ProHoster > Blog > Tsamaiso > Ho phunya lesoba le bonolo la UDP ho sebelisa kotopo ea IPIP joalo ka mohlala

Ho phunya lesoba le bonolo la UDP ho sebelisa kotopo ea IPIP joalo ka mohlala

Lumela!

Sehloohong sena ke batla ho u joetsa hore na ke kentse ts'ebetsong joang (enngwe) lengolo la Bash bakeng sa ho hokahanya likhomphutha tse peli ka morao ho NAT ho sebelisa theknoloji ea ho phunya lesoba la UDP ho sebelisa Ubuntu/Debian OS joalo ka mohlala.

Ho theha khokahano ho na le mehato e 'maloa:

  1. Ho qala node le ho emela hore node e hole e be e loketse;
  2. Ho khetha aterese ea IP ea kantle le boema-kepe ba UDP;
  3. Ho fetisetsa aterese ea IP ea kantle le boema-kepe ba UDP ho moamoheli ea hole;
  4. Ho fumana aterese ea IP ea kantle le boema-kepe ba UDP ho tsoa ho moamoheli ea hole;
  5. Tlhophiso ea kotopo ea IPIP;
  6. Tlhokomelo ea khokahano;
  7. Haeba khokahano e lahlehile, hlakola kotopo ea IPIP.

Ke ile ka nahana ka nako e telele mme ke ntse ke nahana hore na ke eng e ka sebelisoang ho fapanyetsana data pakeng tsa li-node, tse bonolo le tse potlakileng ho 'na ka nako eo li sebetsa ka Yandex.disk.

  • Taba ea pele, ho bonolo ho e sebelisa - o hloka liketso tse 3: theha, bala, hlakola. Ka curl ena ke:
    Theha:

    curl -s -X MKCOL --user "$usename:$password" https://webdav.yandex.ru/$folder

    Bala:

    curl -s --user "$usename:$password" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/$folder

    Hlakola:

    curl -s -X DELETE --user "$usename:$password" https://webdav.yandex.ru/$folder
  • Ea bobeli, ho bonolo ho e kenya: 
    apt install curl

Ho fumana aterese ea IP ea kantle le boema-kepe ba UDP, sebelisa taelo ea moreki ea stun:

stun stun.sipnet.ru -v -p $1 2>&1 | grep "MappedAddress"

Kenya ka taelo:

apt install stun-client

Ho hlophisa kotopo, ho sebelisoa lisebelisoa tse tloaelehileng tsa OS ho tsoa ho sephutheloana sa iproute2. E teng lithanele tse ngata e ka phahamisoang ho sebelisoa mekhoa e tloaelehileng (L2TPv3, GRE, joalo-joalo), empa ke khethile IPIP hobane e etsa hore ho be le moroalo o fokolang o eketsehileng tsamaisong. Ke ile ka leka L2TPv3 ho feta UDP mme ka soetseha, lebelo le theohile ka makhetlo a 10, empa tsena e ka ba lithibelo tse sa tšoaneng tse amanang le bafani kapa ntho e 'ngoe. Kaha kotopo ea IPIP e sebetsa boemong ba IP, kotopo ea FOU e sebelisoa ho sebetsa boemong ba boema-kepe ba UDP. Ho hlophisa kotopo ea IPIP o hloka:

- kenya mojule oa FOU:

modprobe fou

- mamela boema-kepe ba lehae:

ip fou add port $localport ipproto 4

- theha kotopo:

ip link add name fou$name type ipip remote $remoteip local $localip encap fou  encap-sport $localport encap-dport $remoteport

- phahamisa sebopeho sa kotopo:

ip link set up dev fou$name

- abela liaterese tsa IP tsa kahare le kahare tsa kotopo:

ip addr add $intIP peer $peerip dev fou$name

Hlakola kotopo:

ip link del dev fou$name

ip fou del port $localport

Boemo ba kotopo bo shejoa ka ho penya nako le nako aterese ea IP ea kahare ea kotopo ea node e hole ka taelo:

ping -c 1 $peerip -s 0

Ping ea nako e itseng e hlokahala haholo-holo ho boloka mocha, ho seng joalo, ha kotopo e sa sebetse, litafole tsa NAT ho li-routers li ka hlakoloa ebe joale khokahanyo e tla robeha.

Haeba ping e nyamela, joale kotopo ea IPIP e tlosoa 'me e emetse ho itokisetsa ho tsoa ho moeti ea hōle.

Script ka boeona:

#!/bin/bash
username="[email protected]"
password="password"
folder="vpnid"
intip="10.0.0.1"
localport=`shuf -i 10000-65000 -n 1`
cid=`shuf -i 10000-99999 -n 1`
tid=`shuf -i 10-99 -n 1`
function yaread {
        curl -s --user "$1:$2" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/$3 | sed 's/></>n</g' | grep "displayname" | sed 's/<d:displayname>//g' | sed 's/</d:displayname>//g' | grep -v $3 | grep -v $4 | sort -r
}
function yacreate {
        curl -s -X MKCOL --user "$1:$2" https://webdav.yandex.ru/$3
}
function yadelete {
        curl -s -X DELETE --user "$1:$2" https://webdav.yandex.ru/$3
}
function myipport {
        stun stun.sipnet.ru -v -p $1 2>&1 | grep "MappedAddress" | sort | uniq | awk '{print $3}' | head -n1
}
function tunnel-up {
	modprobe fou
	ip fou add port $4 ipproto 4
	ip link add name fou$7 type ipip remote $1 local $3 encap fou encap-sport $4 encap-dport $2
	ip link set up dev fou$7
	ip addr add $6 peer $5 dev fou$7
}
function tunnel-check {
	sleep 10
        pings=0
        until [[ $pings == 4 ]]; do
                if ping -c 1 $1 -s 0 &>/dev/null;
                        then    echo -n .; n=0
                        else    echo -n !; ((pings++))
                fi
		sleep 15
        done
}
function tunnel-down {
	ip link del dev fou$1
	ip fou del port $2
}
trap 'echo -e "nDisconnecting..." && yadelete $username $password $folder; tunnel-down $tunnelid $localport; echo "IPIP tunnel disconnected!"; exit 1' 1 2 3 8 9 14 15
until [[ -n $end ]]; do
    yacreate $username $password $folder
    until [[ -n $ip ]]; do
        mydate=`date +%s`
        timeout="60"
        list=`yaread $username $password $folder $cid | head -n1`
        yacreate $username $password $folder/$mydate:$cid
        for l in $list; do
                if [ `echo $l | sed 's/:/ /g' | awk {'print $1'}` -ge $(($mydate-65)) ]; then
			#echo $list
                        myipport=`myipport $localport`
                        yacreate $username $password $folder/$mydate:$cid:$myipport:$intip:$tid
                        timeout=$(( $timeout + `echo $l | sed 's/:/ /g' | awk {'print $1'}` - $mydate + 3 ))
                        ip=`echo $l | sed 's/:/ /g' | awk '{print $3}'`
                        port=`echo $l | sed 's/:/ /g' | awk '{print $4}'`
                        peerip=`echo $l | sed 's/:/ /g' | awk '{print $5}'`
			peerid=`echo $l | sed 's/:/ /g' | awk '{print $6}'`
			if [[ -n $peerid ]]; then tunnelid=$(($peerid*$tid)); fi
                fi
        done
        if ( [[ -z "$ip" ]] && [ "$timeout" -gt 0 ] ) ; then
                echo -n "!"
                sleep $timeout
        fi
    done
    localip=`ip route get $ip | head -n1 | sed 's|.*src ||' | cut -d' ' -f1`
    tunnel-up $ip $port $localip $localport $peerip $intip $tunnelid
    tunnel-check $peerip
    tunnel-down $tunnelid $localport
    yadelete $username $password $folder
    unset ip port myipport
done
exit 0

Mefuta e fapaneng mosebedisi, phasewete и ba foldara lokela ho tšoana ka mahlakoreng a mabeli, empa intip - e fapaneng, mohlala: 10.0.0.1 le 10.0.0.2. Nako ea li-node e tlameha ho lumellana. U ka tsamaisa script ka tsela ena:

nohup script.sh &

Ke kopa ho lebisa tlhokomelo ea hau tabeng ea hore kotopo ea IPIP ha e bolokehe ho tloha ponong ea hore sephethephethe ha sea ngolisoa, empa sena se ka rarolloa habonolo ho sebelisa IPsec holim'a sehlooho sena, e ne e bonahala e le bonolo ebile e utloahala ho ’na.

Ke 'nile ka sebelisa lengolo lena ho hokahanya le PC ea mosebetsi ka libeke tse' maloa hona joale 'me ha ke e-s'o hlokomele mathata leha e le afe. E bonolo mabapi le ho e beha le ho e lebala.

Mohlomong u tla ba le maikutlo le litlhahiso, ke tla thabela ho mamela.

Kea le leboha ka tlhokomelo ea hau!

Source: www.habr.com

Eketsa ka tlhaloso