Chinyorwa pamusoro pekuti ndakakwanisa sei kumhanyisa VPN sevha kuseri kweNAT yemupi wemba yangu (isina chena IP kero). Rega ndiite chengetedzo ipapo ipapo: izvo kushanda kwekuita uku zvakananga kunoenderana nerudzi rweNAT inoshandiswa nemupi wako, pamwe nerouter.
Saka, ini ndaida kubatanidza kubva kuAndroid yangu smartphone kune komputa yangu yekumba, ese maturusi akabatana neInternet kuburikidza nemupi weNATs, pamwe nekombuta yakabatana kuburikidza nerouter yekumba, iyo zvakare NATs inobatana.
Iyo yekirasi chirongwa uchishandisa yakarejeswa VPS/VDS ine chena IP kero, pamwe nekurenda chena IP kero kubva kumupi, haina kutariswa nekuda kwezvikonzero zvakati.
Kufunga nezvazvo
$ stun stun.sipnet.ru
ndawana mhinduro:
STUN mutengi shanduro 0.97
Chekutanga: Yakazvimirira Mepu, Yakazvimirira Sefa, isina kurongeka port, ichaita hairpin
Kudzorera kukosha ndiko 0x000002
Shanduro yeshoko:
Yakazvimirira Mepu - yakazvimirira mepu
Yakazvimirira Sefa - yakazvimirira sefa
random port - random port
will hairpin - pachave ne hairpin
Kumhanyisa murairo wakafanana paPC yangu, ndakawana:
STUN mutengi shanduro 0.97
Chekutanga: Yakazvimirira Mepu, Port Inotsamira Sefa, isina kurongeka chiteshi, ichaita hairpin
Kudzorera kukosha ndiko 0x000006
Port Dependent Filter - port dependent filter
Musiyano mumhedzisiro yekubuda kwemirairo wakaratidza kuti router yekumba yaive ichipa "mupiro wayo" kunzira yekutumira mapaketi kubva kuInternet; izvi zvakaratidzwa mukuti pakuita murairo pakombuta:
stun stun.sipnet.ru -p 11111 -v
Ndanga ndichiwana mhedzisiro:
...
MappedAddress = XX.1XX.1X4.2XX:4398
...
panguva ino, chirongwa cheUDP chakavhurwa kwenguva yakati, kana panguva ino iwe uchitumira chikumbiro cheUDP (somuenzaniso: netcat XX.1XX.1X4.2XX 4398 -u), ipapo chikumbiro chakauya kune router yeimba, iyo yakanga yakasimbiswa neTCPDump ichimhanya pairi, asi chikumbiro hachina kusvika pakombiyuta - IPtables, semushanduri weNAT pa router, akaikanda.
Asi iyo chokwadi chekuti chikumbiro cheUDP chakapfuura kuburikidza nemupi weNAT chakapa tariro yekubudirira. Sezvo router iri munzvimbo yangu, ndakagadzirisa dambudziko nekudzosera chiteshi cheUDP/11111 pakombuta:
iptables -t nat -A PREROUTING -i eth1 -p udp -d 10.1XX.2XX.XXX --dport 11111 -j DNAT --to-destination 192.168.X.XXX
Nokudaro, ndakakwanisa kutanga musangano weUDP uye kugamuchira zvikumbiro kubva paInternet kubva kune chero kero ye IP. Panguva ino, ndakatanga OpenVPN-server (ndakamboigadzirisa) ndichiteerera kuUDP / 11111 port, yakaratidza kunze IP kero uye chiteshi (XX.1XX.1X4.2XX:4398) pa smartphone uye yakabudirira kubatana kubva ku-smartphone kusvika kombiyuta. Asi mukuita uku pakamuka dambudziko: zvaive zvakakodzera kuchengetedza UDP chikamu kusvika OpenVPN mutengi abatana neserver; ini handina kufarira sarudzo yenguva nenguva kuvhura STUN mutengi - handina kuda kutambisa mutoro pa. iyo STUN maseva.
Ndakaonawo pakapinda"
Hairpinning inobvumira muchina mumwe pane network yemuno kuseri kweNAT kuti uwane mumwe muchina pane imwecheteyo network kukero yekunze ye router.
Nekuda kweizvozvo, ini ndakangogadzirisa dambudziko rekuchengetedza UDP chikamu - ndakatangisa mutengi pakombuta imwe chete neseva.
Yakashanda seizvi:
- yakatanga STUN mutengi pachiteshi chemuno 11111
- yakagamuchira mhinduro neyekunze IP kero uye port XX.1XX.1X4.2XX:4398
- yakatumira data ine yekunze IP kero uye chiteshi kune email (chero imwe sevhisi inogoneka) yakagadziridzwa pane iyo smartphone
- akatanga OpenVPN server pakombuta inoteerera UDP/11111 port
- akatanga OpenVPN mutengi pakombiyuta achitsanangura XX.1XX.1X4.2XX:4398 kuti ubatanidze
- chero nguva yakatanga OpenVPN mutengi pane smartphone inoratidza IP kero uye chiteshi (munyaya yangu iyo IP kero haina kuchinja) kubatanidza.
Nenzira iyi ndakakwanisa kubatanidza kune komputa yangu kubva ku smartphone yangu. Kuita uku kunobvumira kuti ubatanidze chero OpenVPN mutengi.
Dzidzira
Zvinotora:
# apt install openvpn stun-client sendemail
Tanyora zvinyorwa zvishoma, akati wandei mafaera ekugadzirisa, uye kugadzira zvitupa zvinodikanwa (sezvo mutengi pa-smartphone anoshanda chete nezvitupa), isu takawana iyo yakajairwa kuita yeOpenVPN server.
Main script pakombuta
# cat vpn11.sh
#!/bin/bash
until [[ -n "$iftosrv" ]]; do echo "$(date) ΠΠΏΡΠ΅Π΄Π΅Π»ΡΡ ΡΠ΅ΡΠ΅Π²ΠΎΠΉ ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡ"; iftosrv=`ip route get 8.8.8.8 | head -n 1 | sed 's|.*dev ||' | awk '{print $1}'`; sleep 5; done
ABSOLUTE_FILENAME=`readlink -f "$0"`
DIR=`dirname "$ABSOLUTE_FILENAME"`
localport=11111
until [[ $a ]]; do
address=`stun stun.sipnet.ru -v -p $localport 2>&1 | grep "MappedAddress" | sort | uniq | head -n 1 | sed 's/:/ /g' | awk '{print $3" "$4}'`
ip=`echo "$address" | awk {'print $1'}`
port=`echo "$address" | awk {'print $2'}`
srv="openvpn --config $DIR/server.conf --port $localport --daemon"
$srv
echo "$(date) Π‘Π΅ΡΠ²Π΅Ρ Π·Π°ΠΏΡΡΠ΅Π½ Ρ Π²Π½Π΅ΡΠ½ΠΈΠΌ Π°Π΄ΡΠ΅ΡΠΎΠΌ $ip:$port"
$DIR/sendemail.sh "OpenVPN-Server" "$ip:$port"
sleep 1
openvpn --config $DIR/client.conf --remote $ip --port $port
echo "$(date) CΠΎΠ΅Π΄ΠΈΠ½Π΅Π½ΠΈΠ΅ ΠΊΠ»ΠΈΠ΅Π½ΡΠ° Ρ ΡΠ΅ΡΠ²Π΅ΡΠΎΠΌ ΡΠ°Π·ΠΎΡΠ²Π°Π½ΠΎ"
for i in `ps xa | grep "$srv" | grep -v grep | awk '{print $1}'`; do
kill $i && echo "$(date) ΠΠ°Π²Π΅ΡΡΠ΅Π½ ΠΏΡΠΎΡΠ΅ΡΡ ΡΠ΅ΡΠ²Π΅ΡΠ° $i ($srv)"
done
echo "ΠΠ΄Ρ 15 ΡΠ΅ΠΊ"
sleep 15
done
Script yekutumira data neemail:
# cat sendemail.sh
#!/bin/bash
from="ΠΡ ΠΊΠΎΠ³ΠΎ"
pass="ΠΠ°ΡΠΎΠ»Ρ"
to="ΠΠΎΠΌΡ"
theme="$1"
message="$2"
server="smtp.yandex.ru:587"
sendEmail -o tls=yes -f "$from" -t "$to" -s "$server" -xu "$from" -xp "$pass" -u "$theme" -m "$message"
Sevha yekumisikidza faira:
# cat server.conf
proto udp
dev tun
ca /home/vpn11-srv/ca.crt
cert /home/vpn11-srv/server.crt
key /home/vpn11-srv/server.key
dh /home/vpn11-srv/dh2048.pem
server 10.2.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
tls-server
tls-auth /home/vpn11-srv/ta.key 0
tls-timeout 60
auth SHA256
cipher AES-256-CBC
client-to-client
keepalive 10 30
comp-lzo
max-clients 10
user nobody
group nogroup
persist-key
persist-tun
log /var/log/vpn11-server.log
verb 3
mute 20
Client configuration file:
# cat client.conf
client
dev tun
proto udp
ca "/home/vpn11-srv/ca.crt"
cert "/home/vpn11-srv/client1.crt"
key "/home/vpn11-srv/client1.key"
tls-client
tls-auth "/home/vpn11-srv/ta.key" 1
auth SHA256
cipher AES-256-CBC
auth-nocache
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
log /var/log/vpn11-clent.log
verb 3
mute 20
ping 10
ping-exit 30
Zvitupa zvakagadzirwa pachishandiswa
Kumhanyisa script:
# ./vpn11.sh
Nekutanga kuita kuti iite executable
# chmod +x vpn11.sh
Pamusoro pe smartphone
Nekuisa iyo application OpenVPN ye Android, mushure mekukopa faira yekumisikidza, zvitupa uye nekuigadzirisa, zvakazoitika seizvi:
Ndinotarisa email yangu pane yangu smartphone
Ini ndinogadzirisa nhamba yechiteshi muzvirongwa
Ini ndinotanga mutengi uye ndinobatana
Ndichiri kunyora chinyorwa ichi, ndakatamisa gadziriso kubva pakombuta yangu kuenda kuRaspberry Pi 3 uye ndikaedza kumhanyisa chinhu chose paLTE modem, asi haina kushanda! Command Result
# stun stun.ekiga.net -p 11111
STUN mutengi shanduro 0.97
Chekutanga: Yakazvimirira Mepu, Port Inotsamira Sefa, isina kurongeka chiteshi, ichaita hairpin
Kudzorera kukosha ndiko 0x000006
kukosha Port Dependent Sefa haina kubvumira kuti system itange.
Asi mupi wepamba akabvumira sisitimu kuti itange paRaspberry Pi 3 pasina matambudziko.
Mukubatana ne webcam, ine VLC ye
kugadzira RTSP rukova kubva kune webcam
$ cvlc v4l2:///dev/video0:chroma=h264 :input-slave=alsa://hw:1,0 --sout '#transcode{vcodec=x264,venc=x264{preset=ultrafast,profile=baseline,level=31},vb=2048,fps=12,scale=1,acodec=mpga,ab=128,channels=2,samplerate=44100,scodec=none}:rtp{sdp=rtsp://10.2.0.1:8554/}' --no-sout-all --sout-keep
uye VLC pane smartphone yekuona (rukova rtsp://10.2.0.1:8554/), yakazova yakanaka kure kure vhidhiyo yekutarisa system, unogona zvakare kuisa Samba, nzira traffic kuburikidza neVPN, kure kure kudzora komputa yako uye zvakawanda. zvimwe...
mhedziso
Sekuratidzwa kwakaratidza, kuronga sevha yeVPN, unogona kuita pasina kero yekunze yeIP yaunoda kubhadhara, sekunge VPS/VDS yakahaiwa. Asi zvose zvinoenderana nemupi. Ehe, ndaida kuwana rumwe ruzivo nezve vakasiyana vanopa uye marudzi eNAT anoshandiswa, asi uku ndiko kutanga ...
Π‘ΠΏΠ°ΡΠΈΠ±ΠΎ Π·Π° Π²Π½ΠΈΠΌΠ°Π½ΠΈΠ΅!
Source: www.habr.com