ProHoster > Π‘Π»ΠΎΠ³ > Maamulka > Feer fudud oo dalool UDP ah iyadoo la isticmaalayo tunnel IPIP tusaale ahaan

Feer fudud oo dalool UDP ah iyadoo la isticmaalayo tunnel IPIP tusaale ahaan

Waqtiga wanaagsan ee maalinta!

Maqaalkan waxaan rabaa inaan kuu sheego sida aan u hirgaliyay (mid kale) Qoraal Bash ah oo loogu talagalay isku xirka laba kombuyuutar oo ka dambeeya NAT iyadoo la adeegsanayo tignoolajiyada feerka daloolka UDP iyadoo la adeegsanayo Ubuntu/Debian OS tusaale ahaan.

Samaynta xiriirku waxay ka kooban tahay dhowr tillaabo:

  1. Bilaabida qanjirada iyo sugitaanka noodhka fog si uu diyaar u noqdo;
  2. Go'aaminta cinwaanka IP-ga dibadda iyo dekedda UDP;
  3. U wareejinta cinwaanka IP-ga dibadda iyo dekedda UDP ee martigeliyaha fog;
  4. Helitaanka cinwaanka IP-ga dibadeed iyo dekedda UDP ee martigeliyaha fog;
  5. Habaynta tunnel IPIP;
  6. La socodka xidhiidhka;
  7. Haddii xiriirku lumo, tirtir tunnelka IPIP.

Waxaan u maleynayay wakhti dheer oo aan wali ka fekerayo waxa loo isticmaali karo in lagu beddelo xogta u dhaxaysa noodhka, ugu fudud uguna dhaqsaha badan aniga hadda waa ka shaqeeya Yandex.disk.

  • Marka hore, way fududahay in la isticmaalo - waxaad u baahan tahay 3 ficil: abuur, akhri, tirtir. Iyadoo curlka tani waa:
    Abuur:

    curl -s -X MKCOL --user "$usename:$password" https://webdav.yandex.ru/$folder

    Akhri:

    curl -s --user "$usename:$password" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/$folder

    Tirtir:

    curl -s -X DELETE --user "$usename:$password" https://webdav.yandex.ru/$folder
  • Marka labaad, way fududahay in la rakibo: 
    apt install curl

Si loo go'aamiyo ciwaanka IP-ga dibadeed iyo dekedda UDP, adeegso amarka macmiilka:

stun stun.sipnet.ru -v -p $1 2>&1 | grep "MappedAddress"

Ku rakibida amarka:

apt install stun-client

Si loo abaabulo tunnel, qalabka OS caadiga ah ee xirmada iproute2 ayaa la isticmaalaa. Jira tunnel badan kaas oo kor loo qaadi karo iyadoo la adeegsanayo habka caadiga ah (L2TPv3, GRE, iwm.), laakiin waxaan doortay IPIP sababtoo ah waxay ku abuurtaa culeyska ugu yar ee nidaamka. Waxaan isku dayay L2TPv3 UDP waana niyad jabay, xawaaruhu wuxuu hoos u dhacay 10 jeer, laakiin kuwani waxay noqon karaan xayiraado kala duwan oo la xidhiidha bixiyeyaasha ama wax kale. Maadaama tunnelka IPIP uu ka shaqeeyo heerka IP, tunnelka FOU waxaa loo isticmaalaa in lagu shaqeeyo heerka dekeda UDP. Si aad u habayso tunnel IPIP waxaad u baahan tahay:

- Ku shub moduleka FOU:

modprobe fou

- dhegayso dekedda deegaanka:

ip fou add port $localport ipproto 4

- samee tunnel:

ip link add name fou$name type ipip remote $remoteip local $localip encap fou  encap-sport $localport encap-dport $remoteport

- kor u qaad interface tunnel:

ip link set up dev fou$name

- U qoondee ciwaannada IP ee fog ee gudaha iyo gudaha ee tunnelka:

ip addr add $intIP peer $peerip dev fou$name

Tirtir tunnel:

ip link del dev fou$name

ip fou del port $localport

Gobolka tunnel-ka waxaa lagu kormeeraa iyadoo si joogto ah loogu dhejiyo ciwaanka IP-ga gudaha ee tunnel-ka fog oo leh amarka:

ping -c 1 $peerip -s 0

Pining periodic ayaa loo baahan yahay ugu horreyn si loo ilaaliyo kanaalka, haddii kale, marka tunnelku uu shaqeynayo, miisaska NAT ee router-yada ayaa laga yaabaa in la nadiifiyo ka dibna xiriirku wuu go'i doonaa.

Haddii ping-ku baaba'o, markaas tunnelka IPIP waa la tirtiray wuxuuna sugayaa diyaargarowga martigeliyaha fog.

Qoraalka laftiisa:

#!/bin/bash
username="[email protected]"
password="password"
folder="vpnid"
intip="10.0.0.1"
localport=`shuf -i 10000-65000 -n 1`
cid=`shuf -i 10000-99999 -n 1`
tid=`shuf -i 10-99 -n 1`
function yaread {
        curl -s --user "$1:$2" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/$3 | sed 's/></>n</g' | grep "displayname" | sed 's/<d:displayname>//g' | sed 's/</d:displayname>//g' | grep -v $3 | grep -v $4 | sort -r
}
function yacreate {
        curl -s -X MKCOL --user "$1:$2" https://webdav.yandex.ru/$3
}
function yadelete {
        curl -s -X DELETE --user "$1:$2" https://webdav.yandex.ru/$3
}
function myipport {
        stun stun.sipnet.ru -v -p $1 2>&1 | grep "MappedAddress" | sort | uniq | awk '{print $3}' | head -n1
}
function tunnel-up {
	modprobe fou
	ip fou add port $4 ipproto 4
	ip link add name fou$7 type ipip remote $1 local $3 encap fou encap-sport $4 encap-dport $2
	ip link set up dev fou$7
	ip addr add $6 peer $5 dev fou$7
}
function tunnel-check {
	sleep 10
        pings=0
        until [[ $pings == 4 ]]; do
                if ping -c 1 $1 -s 0 &>/dev/null;
                        then    echo -n .; n=0
                        else    echo -n !; ((pings++))
                fi
		sleep 15
        done
}
function tunnel-down {
	ip link del dev fou$1
	ip fou del port $2
}
trap 'echo -e "nDisconnecting..." && yadelete $username $password $folder; tunnel-down $tunnelid $localport; echo "IPIP tunnel disconnected!"; exit 1' 1 2 3 8 9 14 15
until [[ -n $end ]]; do
    yacreate $username $password $folder
    until [[ -n $ip ]]; do
        mydate=`date +%s`
        timeout="60"
        list=`yaread $username $password $folder $cid | head -n1`
        yacreate $username $password $folder/$mydate:$cid
        for l in $list; do
                if [ `echo $l | sed 's/:/ /g' | awk {'print $1'}` -ge $(($mydate-65)) ]; then
			#echo $list
                        myipport=`myipport $localport`
                        yacreate $username $password $folder/$mydate:$cid:$myipport:$intip:$tid
                        timeout=$(( $timeout + `echo $l | sed 's/:/ /g' | awk {'print $1'}` - $mydate + 3 ))
                        ip=`echo $l | sed 's/:/ /g' | awk '{print $3}'`
                        port=`echo $l | sed 's/:/ /g' | awk '{print $4}'`
                        peerip=`echo $l | sed 's/:/ /g' | awk '{print $5}'`
			peerid=`echo $l | sed 's/:/ /g' | awk '{print $6}'`
			if [[ -n $peerid ]]; then tunnelid=$(($peerid*$tid)); fi
                fi
        done
        if ( [[ -z "$ip" ]] && [ "$timeout" -gt 0 ] ) ; then
                echo -n "!"
                sleep $timeout
        fi
    done
    localip=`ip route get $ip | head -n1 | sed 's|.*src ||' | cut -d' ' -f1`
    tunnel-up $ip $port $localip $localport $peerip $intip $tunnelid
    tunnel-check $peerip
    tunnel-down $tunnelid $localport
    yadelete $username $password $folder
    unset ip port myipport
done
exit 0

Kala duwanaansho username, password ΠΈ folder waa inay isku mid noqdaan labada dhinac, laakiin tilmaan - kala duwan, tusaale ahaan: 10.0.0.1 iyo 10.0.0.2. Waqtiga qanjidhada ku yaal waa in la isla meel dhigaa. Waxaad u socodsiin kartaa qoraalka sidan:

nohup script.sh &

Waxaan jeclaan lahaa inaan dareenkaaga ku soo jeediyo xaqiiqda ah in tunnel-ka IPIP uu yahay mid aan ammaan ahayn marka loo eego aragtida xaqiiqda ah in taraafikada aan la sirin, laakiin tan si fudud ayaa loo xallin karaa iyadoo la adeegsanayo IPsec over. maqaalkani, waxay ila ahayd mid fudud oo la fahmi karo.

Waxa aan isticmaalayay qoraalkan si aan ugu xidho kombayutarka shaqada muddo dhawr toddobaad ah hadda wax dhibaato ah ma aanan dareemin. Ku habboon dejinta iyo illowsiinteeda.

Waxaa laga yaabaa inaad hesho faallooyin iyo talooyin, waan ku farxi doonaa inaan dhegeysto.

Qalbadda

Source: www.habr.com

Add a comment