ProHoster > Blog > Maamulka > Ku sameynta router SOCKS ah laptop-ka Debian 10

Ku sameynta router SOCKS ah laptop-ka Debian 10

Sannad dhan (ama laba) ayaan dib u dhigay daabacaadda maqaalkan sababta ugu weyn awgeed - waxaan horey u daabacay laba maqaal oo aan ku sharraxay habka loo abuurayo router-ka SOCKS-ka laptop aad u caadi ah oo leh Debian.

Si kastaba ha ahaatee, tan iyo markaas nooca deggan Debian Waxaan u casriyeeyay Buster, dad badan ayaana si gaar ah ila soo xiriiray iyagoo iga codsaday caawimaad ku saabsan dejinta, taasoo la micno ah in maqaalladii hore aysan dhammaystirnayn. Hagaag, waxaan hore u tuhunsanaa in hababka lagu sharraxay aysan si buuxda u dabooli doonin dhammaan faahfaahinta dejinta. Linux loogu talagalay marin u helidda SOCKS. Intaa waxaa dheer, waxaa loo qoray Debian Kala bixid, ka dib markii aan u cusbooneysiiyay Buster, waxaan arkay isbeddello yar yar oo ku yimid sida adeegyadu ula falgalaan nidaamka systemd init. Sidoo kale ma aanan isticmaalin systemd-networkd maqaallada laftooda, inkastoo ay ugu habboon tahay habaynta shabakadaha adag.

Waxa u dheer isbeddelada sare, adeegyada soo socda ayaa lagu daray qaabayntayda: la haysto - adeegga goobta laga galo, ntp in la is waafajiyo wakhtiga macaamiisha shabakada deegaanka, DNS-proxy in la sireeyo isku xirka DNS oo la joojiyo xayeysiiska macaamiisha shabakadaha maxalliga ah, iyo sidoo kale, sidaan hore u soo sheegay, systemd-networked si loo habeeyo is-dhexgalka shabakadaha.

Halkan waxaa ah jaantuska xannibaadda fudud ee qaabka gudaha ee router sida.

Ku sameynta router SOCKS ah laptop-ka Debian 10

Haddaba, waxaan idin xasuusin doonaa waxa ay yihiin hadafyada qormooyinkan taxanaha ah:

  1. Jid dhammaan xiriirada OS ee SOCKS, iyo sidoo kale xirmooyinka dhammaan aaladaha ku xiran isla shabakadda laptop-ka.
  2. Laptop-ka kiiskeyga ku jira waa inuu ahaadaa mid guurguura. Taasi waa, in la siiyo fursadda lagu isticmaalo jawiga desktop oo aan lagu xidhin meel jireed.
  3. Qodobka ugu dambeeya waxa uu tusinayaa isku xidhka iyo ku-socodka oo kaliya iyada oo loo marayo is-dhexgalka wireless-ka ku dhex-jira.
  4. Waa hagaag, iyo dabcan, abuurista hage dhammaystiran, iyo sidoo kale falanqaynta tignoolajiyada ku habboon sida ugu wanaagsan ee aqoontayda suubban.

Maxaa lagu dabooli doonaa maqaalkan:

  1. git - soo dejiso kaydka mashruuca tun2socksloo baahan yahay in lagu wado taraafikada TCP ilaa SOCKS, iyo abuuri_ap - qoraal si otomaatig ah loogu dejiyo barta gelitaanka dalwaddii iyadoo la isticmaalayo la haysto.
  2. tun2socks - dhis oo ku rakib adeegga habaysan ee nidaamka.
  3. systemd-networked - habee wireless-ka iyo is-dhexyaalka dalwaddiinta, miisaska marin-u-socodka ah ee taagan iyo dib-u-hagidda xirmooyinka.
  4. abuuri_ap - Ku rakib adeegga habaysan ee nidaamka, habbee oo bilow barta gelitaanka farsamada.

Talaabooyinka ikhtiyaariga ah:

  • ntp - rakib oo habee serfer si ay wakhtiga ugu wada-shaqeeyaan macaamiisha barta marin-u-helka ah.
  • DNS-proxy - Waxaan sir doona codsiyada DNS, u marin doonaa SOCKS oo aan joojin doonaa domains xayeysiiska ee shabakada deegaanka.

Waa maxay waxan oo dhan?

Tani waa mid ka mid ah siyaabaha lagu sugo isku xirka TCP ee shabakada deegaanka. Faa'iidada ugu weyn ayaa ah in dhammaan isku xirnaanta lagu sameeyo SOCKS, haddii aan loo dhisin dariiq taagan iyaga oo soo maraya albaabkii asalka ahaa. Tani waxay ka dhigan tahay inaadan u baahnayn inaad qeexdo goobaha server-ka SOCKS ee barnaamijyada gaarka ah ama macaamiisha shabakada deegaanka - dhamaantood waxay aadaan SOCKS si caadi ah, maadaama ay tahay albaabka caadiga ah ilaa aan si kale u muujineyno.

Asal ahaan waxaan ku darnaa router sir ah oo labaad oo ah laptop ka hor router-kii asalka ahaa waxaana u isticmaalnaa isku xirka Internetka ee asalka ah laptop-ka codsiyada SOCKS ee horey u qarsoonaa, kaas oo markooda marinaya oo sirta codsiyada macaamiisha LAN.

Marka laga eego aragtida bixiyaha, waxaan si joogto ah ugu xiranahay hal server oo leh taraafikada sir ah.

Sidaa darteed, dhammaan aaladaha waxay ku xiran yihiin barta gelitaanka farsamada ee laptop-ka.

Ku rakib tun2socks nidaamka

Ilaa inta mashiinkaagu leeyahay internet, soo deji dhammaan qalabka lagama maarmaanka ah.

apt update
apt install git make cmake

Soo deji xirmada badvpn

git clone https://github.com/ambrop72/badvpn

Gal ayaa ka muuqan doona nidaamkaaga badvpn. U samee gal gaar ah dhismaha

mkdir badvpn-build

U tag

cd badvpn-build

Ururi tun2socks

cmake ../badvpn -DBUILD_NOTHING_BY_DEFAULT=1 -DBUILD_TUN2SOCKS=1

Ku rakib nidaamka

make install
  • Xildhibaan -DBUILD_NOTHING_BY_DEFAULT=1 wuxuu curyaamiyaa dhismaha dhammaan qaybaha kaydka badvpn
  • -DBUILD_TUN2SOCKS=1 waxaa ku jira qayb ka mid ah golaha tun2socks.
  • make install - waxay ku rakibi doontaa binary tun2socks nidaamkaaga at /usr/local/bin/badvpn-tun2socks.

Ku rakib adeegga tun2socks gudaha systemd

Samee fayl /etc/systemd/system/tun2socks.service oo leh nuxurka soo socda:

[Unit]
Description=SOCKS TCP Relay

[Service]
ExecStart=/usr/local/bin/badvpn-tun2socks --tundev tun2socks --netif-ipaddr 172.16.1.1 --netif-netmask 255.255.255.0 --socks-server-addr 127.0.0.1:9050

[Install]
WantedBy=multi-user.target
  • --tundev - waxay qaadataa magaca interface interface ee aan ku bilowno systemd-networkd.
  • --netif-ipaddr - ciwaanka shabakadda tun2socks "router" kaas oo interface-ka dalwaddu uu ku xiran yahay. Way fiicantahay in la kala saaro subnet kaydsan.
  • --socks-server-addr - aqbal godka (адрес:порт Adeegayaasha SOCKS).

Haddii server-ka SOCKS uu u baahan yahay xaqiijin, waxaad qeexi kartaa cabbirrada --username и --password.

Marka xigta, diiwaan geli adeegga

systemctl daemon-reload

Oo shid

systemctl enable tun2socks

Kahor intaadan bilaabin adeega, waxaan ku siin doonaa is-dhexgal shabakadeed.

U beddelashada nidaamka-networkd

Waxaan ka mid nahay systemd-networkd:

systemctl enable systemd-networkd

Jooji adeegyada shabakada hadda.

systemctl disable networking NetworkManager NetworkManager-wait-online
  • NetworkManager-sug-online waa adeeg sugaya isku xirka shabakada shaqada ka hor inta systemd uusan sii wadin inuu bilaabo adeegyada kale ee ku xiran jiritaanka shabakad. Waanu curyaaminaynaa marka aan u wareegno analoogga nidaamka-shabadhka leh.

Aan awood u yeelo isla markiiba:

systemctl enable systemd-networkd-wait-online

Deji interface-ka shabakadda wireless-ka

U samee faylka isku xidhka nidaamka isku xidhka ee isku xidhka shabakada wireless /etc/systemd/network/25-wlp6s0.network.

[Match]
Name=wlp6s0

[Network]
Address=192.168.1.2/24
IPForward=yes
  • magaca waa magaca interface-kaaga wireless-ka. Ku aqoonso amarka ip a.
  • IPForward - dardaaran awood u siinaya dib u habeynta baakadaha ee isku xirka shabakada.
  • Cinwaanka waxay mas'uul ka tahay u-dejinta ciwaanka IP-ga is-dhexgalka wireless-ka. Waxaan u qeexnay si toos ah sababtoo ah dardaaranka u dhigma DHCP=yes, systemd-networkd waxa ay ku abuurtaa marin aan caadi ahayn nidaamka. Markaa taraafikada oo dhami waxay mari doonaan albaabkii asalka ahaa, ee ma mari doonaan interface-ka mustaqbalka ee shabakad hoose oo kale. Waxaad ku hubin kartaa albaabka hore ee hadda jira amarka ip r

U samee waddo taagan seerfarka SOCKS ee fog

Haddii server-ka SOCKS aanu ahayn mid maxali ah, balse uu fog yahay, markaa waxaad u baahan tahay inaad u samayso waddo taagan. Si tan loo sameeyo, ku dar qayb Route ilaa dhamaadka faylka qaabaynta interface interface ee aad ku abuurtay waxa soo socda:

[Route]
Gateway=192.168.1.1
Destination=0.0.0.0
  • Gateway - kani waa albaabka hore ama ciwaanka bartaada asalka ah.
  • Destination - cinwaanka serverka SOCKS.

U deji wpa_supplicant ee nidaamkad-networkd

systemd-networkd waxay isticmaashaa wpa_supplicant si ay ugu xidho meel aamin ah. Markaad isku dayeyso inaad "kor u qaaddo" interface-ka wireless-ka, systemd-networkd ayaa bilaabaya adeegga wpa_supplicant@имяhalkaas oo имя waa magaca interface wireless. Haddii aanad isticmaalin systemd-networkd ka hor bartan, markaas adeegani waxa ay u badan tahay in uu ka maqan yahay nidaamkaaga.

Markaa ku samee amarka:

systemctl enable wpa_supplicant@wlp6s0

waan isticmaalay wlp6s0 sida magaca interface ay wireless. Magacaagu wuu ka duwanaan karaa Waxaad ku garan kartaa amarka ip l.

Hadda adeegga la abuuray wpa_supplicant@wlp6s0 Waxaa la bilaabayaa marka is-dhexgalka wirelessku "kor u kaco", si kastaba ha ahaatee, iyadu, iyadu, waxay raadin doontaa SSID iyo goobaha sirta ah ee barta gelitaanka faylka /etc/wpa_supplicant/wpa_supplicant-wlp6s0. Sidaa darteed, waxaad u baahan tahay inaad abuurto adigoo isticmaalaya utility wpa_passphrase.

Si tan loo sameeyo, socodsii amarka:

wpa_passphrase SSID password>/etc/wpa_supplicant/wpa_supplicant-wlp6s0.conf

halkaas oo SSID waa magaca barta marinkaaga, erayga sirta ah waa erayga sirta ah, iyo wlp6s0 - magaca interface wireless-kaaga.

Bilow interface-ka farsamada ee tun2socks

Samee fayl si aad u bilawdo interface cusub oo nidaamka/etc/systemd/network/25-tun2socks.netdev

[NetDev]
Name=tun2socks
Kind=tun
  • magaca waa magaca systemd-networkd ku meelayn doona interface-ka mustaqbalka marka la bilaabo.
  • Kind waa nooc ka mid ah interface interface. Magaca adeegga tun2socks, waxaad qiyaasi kartaa inay isticmaasho interface sida tun.
  • netdev waa kordhinta faylasha in systemd-networkd Wuxuu adeegsadaa si uu u bilaabo interfaces-ka isku xirka shabakadda. Ciwaanka iyo goobaha shabakadaha kale ee isku xidhka ayaa lagu cayimay . shabakadda-faylal

Samee fayl sidan oo kale ah /etc/systemd/network/25-tun2socks.network oo leh nuxurka soo socda:

[Match]
Name=tun2socks

[Network]
Address=172.16.1.2/24
Gateway=172.16.1.1
  • Name - Magaca interface interface ee aad ku qeexday netdev-faylka.
  • Address - Ciwaanka IP-ga oo lagu meelayn doono interface-ka farsamada. Waa inuu ku jiraa shabakad la mid ah cinwaanka aad ku sheegtay adeegga tun2socks
  • Gateway - Ciwaanka IP-ga ee "router" tun2socks, kaas oo aad qeexday markii aad abuuraysay adeegga habaysan.

Markaa interface-ka tun2socks wuxuu leeyahay cinwaan 172.16.1.2, iyo adeegga tun2socks - 172.16.1.1, taas oo ah, waa albaabka laga galo dhammaan isku xirka interface interface-ka.

Deji barta gelitaanka farsamada

Ku-tiirsanaanta ku rakib:

apt install util-linux procps hostapd iw haveged

Soo deji bakhaarka samee_ap baabuurkaaga:

git clone https://github.com/oblique/create_ap

Aad faylka kaydka ee mashiinkaaga:

cd create_ap

Ku rakib nidaamka:

make install

Habayn ayaa ka muuqan doona nidaamkaaga /etc/create_ap.conf. Halkan waxaa ah xulashooyinka tafatirka ugu weyn:

  • GATEWAY=10.0.0.1 - Way fiicantahay in la sameeyo subnet gaar ah.
  • NO_DNS=1 dami, mar haddii halbeeggaan lagu maamuli doono is-dhex galka nidaamka-shabakadda leh.
  • NO_DNSMASQ=1 - dami isla sabab la mid ah.
  • WIFI_IFACE=wlp6s0 - Laptop interface wireless.
  • INTERNET_IFACE=tun2socks - interface dalwaddii loo sameeyay tun2socks.
  • SSID=hostapd - magaca barta gelitaanka farsamada.
  • PASSPHRASE=12345678 - erayga sirta ah.

Ha iloobin inaad awood u siiso adeegga:

systemctl enable create_ap

Ka yeel server-ka DHCP ee systemd-networkd

Adeeg create_ap wuxuu bilaabaa interface-ka farsamada ee nidaamka Ap0. Aragti ahaan, dnsmasq waxay ku xidhan tahay interface-kan, laakiin maxaad u rakibaysaa adeegyo dheeraad ah haddii systemd-networkd ka kooban yahay server DHCP ah?

Si aan awood ugu yeesho, waxaanu qeexi doonaa shabakadaha shabakadaha barta farsamada. Si tan loo sameeyo, samee fayl /etc/systemd/network/25-ap0.network oo leh nuxurka soo socda:

[Match]
Name=ap0

[Network]
Address=10.0.0.1/24
DHCPServer=yes

[DHCPServer]
EmitDNS=yes
DNS=10.0.0.1
EmitNTP=yes
NTP=10.0.0.1

Ka dib markii adeegga create_ap uu bilaabo interface-ka farsamada ap0, systemd-networkd ayaa si toos ah ugu meelayn doonta ciwaanka IP-ga oo awood u siin doona serverka DHCP.

Xargaha EmitDNS=yes и DNS=10.0.0.1 u gudbi goobaha server-ka DNS aaladaha ku xiran barta gelitaanka.

Haddii aadan qorsheyneynin inaad isticmaasho server-ka deegaanka ee DNS - kiiskeyga waa dnscrypt-proxy - waad ku rakibi kartaa DNS=10.0.0.1 в DNS=192.168.1.1halkaas oo 192.168.1.1 - ciwaanka albaabkaga asalka ah. Dabadeed codsiyada DNS ee martigeliyahaaga iyo shabakadda maxalliga ahi waxay geli doonaan qarsoodi la'aan iyada oo loo marayo server-yada bixiyaha.

EmitNTP=yes и NTP=192.168.1.1 wareejinta goobaha NTP.

Si la mid ah khadka NTP=10.0.0.1.

Ku rakib oo habee server-ka NTP

Ku rakib nidaamka:

apt install ntp

Wax ka beddel qaabka /etc/ntp.conf. Faallo ka bixi ciwaannada barkadaha caadiga ah:

#pool 0.debian.pool.ntp.org iburst
#pool 1.debian.pool.ntp.org iburst
#pool 2.debian.pool.ntp.org iburst
#pool 3.debian.pool.ntp.org iburst

Ku dar ciwaanada serverka dad waynaha, tusaale ahaan Google Public NTP:

server time1.google.com ibrust
server time2.google.com ibrust
server time3.google.com ibrust
server time4.google.com ibrust

Sii gelitaanka serverka macaamiisha shabakadaada:

restrict 10.0.0.0 mask 255.255.255.0

Daar baahinta shabakadaada:

broadcast 10.0.0.255

Ugu dambeyntii, ku dar ciwaannada server-yadaan miiska dajinta ee taagan. Si tan loo sameeyo, fur faylka qaabeynta interface interface /etc/systemd/network/25-wlp6s0.network kuna dar dhamaadka qaybta Route.

[Route]
Gateway=192.168.1.1
Destination=216.239.35.0

[Route]
Gateway=192.168.1.1
Destination=216.239.35.4

[Route]
Gateway=192.168.1.1
Destination=216.239.35.8

[Route]
Gateway=192.168.1.1
Destination=216.239.35.12

Waxaad ka heli kartaa ciwaanada server-yada NTP adiga oo isticmaalaya utility host sida soo socota:

host time1.google.com

Ku rakib dnscrypt-proxy, ka saar xayeysiisyada oo ka qari taraafikada DNS adeeg bixiyahaaga

apt install dnscrypt-proxy

Si aad ugu adeegto martigeliyaha iyo weydiimaha shabakadda deegaanka ee DNS, tafatir godka /lib/systemd/system/dnscrypt-proxy.socket. Beddel khadadka soo socda:

ListenStream=0.0.0.0:53
ListenDatagram=0.0.0.0:53

Dib u bilow systemd:

systemctl daemon-reload

Wax ka beddel qaabka /etc/dnscrypt-proxy/dnscrypt-proxy.toml:

server_names = ['adguard-dns']

Si aad isku xirka dnscrypt-proxy ugu marto tun2socks, ku dar hoos:

force_tcp = true

Wax ka beddel qaabka /etc/resolv.conf, kaas oo u sheegaya server-ka DNS martigeliyaha.

nameserver 127.0.0.1
nameserver 192.168.1.1

Xariiqda kowaad waxa ay awood u siinaysaa isticmaalka dnscrypt-proxy, khadka labaad waxa uu isticmaalayaa albaabka asalka ah haddii ay dhacdo in dnscrypt-proxy server aan la heli karin.

Doon!

Dib u kici ama jooji socodsiinta adeegyada shabakada:

systemctl stop networking NetworkManager NetworkManager-wait-online

Oo dib u bilow dhammaan lagama maarmaanka ah:

systemctl restart systemd-networkd tun2socks create_ap dnscrypt-proxy ntp

Ka dib dib-u-bilawga ama dib-u-bilawga, waxaad yeelan doontaa marin labaad oo marin u ah martida loo yahay iyo aaladaha LAN ee SOCKS.

Tani waa sida wax soo saarku u eg yahay ip a Laptop caadi ah:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: tun2socks: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 500
    link/none 
    inet 172.16.1.2/24 brd 172.16.1.255 scope global tun2socks
       valid_lft forever preferred_lft forever
    inet6 fe80::122b:260:6590:1b0e/64 scope link stable-privacy 
       valid_lft forever preferred_lft forever
3: enp4s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
    link/ether e8:11:32:0e:01:50 brd ff:ff:ff:ff:ff:ff
4: wlp6s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 4c:ed:de:cb:cf:85 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.2/24 brd 192.168.1.255 scope global wlp6s0
       valid_lft forever preferred_lft forever
    inet6 fe80::4eed:deff:fecb:cf85/64 scope link 
       valid_lft forever preferred_lft forever
5: ap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 4c:ed:de:cb:cf:86 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.1/24 brd 10.0.0.255 scope global ap0
       valid_lft forever preferred_lft forever
    inet6 fe80::4eed:deff:fecb:cf86/64 scope link 
       valid_lft forever preferred_lft forever

Gabagabadii

  1. Bixiyuhu waxa uu kaliya arkaa xidhiidhka sir ah ee server-kaaga SOCKS, taas oo macnaheedu yahay waxba ma arkaan.
  2. Haddana waxay aragta codsiyadaada NTP, si taas looga hortago, ka saar dariiqyada taagan server-yada NTP. Si kastaba ha ahaatee, lama hubo in serfarkaga SOCKS uu ogolanayo hab-maamuuska NTP.

Crutch ayaa lagu arkay Debain 10

Haddii aad isku daydo in aad dib uga bilowdo adeegga shabakadda console-ka, waxa ay ku fashilmi doontaa khalad. Tani waxay sabab u tahay xaqiiqda ah in qayb ka mid ah qaab muuqaal ah oo muuqaal ah ay ku xiran tahay adeegga tun2socks, taas oo macnaheedu yahay in la isticmaalo. Si aad dib ugu bilowdo adeega shabakada, waa in aad marka hore joojisaa adeega tun2socks. Laakiin, waxaan u maleynayaa, haddii aad akhrido ilaa dhamaadka, tani dhab ahaantii dhib kuguma aha!

tixraacyada

  1. Jid-socod aan joogto ahayn oo ku jira Linux — IBM
  2. systemd-networkd.adeegga - Freedesktop.org
  3. Tun2socks · ambrop72/badvpn Wiki · GitHub
  4. oblique/create_ap: Qoraalkani waxa uu abuuraa NATed ama la isku xidhidhay barta gelitaanka WiFi.
  5. dnscrypt-proxy 2 - Wakiil DNS ah oo dabacsan, oo taageera borotokoolka DNS sir ah.

Source: www.habr.com

U soo iibso martigelin lagu kalsoonaan karo oo loogu talagalay bogagga leh ilaalinta DDoS, VPS VDS servers 🔥 Iibso martigelin degel oo lagu kalsoonaan karo oo leh ilaalinta DDoS, VPS VDS servers | ProHoster