Ke kopa ho arolelana phihlelo ea ka ea ho kopanya marang-rang lifoleteng tse tharo tse hōle, 'me e' ngoe le e 'ngoe ea tsona e sebelisa li-routers tse nang le OpenWRT e le monyako, ho kena marang-rang a tloaelehileng. Ha u khetha mokhoa oa ho kopanya marang-rang pakeng tsa L3 le subnet routing le L2 e nang le borokho, ha li-node tsohle tsa marang-rang li tla ba ka har'a subnet e le 'ngoe, khetho e ile ea fuoa mokhoa oa bobeli, oo ho leng thata ho o lokisa, empa o fana ka menyetla e mengata, kaha e pepenene. Tšebeliso ea mahlale e ne e reriloe ho netweke e entsoeng Wake-on-Lan le DLNA.
Karolo ea 1: Semelo
Protokhole e khethiloeng ho kenya tshebetsong mosebetsi ona e ne e le qalong OpenVPN, hobane, pele, e ka etsa sesebelisoa sa pompo se ka eketsoang borokhong ntle le mathata, 'me ea bobeli, OpenVPN E tšehetsa TCP, e leng se neng se le bohlokoa hape, kaha ha ho le e 'ngoe ea lifolete e neng e e-na le aterese ea IP e khethehileng. Ke ne ke sa khone ho sebelisa STUN hobane ISP ea ka, ka lebaka le itseng, e thibela likhokahano tse kenang tsa UDP ho tsoa marang-rang a eona. TCP e ile ea ntumella ho fetisetsa koung ea seva ea VPN ho VPS e hiriloeng ke sebelisa SSH. Le hoja mokhoa ona o baka litšenyehelo tse kholo, kaha data e patiloe habeli, ke ne ke sa batle ho kopanya VPS marang-rang a ka a poraefete, kaha ho ne ho e-na le kotsi ea hore batho ba bang ba e laole. Ka hona, ho ba le sesebelisoa se joalo marang-rang a ka a lapeng ho ne ho sa ratehe haholo, kahoo ke ile ka etsa qeto ea ho lefa litšenyehelo tse ngata bakeng sa ts'ireletso.
Ho fetisetsa kou ho router moo seva e neng e reretsoe ho kenngoa teng, ke sebelisitse lenaneo la sshtunnel. Nke ke ka kena lintlheng tse qaqileng tsa tlhophiso ea eona—ho bonolo haholo. Ke tla hlokomela feela hore morero oa eona e ne e le ho fetisetsa kou ea TCP 1194 ho tloha ho router ho ea ho VPS. Ka mor'a moo, ke ile ka hlophisa seva. OpenVPN Sesebedisweng sa tap0, se neng se hokahantsoe le borokho ba br-lan. Kamora ho leka khokahano ho seva e sa tsoa etsoa ho tsoa laptop ea ka, ho ile ha hlaka hore mohopolo oa ho fetisetsa koung o sebelitse, 'me laptop ea ka e se e le setho sa marang-rang a router, leha e ne e se karolo ea eona ea 'mele.
Ntho feela e setseng e ne e le ho aba liaterese tsa IP lifoleteng tse fapaneng e le hore li se ke tsa thulana le ho hlophisa li-router joalo ka ha li le joalo. OpenVPN-bareki.
Liaterese tse latelang tsa IP tsa router le mekhahlelo ea li-server tsa DHCP li khethiloe:
- 192.168.10.1 e nang le mefuta 192.168.10.2 - 192.168.10.80 bakeng sa seva
- 192.168.10.100 e nang le mefuta 192.168.10.101 - 192.168.10.149 bakeng sa router ka foleteng ea No
- 192.168.10.150 e nang le mefuta 192.168.10.151 - 192.168.10.199 bakeng sa router ka foleteng ea No
Ho ne ho boetse ho hlokahala ho abela liaterese tsena ho li-router tsa bareki. OpenVPN-server, ka ho eketsa mola o latelang ho tlhophiso ea eona:
ifconfig-pool-persist /etc/openvpn/ipp.txt 0le ho eketsa mela e latelang ho faele ea /etc/openvpn/ipp.txt:
flat1_id 192.168.10.100
flat2_id 192.168.10.150
moo flat1_id le flat2_id e leng mabitso a sesebediswa a hlalositsweng ha ho thehwa disetifikeiti tsa ho hokela ho OpenVPN
Ka mor'a moo, li-router li ile tsa hlophisoa OpenVPN- bareki, disebediswa tsa tap0 ho bobedi di ile tsa eketswa borokhong ba br-lan. Nakong ena, ntho e nngwe le e nngwe e ne e bonahala e lokile, kaha marangrang ohle a mararo a ne a kgona ho bonana mme a sebetsa jwalo ka yuniti e le nngwe. Leha ho le jwalo, ho ile ha hlaha ntlha e sa thabiseng: ka dinako tse ding disebediswa di ne di tla fumana aterese ya IP ho tswa ho router e fosahetseng, mme ditlamorao tsohle tse latelang di ile tsa hlaha. Ka lebaka le itseng, router e foleteng e nngwe e ile ya hloleha ho araba DHCPDISCOVER ka nako, mme sesebediswa se ile sa fumana aterese e fosahetseng. Ke ile ka hlokomela hore ke hloka ho sefa dikopo tse jwalo ho tap0 ho router e nngwe le e nngwe, empa ha ho ntse ho etsahala, iptables e ke ke ya sebetsa le sesebediswa haeba e le karolo ya borokho, kahoo ke ne ke hloka ho sebedisa ebtables. Ka bomadimabe, firmware ya ka ha e a ka ya e kenyelletsa, kahoo ke ile ka tlameha ho tsosolosa ditshwantsho bakeng sa sesebediswa se seng le se seng. Kamora ho etsa sena le ho eketsa mela e latelang ho /etc/rc.local ho router e nngwe le e nngwe, bothata bo ile ba rarollwa:
ebtables -A INPUT --in-interface tap0 --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -A INPUT --in-interface tap0 --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP
ebtables -A FORWARD --out-interface tap0 --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -A FORWARD --out-interface tap0 --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP
Tokiso ena e ile ea nka lilemo tse tharo.
Karolo ea 2: Ho Tseba WireGuard
Morao tjena, ho bile le puisano e ntseng e eketseha Inthaneteng mabapi le WireGuard, ke khahloa ke bonolo ba eona ba ho e hlophisa, lebelo le phahameng la phetisetso, ping e tlase, le ts'ireletso e ts'oanang. Patlo ea tlhaiso-leseling e eketsehileng ka eona e senotse hore ha e tšehetse tšehetso ea setho sa bridge kapa protocol ea TCP, e leng se ileng sa etsa hore ke lumele hore ha ho na mokhoa o mong. OpenVPN ho 'na ha e so fihle. Kahoo ke ile ka lieha ho tseba WireGuard.
Matsatsi a 'maloa a fetileng, litaba li ile tsa hasana ka mehloli e amanang le IT ka tsela e 'ngoe kapa e 'ngoe hore WireGuard qetellong e tla kenyelletsoa ka har'a kernel Linux, ho qala ka mofuta wa 5.6. Dihlooho tsa ditaba, jwalo ka mehla, di ile tsa roriswa WireGuardKe ile ka boela ka teba ho batleng litsela tsa ho nkela lintho tsa khale tse ntle sebaka OpenVPNLekhetlong lena ke ile ka kopana le . E buile ka ho theha kotopo ea Ethernet holim'a L3 e sebelisa GRE. Sehlooho sena se ile sa mpha tšepo. Ho ne ho ntse ho sa hlaka hore na ho etsoe eng ka protocol ea UDP. Ho batla ho ile ha nkisa lihloohong tse mabapi le ho sebelisa socat hammoho le kotopo ea SSH ho fetisetsa sekepe sa UDP, leha ho le joalo, ba hlokometse hore mokhoa ona o sebetsa feela ka mokhoa o le mong oa ho hokahanya, ho bolelang hore bareki ba bangata ba VPN ba ke ke ba khonahala. Ke ile ka ba le mohopolo oa ho theha seva sa VPN ho VPS, le ho theha GRE bakeng sa bareki, empa ha e le hantle, GRE ha e tšehetse ho kenyeletsa, e leng se tla lebisa tabeng ea hore haeba batho ba boraro ba fumana monyetla oa ho fumana seva. , sephethephethe sohle pakeng tsa marang-rang a ka se matsohong a bona se neng se sa ntšoane ho hang.
Hape, qeto e ile ea etsoa molemong oa ho kenyelletsa encryption, ka ho sebelisa VPN holim'a VPN ho latela morero o latelang:
Lera la XNUMX VPN:
VPS ho seva ka aterese ea ka hare 192.168.30.1
MS ho moreki VPS e nang le aterese ea ka hare 192.168.30.2
MK2 ho moreki VPS e nang le aterese ea ka hare 192.168.30.3
MK3 ho moreki VPS e nang le aterese ea ka hare 192.168.30.4
Lera la XNUMX VPN:
MS ho seva le aterese ea ka ntle 192.168.30.2 le ka hare 192.168.31.1
MK2 ho moreki MS ka aterese 192.168.30.2 mme e na le IP ea ka hare ea 192.168.31.2
MK3 ho moreki MS ka aterese 192.168.30.2 mme e na le IP ea ka hare ea 192.168.31.3
* MS - router-server ka foleteng ea 1, MK2 - router ka foleteng ea 2, MK3 - router ka foleteng ea 3
* Litlhophiso tsa sesebelisoa li phatlalalitsoe ho spoiler qetellong ea sengoloa.
'Me kahoo, li-pings pakeng tsa li-node tsa marang-rang 192.168.31.0/24 tsamaea, ke nako ea ho tsoela pele ho theha kotopo ea GRE. Pele ho moo, e le hore u se ke ua lahleheloa ke phihlello ea li-routers, ho bohlokoa ho theha lithanele tsa SSH ho fetisetsa koung ea 22 ho VPS, e le hore, ka mohlala, router e tsoang foleteng ea 10022 e tla fumaneha boema-kepeng ba 2 ba VPS, le router ho tloha foleteng ea 11122 e tla ba teng ho port 3 ea router ea VPS ho tloha foleteng ea XNUMX. Ho molemo ho lokisa ho fetisa ka sshtunnel e tšoanang, kaha e tla tsosolosa kotopo haeba e oela.
Tonopo e hlophisitsoe, o ka hokela ho SSH ka boema-kepe bo fetisitsoeng:
ssh root@МОЙ_VPS -p 10022E latelang o lokela ho tima OpenVPN:
/etc/init.d/openvpn stopJoale ha re theheng kotopo ea GRE ho router ho tloha foleteng ea 2:
ip link add grelan0 type gretap remote 192.168.31.1 local 192.168.31.2
ip link set grelan0 up
'Me eketsa sebopeho se entsoeng borokhong:
brctl addif br-lan grelan0
Ha re etse ts'ebetso e ts'oanang ho router ea seva:
ip link add grelan0 type gretap remote 192.168.31.2 local 192.168.31.1
ip link set grelan0 up
Hape, eketsa sebopeho se entsoeng borokhong:
brctl addif br-lan grelan0
ho qala ho tloha motsotso ona, li-pings li qala ho atleha ho ea marang-rang a macha mme 'na, ka khotsofalo, ke ea ho noa kofi. Joale, ho bona kamoo marang-rang a ka lehlakoreng le leng la terata a sebetsang kateng, ke leka ho SSH ho e 'ngoe ea lik'homphieutha tse foleteng ea 2, empa mofani oa ssh oa hoama ntle le ho ntšusumelletsa ho fumana phasewete. Ke leka ho hokahanya khomphuteng ena ka telnet ho port 22 mme ke bona mohala oo u ka o utloisisang hore khokahanyo e ntse e thehoa, seva sa SSH se arabela, empa ka lebaka le itseng ha se mphe ho kena.
$ telnet 192.168.10.110 22
SSH-2.0-OpenSSH_8.1
Ke leka ho hokela ho eona ka VNC mme ke bona skrine e ntšo. Ke ikholisa hore taba ena e khomphuteng e hole, hobane ke khona ho hokela router habonolo ho tloha foleteng ena ke sebelisa aterese ea ka hare. Leha ho le joalo, ke etsa qeto ea ho kenya SSH khomphuteng ena ka router 'me ke maketse ho fumana hore khokahanyo ea atleha le khomphuta e hole e sebetsa hantle empa e hloleha ho hokela komporo ea ka.
Ke ntša sesebelisoa sa grelan0 borokhong ebe kea se tsamaisa OpenVPN Ho router foleteng ea 2, ke ile ka tiisa hore marang-rang a ne a sebetsa hantle hape 'me likhokahano li ne li sa theohe. Ha ke ntse ke batla, ke ile ka kopana le liforamo moo batho ba neng ba tletleba ka mathata a tšoanang, le moo ba ileng ba eletsoa ho phahamisa MTU. Hang ha ho boletsoe ho etsoa. Leha ho le joalo, ho fihlela MTU e behiloe holimo ka ho lekaneng—7000 bakeng sa lisebelisoa tsa gretap—ke ile ka ba le likhokahano tsa TCP tse theohileng kapa lebelo le tlase la phetisetso. Ka lebaka la MTU e phahameng bakeng sa gretap, MTU bakeng sa likhokahano WireGuard Maemo a pele le a bobeli a ne a behiloe ho 8000 le 7500 ka ho latellana.
Ke ile ka etsa seta se tšoanang ho router ho tloha foleteng ea 3, ka phapang e le 'ngoe feela ea hore sebopeho sa bobeli sa gretap se bitsoang grelan1 se kenyelelitsoe ho router ea seva, e ileng ea boela ea eketsoa ho borokho ba br-lan.
Tsohle di a sebetsa. Joale o ka kenya kopano ea gretap ho autoload. Molemong oa sena:
E behile mela ena ho /etc/rc.local ho router ka foleteng ea 2:
ip link add grelan0 type gretap remote 192.168.31.1 local 192.168.31.2
ip link set dev grelan0 mtu 7000
ip link set grelan0 up
brctl addif br-lan grelan0
E kentse sena ho /etc/rc.local ho router ka foleteng ea 3:
ip link add grelan0 type gretap remote 192.168.31.1 local 192.168.31.3
ip link set dev grelan0 mtu 7000
ip link set grelan0 up
brctl addif br-lan grelan0
'Me ho router ea seva:
ip link add grelan0 type gretap remote 192.168.31.2 local 192.168.31.1
ip link set dev grelan0 mtu 7000
ip link set grelan0 up
brctl addif br-lan grelan0
ip link add grelan1 type gretap remote 192.168.31.3 local 192.168.31.1
ip link set dev grelan1 mtu 7000
ip link set grelan1 up
brctl addif br-lan grelan1
Kamora ho qala botjha li-router tsa bareki, ke ile ka fumana hore ka lebaka le itseng li ne li sa hokahane le seva. Kamora ho hokela ho SSH ea bona (ka lehlohonolo, ke ne ke se ke hlophisitse sshtunnel bakeng sa sena), ke ile ka fumana hore WireGuard Ka lebaka le itseng, e hlahisa tsela bakeng sa ntlha ea ho qetela, empa ha ea nepahala. Mohlala, bakeng sa 192.168.30.2, tafole ea tsela e hlalositse tsela e fetang sebopeho sa pppoe-wan, ke hore, ka inthanete, leha tsela e eang ho eona e ne e lokela ho lebisoa ka sebopeho sa wg0. Kamora ho hlakola tsela ena, khokahano e ile ea tsosolosoa. Na nka fumana litaelo kae kapa kae mabapi le mokhoa oa ho qobella WireGuard Ke ne ke sitoa ho qoba ho theha litsela tsena. Ho feta moo, ke ne ke sa utloisise hore na ena ke tšobotsi ea OpenWRT kapa ea WireGuardNtle le ho qeta nako e ngata ke ntse ke rarolla bothata, ke kentse mola feela ho sengoloa se thehiloeng ho nako ho li-router ka bobeli tse hlakotseng tsela ena:
route del 192.168.30.2
Ho akaretsa
Ho lahloa ka botlalo OpenVPN Ha ke so fihlelle sena, kaha ka linako tse ling ke hloka ho hokela netweke e ncha ho tsoa laptop kapa fonong, 'me ho seta sesebelisoa sa gretap ho tsona hangata ha ho khonehe. Leha ho le joalo, ho sa tsotellehe sena, ke fumane monyetla oa lebelo la phetisetso ea data lipakeng tsa lifolete, 'me ho sebelisa VNC, mohlala, hona joale ha ho na mathata. Ping e fokotsehile hanyane empa e tsitsitse haholoanyane:
Ho sebelisa OpenVPN:
[r0ck3r@desktop ~]$ ping -c 20 192.168.10.110
PING 192.168.10.110 (192.168.10.110) 56(84) bytes of data.
64 bytes from 192.168.10.110: icmp_seq=1 ttl=64 time=133 ms
...
64 bytes from 192.168.10.110: icmp_seq=20 ttl=64 time=125 ms
--- 192.168.10.110 ping statistics ---
20 packets transmitted, 20 received, 0% packet loss, time 19006ms
rtt min/avg/max/mdev = 124.722/126.152/136.907/3.065 ms
Ho sebelisa WireGuard:
[r0ck3r@desktop ~]$ ping -c 20 192.168.10.110
PING 192.168.10.110 (192.168.10.110) 56(84) bytes of data.
64 bytes from 192.168.10.110: icmp_seq=1 ttl=64 time=124 ms
...
64 bytes from 192.168.10.110: icmp_seq=20 ttl=64 time=124 ms
--- 192.168.10.110 ping statistics ---
20 packets transmitted, 20 received, 0% packet loss, time 19003ms
rtt min/avg/max/mdev = 123.954/124.423/126.708/0.675 ms
E angoa haholo ke ping e phahameng ho VPS e ka bang 61.5ms
Leha ho le jwalo, lebelo le eketsehile haholo. Kahoo, foleteng e nang le seva sa router, ke na le lebelo la khokahano ya inthanete la 30 Mbps, mme difoleteng tse ding ke 5 Mbps. Ho feta moo, nakong ya tshebediso OpenVPN Ha kea ka ka khona ho fihlella lebelo la phetisetso ea data lipakeng tsa marang-rang a fetang 3,8 Mbps ho latela lipalo tsa iperf, ha ke ntse ke WireGuard "e pompetse" ho fihlela ho 5 Mbit/sec e tšoanang.
Moralo WireGuard ho VPS[Interface]
Address = 192.168.30.1/24
ListenPort = 51820
PrivateKey = <ЗАКРЫТЫЙ_КЛЮЧ_ДЛЯ_VPS>
[Lithaka]
Senotlolo sa Sechaba = <VPN_1_MS_SENOTLOLO_SA_PUBLIC>
AllowedIPs = 192.168.30.2/32
[Lithaka]
Senotlolo sa Sechaba = <VPN_2_MK2_SENOTLOLO_SA_PUBLIC>
AllowedIPs = 192.168.30.3/32
[Lithaka]
Senotlolo sa Sechaba = <VPN_2_MK3_SENOTLOLO_SA_PUBLIC>
AllowedIPs = 192.168.30.4/32
Moralo WireGuard ho MS (e ekelitsoe ho /etc/config/network)
#VPN первого уровня - клиент
config interface 'wg0'
option proto 'wireguard'
list addresses '192.168.30.2/24'
option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_1_МС'
option auto '1'
option mtu '8000'
config wireguard_wg0
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_1_VPS'
option endpoint_port '51820'
option route_allowed_ips '1'
option persistent_keepalive '25'
list allowed_ips '192.168.30.0/24'
option endpoint_host 'IP_АДРЕС_VPS'
#VPN второго уровня - сервер
config interface 'wg1'
option proto 'wireguard'
option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_2_МС'
option listen_port '51821'
list addresses '192.168.31.1/24'
option auto '1'
option mtu '7500'
config wireguard_wg1
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_2_МК2'
list allowed_ips '192.168.31.2'
config wireguard_wg1ip link add grelan0 type gretap remote 192.168.31.1 local 192.168.31.3
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_2_МК3'
list allowed_ips '192.168.31.3'
Moralo WireGuard ho MK2 (e ekelitsoe ho /etc/config/network)
#VPN первого уровня - клиент
config interface 'wg0'
option proto 'wireguard'
list addresses '192.168.30.3/24'
option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_1_МК2'
option auto '1'
option mtu '8000'
config wireguard_wg0
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_1_VPS'
option endpoint_port '51820'
option persistent_keepalive '25'
list allowed_ips '192.168.30.0/24'
option endpoint_host 'IP_АДРЕС_VPS'
#VPN второго уровня - клиент
config interface 'wg1'
option proto 'wireguard'
option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_2_МК2'
list addresses '192.168.31.2/24'
option auto '1'
option listen_port '51821'
option mtu '7500'
config wireguard_wg1
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_2_МС'
option endpoint_host '192.168.30.2'
option endpoint_port '51821'
option persistent_keepalive '25'
list allowed_ips '192.168.31.0/24'
Moralo WireGuard ho MK3 (e ekelitsoe ho /etc/config/network)
#VPN первого уровня - клиент
config interface 'wg0'
option proto 'wireguard'
list addresses '192.168.30.4/24'
option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_1_МК3'
option auto '1'
option mtu '8000'
config wireguard_wg0
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_1_VPS'
option endpoint_port '51820'
option persistent_keepalive '25'
list allowed_ips '192.168.30.0/24'
option endpoint_host 'IP_АДРЕС_VPS'
#VPN второго уровня - клиент
config interface 'wg1'
option proto 'wireguard'
option private_key 'ЗАКРЫТЫЙ_КЛЮЧ_VPN_2_МК3'
list addresses '192.168.31.3/24'
option auto '1'
option listen_port '51821'
option mtu '7500'
config wireguard_wg1
option public_key 'ОТКРЫТЫЙ_КЛЮЧ_VPN_2_МС'
option endpoint_host '192.168.30.2'
option endpoint_port '51821'
option persistent_keepalive '25'
list allowed_ips '192.168.31.0/24'
Litlhophisong tse hlalositsoeng bakeng sa VPN ea boemo ba bobeli, ke bontša bareki WireGuard Kou ea 51821. Sena ha sea lokela ho hlokahala, kaha moreki o tla theha khokahano ho tsoa koung efe kapa efe ea mahala, e se nang litokelo, empa ke e entse ka tsela ena e le hore nka hana likhokahano tsohle tse kenang li-interface tsa wg0 tsa li-router tsohle, ntle le likhokahano tse kenang tsa UDP ho koung ea 51821.
Ke tšepa hore sehlooho sena se tla ba molemo ho motho e mong.
PES Hape, ke batla ho arolelana script ea ka e nthomellang tsebiso ea PUSH fonong ea ka ts'ebelisong ea WirePusher ha sesebelisoa se secha se hlaha marang-rang a ka. Sehokelo sa script ke sena: .
Update: Moralo OpenVPN- li-server le bareki
OpenVPN-server
client-to-client
ca /etc/openvpn/server/ca.crt
cert /etc/openvpn/server/vpn-server.crt
dh /etc/openvpn/server/dh.pem
key /etc/openvpn/server/vpn-server.key
dev tap
ifconfig-pool-persist /etc/openvpn/ipp.txt 0
keepalive 10 60
proto tcp4
server-bridge 192.168.10.1 255.255.255.0 192.168.10.80 192.168.10.254
status /var/log/openvpn-status.log
verb 3
comp-lzoOpenVPN-moreki
client
tls-client
dev tap
proto tcp
remote VPS_IP 1194 # Change to your router's External IP
resolv-retry infinite
nobind
ca client/ca.crt
cert client/client.crt
key client/client.key
dh client/dh.pem
comp-lzo
persist-tun
persist-key
verb 3 Ke sebelisitse bonolo-rsa ho hlahisa litifikeiti.
Source: www.habr.com
