ProHoster > Blog > Tsamaiso > Ho aha router ka SOCKS ho laptop ka Debian 10

Ho aha router ka SOCKS ho laptop ka Debian 10

Ka selemo kaofela (kapa tse peli) ke ile ka emisa ho hatisa sengoloa sena ka lebaka le ka sehloohong - ke ne ke se ke phatlalalitse lingoloa tse peli moo ke hlalositseng ts'ebetso ea ho theha router ho SOCKS ho tsoa ho laptop e tloaelehileng haholo le Debian.

Leha ho le joalo, ho tloha ka nako eo phetolelo e tsitsitseng ea Debian e nchafalitsoe ho Buster, palo e lekaneng ea batho e ikopanye le 'na ka boinotšing e kōpa thuso ka ho seta, ho bolelang hore lihlooho tsa ka tse fetileng ha li felle. Le 'na, ke ile ka nahana hore mekhoa e boletsoeng ho tsona ha e senole ka botlalo mathata ohle a ho theha Linux bakeng sa ho tsamaisa li-SOCKS. Ho phaella moo, li ngotsoe bakeng sa Debian Stretch, 'me ka mor'a ho ntlafatsa ho ea ho Buster, tsamaisong ea systemd init, ke hlokometse liphetoho tse nyenyane tšebelisanong ea litšebeletso. 'Me lihloohong ka botsona, ha kea sebelisa systemd-networkd, le hoja e loketse ka ho fetisisa bakeng sa tlhophiso e rarahaneng ea marang-rang.

Ntle le liphetoho tse kaholimo, lits'ebeletso tse latelang li kentsoe tlhophisong ea ka: hostapd - ts'ebeletso ea ho fihlella sebaka sa ho fihlella, ntp ho hokahanya nako ea bareki ba marang-rang ba lehae, dnscrypt-proxy ho koala likhokahano ka DNS le ho tima papatso ho bareki ba marang-rang ba lehae, hape, joalo ka ha ke boletse pejana, systemd-networkd bakeng sa ho lokisa likhokahano tsa marang-rang.

Mona ke setšoantšo se bonolo sa li-block tsa sebopeho sa kahare sa router e joalo.

Ho aha router ka SOCKS ho laptop ka Debian 10

Kahoo, e-re ke u hopotse hore na lipakane tsa letoto lena la lihlooho ke life:

  1. Tsamaisa likhokahano tsohle tsa OS ho li-SOCKS, hammoho le likhokahano tse tsoang lisebelisoa tsohle marangrang a tšoanang le laptop.
  2. Laptop molemong oa ka e lokela ho lula e le mobile ka botlalo. Ke hore, ho fana ka monyetla oa ho sebelisa tikoloho ea li-desktop le ho se tlameletsoe sebakeng sa sebele.
  3. Ntlha ea ho qetela e bolela ho hokahanya le ho tsamaisa feela ka har'a sehokelo sa waelese se hahelletsoeng kahare.
  4. Ha e le hantle, 'me ehlile, ho theha tataiso e felletseng, hammoho le tlhahlobo ea mahlale a amehang ho ea ka tsebo ea ka e itekanetseng.

Ho tla tšohloa eng sehloohong sena:

  1. git - khoasolla polokelo ea projeke tun2sockse hlokehang ho tsamaisa sephethephethe sa TCP ho SOCKS, le theha_ap — sengolwa ho itlhophisa ho seta sebaka sa phihlello se sebedisoang hostapd.
  2. tun2socks - haha ​​le ho kenya ts'ebeletso ea systemd ho sistimi.
  3. systemd-networkd - Lokisa li-interfaces tse se nang mohala le tse bonoang, litafole tsa ho tsamaisa tse sa fetoheng le ho tsamaisa lipakete.
  4. theha_ap - kenya ts'ebeletso ea systemd ho sistimi, lokisa le ho qala sebaka sa phihlello sa nnete.

Mehato ea boikhethelo:

  • ntp — kenya le ho lokisa seva ho amahanya nako ho bareki ba sebaka sa phihlello.
  • dnscrypt-proxy - re tla ngolla likopo tsa DNS, re li ise ho SOCKS le ho tima libaka tsa papatso bakeng sa marang-rang a lehae.

Sena sohle ke sa eng?

Ena ke e 'ngoe ea litsela tsa ho boloka likhokahano tsa TCP marang-rang a lehae. Molemo o ka sehloohong ke hore likhokahano tsohle li entsoe ka li-SOCKS, ntle le haeba ho hahiloe tsela e tsitsitseng bakeng sa bona ka tsela ea pele ea heke. Sena se bolela hore ha ho hlokahale hore u hlalose litlhophiso tsa li-server tsa SOCKS bakeng sa mananeo a motho ka mong kapa bareki marang-rang a lehae - kaofela ba ea ho SOCKS ka ho sa feleng, kaha ke eona tsela ea kamehla ho fihlela re bontša ka tsela e fapaneng.

Ha e le hantle, re kenya router ea bobeli ea encrypting e le laptop ka pel'a router ea pele 'me re sebelisa marang-rang a marang-rang a marang-rang bakeng sa likopo tsa SOCKS tse seng li ntse li patiloe, tseo le tsona li tsamaisang le ho pata likopo tse tsoang ho bareki ba LAN.

Ho ea ka pono ea mofani, re lula re hokahane le seva e le 'ngoe ka sephethephethe se patiloeng.

Ka hona, lisebelisoa tsohle li hokahane le sebaka sa phihlello sa laptop.

Kenya tun2socks ho sistimi

Ha feela mochini oa hau o na le inthanete, jarolla lisebelisoa tsohle tse hlokahalang.

apt update
apt install git make cmake

Khoasolla sephutheloana sa badvpn

git clone https://github.com/ambrop72/badvpn

Ho tla hlaha foldara ho sistimi ea hau badvpn. Etsa foldara e arohaneng bakeng sa moaho

mkdir badvpn-build

E-ea ho eona

cd badvpn-build

Bokella tun2socks

cmake ../badvpn -DBUILD_NOTHING_BY_DEFAULT=1 -DBUILD_TUN2SOCKS=1

Kenya tsamaisong

make install
  • Parameter -DBUILD_NOTHING_BY_DEFAULT=1 e tima moaho oa likarolo tsohle tsa polokelo ea badvpn.
  • -DBUILD_TUN2SOCKS=1 e kenyeletsa karolo ya kopano tun2socks.
  • make install - e tla kenya binary ea tun2socks tsamaisong ea hau ho /usr/local/bin/badvpn-tun2socks.

Kenya ts'ebeletso ea tun2socks ho systemd

Etsa faele /etc/systemd/system/tun2socks.service ka litaba tse latelang:

[Unit]
Description=SOCKS TCP Relay

[Service]
ExecStart=/usr/local/bin/badvpn-tun2socks --tundev tun2socks --netif-ipaddr 172.16.1.1 --netif-netmask 255.255.255.0 --socks-server-addr 127.0.0.1:9050

[Install]
WantedBy=multi-user.target
  • --tundev - e nka lebitso la sebopeho se hlakileng seo re se qalang ka systemd-networkd.
  • --netif-ipaddr - aterese ea marang-rang ea "router" ea tun2socks eo sebopeho sa sebele se hokahaneng ho eona. Ho molemo ho etsa hore e arohane reserved subnet.
  • --socks-server-addr - e amohela sokete (адрес:порт li-server tsa SOCKS).

Haeba seva sa hau sa SOCKS se hloka netefatso, o ka hlakisa li-parameter --username и --password.

E latelang, ngolisa tšebeletso

systemctl daemon-reload

Mme o e bulele

systemctl enable tun2socks

Pele re qala ts'ebeletso, re tla e fana ka sebopeho sa marang-rang se fumanehang.

E fetohela ho systemd-networkd

Re kenyeletsa systemd-networkd:

systemctl enable systemd-networkd

Tlosa litšebeletso tsa marang-rang tsa hajoale.

systemctl disable networking NetworkManager NetworkManager-wait-online
  • NetworkManager-leta inthaneteng ke tšebeletso e emelang khokahanyo ea marang-rang e sebetsang pele systemd e tsoela pele ho qala litšebeletso tse ling tse itšetlehileng ka boteng ba marang-rang. Rea e thibela ha re fetohela ho analogue ea systemd-networkd.

Ha re e lumelle hang hang:

systemctl enable systemd-networkd-wait-online

Beha sehokelo sa marang-rang sa waelese

Theha faele ea tlhophiso ea systemd-networkd bakeng sa sebopeho sa marang-rang se se nang mohala /etc/systemd/network/25-wlp6s0.network.

[Match]
Name=wlp6s0

[Network]
Address=192.168.1.2/24
IPForward=yes
  • lebitso ke lebitso la sehokelo sa hau sa waelese. E tsebahatse ka taelo ip a.
  • IPForward - taelo e lumellang ho tsamaisa pakete ho sebopeho sa marang-rang.
  • Address e ikarabella ho abela aterese ea IP ho sehokelo sa waelese. Re e hlalosa ka mokhoa o tsitsitseng hobane ka taelo e lekanang DHCP=yes, systemd-networkd e etsa hore ho be le tsela ea kamehla tsamaisong. Joale sephethephethe sohle se tla kena ka hekeng ea pele, eseng ka sebopeho sa bokamoso sa marang-rang ho subnet e fapaneng. O ka sheba heke ea hajoale ea kamehla ka taelo ip r

Theha tsela e tsitsitseng bakeng sa seva se hole sa SOCKS

Haeba seva sa hau sa SOCKS se se sebakeng sa heno, empa se hole, joale o hloka ho theha tsela e tsitsitseng bakeng sa eona. Ho etsa sena, eketsa karolo Route ho fihlela qetellong ea faele ea tlhophiso ea sehokelo sa waelese eo u e entseng ka litaba tse latelang:

[Route]
Gateway=192.168.1.1
Destination=0.0.0.0
  • Gateway — ena ke heke ea kamehla kapa aterese ea sebaka sa hau sa phihlello sa mantlha.
  • Destination - Aterese ea seva ea SOCKS.

Lokisa wpa_supplicant bakeng sa systemd-networkd

systemd-networkd e sebelisa wpa_supplicant ho hokela sebakeng se sireletsehileng sa phihlello. Ha o leka ho "phahamisa" sebopeho sa waelese, systemd-networkd e qala ts'ebeletso wpa_supplicant@имяkae lebitso ke lebitso la sehokelo sa waelese. Haeba ha o so sebelise systemd-networkd pele ho ntlha ena, joale ts'ebeletso ena e kanna ea haella sistimi ea hau.

Kahoo e bōpe ka taelo:

systemctl enable wpa_supplicant@wlp6s0

Ke sebelisitse wlp6s0 joalo ka lebitso la sebopeho sa eona sa waelese. Lebitso la hau le ka fapana. U ka e lemoha ka taelo ip l.

Joale tšebeletso e entsoeng wpa_supplicant@wlp6s0 e tla hlahisoa ha sehokelo se se nang mohala se "phahamisitsoe", leha ho le joalo, le sona se tla batla litlhophiso tsa SSID le password ea sebaka sa phihlello faeleng. /etc/wpa_supplicant/wpa_supplicant-wlp6s0. Ka hona, o hloka ho e etsa o sebelisa sesebelisoa wpa_passphrase.

Ho etsa sena, tsamaisa taelo:

wpa_passphrase SSID password>/etc/wpa_supplicant/wpa_supplicant-wlp6s0.conf

moo SSID ke lebitso la sebaka sa hau sa phihlello, password ke password, le khlong — lebitso la sehokelo sa hau sa waelese.

Qala sebopeho sa sebele sa tun2socks

Theha faele ho qala sebopeho se secha sa marang-rang ho sistimi/etc/systemd/network/25-tun2socks.netdev

[NetDev]
Name=tun2socks
Kind=tun
  • lebitso ke lebitso leo systemd-networkd e tla le abela sebopeho sa nakong e tlang ha se qalisoa.
  • Mofuta Ofe ke mofuta oa sebopeho sa Virtual. Ho tsoa lebitsong la ts'ebeletso ea tun2socks, u ka hakanya hore e sebelisa sebopeho se kang tun.
  • netdev ke katoloso ea lifaele tseo systemd-networkd E sebelisa ho qala marang-rang a marang-rang. Aterese le litlhophiso tse ling tsa marang-rang bakeng sa likhokahano tsena li boletsoe ho .mosebetsi- lifaele.

Etsa faele e kang ena /etc/systemd/network/25-tun2socks.network ka litaba tse latelang:

[Match]
Name=tun2socks

[Network]
Address=172.16.1.2/24
Gateway=172.16.1.1
  • Name - lebitso la sebopeho se hlakileng seo u se boletseng ho sona netdev-faele.
  • Address - Aterese ea IP e tla abeloa sebopeho se fumanehang. E tlameha ho ba marang-rang a tšoanang le aterese eo u e boletseng ts'ebeletso ea tun2socks
  • Gateway - Aterese ea IP ea "router" tun2socks, eo u e boletseng ha u theha tšebeletso ea systemd.

Kahoo sehokelo tun2socks e na le aterese 172.16.1.2, le tšebeletso tun2socks - 172.16.1.1, ke hore, ke monyako oa likhokahano tsohle tse tsoang sebopehong sa nnete.

Beha sebaka sa phihlello sa nnete

Litšetleho tsa ho kenya:

apt install util-linux procps hostapd iw haveged

Khoasolla polokelo theha_ap koloing ea hau:

git clone https://github.com/oblique/create_ap

Eya foldareng ea polokelo mochining oa hau:

cd create_ap

Kenya ho sistimi:

make install

Ho tla hlaha config ho sistimi ea hau /etc/create_ap.conf. Mona ke likhetho tsa mantlha tsa ho hlophisa:

  • GATEWAY=10.0.0.1 - ho molemo ho e etsa subnet e bolokiloeng e arohaneng.
  • NO_DNS=1 - tima, kaha paramethara ena e tla laoloa ke sebopeho sa systemd-networkd virtual.
  • NO_DNSMASQ=1 - tima ka lebaka le tšoanang.
  • WIFI_IFACE=wlp6s0 - laptop ea waelese segokanyimmediamentsi sa sebolokigolo.
  • INTERNET_IFACE=tun2socks - sehokelo sa nnete se etselitsoeng tun2socks.
  • SSID=hostapd — lebitso la sebaka sa phihlello sa virtual.
  • PASSPHRASE=12345678 - password.

Se ke oa lebala ho nolofalletsa tšebeletso:

systemctl enable create_ap

Lumella seva sa DHCP ho systemd-networkd

Tšebeletso create_ap e qala sebopeho se hlakileng sa sistimi ap0. Ka khopolo, dnsmasq e itšetlehile ka sebopeho sena, empa ke hobane'ng ha u kenya litšebeletso tse eketsehileng haeba systemd-networkd e na le seva sa DHCP se hahiloeng?

Ho e nolofalletsa, re tla hlalosa litlhophiso tsa marang-rang bakeng sa ntlha ea sebele. Ho etsa sena, etsa faele /etc/systemd/network/25-ap0.network ka litaba tse latelang:

[Match]
Name=ap0

[Network]
Address=10.0.0.1/24
DHCPServer=yes

[DHCPServer]
EmitDNS=yes
DNS=10.0.0.1
EmitNTP=yes
NTP=10.0.0.1

Ka mor'a hore tšebeletso ea create_ap e qale sebopeho sa sebele ap0, systemd-networkd e tla e abela aterese ea IP ka bo eona ebe e nolofalletsa seva ea DHCP.

Likhoele EmitDNS=yes и DNS=10.0.0.1 fetisetsa litlhophiso tsa seva ea DNS ho lisebelisoa tse hoketsoeng sebakeng sa phihlello.

Haeba u sa rera ho sebelisa seva ea lehae ea DNS - molemong oa ka ke dnscrypt-proxy - o ka kenya DNS=10.0.0.1 в DNS=192.168.1.1kae 192.168.1.1 - aterese ea heke ea hau ea mantlha. Ebe likopo tsa DNS bakeng sa moamoheli oa hau le marang-rang a lehae li tla tsamaea li sa ngolisoa ka li-server tsa mofani.

EmitNTP=yes и NTP=192.168.1.1 fetisetsa litlhophiso tsa NTP.

Ho joalo le ka mola NTP=10.0.0.1.

Kenya le ho lokisa seva sa NTP

Kenya ho sistimi:

apt install ntp

Fetola config /etc/ntp.conf. Hlalosa liaterese tsa matamo a tloaelehileng:

#pool 0.debian.pool.ntp.org iburst
#pool 1.debian.pool.ntp.org iburst
#pool 2.debian.pool.ntp.org iburst
#pool 3.debian.pool.ntp.org iburst

Kenya liaterese tsa li-server, mohlala Google Public NTP:

server time1.google.com ibrust
server time2.google.com ibrust
server time3.google.com ibrust
server time4.google.com ibrust

Fana ka monyetla oa ho fihlella seva ho bareki ba marang-rang a hau:

restrict 10.0.0.0 mask 255.255.255.0

Lumella khaso ho netweke ea hau:

broadcast 10.0.0.255

Qetellong, eketsa liaterese tsa li-server tsena tafoleng ea static routing. Ho etsa sena, bula faele ea tlhophiso ea sehokelo sa waelese /etc/systemd/network/25-wlp6s0.network mme o kenyelle qetellong ya karolo Route.

[Route]
Gateway=192.168.1.1
Destination=216.239.35.0

[Route]
Gateway=192.168.1.1
Destination=216.239.35.4

[Route]
Gateway=192.168.1.1
Destination=216.239.35.8

[Route]
Gateway=192.168.1.1
Destination=216.239.35.12

U ka fumana liaterese tsa li-server tsa hau tsa NTP u sebelisa sesebelisoa host ka tsela e latelang:

host time1.google.com

Kenya dnscrypt-proxy, tlosa lipapatso 'me u pate sephethephethe sa DNS ho mofani oa hau

apt install dnscrypt-proxy

Ho fana ka lipotso tsa moamoheli le marang-rang a DNS, hlophisa sokete /lib/systemd/system/dnscrypt-proxy.socket. Fetola mela e latelang:

ListenStream=0.0.0.0:53
ListenDatagram=0.0.0.0:53

Qala hape systemd:

systemctl daemon-reload

Fetola config /etc/dnscrypt-proxy/dnscrypt-proxy.toml:

server_names = ['adguard-dns']

Ho tsamaisa likhokahano tsa dnscrypt-proxy ka tun2socks, eketsa ka tlase:

force_tcp = true

Fetola config /etc/resolv.conf, e bolellang seva sa DNS ho moamoheli.

nameserver 127.0.0.1
nameserver 192.168.1.1

Mohala oa pele o nolofalletsa tšebeliso ea dnscrypt-proxy, mola oa bobeli o sebelisa heke ea pele haeba seva sa dnscrypt-proxy se sa fumanehe.

E entsoe!

Qala bocha kapa emisa ho sebelisa lits'ebeletso tsa marang-rang:

systemctl stop networking NetworkManager NetworkManager-wait-online

Ebe o qala hape tsohle tse hlokahalang:

systemctl restart systemd-networkd tun2socks create_ap dnscrypt-proxy ntp

Kamora ho qala bocha kapa ho qala bocha, o tla ba le sebaka sa bobeli sa phihlello se tsamaisang moamoheli le lisebelisoa tsa LAN ho SOCKS.

Sena ke seo sehlahisoa se shebahalang ka sona ip a laptop e tloaelehileng:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: tun2socks: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 500
    link/none 
    inet 172.16.1.2/24 brd 172.16.1.255 scope global tun2socks
       valid_lft forever preferred_lft forever
    inet6 fe80::122b:260:6590:1b0e/64 scope link stable-privacy 
       valid_lft forever preferred_lft forever
3: enp4s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
    link/ether e8:11:32:0e:01:50 brd ff:ff:ff:ff:ff:ff
4: wlp6s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 4c:ed:de:cb:cf:85 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.2/24 brd 192.168.1.255 scope global wlp6s0
       valid_lft forever preferred_lft forever
    inet6 fe80::4eed:deff:fecb:cf85/64 scope link 
       valid_lft forever preferred_lft forever
5: ap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 4c:ed:de:cb:cf:86 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.1/24 brd 10.0.0.255 scope global ap0
       valid_lft forever preferred_lft forever
    inet6 fe80::4eed:deff:fecb:cf86/64 scope link 
       valid_lft forever preferred_lft forever

Ka lebaka leo,

  1. Mofani o bona feela khokahanyo e patiloeng ho seva sa hau sa SOCKS, ho bolelang hore ha a bone letho.
  2. Leha ho le joalo e bona likopo tsa hau tsa NTP, ho thibela sena, tlosa litsela tse tsitsitseng bakeng sa li-server tsa NTP. Leha ho le joalo, ha ho na bonnete ba hore seva sa hau sa SOCKS se lumella protocol ea NTP.

Crutch e bonoa ho Debain 10

Haeba u leka ho qala tšebeletso ea marang-rang ho tloha console, e tla hlōleha ka phoso. Sena se bakoa ke taba ea hore karolo ea eona ka sebopeho sa sebopeho sa sebopeho se hokahaneng le ts'ebeletso ea tun2socks, ho bolelang hore e sebelisoa. Ho qala tshebeletso ya netweke botjha, o tlameha ho emisa tshebeletso ya tun2socks pele. Empa, ke nahana, haeba u bala ho fihlela qetellong, sena ha se bothata ho uena!

litšupiso

  1. Mokhoa o tsitsitseng ho Linux - IBM
  2. systemd-networkd.service - Freedesktop.org
  3. Tun2socks · ambrop72/badvpn Wiki · GitHub
  4. oblique/create_ap: Sengoloa sena se theha sebaka sa phihlello sa WiFi sa NATed kapa Bridged.
  5. dnscrypt-proxy 2 - Moemeli oa DNS o tenyetsehang, o nang le ts'ehetso ea liprothokholo tsa DNS tse patiloeng.

Source: www.habr.com