ProHoster > Blog > Tsamaiso > E tsamaisa seva ea VPN ka morao ho NAT ea mofani

E tsamaisa seva ea VPN ka morao ho NAT ea mofani

Sengoloa se buang ka hore na ke khonne ho tsamaisa seva ea VPN ka mor'a NAT ea mofani oa ntlo ea ka (ntle le aterese e tšoeu ea IP). Ere ke behelle hang hang: seo ts'ebetso ea ts'ebetsong ena ka kotloloho e itšetlehile ka mofuta oa NAT o sebelisoang ke mofani oa hau, hammoho le router.
Kahoo, ke ne ke hloka ho hokela ho tloha ho smartphone ea ka ea Android ho komporo ea ka ea lapeng, lisebelisoa ka bobeli li hokahantsoe le Marang-rang ka mofani oa NATs, hammoho le komporo e hokahantsoe ka router ea lapeng, eo hape e hokahaneng le NATs.
Morero oa khale o sebelisang VPS / VDS e hiriloeng e nang le aterese e tšoeu ea IP, hammoho le ho hira aterese e tšoeu ea IP ho mofani, ha ea ka ea nkoa ka mabaka a 'maloa.
Ho ela hloko phihlelo ea lihlooho tse fetileng, ka mor'a ho etsa liteko tse 'maloa ka STUNs le NATs ea bafani. Ke nkile qeto ea ho etsa liteko tse nyane ka ho tsamaisa taelo ho router ea lapeng e sebelisang firmware ea OpenWRT: 

$ stun stun.sipnet.ru

ke fumane sephetho:

Mofuta oa moreki oa STUN 0.97
Ea mantlha: 'Mapa o Ikemetseng, Sesefo se Ikemetseng, boema-kepe bo sa reroang, bo tla etsa moriri
Boleng ba ho khutlisa ke 0x000002

Phetolelo ka ho toba:
'Mapa o Ikemetseng - 'mapa o ikemetseng
Sesefa se Ikemetseng - sefahla se ikemetseng
boema-kepe bo sa reroang - boema-kepe bo sa reroang
tla hairpin - ho tla ba le hairpin
Ke fana ka taelo e tšoanang ho PC ea ka, ke fumane:

Mofuta oa moreki oa STUN 0.97
Ea mantlha: 'Mapa o Ikemetseng, Sefe e Itšetlehileng Boema-kepeng, boema-kepe bo sa reroang, bo tla etsa moriri
Boleng ba ho khutlisa ke 0x000006

Setlhopha se Itšetlehileng Boema-kepe - sefe se itšetlehileng ka koung
Phapang liphethong tsa tlhahiso ea taelo e bonts'itse hore router ea lapeng e ne e etsa "tlatsetso ea eona" ts'ebetsong ea ho fetisa lipakete ho tsoa marang-rang; sena se bonahalitsoe ke taba ea hore ha o etsa taelo khomphuteng:

stun stun.sipnet.ru -p 11111 -v

Ke ne ke fumana sephetho:

...
MappedAdress = XX.1XX.1X4.2XX:4398
...

ka nako ena, seboka sa UDP se ile sa buloa ka nako e itseng, haeba ka nako ena u romela kopo ea UDP (mohlala: netcat XX.1XX.1X4.2XX 4398 -u), joale kopo e ile ea tla ho router ea lehae, e neng e le e tiisitsoe ke TCPDump e sebetsang ho eona, empa kopo ha ea ka ea fihla k'homphieutheng - IPtables, e le mofetoleli oa NAT ho router, o e lahlile.
E tsamaisa seva ea VPN ka morao ho NAT ea mofani
Empa eona taba ea hore kopo ea UDP e fetisitse ho NAT ea mofani e fane ka tšepo ea katleho. Kaha router e sebakeng sa ka, ke ile ka rarolla bothata ka ho fetisetsa boema-kepe ba UDP/11111 komporong:

iptables -t nat -A PREROUTING -i eth1 -p udp -d 10.1XX.2XX.XXX --dport 11111 -j DNAT --to-destination 192.168.X.XXX

Kahoo, ke ile ka khona ho qalisa seboka sa UDP le ho amohela likōpo tse tsoang Inthaneteng ho tsoa ho aterese leha e le efe ea IP. Ka nako ena, ke ile ka qala OpenVPN-server (ha ke e lokiselitse pele) ho mamela sekepe sa UDP / 11111, ho bontša aterese ea IP e ka ntle le boema-kepe (XX.1XX.1X4.2XX:4398) ho smartphone le ho hokahanya ka katleho ho tloha ho smartphone ho ea. khomphutha. Empa ts'ebetsong ena bothata bo ile ba hlaha: ho ne ho hlokahala hore ka tsela e itseng ho boloke kopano ea UDP ho fihlela moreki oa OpenVPN a hokahane le seva; Ke ne ke sa rate khetho ea nako le nako ho qala moreki oa STUN - ke ne ke sa batle ho senya mojaro li-server tsa STUN.
Ke boetse ke hlokometse sengoloa "tla hairpin - ho tla ba le hairpin", mokhoa ona

Ho roala moriri ho lumella mochini o le mong marang-rang a lehae ka morao ho NAT ho fihlella mochini o mong marang-rang a tšoanang atereseng ea kantle ea router.

E tsamaisa seva ea VPN ka morao ho NAT ea mofani
Ka lebaka leo, ke ile ka rarolla bothata ba ho boloka seboka sa UDP - ke ile ka qala moreki khomphuteng e le 'ngoe le seva.
E sebelitse tjena:

  • e phatlalalitse moreki oa STUN boema-kepeng ba lehae ba 11111
  • e amohetse karabelo ka aterese ea IP e kantle le boema-kepe XX.1XX.1X4.2XX:4398
  • e rometse data e nang le aterese ea IP ea kantle le koung ho lengolo-tsoibila (ts'ebeletso efe kapa efe e ka khonehang) e hlophisitsoeng ho smartphone
  • e hlahisitse seva sa OpenVPN khomphuteng e mamelang UDP/11111 port
  • e phatlalalitse moreki oa OpenVPN komporong e hlalosang XX.1XX.1X4.2XX:4398 bakeng sa khokahano
  • ka nako efe kapa efe e ile ea qala moreki oa OpenVPN ho smartphone e bonts'ang aterese ea IP le boema-kepe (tabeng ea ka aterese ea IP ha ea fetoha) ho hokela.

E tsamaisa seva ea VPN ka morao ho NAT ea mofani
Ka tsela ena ke khonne ho hokela komporo ea ka ho tsoa ho smartphone ea ka. Ts'ebetsong ena e u lumella ho hokela moreki ofe kapa ofe oa OpenVPN.

Itloaetse

Ho tla nka: 

# apt install openvpn stun-client sendemail

Ha re se re ngotse lingoloa tse 'maloa, lifaele tse' maloa tsa tlhophiso, 'me re hlahisitse litifikeiti tse hlokahalang (kaha moreki ho smartphone o sebetsa feela ka litifikeiti), re na le ts'ebetso e tloaelehileng ea seva ea OpenVPN.

Mongolo oa mantlha komporong

# cat vpn11.sh

#!/bin/bash
until [[ -n "$iftosrv" ]]; do echo "$(date) Определяю сетевой интерфейс"; iftosrv=`ip route get 8.8.8.8 | head -n 1 | sed 's|.*dev ||' | awk '{print $1}'`; sleep 5; done
ABSOLUTE_FILENAME=`readlink -f "$0"`
DIR=`dirname "$ABSOLUTE_FILENAME"`
localport=11111
until [[ $a ]]; do
	address=`stun stun.sipnet.ru -v -p $localport 2>&1 | grep "MappedAddress" | sort | uniq | head -n 1 | sed 's/:/ /g' | awk '{print $3" "$4}'`
        ip=`echo "$address" | awk {'print $1'}`
        port=`echo "$address" | awk {'print $2'}`
	srv="openvpn --config $DIR/server.conf --port $localport --daemon"
	$srv
	echo "$(date) Сервер запущен с внешним адресом $ip:$port"
	$DIR/sendemail.sh "OpenVPN-Server" "$ip:$port"
	sleep 1
	openvpn --config $DIR/client.conf --remote $ip --port $port
	echo "$(date) Cоединение клиента с сервером разорвано"
	for i in `ps xa | grep "$srv" | grep -v grep | awk '{print $1}'`; do
		kill $i && echo "$(date) Завершен процесс сервера $i ($srv)"
		done
	echo "Жду 15 сек"
	sleep 15
	done

Script bakeng sa ho romella data ka lengolo-tsoibila:

# cat sendemail.sh 

#!/bin/bash
from="От кого"
pass="Пароль"
to="Кому"
theme="$1"
message="$2"
server="smtp.yandex.ru:587"
sendEmail -o tls=yes -f "$from" -t "$to" -s "$server" -xu "$from" -xp "$pass" -u "$theme" -m "$message"

Faele ea tlhophiso ea seva:

# cat server.conf

proto udp
dev tun
ca      /home/vpn11-srv/ca.crt
cert    /home/vpn11-srv/server.crt
key     /home/vpn11-srv/server.key
dh      /home/vpn11-srv/dh2048.pem
server 10.2.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
tls-server
tls-auth /home/vpn11-srv/ta.key 0
tls-timeout 60
auth    SHA256
cipher  AES-256-CBC
client-to-client
keepalive 10 30
comp-lzo
max-clients 10
user nobody
group nogroup
persist-key
persist-tun
log /var/log/vpn11-server.log
verb 3
mute 20

Faele ea litlhophiso tsa moreki:

# cat client.conf

client
dev tun
proto udp
ca      "/home/vpn11-srv/ca.crt"
cert    "/home/vpn11-srv/client1.crt"
key     "/home/vpn11-srv/client1.key"
tls-client
tls-auth "/home/vpn11-srv/ta.key" 1
auth SHA256
cipher AES-256-CBC
auth-nocache
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
log /var/log/vpn11-clent.log
verb 3
mute 20
ping 10
ping-exit 30

Setifikeiti se ile sa etsoa ho sebelisoa sehlooho sena.
Ho tsamaisa script:

# ./vpn11.sh

Ka ho etsa hore e phethahale pele 

# chmod +x vpn11.sh

Ka lehlakoreng la smartphone

Ka ho kenya kopo OpenVPN bakeng sa Android, ha e se e kopilitse faele ea tlhophiso, litifikeiti le ho e hlophisa, ho ile ha e-ba tjena:
Ke sheba lengolo-tsoibila la ka ho smartphone ea kaE tsamaisa seva ea VPN ka morao ho NAT ea mofani
Ke fetola nomoro ea boema-kepe ho li-settingE tsamaisa seva ea VPN ka morao ho NAT ea mofani
Ke qala moreki ebe ke hokelaE tsamaisa seva ea VPN ka morao ho NAT ea mofani

Ha ke ntse ke ngola sengoloa sena, ke fetisitse tlhophiso ho tsoa komporong ea ka ho ea ho Raspberry Pi 3 mme ka leka ho tsamaisa ntho eohle ho modem ea LTE, empa ha ea ka ea sebetsa! Sephetho sa Taelo 

# stun stun.ekiga.net -p 11111

Mofuta oa moreki oa STUN 0.97
Ea mantlha: 'Mapa o Ikemetseng, Sefe e Itšetlehileng Boema-kepeng, boema-kepe bo sa reroang, bo tla etsa moriri
Boleng ba ho khutlisa ke 0x000006

moelelo Sefe e Itšetlehileng Boema-kepe ha ea ka ea lumella sistimi ho qala.
Empa mofani oa lehae o lumelletse sistimi ho qala ho Raspberry Pi 3 ntle le mathata.
Ka kopanelo le webcam, le VLC bakeng sa
ho theha RTSP ho tsoa ho webcam

$ cvlc v4l2:///dev/video0:chroma=h264 :input-slave=alsa://hw:1,0 --sout '#transcode{vcodec=x264,venc=x264{preset=ultrafast,profile=baseline,level=31},vb=2048,fps=12,scale=1,acodec=mpga,ab=128,channels=2,samplerate=44100,scodec=none}:rtp{sdp=rtsp://10.2.0.1:8554/}' --no-sout-all --sout-keep

le VLC ho smartphone bakeng sa ho shebella (stream rtsp://10.2.0.1:8554/), e ile ea e-ba mokhoa o motle oa ho shebella video o hōle, u ka boela ua kenya Samba, sephethephethe sa tsela ka VPN, laola khomphuta ea hau le ho hongata. Hape...

fihlela qeto e

Joalokaha tloaelo e bontšitse, ho hlophisa seva sa VPN, u ka etsa ntle le aterese ea IP e ka ntle eo u lokelang ho e lefa, feela joaloka VPS / VDS e hiriloeng. Empa tsohle li itšetlehile ka mofani. Ehlile, ke ne ke batla ho fumana leseli le eketsehileng mabapi le bafani ba fapaneng le mefuta ea NAT e sebelisitsoeng, empa sena ke qalo feela ...
Kea le leboha ka tlhokomelo ea hau!

Source: www.habr.com

Eketsa ka tlhaloso