Waqtiga wanaagsan ee maalinta!
Maqaalkan waxaan rabaa inaan kuu sheego sida aan u hirgaliyay (
Samaynta xiriirku waxay ka kooban tahay dhowr tillaabo:
- Bilaabida qanjirada iyo sugitaanka noodhka fog si uu diyaar u noqdo;
- Go'aaminta cinwaanka IP-ga dibadda iyo dekedda UDP;
- U wareejinta cinwaanka IP-ga dibadda iyo dekedda UDP ee martigeliyaha fog;
- Helitaanka cinwaanka IP-ga dibadeed iyo dekedda UDP ee martigeliyaha fog;
- Habaynta tunnel IPIP;
- La socodka xidhiidhka;
- Haddii xiriirku lumo, tirtir tunnelka IPIP.
Waxaan u maleynayay wakhti dheer oo aan wali ka fekerayo waxa loo isticmaali karo in lagu beddelo xogta u dhaxaysa noodhka, ugu fudud uguna dhaqsaha badan aniga hadda waa ka shaqeeya Yandex.disk.
- Marka hore, way fududahay in la isticmaalo - waxaad u baahan tahay 3 ficil: abuur, akhri, tirtir. Iyadoo curlka tani waa:
Abuur:curl -s -X MKCOL --user "$usename:$password" https://webdav.yandex.ru/$folder
Akhri:
curl -s --user "$usename:$password" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/$folder
Tirtir:
curl -s -X DELETE --user "$usename:$password" https://webdav.yandex.ru/$folder
- Marka labaad, way fududahay in la rakibo:
apt install curl
Si loo go'aamiyo ciwaanka IP-ga dibadeed iyo dekedda UDP, adeegso amarka macmiilka:
stun stun.sipnet.ru -v -p $1 2>&1 | grep "MappedAddress"
Ku rakibida amarka:
apt install stun-client
Si loo abaabulo tunnel, qalabka OS caadiga ah ee xirmada iproute2 ayaa la isticmaalaa. Jira
- Ku shub moduleka FOU:
modprobe fou
- dhegayso dekedda deegaanka:
ip fou add port $localport ipproto 4
- samee tunnel:
ip link add name fou$name type ipip remote $remoteip local $localip encap fou encap-sport $localport encap-dport $remoteport
- kor u qaad interface tunnel:
ip link set up dev fou$name
- U qoondee ciwaannada IP ee fog ee gudaha iyo gudaha ee tunnelka:
ip addr add $intIP peer $peerip dev fou$name
Tirtir tunnel:
ip link del dev fou$name
ip fou del port $localport
Gobolka tunnel-ka waxaa lagu kormeeraa iyadoo si joogto ah loogu dhejiyo ciwaanka IP-ga gudaha ee tunnel-ka fog oo leh amarka:
ping -c 1 $peerip -s 0
Pining periodic ayaa loo baahan yahay ugu horreyn si loo ilaaliyo kanaalka, haddii kale, marka tunnelku uu shaqeynayo, miisaska NAT ee router-yada ayaa laga yaabaa in la nadiifiyo ka dibna xiriirku wuu go'i doonaa.
Haddii ping-ku baaba'o, markaas tunnelka IPIP waa la tirtiray wuxuuna sugayaa diyaargarowga martigeliyaha fog.
Qoraalka laftiisa:
#!/bin/bash
username="[email protected]"
password="password"
folder="vpnid"
intip="10.0.0.1"
localport=`shuf -i 10000-65000 -n 1`
cid=`shuf -i 10000-99999 -n 1`
tid=`shuf -i 10-99 -n 1`
function yaread {
curl -s --user "$1:$2" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/$3 | sed 's/></>n</g' | grep "displayname" | sed 's/<d:displayname>//g' | sed 's/</d:displayname>//g' | grep -v $3 | grep -v $4 | sort -r
}
function yacreate {
curl -s -X MKCOL --user "$1:$2" https://webdav.yandex.ru/$3
}
function yadelete {
curl -s -X DELETE --user "$1:$2" https://webdav.yandex.ru/$3
}
function myipport {
stun stun.sipnet.ru -v -p $1 2>&1 | grep "MappedAddress" | sort | uniq | awk '{print $3}' | head -n1
}
function tunnel-up {
modprobe fou
ip fou add port $4 ipproto 4
ip link add name fou$7 type ipip remote $1 local $3 encap fou encap-sport $4 encap-dport $2
ip link set up dev fou$7
ip addr add $6 peer $5 dev fou$7
}
function tunnel-check {
sleep 10
pings=0
until [[ $pings == 4 ]]; do
if ping -c 1 $1 -s 0 &>/dev/null;
then echo -n .; n=0
else echo -n !; ((pings++))
fi
sleep 15
done
}
function tunnel-down {
ip link del dev fou$1
ip fou del port $2
}
trap 'echo -e "nDisconnecting..." && yadelete $username $password $folder; tunnel-down $tunnelid $localport; echo "IPIP tunnel disconnected!"; exit 1' 1 2 3 8 9 14 15
until [[ -n $end ]]; do
yacreate $username $password $folder
until [[ -n $ip ]]; do
mydate=`date +%s`
timeout="60"
list=`yaread $username $password $folder $cid | head -n1`
yacreate $username $password $folder/$mydate:$cid
for l in $list; do
if [ `echo $l | sed 's/:/ /g' | awk {'print $1'}` -ge $(($mydate-65)) ]; then
#echo $list
myipport=`myipport $localport`
yacreate $username $password $folder/$mydate:$cid:$myipport:$intip:$tid
timeout=$(( $timeout + `echo $l | sed 's/:/ /g' | awk {'print $1'}` - $mydate + 3 ))
ip=`echo $l | sed 's/:/ /g' | awk '{print $3}'`
port=`echo $l | sed 's/:/ /g' | awk '{print $4}'`
peerip=`echo $l | sed 's/:/ /g' | awk '{print $5}'`
peerid=`echo $l | sed 's/:/ /g' | awk '{print $6}'`
if [[ -n $peerid ]]; then tunnelid=$(($peerid*$tid)); fi
fi
done
if ( [[ -z "$ip" ]] && [ "$timeout" -gt 0 ] ) ; then
echo -n "!"
sleep $timeout
fi
done
localip=`ip route get $ip | head -n1 | sed 's|.*src ||' | cut -d' ' -f1`
tunnel-up $ip $port $localip $localport $peerip $intip $tunnelid
tunnel-check $peerip
tunnel-down $tunnelid $localport
yadelete $username $password $folder
unset ip port myipport
done
exit 0
Kala duwanaansho username, password ΠΈ folder waa inay isku mid noqdaan labada dhinac, laakiin tilmaan - kala duwan, tusaale ahaan: 10.0.0.1 iyo 10.0.0.2. Waqtiga qanjidhada ku yaal waa in la isla meel dhigaa. Waxaad u socodsiin kartaa qoraalka sidan:
nohup script.sh &
Waxaan jeclaan lahaa inaan dareenkaaga ku soo jeediyo xaqiiqda ah in tunnel-ka IPIP uu yahay mid aan ammaan ahayn marka loo eego aragtida xaqiiqda ah in taraafikada aan la sirin, laakiin tan si fudud ayaa loo xallin karaa iyadoo la adeegsanayo IPsec over.
Waxa aan isticmaalayay qoraalkan si aan ugu xidho kombayutarka shaqada muddo dhawr toddobaad ah hadda wax dhibaato ah ma aanan dareemin. Ku habboon dejinta iyo illowsiinteeda.
Waxaa laga yaabaa inaad hesho faallooyin iyo talooyin, waan ku farxi doonaa inaan dhegeysto.
Qalbadda
Source: www.habr.com