Wilujeng waktos dinten!
Dina artikel ieu abdi hoyong ngabejaan Anjeun kumaha kuring nerapkeun (
Ngadegkeun sambungan diwangun ku sababaraha léngkah:
- Ngamimitian titik sareng ngantosan titik jauh siap;
- Nangtukeun alamat IP éksternal sareng port UDP;
- Mindahkeun alamat IP éksternal sareng port UDP ka host jauh;
- Kéngingkeun alamat IP éksternal sareng port UDP tina host jauh;
- Organisasi torowongan IPIP;
- Pangimeutan sambungan;
- Upami sambunganna leungit, pupus torowongan IPIP.
Kuring panginten lami sareng masih mikir naon anu tiasa dianggo pikeun tukeur data antara titik, anu pangbasajanna sareng panggancangna pikeun kuring ayeuna damel ngalangkungan Yandex.disk.
- Anu mimiti, gampang dianggo - anjeun peryogi 3 tindakan: nyiptakeun, maca, ngahapus. Kalayan curl ieu:
Jieun:curl -s -X MKCOL --user "$usename:$password" https://webdav.yandex.ru/$folder
Baca:
curl -s --user "$usename:$password" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/$folder
Mupus:
curl -s -X DELETE --user "$usename:$password" https://webdav.yandex.ru/$folder
- Kadua, gampang dipasang:
apt install curl
Pikeun nangtukeun alamat IP éksternal sareng port UDP, paké paréntah setrum-klien:
stun stun.sipnet.ru -v -p $1 2>&1 | grep "MappedAddress"
Pamasangan kalayan paréntah:
apt install stun-client
Pikeun ngatur torowongan, alat OS standar tina pakét iproute2 dianggo. Aya
- muatkeun modul FOU:
modprobe fou
- ngadangukeun port lokal:
ip fou add port $localport ipproto 4
- nyieun torowongan:
ip link add name fou$name type ipip remote $remoteip local $localip encap fou encap-sport $localport encap-dport $remoteport
- naekeun antarmuka torowongan:
ip link set up dev fou$name
- pasihan alamat IP lokal sareng internal jauh tina torowongan:
ip addr add $intIP peer $peerip dev fou$name
Hapus torowongan:
ip link del dev fou$name
ip fou del port $localport
Kaayaan torowongan diawaskeun ku périodik ping alamat IP internal tina torowongan titik jauh kalayan paréntah:
ping -c 1 $peerip -s 0
Ping périodik diperlukeun utamana pikeun ngajaga saluran, disebutkeun, lamun torowongan dianggurkeun, tabel NAT dina routers bisa diberesihan lajeng sambungan bakal pegat.
Upami ping ngaleungit, teras torowongan IPIP dihapus sareng ngantosan kesiapan ti host jauh.
Skrip sorangan:
#!/bin/bash
username="[email protected]"
password="password"
folder="vpnid"
intip="10.0.0.1"
localport=`shuf -i 10000-65000 -n 1`
cid=`shuf -i 10000-99999 -n 1`
tid=`shuf -i 10-99 -n 1`
function yaread {
curl -s --user "$1:$2" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/$3 | sed 's/></>n</g' | grep "displayname" | sed 's/<d:displayname>//g' | sed 's/</d:displayname>//g' | grep -v $3 | grep -v $4 | sort -r
}
function yacreate {
curl -s -X MKCOL --user "$1:$2" https://webdav.yandex.ru/$3
}
function yadelete {
curl -s -X DELETE --user "$1:$2" https://webdav.yandex.ru/$3
}
function myipport {
stun stun.sipnet.ru -v -p $1 2>&1 | grep "MappedAddress" | sort | uniq | awk '{print $3}' | head -n1
}
function tunnel-up {
modprobe fou
ip fou add port $4 ipproto 4
ip link add name fou$7 type ipip remote $1 local $3 encap fou encap-sport $4 encap-dport $2
ip link set up dev fou$7
ip addr add $6 peer $5 dev fou$7
}
function tunnel-check {
sleep 10
pings=0
until [[ $pings == 4 ]]; do
if ping -c 1 $1 -s 0 &>/dev/null;
then echo -n .; n=0
else echo -n !; ((pings++))
fi
sleep 15
done
}
function tunnel-down {
ip link del dev fou$1
ip fou del port $2
}
trap 'echo -e "nDisconnecting..." && yadelete $username $password $folder; tunnel-down $tunnelid $localport; echo "IPIP tunnel disconnected!"; exit 1' 1 2 3 8 9 14 15
until [[ -n $end ]]; do
yacreate $username $password $folder
until [[ -n $ip ]]; do
mydate=`date +%s`
timeout="60"
list=`yaread $username $password $folder $cid | head -n1`
yacreate $username $password $folder/$mydate:$cid
for l in $list; do
if [ `echo $l | sed 's/:/ /g' | awk {'print $1'}` -ge $(($mydate-65)) ]; then
#echo $list
myipport=`myipport $localport`
yacreate $username $password $folder/$mydate:$cid:$myipport:$intip:$tid
timeout=$(( $timeout + `echo $l | sed 's/:/ /g' | awk {'print $1'}` - $mydate + 3 ))
ip=`echo $l | sed 's/:/ /g' | awk '{print $3}'`
port=`echo $l | sed 's/:/ /g' | awk '{print $4}'`
peerip=`echo $l | sed 's/:/ /g' | awk '{print $5}'`
peerid=`echo $l | sed 's/:/ /g' | awk '{print $6}'`
if [[ -n $peerid ]]; then tunnelid=$(($peerid*$tid)); fi
fi
done
if ( [[ -z "$ip" ]] && [ "$timeout" -gt 0 ] ) ; then
echo -n "!"
sleep $timeout
fi
done
localip=`ip route get $ip | head -n1 | sed 's|.*src ||' | cut -d' ' -f1`
tunnel-up $ip $port $localip $localport $peerip $intip $tunnelid
tunnel-check $peerip
tunnel-down $tunnelid $localport
yadelete $username $password $folder
unset ip port myipport
done
exit 0
Variabel ngaran pamaké, password и map kudu sarua dina dua sisi, tapi intip - béda, contona: 10.0.0.1 jeung 10.0.0.2. Waktos dina titik kedah disingkronkeun. Anjeun tiasa ngajalankeun skrip sapertos kieu:
nohup script.sh &
Abdi hoyong narik perhatian anjeun kana kanyataan yén torowongan IPIP teu aman tina sudut pandang kanyataan yén lalu lintas henteu énkripsi, tapi ieu tiasa gampang direngsekeun nganggo IPsec.
Kuring geus ngagunakeun Aksara ieu pikeun nyambung ka PC gawé pikeun sababaraha minggu ayeuna na teu noticed masalah nanaon. Merenah dina hal netepkeunana sareng mopohokeunana.
Panginten anjeun gaduh koméntar sareng saran, kuring bakal resep ngadangukeun.
Hatur nuhun kanggo nengetan!
sumber: www.habr.com