyo VPN yekubatanidza kune. inobereka imwe-bhodhi "kombuta" Orange Pi One, yatichaisa mune router kesi pasina kutora iripo network uye USB ports, chete $9.99 *!
* + kuendesa, + mitero, + yedoro, + MicroSD.
OpenVPN
Iyo router's processor haigone kunzi haina kusimba zvachose - inokwanisa encrypting uye hashing data uchishandisa iyo AES-128-CBC-SHA1 algorithm ichimhanya 50 Mb/s, iyo inokurumidza kukurumidza kupfuura mashandiro anoita OpenVPN, uye yemazuva ano CHACHA20 rwizi. cipher ine POLY1305 hashi inotosvika 130 megabits pasekondi! Nei kumhanya kweVPN tunnel kwakadzikira kudaro? Izvo zvese nezve shanduko yekuchinja pakati pemushandisi nzvimbo uye kernel nzvimbo: OpenVPN encrypts traffic uye inotaurirana nenyika yekunze mumamiriro emushandisi, uye nzira yacho pachayo inoitika mu kernel mamiriro. Iyo inoshanda sisitimu inofanirwa kugara ichichinja nekudzoka kune yega yega packet inogamuchirwa kana kutumirwa, uye kushanda uku kunononoka. Dambudziko iri rinowanikwa mune zvese zveVPN zvikumbiro zvinomhanya kuburikidza nemutyairi weTUN / TAP, uye hazvigone kutaurwa kuti dambudziko rekumhanya kwakaderera rinokonzerwa nekushata kweOpenVPN optimization (kunyangwe, hongu, kune nzvimbo dzinoda kugadziriswa). Hapana kana imwechete mushandisi VPN mutengi inopa kunyange gigabit ine encryption yakaremara palaptop yangu, rega masisitimu ane isina simba processor.
Orange Pi Imwe
Iyo single-bhodhi Orange Pi Imwe kubva kuXunlong ndiyo yakanakisa kupihwa maererano nekuita / mutengo reshiyo panguva ino. Ne$9.99* unowana yakasimba quad-core ARM Cortex-A7 processor inomhanya (yakagadzikana) pa1008 MHz, uye inokunda zvakajeka vavakidzani vayo vemutengo Raspberry Pi Zero uye Inotevera Chinhu CHIP. Apa ndipo panoperera zvakanakira. Iyo Xunlong kambani inobhadhara chaizvo zero kune software yemabhodhi ayo, uye panguva iyo Imwe yakatangwa kutengeswa, haina kana kupa bhodhi rekugadzirisa faira, tisingatauri mifananidzo yakagadzirira-yakagadzirwa. Allwinner, mugadziri weSoC, haanawo hanya zvakanyanya nekutsigira chigadzirwa chake. Ivo vanongofarira kuita kushoma mu Android 4.4.4 OS, zvinoreva kuti tinomanikidzwa kushandisa 3.4 kernel ine Android zvigamba. Neraki, kune vanofarira vanounganidza kugovera, gadzirisa kernel, nyora kodhi kutsigira mabhodhi mune mainline kernel, i.e. ivo vanoita basa remugadziri, vachiita kuti upenzi uhu hushande zvinogamuchirika. Nezvinangwa zvangu, ndakasarudza iyo Armbian kugovera; inogaro gadziridzwa uye zviri nyore (kernels itsva dzinoiswa zvakananga kuburikidza nepakeji maneja, uye kwete nekukopa mafaera kune yakakosha partition, sezvazvinowanzoitika neAllwinner), uye inotsigira zvakanyanya. peripherals, kusiyana nemamwe.
Nzira
Kuti urege kutakura iyo isina simba processor yerouter ne encryption uye nekumhanyisa VPN yedu yekubatanidza, isu tinokwanisa kushandura basa iri kumapfudzi eimwe ine simba Orange Pi processor nekuibatanidza kune router neimwe nzira. Kubatanidza kuburikidza neEthernet kana USB kunouya mupfungwa - ese maviri aya zviyero zvinotsigirwa nemidziyo miviri, asi ini ndaisada kutora madoko aivepo. Sezvineiwo, pane nzira yekubuda nayo.
Iyo GL850G USB hub chip, iyo inoshandiswa mu router, inotsigira 4 USB ports, maviri ayo asina waya. Hazvisi pachena kuti nei mugadziri asina kuvasunungura, ndinofungidzira, kudzivirira vashandisi kubva pakubatanidza 4 zvishandiso nepamusoro pezvino kushandiswa (somuenzaniso, dhiraivha) kamwechete. Iyo yakajairwa magetsi eiyo router haina kugadzirirwa mutoro wakadaro. Chero zvazvingava, izvi zvakatinakira.
Kuti uwane imwe chiteshi che USB, unongoda kutengesa waya mbiri kumapini 8(D-) uye 9(D+) kana 11(D-) uye 12(D+).
Nekudaro, hazvina kukwana kungo plug mumidziyo miviri ye USB uye kutarisira kuti zvese zvichashanda zvega, sezvazvaizoita neEthernet. Chekutanga, isu tinofanirwa kuita kuti imwe yadzo ishande mu USB Client modhi, uye kwete USB Host, uye chechipiri, isu tinofanirwa kusarudza kuti zvishandiso zvinozoonana sei. Kune akawanda madhiraivha eanonzi USB Gadgets (yakapihwa zita reLinux kernel subsystem), iyo inokutendera iwe kutevedzera akasiyana marudzi e USB zvishandiso: network adapta, kadhi redhiyo, keyboard uye mbeva, flash drive, kamera, console kuburikidza ne serial. port. Sezvo mudziyo wedu uchashanda netiweki, kutevedzera Ethernet adapta kwakatinakira.
Kune matatu Ethernet-pamusoro-USB zviyero:
- Remote NDIS (RNDIS). Chiyero chekare kubva kuMicrosoft, chinoshandiswa zvakanyanya panguva yeWindows XP.
- Ethernet Control Model (ECM). Chiyero chakareruka chinoputira Ethernet mafuremu mukati me USB mapaketi. Yakakura kune wired modem ine USB yekubatanidza, uko kuri nyore kuendesa mafuremu pasina kugadzirisa, asi nekuda kwekureruka kwayo uye nekugumira kwebhazi re USB, haina kukurumidza.
- Ethernet Emulation Model (EEM). Iyo yakangwara protocol inotora muakaundi USB mipimo uye inonyatso kuunganidza akawanda mafuremu mune imwe, nekudaro ichiwedzera kubuda.
- Network Control Model (NCM). Iyo itsva protocol. Iine mabhenefiti eEEM uye inovandudza ruzivo rwebhazi.
Kuti tiwane chero yeaya maprotocol kuti ashande pabhodhi redu, senguva dzose, tichazosangana nematambudziko. Nekuda kwekuti Allwinner anongofarira zvikamu zveAroid zvekernel, Android Gadget chete inoshanda zvakajairwa - iyo kodhi inoshandisa kutaurirana neadb, kutumira chishandiso kunze kwenyika kuburikidza neMTP protocol uye kutevedzera flash drive pane Android zvishandiso. Android Gadget pachayo inotsigirawo RNDIS protocol, asi yakatyoka muAllwinner kernel. Kana iwe ukaedza kuunganidza kernel nechero imwe USB Gadget, chishandiso hachingooneki pahurongwa, zvisinei nezvaunoita.
Kuti ugadzirise dambudziko, nenzira ine hushamwari, unofanirwa kutsvaga nzvimbo iyo iyo USB controller inotangwa mune kodhi yeiyo Android gadget android.c yakagadziridzwa nevagadziri, asi pane zvakare workaround yekuita kanenge Ethernet emulation pamusoro. USB basa:
--- sun8i/drivers/usb/sunxi_usb/udc/sunxi_udc.c 2016-04-16 15:01:40.427088792 +0300
+++ sun8i/drivers/usb/sunxi_usb/udc/sunxi_udc.c 2016-04-16 15:01:45.339088792 +0300
@@ -57,7 +57,7 @@
static sunxi_udc_io_t g_sunxi_udc_io;
static u32 usb_connect = 0;
static u32 is_controller_alive = 0;
-static u8 is_udc_enable = 0; /* is udc enable by gadget? */
+static u8 is_udc_enable = 1; /* is udc enable by gadget? */
#ifdef CONFIG_USB_SUNXI_USB0_OTG
static struct platform_device *g_udc_pdev = NULL;Ichi chigamba chinomanikidza USB mutengi modhi, ichikubvumidza iwe kushandisa yakajairwa USB Gadgets kubva kuLinux.
Zvino iwe unofanirwa kuvakazve kernel neichi chigamba uye gadget inodiwa. Ndakasarudza EEM nekuti... Zvinoenderana nemhedzisiro yebvunzo, zvakazove kuita zvakanyanya kupfuura NCM.
Chikwata cheArmbian chinopa pamapuranga ose anotsigirwa mukugoverwa. Ingoidhawunirodha, isa chigamba chedu mukati userpatches/kernel/sun8i-default/otg.patch, gadzirisa zvishoma compile.sh uye sarudza gadget inodiwa:
Iyo kernel ichaunganidzwa kuita deb package, iyo isingazonetsa kuisa pabhodhi kuburikidza dpkg.
Chasara kubatanidza bhodhi kuburikidza ne USB uye kugadzirisa yedu itsva network adapta kuti igamuchire kero kuburikidza neDHCP. Kuti uite izvi unofanirwa kuwedzera chimwe chinhu sechinotevera kune /etc/network/interfaces:
auto usb0
iface usb0 inet dhcp
hwaddress ether c2:46:98:49:3e:9d
pre-up /bin/sh -c 'echo 2 > /sys/bus/platform/devices/sunxi_usb_udc/otg_role'Zviri nani kuseta kero yeMAC nemaoko, nekuti... zvichave zvisina tsarukano pese kana mudziyo uchitangazve, izvo zvisingaite uye zvinonetsa.
Isu tinobatanidza tambo yeMicroUSB kune OTG connector, shandisa simba kubva kune router (inogona kupiwa pini 2 uye 3 yemuzinga, uye kwete chete kune simba rekubatanidza).
Zvose zvinosara ndezvekugadzirisa router. Zvakakwana kuisa pasuru nemutyairi weEEM uye kuwedzera yedu itsva USB network mudziyo kubhiriji renzvimbo yemuno firewall:
opkg install kmod-usb-net-cdc-eem
Kuti uendese traffic yese kunzira yeVPN, unofanirwa kuwedzera mutemo weSNAT kubhodhi IP kero padivi re router, kana kugovera kero yebhodhi sekero yegedhi kuburikidza nednsmasq. Iyo yekupedzisira inoitwa nekuwedzera mutsara unotevera kune /etc/dnsmasq.conf:
dhcp-option = tag:lan, option:router, 192.168.1.100apo 192.168.1.100 - IP kero yebhodhi rako. Usakanganwa kuisa kero ye router mune network zvigadziriso pabhodhi pachayo!
Siponji ye melamine yakashandiswa kupatsanura mabhodhi ekubatika kubva kune ma router contacts. Zvakaitika seizvi:
mhedziso
Iyo network kuburikidza ne USB inoshanda zvinoshamisa nekukurumidza: 100-120 Mb / s, ndaitarisira zvishoma. OpenVPN inopfuura ne70 Mb / s yeyakavharidzirwa traffic, iyo isiriwo yakawanda, asi yakakwana kune zvandinoda. Chivharo che router hachivharidzi zvakasimba, chichisiya gap duku. Aesthetes inogona kubvisa Ethernet uye USB Host connectors kubva pabhodhi, iyo inobvumira chivharo kuvhara zvachose uye ichine imwe nzvimbo yasara.
Zviri nani kusaita zvinonyadzisira zvakadaro uye kutenga .
Source: www.habr.com