Lumela!
Sehloohong sena ke batla ho u joetsa hore na ke kentse ts'ebetsong joang (
Ho theha khokahano ho na le mehato e 'maloa:
- Ho qala node le ho emela hore node e hole e be e loketse;
- Ho khetha aterese ea IP ea kantle le boema-kepe ba UDP;
- Ho fetisetsa aterese ea IP ea kantle le boema-kepe ba UDP ho moamoheli ea hole;
- Ho fumana aterese ea IP ea kantle le boema-kepe ba UDP ho tsoa ho moamoheli ea hole;
- Tlhophiso ea kotopo ea IPIP;
- Tlhokomelo ea khokahano;
- Haeba khokahano e lahlehile, hlakola kotopo ea IPIP.
Ke ile ka nahana ka nako e telele mme ke ntse ke nahana hore na ke eng e ka sebelisoang ho fapanyetsana data pakeng tsa li-node, tse bonolo le tse potlakileng ho 'na ka nako eo li sebetsa ka Yandex.disk.
- Taba ea pele, ho bonolo ho e sebelisa - o hloka liketso tse 3: theha, bala, hlakola. Ka curl ena ke:
Theha:curl -s -X MKCOL --user "$usename:$password" https://webdav.yandex.ru/$folder
Bala:
curl -s --user "$usename:$password" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/$folder
Hlakola:
curl -s -X DELETE --user "$usename:$password" https://webdav.yandex.ru/$folder
- Ea bobeli, ho bonolo ho e kenya:
apt install curl
Ho fumana aterese ea IP ea kantle le boema-kepe ba UDP, sebelisa taelo ea moreki ea stun:
stun stun.sipnet.ru -v -p $1 2>&1 | grep "MappedAddress"
Kenya ka taelo:
apt install stun-client
Ho hlophisa kotopo, ho sebelisoa lisebelisoa tse tloaelehileng tsa OS ho tsoa ho sephutheloana sa iproute2. E teng
- kenya mojule oa FOU:
modprobe fou
- mamela boema-kepe ba lehae:
ip fou add port $localport ipproto 4
- theha kotopo:
ip link add name fou$name type ipip remote $remoteip local $localip encap fou encap-sport $localport encap-dport $remoteport
- phahamisa sebopeho sa kotopo:
ip link set up dev fou$name
- abela liaterese tsa IP tsa kahare le kahare tsa kotopo:
ip addr add $intIP peer $peerip dev fou$name
Hlakola kotopo:
ip link del dev fou$name
ip fou del port $localport
Boemo ba kotopo bo shejoa ka ho penya nako le nako aterese ea IP ea kahare ea kotopo ea node e hole ka taelo:
ping -c 1 $peerip -s 0
Ping ea nako e itseng e hlokahala haholo-holo ho boloka mocha, ho seng joalo, ha kotopo e sa sebetse, litafole tsa NAT ho li-routers li ka hlakoloa ebe joale khokahanyo e tla robeha.
Haeba ping e nyamela, joale kotopo ea IPIP e tlosoa 'me e emetse ho itokisetsa ho tsoa ho moeti ea hōle.
Script ka boeona:
#!/bin/bash
username="[email protected]"
password="password"
folder="vpnid"
intip="10.0.0.1"
localport=`shuf -i 10000-65000 -n 1`
cid=`shuf -i 10000-99999 -n 1`
tid=`shuf -i 10-99 -n 1`
function yaread {
curl -s --user "$1:$2" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/$3 | sed 's/></>n</g' | grep "displayname" | sed 's/<d:displayname>//g' | sed 's/</d:displayname>//g' | grep -v $3 | grep -v $4 | sort -r
}
function yacreate {
curl -s -X MKCOL --user "$1:$2" https://webdav.yandex.ru/$3
}
function yadelete {
curl -s -X DELETE --user "$1:$2" https://webdav.yandex.ru/$3
}
function myipport {
stun stun.sipnet.ru -v -p $1 2>&1 | grep "MappedAddress" | sort | uniq | awk '{print $3}' | head -n1
}
function tunnel-up {
modprobe fou
ip fou add port $4 ipproto 4
ip link add name fou$7 type ipip remote $1 local $3 encap fou encap-sport $4 encap-dport $2
ip link set up dev fou$7
ip addr add $6 peer $5 dev fou$7
}
function tunnel-check {
sleep 10
pings=0
until [[ $pings == 4 ]]; do
if ping -c 1 $1 -s 0 &>/dev/null;
then echo -n .; n=0
else echo -n !; ((pings++))
fi
sleep 15
done
}
function tunnel-down {
ip link del dev fou$1
ip fou del port $2
}
trap 'echo -e "nDisconnecting..." && yadelete $username $password $folder; tunnel-down $tunnelid $localport; echo "IPIP tunnel disconnected!"; exit 1' 1 2 3 8 9 14 15
until [[ -n $end ]]; do
yacreate $username $password $folder
until [[ -n $ip ]]; do
mydate=`date +%s`
timeout="60"
list=`yaread $username $password $folder $cid | head -n1`
yacreate $username $password $folder/$mydate:$cid
for l in $list; do
if [ `echo $l | sed 's/:/ /g' | awk {'print $1'}` -ge $(($mydate-65)) ]; then
#echo $list
myipport=`myipport $localport`
yacreate $username $password $folder/$mydate:$cid:$myipport:$intip:$tid
timeout=$(( $timeout + `echo $l | sed 's/:/ /g' | awk {'print $1'}` - $mydate + 3 ))
ip=`echo $l | sed 's/:/ /g' | awk '{print $3}'`
port=`echo $l | sed 's/:/ /g' | awk '{print $4}'`
peerip=`echo $l | sed 's/:/ /g' | awk '{print $5}'`
peerid=`echo $l | sed 's/:/ /g' | awk '{print $6}'`
if [[ -n $peerid ]]; then tunnelid=$(($peerid*$tid)); fi
fi
done
if ( [[ -z "$ip" ]] && [ "$timeout" -gt 0 ] ) ; then
echo -n "!"
sleep $timeout
fi
done
localip=`ip route get $ip | head -n1 | sed 's|.*src ||' | cut -d' ' -f1`
tunnel-up $ip $port $localip $localport $peerip $intip $tunnelid
tunnel-check $peerip
tunnel-down $tunnelid $localport
yadelete $username $password $folder
unset ip port myipport
done
exit 0
Mefuta e fapaneng mosebedisi, phasewete и ba foldara lokela ho tšoana ka mahlakoreng a mabeli, empa intip - e fapaneng, mohlala: 10.0.0.1 le 10.0.0.2. Nako ea li-node e tlameha ho lumellana. U ka tsamaisa script ka tsela ena:
nohup script.sh &
Ke kopa ho lebisa tlhokomelo ea hau tabeng ea hore kotopo ea IPIP ha e bolokehe ho tloha ponong ea hore sephethephethe ha sea ngolisoa, empa sena se ka rarolloa habonolo ho sebelisa IPsec holim'a
Ke 'nile ka sebelisa lengolo lena ho hokahanya le PC ea mosebetsi ka libeke tse' maloa hona joale 'me ha ke e-s'o hlokomele mathata leha e le afe. E bonolo mabapi le ho e beha le ho e lebala.
Mohlomong u tla ba le maikutlo le litlhahiso, ke tla thabela ho mamela.
Kea le leboha ka tlhokomelo ea hau!
Source: www.habr.com