ProHoster > Π‘Π»ΠΎΠ³ > Maamulka > Ilaalinta muuqaalka guriga. Qorshaha ilaalinta kaydka fiidyowga iyada oo aan la helin diiwaan-hayaha guriga

Ilaalinta muuqaalka guriga. Qorshaha ilaalinta kaydka fiidyowga iyada oo aan la helin diiwaan-hayaha guriga

Waxaan rabay in aan wax ka qoro maqaal ku saabsan qoraal ku saabsan la shaqaynta kamarad iyada oo la adeegsanayo hab-maamuuska DVRIP in muddo ah, laakiin doodda la xidhiidha wararkii ugu dambeeyay ee ku saabsanaa. Xiaomi Waxa ay igu kaliftay in aan marka hore ka hadlo sida aan guriga ugu sameeyay ilaalinta muuqaalka, ka dibna aan u gudbo qoraalada iyo waxyaabo kale.

Waxaan haynay 2 baakidh... Markaa, sug, tani isku sheeko maaha.
Waxaan haysanay 2 router oo ka socda TP-LINK, marinka internetka ee ka dambeeya bixiyaha NAT, kamarad ilaalin Partizan ma xasuusto moodelka (kamarad kasta oo IP ah oo taageerta RSTP ee ka sareysa TCP ama DVRIP ayaa sameyn doonta) iyo VPS raqiis ah 4 euro oo leh sifooyinka: 2 core CPU 2.4GHz, 4GB RAM, 300 GB HDD, 100 Mbit/s deked. Iyo sidoo kale diidmada iibsashada wax kasta oo ay dheer tahay taas oo qiimaheedu ka badan yahay xadhig balastar ah.

Horudhac

Sababo cad dartood, ma u gudbin karno dekedaha kamaradaha ee router-ka oo aan ku raaxaysan karno nolosha, ka sokow, xitaa haddii aan awoodno, waa inaanan sameynin taas.

Waxaan maqlay buluuga ah in ay jiraan xulashooyin qaar oo leh IPv6 tunneling, halkaas oo ay u muuqato in wax walba la samayn karo si dhammaan aaladaha shabakadu u helaan ciwaanka IPv6 dibadeed, tani waxay fududaynaysaa wax yar, inkasta oo ay wali ka baxdo amniga. Dhacdadan su'aasha ah, iyo taageerada mucjisadan ee firmware-ka caadiga ah ee TP-LINK waa wax la yaab leh. Inkasta oo ay suurtogal tahay in jumlada hore aan ku hadlayo wax aan macno lahayn, markaa ha siin dareenkaaga gabi ahaanba.

Laakiin, nasiib wanaag anaga, ku dhawaad ​​​​firmware kasta oo loogu talagalay router kasta (hadal aan sal lahayn dhab ahaantii) wuxuu ka kooban yahay macmiil PPTP/L2TP ama awoodda lagu rakibo firmware-ga gaarka ah. Taasna waxaan ka dhisi karnaa nooc ka mid ah xeeladaha dhaqanka.

Topology

Anigoo qandho ah, maskaxdaydu waxay dhashay wax la mid ah jaantuskan xargaha:

oo mar uu weerar kale socday waxaan u sawiray in aan ku soo bandhigo HabrIlaalinta muuqaalka guriga. Qorshaha ilaalinta kaydka fiidyowga iyada oo aan la helin diiwaan-hayaha guriga

Ciwaanka 169.178.59.82 waxa loo soo saaray si aan kala sooc lahayn oo u adeega tusaale kaliya

Hagaag, ama haddii ereyo, markaa:

  • Router TP-LINK 1 (192.168.1.1), kaas oo la geliyo xadhig ka soo baxa gidaarka. Akhristaha wax weyddiinta ayaa qiyaasi doona in kani yahay fiilada bixiyaha ee aan ka galo internetka. Qalab kala duwan oo guriga ah ayaa ku xidhan router-kan iyada oo loo marayo patch cord ama Wi-Fi. Kani waa shabakada 192.168.1.0
  • Router TP-LINK 2 (192.168.0.1, 192.168.1.200), kaas oo la geliyo fiilo ka soo baxaysa TP-LINK 1 router-ka, mahadda fiiladan, TP-LINK 2 router, iyo sidoo kale qalabka ku xiran, ayaa sidoo kale heli kara internetka. Router-kan waxa lagu habeeyey xidhiidhka PPTP (10.0.5.100) ilaa server 169.178.59.82. IP Camera 192.168.0.200 ayaa sidoo kale ku xiran router-kan oo dekedaha soo socda ayaa loo gudbiyaa
    • 192.168.0.200:80 -> 49151 (webmord)
    • 192.168.0.200:34567 -> 49152 (DVRIP)
    • 192.168.0.200:554 -> 49153 (RTSP)
  • Adeegaha (169.178.59.82, 10.0.5.1), kaas oo TP-LINK 2 router uu ku xiran yahay, Server-ku wuxuu ku shaqeeyaa pptpd, shadowsocks iyo 3proxy, kuwaas oo aad ka heli karto qalabka shabakada 10.0.5.0 oo aad geli karto TP-LINK 2 router.

Sidaa darteed, dhammaan aaladaha guriga ee shabakadda 192.168.1.0 waxay marin u heli karaan kamaradda TP-LINK 2 ee 192.168.1.200, iyo dhammaan kuwa kale waxay ku xidhi karaan pptp, shadowsocks ama sharabaad5 waxayna galaan 10.0.5.100.

sixitaanka

Tallaabada ugu horreysa waa in la isku xiro dhammaan qalabka sida ku cad jaantuska kore.

  • Dejinta TP-LINK 1 router waxay hoos ugu dhacdaa in lagu kaydiyo ciwaanka 192.168.1.200 ee TP-LINK Oo, haddii la rabo, waxaad u kaydin kartaa 2-192.168.1.0 Mbit (10 ayaa ku filan hal 20 fiidiyoow ah).
  • Waxaad u baahan tahay inaad ku rakibto oo ku habayso pptpd server-ka. Waxaan haystaa Ubuntu 18.04 oo tillaabooyinku waxay ahaayeen ku dhawaad ​​kuwan soo socda (ku deequhu wuxuu ahaa tusaale blog.xenot.ru/bystraya-nastrojka-vpn-servera-pptp-na-ubuntu-server-18-04-lts.fuck):
    • Ku rakib xirmooyinka lagama maarmaanka ah: 
      sudo apt install pptpd iptables-persistent
    • Waxaan u keenaynaa foomkan soo socda

      /etc/pptpd.conf

      option /etc/ppp/pptpd-options
bcrelay eth0 # Π˜Π½Ρ‚Π΅Ρ€Ρ„Π΅ΠΉΡ, Ρ‡Π΅Ρ€Π΅Π· ΠΊΠΎΡ‚ΠΎΡ€Ρ‹ΠΉ ваш сСрвСр Ρ…ΠΎΠ΄ΠΈΡ‚ Π² ΠΈΠ½Ρ‚Π΅Ρ€Π½Π΅Ρ‚Ρ‹
logwtmp
localip 10.0.5.1
remoteip 10.0.5.100-200

    • Waanu tafatiraynaa

      /etc/ppp/pptpd-options

      novj
novjccomp
nologfd

name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
#require-mppe-128 # МоТно Ρ€Π°ΡΠΊΠΎΠΌΠΌΠ΅Π½Ρ‚ΠΈΡ€ΠΎΠ²Π°Ρ‚ΡŒ, Π½ΠΎ ΠΌΠΎΠΉ TP-LINK c Π½ΠΈΠΌ Π½Π΅ Π΄Ρ€ΡƒΠΆΠΈΡ‚

ms-dns 8.8.8.8
ms-dns 1.1.1.1
ms-dns  77.88.8.8
ms-dns 8.8.4.4
ms-dns 1.0.0.1
ms-dns  77.88.8.1

proxyarp
nodefaultroute
lock
nobsdcomp
    • Ku darida aqoonsiga

      /etc/ppp/chap-sirta

      # Secrets for authentication using CHAP
# client	server	secret			IP addresses
username pptpd password *
    • Ku dar

      /etc/sysctl.conf

      net.ipv4.ip_forward=1

      oo dib u soo deji sysctl

      sudo sysctl -p
    • Dib u kici pptpd oo ku dar bilawga 
      sudo service pptpd restart
sudo systemctl enable pptpd
    • Waanu tafatiraynaa

      Iptables

      sudo iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -p tcp -m tcp --dport 1723 -j ACCEPT
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo iptables --table nat --append POSTROUTING --out-interface ppp+ -j MASQUERADE
sudo iptables -I INPUT -s 10.0.5.0/24 -i ppp+ -j ACCEPT
sudo iptables --append FORWARD --in-interface eth0 -j ACCEPT

      Oo badbaadi

      sudo netfilter-persistent save
sudo netfilter-persistent reload
  • Dejinta TP-LINK 2
    • Waxaan u haysanaa ciwaanka 192.168.0.200 kamaradayada:

      DHCP -> Boos sii qabsiga ciwaanka Cinwaanka MAC β€” kamarad MAC, waxaa laga arki karaa DHCP -> Liiska macaamiisha DHCP
      - Ciwaanka IP-ga ee xafidan - 192.168.0.200

    • Dekadaha gudbinta:
      Dib u jiheynta -> Servers Virtual - Dekadda adeegga: 49151, Dekedda gudaha: 80, cinwaanka IP: 192.168.0.200, Protocol: TCP
      - Dekadda adeegga: 49152, Dekedda gudaha: 34567, cinwaanka IP: 192.168.0.200, Protocol: TCP
      - Dekadda adeegga: 49153, Dekedda gudaha: 554, cinwaanka IP: 192.168.0.200, Protocol: TCP
    • Dejinta xidhiidhka VPN:

      Shabakadda -> WAN - Nooca isku xirka WAN: PPTP
      - Magaca isticmaalaha: magaca isticmaalaha (eeg /etc/ppp/chap-secrets)
      - Furaha: erayga sirta ah (eeg /etc/ppp/chap-secrets)
      - Xaqiiji erayga sirta ah: erayga sirta ah (eeg /etc/ppp/chap-secrets)
      - IP firfircoon
      - Cinwaanka IP/Magaca adeegaha: 169.178.59.82 (sida cad, IP-ga dibadda ee server-kaaga)
      - Habka isku xirka: Si toos ah ugu xidh

    • Ikhtiyaar ahaan, waxaan u oggolaanaa gelitaanka fog ee wejiga shabakadda router-ka
      Amniga -> Maareynta Fog - Dekedda maamulka shabakadda: 80
      - Ciwaanka IP-ga ee maamulka fog: 255.255.255.255
    • Dib u kici TP-LINK 2 router

Halkii PPTP, waxaad isticmaali kartaa L2TP ama, haddii aad leedahay firmware gaar ah, ka dibna wax kasta oo qalbigaagu rabo. Waxaan doortay PPTP, maadaama nidaamkan aan loo dhisin sababo ammaan dartood, pptpd, waayo-aragnimadayda, waa server-ka VPN ugu dhaqsaha badan. Intaa waxaa dheer, runtii ma aanan rabin in aan rakibo firmware-ka caadiga ah, taas oo macnaheedu yahay in aan doorto inta u dhaxaysa PPTP iyo L2TP.

Haddii aanan qalad ku samayn meel kasta oo buug-gacmeedka ah, oo aad wax walba si sax ah u samaysay oo aad nasiib u yeelatay, ka dib dhammaan khariidadahan

  • marka hore 
    ifconfig

    muujin doonaa interface ah ppp0 inet 10.0.5.1 netmask 255.255.255.255 destination 10.0.5.100,

  • marka labaad, 10.0.5.100 waa in ping,
  • iyo marka saddexaad 
    ffprobe -rtsp_transport tcp "rtsp://10.0.5.100:49153/user=admin&password=password&channel=1&stream=0.sdp"

    Waa in la ogaado qulqulka
    Waxaad ka heli kartaa rtsp port, galida iyo erayga sirta ah ee dukumeentiga kamaradaada

gunaanad

Mabda 'ahaan, tani maaha mid xun, waxaa jira marin u helka RTSP, haddii software-ka gaarka ah uu ku shaqeeyo DVRIP, markaa waad isticmaali kartaa. Waxaad ku kaydin kartaa qulqulka adigoo isticmaalaya ffmpeg, dedeji muuqaalka 2-3-5 jeer, u jajabin kartaa qaybo saacado dheer ah, ku dheji Google Drive ama shabakadaha bulshada iyo wax ka badan, wax ka badan.

Ma jecli RTSP ka badan TCP, sababtoo ah ma shaqeynin mid aad u deggan, laakiin ka badan UDP, sababaha aanaan awoodin (ama aan awoodno, laakiin ma rabo inaan sameeyo) u gudbiyo noocyada kala duwan ee dekedaha. iyada oo RTSP ay riixi doonto qulqulka fiidiyowga, ma shaqeyn doonto, waxaan qoray qoraal ku jiidaya qulqulka TCP iyada oo loo marayo DVRIP. Waxay noqotay mid xasiloon.

Mid ka mid ah faa'iidooyinka habka ayaa ah in aan qaadan karno shay taageeraya foori 2G ah oo ku jira TP-LINK 4 router, ku wada shaqeeya kamarada UPS (taas oo shaki la'aan u baahan doonta mid aad uga yar marka loo eego marka loo eego marka loo eego wakhtiga iyadoo la isticmaalayo rikoodhe), marka lagu daro, duubista waxaa loo gudbiyaa isla markiiba server-ka, markaa xitaa haddii kuwa soo galay goobtaada soo galaan, ma awoodi doonaan inay qabtaan fiidiyowga. Guud ahaan, waxaa jira meel loogu talagalay maneuver wax walbana waxay ku xiran yihiin oo kaliya male-awaalkaaga.

PS: Waan ogahay in shirkado badani ay bixiyaan xalal daruureed diyaarsan, laakiin qiimaha waxay ku dhawaad ​​​​laba jibaar ka qaalisan yihiin VPS-kayga (kaas oo aan horay u haystay 3, markaa waxaan u baahanahay inaan u qoondeeyo ilaha meel), waxay bixiyaan xakameyn aad u yar, iyo sidoo kale ha samayn tayada aad u qanacsan.

Source: www.habr.com

Add a comment