Kuendeleza kuhusu jinsi nilivyoweza kupanga handaki ya moja kwa moja ya VPN kati ya kompyuta mbili zilizo nyuma ya watoa huduma wa NAT. Nakala iliyotangulia ilielezea mchakato wa kupanga muunganisho kwa msaada wa mtu wa tatu - mpatanishi (VPS iliyokodishwa kama kitu kama seva ya STUN na kisambaza data cha nodi kwa unganisho). Katika makala hii nitakuambia jinsi nilivyoweza bila VPS, lakini waamuzi walibaki na walikuwa seva ya STUN na Yandex.Disk...
Utangulizi
Baada ya kusoma maoni ya chapisho lililopita, niligundua kuwa shida kuu ya utekelezaji ilikuwa matumizi ya mpatanishi - mtu wa tatu (VPS) ambaye alionyesha vigezo vya sasa vya node, wapi na jinsi ya kuunganishwa. Kwa kuzingatia mapendekezo ya kutumia STUN hii () kuamua vigezo vya uunganisho vya sasa. Kwanza kabisa, niliamua kutumia TCPDump kuangalia yaliyomo kwenye pakiti wakati seva ya STUN ilifanya kazi na wateja na kupokea maudhui yasiyoweza kusomeka kabisa. Kupitia itifaki niliyokutana nayo . Niligundua kuwa sikuweza kutekeleza ombi kwa seva ya STUN peke yangu na kuweka wazo katika "sanduku la mbali".
Nadharia
Hivi majuzi ilibidi nisakinishe seva ya STUN kwenye Debian kutoka kwa kifurushi
# apt install stun-serverna katika utegemezi niliona kifurushi cha mteja wa stun, lakini kwa namna fulani sikuizingatia. Lakini baadaye nilikumbuka juu ya kifurushi cha mteja mzuri na niliamua kujua jinsi inavyofanya kazi, baada ya kuvinjari na kutafuta katika Yandex nilipata:
# apt install stun-client
# stun stun.ekiga.net -p 21234 -v
Kwa kujibu nilipokea:
Toleo la mteja wa STUN 0.97
Ilifunguliwa bandari 21234 na fd 3
Ilifunguliwa bandari 21235 na fd 4
Usimbaji ujumbe wa mshtuko:
Ombi la Kubadilisha Usimbaji: 0Karibu kutuma msg ya len 28 kwa 216.93.246.18:3478
Usimbaji ujumbe wa mshtuko:
Ombi la Kubadilisha Usimbaji: 4Karibu kutuma msg ya len 28 kwa 216.93.246.18:3478
Usimbaji ujumbe wa mshtuko:
Ombi la Kubadilisha Usimbaji: 2Karibu kutuma msg ya len 28 kwa 216.93.246.18:3478
Umepokea ujumbe wa kushtukiza: baiti 92
MappedAddress = <IP Yangu>:2885
SourceAddress = 216.93.246.18:3478
Anwani Iliyobadilishwa = 216.93.246.17:3479
Sifa isiyojulikana: 32800
ServerName = Vovida.org 0.98-CPC
Ujumbe uliopokea wa aina 257 id=1
Usimbaji ujumbe wa mshtuko:
Ombi la Kubadilisha Usimbaji: 0Karibu kutuma msg ya len 28 kwa 216.93.246.17:3478
Usimbaji ujumbe wa mshtuko:
Ombi la Kubadilisha Usimbaji: 4Karibu kutuma msg ya len 28 kwa 216.93.246.18:3478
Usimbaji ujumbe wa mshtuko:
Ombi la Kubadilisha Usimbaji: 2Karibu kutuma msg ya len 28 kwa 216.93.246.18:3478
Usimbaji ujumbe wa mshtuko:
Ombi la Kubadilisha Usimbaji: 0Karibu kutuma ujumbe wa len 28 kwa <IP Yangu>:2885
Umepokea ujumbe wa kushtukiza: baiti 28
BadilishaOmbi = 0
Ujumbe uliopokea wa aina 1 id=11
Usimbaji ujumbe wa mshtuko:
Ombi la Kubadilisha Usimbaji: 0Karibu kutuma msg ya len 28 kwa 216.93.246.17:3478
Usimbaji ujumbe wa mshtuko:
Ombi la Kubadilisha Usimbaji: 4Karibu kutuma msg ya len 28 kwa 216.93.246.18:3478
Usimbaji ujumbe wa mshtuko:
Ombi la Kubadilisha Usimbaji: 2Karibu kutuma msg ya len 28 kwa 216.93.246.18:3478
Umepokea ujumbe wa kushtukiza: baiti 92
MappedAddress = <IP Yangu>:2885
SourceAddress = 216.93.246.17:3479
Anwani Iliyobadilishwa = 216.93.246.18:3478
Sifa isiyojulikana: 32800
ServerName = Vovida.org 0.98-CPC
Ujumbe uliopokea wa aina 257 id=10
Usimbaji ujumbe wa mshtuko:
Ombi la Kubadilisha Usimbaji: 4Karibu kutuma msg ya len 28 kwa 216.93.246.18:3478
Usimbaji ujumbe wa mshtuko:
Ombi la Kubadilisha Usimbaji: 2Karibu kutuma msg ya len 28 kwa 216.93.246.18:3478
Usimbaji ujumbe wa mshtuko:
Ombi la Kubadilisha Usimbaji: 4Karibu kutuma msg ya len 28 kwa 216.93.246.18:3478
Usimbaji ujumbe wa mshtuko:
Ombi la Kubadilisha Usimbaji: 2Karibu kutuma msg ya len 28 kwa 216.93.246.18:3478
Usimbaji ujumbe wa mshtuko:
Ombi la Kubadilisha Usimbaji: 4Karibu kutuma msg ya len 28 kwa 216.93.246.18:3478
Usimbaji ujumbe wa mshtuko:
Ombi la Kubadilisha Usimbaji: 2Karibu kutuma msg ya len 28 kwa 216.93.246.18:3478
Usimbaji ujumbe wa mshtuko:
Ombi la Kubadilisha Usimbaji: 4Karibu kutuma msg ya len 28 kwa 216.93.246.18:3478
Usimbaji ujumbe wa mshtuko:
Ombi la Kubadilisha Usimbaji: 2Karibu kutuma msg ya len 28 kwa 216.93.246.18:3478
Usimbaji ujumbe wa mshtuko:
Ombi la Kubadilisha Usimbaji: 4Karibu kutuma msg ya len 28 kwa 216.93.246.18:3478
Usimbaji ujumbe wa mshtuko:
Ombi la Kubadilisha Usimbaji: 2Karibu kutuma msg ya len 28 kwa 216.93.246.18:3478
mtihani I = 1
mtihani II = 0
mtihani III = 0
mtihani I(2) = 1
ni nat = 1
IP iliyopangwa sawa = 1
nywele = 1
bandari ya hifadhi = 0
Msingi: Uchoraji Huru wa Ramani, Kichujio Kitegemezi Bandari, mlango wa nasibu, utabana nywele
Thamani ya kurejesha ni 0x000006
Kamba yenye thamani
MappedAddress = <IP Yangu>:2885
unachohitaji tu! Ilionyesha hali ya sasa ya muunganisho kwenye bandari ya ndani ya UDP 21234. Lakini hii ni nusu tu ya vita; swali liliibuka jinsi ya kuhamisha data hii kwa seva pangishi ya mbali na kuandaa muunganisho wa VPN. Kutumia itifaki ya barua, au labda Telegraph?! Kuna chaguo nyingi na niliamua kutumia Yandex.disk, tangu nilipokutana . Baada ya kufikiria juu ya utekelezaji, nilikuja na mpango ufuatao:
- Ishara kwamba nodes ziko tayari kuanzisha uunganisho kwa kuwepo kwa faili maalum na timestamp kwenye Yandex.disk;
- Ikiwa nodes ziko tayari, kisha kupokea vigezo vya sasa kutoka kwa seva ya STUN;
- Pakia mipangilio ya sasa kwa Yandex.disk;
- Angalia uwepo na usome vigezo vya node ya mbali kutoka kwa faili kwenye Yandex.disk;
- Kuanzisha muunganisho na seva pangishi ya mbali kwa kutumia OpenVPN.
Mazoezi
Baada ya kufikiria kidogo, kwa kuzingatia uzoefu wa makala ya mwisho, niliandika haraka script. Tutahitaji:
# apt install openvpn stun-client curl Nakala yenyewe:
toleo asili
# cat vpn8.sh#!/bin/bash
######################## ΠΠ°Π΄Π°Π΅ΠΌ ΡΠ²Π΅ΡΠ½ΠΎΠΉ ΡΠ΅ΠΊΡΡ ###
WARN='33[37;1;41m' #
END='33[0m' #
RED='33[0;31m' # ${RED} #
GREEN='33[0;32m' # ${GREEN} #
#################################################
####################### ΠΡΠΎΠ²Π΅ΡΡΠ΅ΠΌ Π½Π°Π»ΠΈΡΠΈΠ΅ Π½Π΅ΠΎΠ±Ρ
ΠΎΠ΄ΡΠΌΠΈΡ
ΠΏΡΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΠΉ #########################################################
al="echo readlink dirname grep awk md5sum shuf nc curl sleep openvpn cat stun"
ch=0
for i in $al; do which $i > /dev/null || echo -e "${WARN}ΠΠ»Ρ ΡΠ°Π±ΠΎΡΡ Π½Π΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌ $i ${END}"; which $i > /dev/null || ch=1; done
if (( $ch > 0 )); then echo -e "${WARN}ΠΠΉ, ΠΎΡΡΡΡΡΡΠ²ΡΡΡ Π½Π΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌΡΠ΅ Π΄Π»Ρ ΠΊΠΎΡΡΠ΅ΠΊΡΠ½ΠΎΠΉ ΡΠ°Π±ΠΎΡΡ ΠΏΡΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΡ${END}"; exit; fi
#######################################################################################################################
if [[ $1 == '' ]]; then echo -e "${WARN}ΠΠ²Π΅Π΄ΠΈΡΠ΅ ΠΈΠ΄Π΅Π½ΡΠΈΡΠΈΠΊΠ°ΡΠΎΡ ΡΠΎΠ΅Π΄ΠΈΠ½Π΅Π½ΠΈΡ (Π»ΡΠ±ΠΎΠ΅ ΡΠ½ΠΈΠΊΠ°Π»ΡΠ½ΠΎΠ΅ ΡΠ»ΠΎΠ²ΠΎ, Π΄ΠΎΠ»ΠΆΠ½ΠΎ Π±ΡΡΡ ΠΎΠ΄ΠΈΠ½Π°ΠΊΠΎΠ²ΠΎΠ΅ Ρ Π΄Π²ΡΡ
ΡΡΠΎΡΠΎΠ½!) ${END} t
${GREEN}ΠΠ»Ρ Π·Π°ΠΏΡΡΠΊΠ° Π² Π°Π²ΡΠΎΠΌΠ°ΡΠΈΡΠ΅ΡΠΊΠΎΠΌ ΡΠ΅ΠΆΠΈΠΌΠ΅ ΠΏΡΠΈ Π²ΠΊΠ»ΡΡΠ΅Π½ΠΈΠΈ ΠΊΠΎΠΌΠΏΡΡΡΠ΅ΡΠ° ΠΌΠΎΠΆΠ½ΠΎ ΠΏΡΠΎΠΏΠΈΡΠ°ΡΡ Π² /etc/rc.local ΡΡΡΠΎΠΊΡ nohup /<ΠΏΡΡΡ ΠΊ ΡΠ°ΠΉΠ»Ρ>/vpn8.sh > /var/log/vpn8.log 2>/dev/hull & ${END}"; exit; fi
ABSOLUTE_FILENAME=`readlink -f "$0"` # ΠΏΠΎΠ»Π½ΡΠΉ ΠΏΡΡΡ Π΄ΠΎ ΡΠΊΡΠΈΠΏΡΠ°
DIR=`dirname "$ABSOLUTE_FILENAME"` # ΠΊΠ°ΡΠ°Π»ΠΎΠ³ Π² ΠΊΠΎΡΠΎΡΠΎΠΌ Π»Π΅ΠΆΠΈΡ ΡΠΊΡΠΈΠΏΡ
############################### ΠΡΠΎΠ²Π΅ΡΠΊΠ° Π½Π°Π»ΠΈΡΠΈΡ ΡΠ΅ΠΊΡΠ΅ΡΠ½ΠΎΠ³ΠΎ ΠΊΠ»ΡΡΠ° ##################################
key="$DIR/secret.key"
if [ ! -f "$key" ]; then
echo -e "${WARN}Π‘Π΅ΠΊΡΠ΅ΡΠ½ΡΠΉ ΠΊΠ»ΡΡ VPN-ΡΠΎΠ΅Π΄ΠΈΠ½Π΅Π½ΠΈΡ Π½Π΅ Π½Π°ΠΉΠ΄Π΅Π½, Π΄Π»Ρ Π³Π΅Π½Π΅ΡΠ°ΡΠΈΠΈ ΠΊΠ»ΡΡΠ° Π²ΡΠΏΠΎΠ»Π½ΠΈΡΠ΅:
openvpn --genkey --secret secret.key ΠΠ½ΠΈΠΌΠ°Π½ΠΈΠ΅: ΠΊΠ»ΡΡ ΠΈΡΠΏΠΎΠ»ΡΠ·ΡΠ΅ΡΡΡ Π΄Π»Ρ Π°Π²ΡΠΎΡΠΈΠ·Π°ΡΠΈΠΈ ΠΈ Π΄ΠΎΠ»ΠΆΠ΅Π½
Π±ΡΡΡ ΠΎΠ΄ΠΈΠ½Π°ΠΊΠΎΠ²ΡΠΌ Ρ Π΄Π²ΡΡ
ΡΡΠΎΡΠΎΠ½!!!${END}
# ls -l secret.key
-rw------- 1 root root 637 Π½ΠΎΡ 27 11:12 secret.key
# chmod 600 secret.key";
exit;
fi
########################################################################################################################
ABSOLUTE_FILENAME=`readlink -f "$0"` # ΠΏΠΎΠ»Π½ΡΠΉ ΠΏΡΡΡ Π΄ΠΎ ΡΠΊΡΠΈΠΏΡΠ°
DIR=`dirname "$ABSOLUTE_FILENAME"` # ΠΊΠ°ΡΠ°Π»ΠΎΠ³ Π² ΠΊΠΎΡΠΎΡΠΎΠΌ Π»Π΅ΠΆΠΈΡ ΡΠΊΡΠΈΠΏΡ
name=$(uname -n | md5sum | awk '{print $1}')
vpn=$(echo $1 | md5sum | awk '{print $1}')
stun="stun.ekiga.net" # STUN ΡΠ΅ΡΠ²Π΅Ρ
username="Yandex" # ΠΠΎΠ³ΠΈΠ½ ΠΎΡ Π―Π½Π΄Π΅ΠΊΡ.Π΄ΠΈΡΠΊΠ°
password="Password" # ΠΠ°ΡΠΎΠ»Ρ ΠΎΡ Π―Π½Π΄Π΅ΠΊΡ.Π΄ΠΈΡΠΊΠ°
localport=`shuf -i 20000-65000 -n 1` # Π³Π΅Π½Π΅ΡΠ°ΡΠΈΡ Π»ΠΎΠΊΠ°Π»ΡΠ½ΠΎΠ³ΠΎ ΠΏΠΎΡΡΠ°
echo "$(date) Π‘ΠΎΠ·Π΄Π°Ρ ΠΏΠ°ΠΏΠΊΡ Π½Π° Π―Π½Π΄Π΅ΠΊΡ.Π΄ΠΈΡΠΊΠ΅"
curl -X MKCOL --user "${username}:${password}" https://webdav.yandex.ru/vpn-$vpn
echo "$(date) ΠΡΠΈΡΠ°Ρ ΠΏΠ°ΠΏΠΊΡ ΠΎΡ Π²ΡΡΠΊΠΎΠ³ΠΎ ΠΌΡΡΠΎΡΠ°"
for i in `curl --silent --user "$username:$password" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/vpn-$vpn/ | sed 's/></n/g' | grep "d:displayname" | sed 's/d:displayname//g' | sed 's/>//g' | sed 's/<//' | sed 's////g' | grep -v $(date +%Y-%m-%d-%H-%M)`; do
echo "$(date) Delete: $i"
curl -X DELETE --user "${username}:${password}" https://webdav.yandex.ru/vpn-$vpn/$i
done
until [ $c ];do
until [[ $b ]]; do
echo "$(date) ΠΡΠΎΠ²Π΅ΡΡΡ ΠΏΠ°ΠΏΠΊΡ"
date=`date +%Y-%m-%d-%H-%M`
mydata=`curl --silent --user "${username}:${password}" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/vpn-$vpn/ | sed 's/></>n</g' | grep $name | grep $date | grep "d:displayname"`
if [[ -z $mydata ]]; then
echo "$(date) Π€Π°ΠΉΠ» Π³ΠΎΡΠΎΠ²Π½ΠΎΡΡΠΈ ΡΠΎΠ·Π΄Π°Π½"
echo "$date" > "/tmp/$date-$name-ready.txt"
curl -T "/tmp/$date-$name-ready.txt" --user "$username:$password" https://webdav.yandex.ru/vpn-$vpn/$date-$name-ready.txt
else
echo "$(date) Π€Π°ΠΉΠ» Π³ΠΎΡΠΎΠ²Π½ΠΎΡΡΠΈ ΡΠΆΠ΅ ΡΡΡΠ΅ΡΡΠ²ΡΠ΅Ρ - $date"
fi
remote=`curl --silent --user "${username}:${password}" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/vpn-$vpn/ | sed 's/></>n</g' | grep -v $name | grep $date | grep "d:displayname"`
if [[ -z $remote ]]; then
echo -e "$(date) ${RED} Π£Π΄Π°Π»Π΅Π½Π½ΡΠΉ ΡΠ·Π΅Π» Π½Π΅ Π³ΠΎΡΠΎΠ² ${END}"
echo "$(date) ΠΠ΄Ρ"
sleep 20
else
echo -e "$(date) ${GREEN} Π£Π΄Π°Π»Π΅Π½Π½ΡΠΉ ΡΠ·Π΅Π» Π³ΠΎΡΠΎΠ² ${END}"
b=1
a=''
fi
done
until [ $a ]; do
echo "$(date) ΠΠΎΠ΄ΠΊΠ»ΡΡΠ΅Π½ΠΈΠ΅ ΠΈ ΠΏΠΎΠ»ΡΡΠ΅Π½ΠΈΠ΅ Π΄Π°Π½Π½ΡΡ
ΠΎΡ STUN ΡΠ΅ΡΠ²Π΅ΡΠ°: $stun"
mydata=`stun $stun -p $localport -v 2>&1 | grep MappedAddress | sort | uniq`
echo -e "$(date) ${GREEN}ΠΠΎΠΈ Π΄Π°Π½Π½ΡΠ΅ ΡΠΎΠ΅Π΄ΠΈΠ½Π΅Π½ΠΈΡ: $mydata${END}"
echo "$mydata" > "$DIR/mydata"
echo "$(date) ΠΠ°Π³ΡΡΠ·ΠΊΠ° Π΄Π°Π½Π½ΡΡ
Π½Π° Π―Π½Π΄Π΅ΠΊΡ.Π΄ΠΈΡΠΊ"
curl -T "$DIR/mydata" --user "$username:$password" https://webdav.yandex.ru/vpn-$vpn/$name.txt
echo "$(date) ΠΠΎΠ»ΡΡΠ΅Π½ΠΈΠ΅ ΡΠ°ΠΉΠ»Π° Π΄Π°Π½Π½ΡΡ
ΡΠ΄Π°Π»Π΅Π½Π½ΠΎΠ³ΠΎ ΡΠ·Π»Π°"
filename=$(curl --silent --user "${username}:${password}" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/vpn-$vpn/ | sed 's/></n/g' | grep "d:displayname>" | grep "txt" | grep -v "$name" | grep -v "ready" | sed 's|.*d:displayname>||' | sed 's/</ /g' | awk '{print $1}')
echo "$(date) Π§ΡΠ΅Π½ΠΈΠ΅ ΡΠ°ΠΉΠ»Π° Π΄Π°Π½Π½ΡΡ
ΡΠ΄Π°Π»Π΅Π½Π½ΠΎΠ³ΠΎ ΡΠ·Π»Π°: $filename"
address=$(curl --silent --user "$username:$password" https://webdav.yandex.ru/vpn-$vpn/$filename | sort | uniq | head -n1 | sed 's/:/ /g')
echo "$(date) ΠΠΏΡΠ΅Π΄Π΅Π»Π΅Π½ΠΈΠ΅ IP-Π°Π΄ΡΠ΅ΡΠ° ΠΈ ΠΏΠΎΡΡΠ°"
ip=$(echo "$address" | awk '{print $3}')
port=$(echo "$address" | awk '{print $4}')
if [[ -n "$ip" && -n "$port" ]]; then
echo -e "$(date) ${GREEN} Π‘ΠΎΠ΅Π΄ΠΈΠ½Π΅Π½ΠΈΠ΅ $ip $port ${END}"
openvpn --remote $ip --rport $port --lport $localport
--proto udp --dev tap --float --auth-nocache --verb 3 --mute 20
--ifconfig 10.45.54.2 255.255.255.252
--secret "$DIR/secret.key"
--auth SHA256 --cipher AES-256-CBC
--ncp-disable --ping 10 --ping-exit 30
--comp-lzo yes
echo -e "$(date) ${WARN} Π‘ΠΎΠ΅Π΄ΠΈΠ½Π΅Π½ΠΈΠ΅ ΡΠ°Π·ΠΎΡΠ²Π°Π½ΠΎ${END}"
a=1
b=''
else
a=1
b=''
fi
done
doneIli hati ifanye kazi unahitaji:
- Nakili kwenye ubao wa kunakili na ubandike kwenye kihariri, kwa mfano:
# nano vpn8.sh - taja jina la mtumiaji na nenosiri la Yandex.disk.
- kwenye uwanja "-ifconfig 10.45.54.(1 au 2) 255.255.255.252" taja anwani ya IP ya ndani ya kiolesura
- kuunda siri.ufunguo amri:
# openvpn --genkey --secret secret.key - fanya hati itekelezwe:
# chmod +x vpn8.sh - endesha hati:
# ./vpn8.sh nZbVGBuX5dtturDambapo nZbVGBuX5dtturD ni kitambulisho cha muunganisho kilichotolewa
Kwenye nodi ya mbali, fanya kila kitu sawa isipokuwa kwa kuzalisha siri.key na ID ya uunganisho, lazima ziwe sawa.
Toleo lililosasishwa (lazima muda ulandanishwe kwa utendakazi sahihi):
cat vpn10.sh#!/bin/bash
stuns="stun.sipnet.ru stun.ekiga.net" # Π‘ΠΏΠΈΡΠΎΠΊ STUN ΡΠ΅ΡΠ²Π΅ΡΠΎΠ² ΡΠ΅ΡΠ΅Π· ΠΏΡΠΎΠ±Π΅Π»
username=" Login " # ΠΠΎΠ³ΠΈΠ½ ΠΎΡ Π―Π½Π΄Π΅ΠΊΡ.Π΄ΠΈΡΠΊΠ°
password=" Password " # ΠΠ°ΡΠΎΠ»Ρ ΠΎΡ Π―Π½Π΄Π΅ΠΊΡ.Π΄ΠΈΡΠΊΠ°
intip="10.23.22.1" # IP-Π°Π΄ΡΠ΅Ρ Π²Π½ΡΡΡΠ΅Π½Π½Π΅Π³ΠΎ ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡΠ°
WARN='33[37;1;41m'
END='33[0m'
RED='33[0;31m'
GREEN='33[0;32m'
al="ip echo readlink dirname grep awk md5sum openssl sha256sum shuf curl sleep openvpn cat stun"
ch=0
for i in $al; do which $i > /dev/null || echo -e "${WARN}ΠΠ»Ρ ΡΠ°Π±ΠΎΡΡ Π½Π΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌ $i ${END}"; which $i > /dev/null || ch=1; done
if (( $ch > 0 )); then echo -e "${WARN}ΠΠΉ, ΠΎΡΡΡΡΡΡΠ²ΡΡΡ Π½Π΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌΡΠ΅ Π΄Π»Ρ ΠΊΠΎΡΡΠ΅ΠΊΡΠ½ΠΎΠΉ ΡΠ°Π±ΠΎΡΡ ΠΏΡΠΈΠ»ΠΎΠΆΠ΅Π½ΠΈΡ${END}"; exit; fi
if [[ $1 == '' ]];
then
echo -e "${WARN}ΠΠ²Π΅Π΄ΠΈΡΠ΅ ΠΈΠ΄Π΅Π½ΡΠΈΡΠΈΠΊΠ°ΡΠΎΡ ΡΠΎΠ΅Π΄ΠΈΠ½Π΅Π½ΠΈΡ (Π»ΡΠ±ΠΎΠ΅ ΡΠ½ΠΈΠΊΠ°Π»ΡΠ½ΠΎΠ΅ ΡΠ»ΠΎΠ²ΠΎ, Π΄ΠΎΠ»ΠΆΠ½ΠΎ Π±ΡΡΡ ΠΎΠ΄ΠΈΠ½Π°ΠΊΠΎΠ²ΠΎΠ΅ Ρ Π΄Π²ΡΡ
ΡΡΠΎΡΠΎΠ½!) ${END} t
${GREEN}ΠΠ»Ρ Π·Π°ΠΏΡΡΠΊΠ° Π² Π°Π²ΡΠΎΠΌΠ°ΡΠΈΡΠ΅ΡΠΊΠΎΠΌ ΡΠ΅ΠΆΠΈΠΌΠ΅ ΠΏΡΠΈ Π²ΠΊΠ»ΡΡΠ΅Π½ΠΈΠΈ ΠΊΠΎΠΌΠΏΡΡΡΠ΅ΡΠ° ΠΌΠΎΠΆΠ½ΠΎ ΠΏΡΠΎΠΏΠΈΡΠ°ΡΡ Π² /etc/rc.local ΡΡΡΠΎΠΊΡ nohup /<ΠΏΡΡΡ ΠΊ ΡΠ°ΠΉΠ»Ρ>/vpn10.sh > /var/log/vpn10.log 2>/dev/hull & ${END}"
exit
fi
ABSOLUTE_FILENAME=`readlink -f "$0"` # ΠΏΠΎΠ»Π½ΡΠΉ ΠΏΡΡΡ Π΄ΠΎ ΡΠΊΡΠΈΠΏΡΠ°
DIR=`dirname "$ABSOLUTE_FILENAME"` # ΠΊΠ°ΡΠ°Π»ΠΎΠ³ Π² ΠΊΠΎΡΠΎΡΠΎΠΌ Π»Π΅ΠΆΠΈΡ ΡΠΊΡΠΈΠΏΡ
key="$DIR/secret.key"
until [[ -n "$iftosrv" ]]
do
echo "$(date) ΠΠΏΡΠ΅Π΄Π΅Π»ΡΡ ΡΠ΅ΡΠ΅Π²ΠΎΠΉ ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡ"; iftosrv=`ip route get 8.8.8.8 | head -n 1 | sed 's|.*dev ||' | awk '{print $1}'`
sleep 5
done
timedatectl
name=$(uname -n | md5sum | awk '{print $1}')
vpn=$(echo $1 | md5sum | awk '{print $1}')
echo "$(date) Π‘ΠΎΠ·Π΄Π°Ρ ΠΏΠ°ΠΏΠΊΡ Π½Π° Π―Π½Π΄Π΅ΠΊΡ.Π΄ΠΈΡΠΊΠ΅"
curl -X MKCOL --user "${username}:${password}" https://webdav.yandex.ru/vpn-$vpn
echo "$(date) ID Π½Π° Π΄ΠΈΡΠΊΠ΅: $vpn"
until [ $c ];do
echo "$(date) ΠΡΠΈΡΠ°Ρ ΠΏΠ°ΠΏΠΊΡ ΠΎΡ Π²ΡΡΠΊΠΎΠ³ΠΎ ΠΌΡΡΠΎΡΠ°"
for i in `curl --silent --user "$username:$password" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/vpn-$vpn/ | sed 's/></n/g' | grep "d:displayname" | sed 's/d:displayname//g' | sed 's/>//g' | sed 's/<//' | sed 's////g' | grep -v $(date +%Y-%m-%d-%H-%M)`
do
echo -e "$(date)${RED} Π£Π΄Π°Π»ΡΡ ΡΡΠ°ΡΡΠΉ ΡΠ°ΠΉΠ»: $i${END}"
curl -X DELETE --user "${username}:${password}" https://webdav.yandex.ru/vpn-$vpn/$i
done
echo "$(date) ID Π½Π° Π΄ΠΈΡΠΊΠ΅: $vpn"
openvpn --genkey --secret "$key"
passwd=`echo "$vpn-tt" | sha256sum | awk '{print $1}'`
openssl AES-256-CBC -e -in "$key" -out "$DIR/file.enc" -k "$passwd" -base64
curl -T "$DIR/file.enc" --user "$username:$password" https://webdav.yandex.ru/vpn-$vpn/key.enc
rm "$DIR"/file.enc
echo -e "$(date) ${GREEN}Π€Π°Π·Π° 1 - ΠΠΎΠ»ΡΡΠ΅Π½ΠΈΠ΅ Π³ΠΎΡΠΎΠ²Π½ΠΎΡΡΠΈ ΡΠ΄Π°Π»Π΅Π½Π½ΠΎΠ³ΠΎ ΡΠ·Π»Π°${END}"
go=3
localport=`shuf -i 20000-65000 -n 1` # Π³Π΅Π½Π΅ΡΠ°ΡΠΈΡ Π»ΠΎΠΊΠ°Π»ΡΠ½ΠΎΠ³ΠΎ ΠΏΠΎΡΡΠ°
start=''
remote=''
timeout1=''
nextcheck=''
timestart=''
until [[ $b ]]
do
echo "$(date) ΠΡΠΎΠ²Π΅ΡΡΡ ΠΏΠ°ΠΏΠΊΡ"
date=`date +%s`
timeout1=60
echo "$(date) Π‘ΠΎΠ·Π΄Π°Π½ΠΈΠ΅ ΡΠ°ΠΉΠ»Π° Π³ΠΎΡΠΎΠ²Π½ΠΎΡΡΠΈ $date"
echo "$date" > "/tmp/ready-$date-$name.txt"
curl -T "/tmp/ready-$date-$name.txt" --user "$username:$password" https://webdav.yandex.ru/vpn-$vpn/ready-$name.txt
readyfile=`curl --silent --user "${username}:${password}" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/vpn-$vpn/ | sed 's/></>n</g' | grep -v $name | grep "ready" | grep "d:displayname" | sed 's/<d:displayname>//g' | sed 's/</d:displayname>//g'`
if [[ -z $readyfile ]]
then
echo -e "$(date) ${RED} Π£Π΄Π°Π»Π΅Π½Π½ΡΠΉ ΡΠ·Π΅Π» Π½Π΅ Π³ΠΎΡΠΎΠ² ${END}"
echo "$(date) ΠΠ΄Ρ 60 ΡΠ΅ΠΊΡΠ½Π΄"
sleep $timeout1
else
remote=$(curl --silent --user "$username:$password" https://webdav.yandex.ru/vpn-$vpn/$readyfile)
echo -e "$(date) ${GREEN} Π£Π΄Π°Π»Π΅Π½Π½ΡΠΉ ΡΠ·Π΅Π» Π³ΠΎΡΠΎΠ² ${END}"
start=`curl --silent --user "${username}:${password}" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/vpn-$vpn/ | sed 's/></>n</g' | grep "start" | grep "d:displayname" | sed 's/-/ /g' | awk '{print $2}'`
if [[ -z $start ]]
then
let nextcheck=$timeout1-$date+$remote
let timestart=$date+$timeout1-$nextcheck
go=$nextcheck
echo "$timestart" > "/tmp/start-$date-$name.txt"
curl -T "/tmp/start-$date-$name.txt" --user "$username:$password" https://webdav.yandex.ru/vpn-$vpn/start-$date-$name.txt
else
echo "$(date) ΠΆΠ΄Ρ $go ΡΠ΅ΠΊΡΠ½Π΄"
sleep $go
b=1
a=''
fi
fi
done
echo -e "$(date) ${GREEN}Π€Π°Π·Π° 2 - ΠΠ±ΠΌΠ΅Π½ Π΄Π°Π½Π½ΡΠΌΠΈ ΠΈ ΡΡΡΠ°Π½ΠΎΠ²ΠΊΠ° ΡΠΎΠ΅Π΄ΠΈΠ½Π΅Π½ΠΈΡ${END}"
mydata=''
filename=''
address=''
myip=''
ip=''
port=''
ex=0
until [ $a ]; do
until [[ -n "$mydata" ]]; do
k=`echo "$stuns" | wc -w`
x=1
z=`shuf -i 1-$k -n 1`
for st in $stuns; do
if [[ $x == $z ]]; then
stun=$st;
fi;
(( x++ ));
done
echo "$(date) ΠΠΎΠ΄ΠΊΠ»ΡΡΠ΅Π½ΠΈΠ΅ ΠΈ ΠΏΠΎΠ»ΡΡΠ΅Π½ΠΈΠ΅ Π΄Π°Π½Π½ΡΡ
ΠΎΡ STUN ΡΠ΅ΡΠ²Π΅ΡΠ°: $stun"
sleep 5 && for pid in $(ps xa | grep "stun "$stun" 1 -p "$localport" -v" | grep -v grep | awk '{print $1}'); do kill $pid; done &
mydata=`stun "$stun" 1 -p "$localport" -v 2>&1 | grep "MappedAddress" | sort | uniq`
done
echo -e "$(date) ${GREEN}ΠΠΎΠΈ Π΄Π°Π½Π½ΡΠ΅ ΡΠΎΠ΅Π΄ΠΈΠ½Π΅Π½ΠΈΡ: $mydata${END}"
echo "$(date) ΠΠ°Π³ΡΡΠ·ΠΊΠ° Π΄Π°Π½Π½ΡΡ
Π½Π° Π―Π½Π΄Π΅ΠΊΡ.Π΄ΠΈΡΠΊ"
echo "$mydata" > "$DIR/mydata"
echo "IntIP $intip" >> "$DIR/mydata"
curl -T "$DIR/mydata" --user "$username:$password" https://webdav.yandex.ru/vpn-$vpn/$name-ipport.txt
rm "$DIR/mydata"
sleep 5
echo "$(date) ΠΠΎΠ»ΡΡΠ΅Π½ΠΈΠ΅ ΡΠ°ΠΉΠ»Π° Π΄Π°Π½Π½ΡΡ
ΡΠ΄Π°Π»Π΅Π½Π½ΠΎΠ³ΠΎ ΡΠ·Π»Π°"
filename=$(curl --silent --user "${username}:${password}" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/vpn-$vpn/ | sed 's/></n/g' | grep "d:displayname>" | grep "ipport" | grep -v "$name" | sed 's|.*d:displayname>||' | sed 's/</ /g' | awk '{print $1}')
if [[ -n "$filename" ]]
then
echo "$(date) Π§ΡΠ΅Π½ΠΈΠ΅ ΡΠ°ΠΉΠ»Π° Π΄Π°Π½Π½ΡΡ
ΡΠ΄Π°Π»Π΅Π½Π½ΠΎΠ³ΠΎ ΡΠ·Π»Π°: $filename"
address=$(curl --silent --user "$username:$password" https://webdav.yandex.ru/vpn-$vpn/$filename | grep "MappedAddress" | head -n1 | sed 's/:/ /g')
intip2=$(curl --silent --user "$username:$password" https://webdav.yandex.ru/vpn-$vpn/$filename | grep "IntIP" | head -n1 | awk '{print $2}')
echo "$(date) ΠΠΏΡΠ΅Π΄Π΅Π»Π΅Π½ΠΈΠ΅ IP-Π°Π΄ΡΠ΅ΡΠ° ΠΈ ΠΏΠΎΡΡΠ°: $address $sesid2 $tunid2"
ip=$(echo "$address" | awk '{print $3}')
port=$(echo "$address" | awk '{print $4}')
myip=`ip route get "$ip" | head -n 1 | sed 's|.*src ||' | awk '{print $1}'`
if [[ -n "$ip" && -n "$port" && -n "$myip" && -n "$localport" ]];
then
echo -e "$(date) ${GREEN} Π‘ΠΎΠ΅Π΄ΠΈΠ½Π΅Π½ΠΈΠ΅ $ip $port ${END}"
echo -e "`date` ${GREEN} $myip:$localport -> $ip:$port ${END}"
curl --silent --user "$username:$password" https://webdav.yandex.ru/vpn-$vpn/key.enc > "$DIR/secret.enc"
openssl AES-256-CBC -d -in "$DIR/secret.enc" -out "$key" -k "$passwd" -base64
chmod 600 "$key"
rm "$DIR/secret.enc"
openvpn --remote $ip --rport $port --lport $localport
--proto udp --dev tun --float --auth-nocache --verb 3 --mute 20
--ifconfig "$intip" "$intip2"
--secret "$key"
--auth SHA256 --cipher AES-256-CBC
--ncp-disable --ping 10 --ping-exit 20
--comp-lzo yes
a=1
b=''
fi
else
if (( $ex >= 5 ))
then
echo "$(date) Π‘Π±ΡΠΎΡ"
a=1
b=''
fi
(( ex++ ))
sleep 5
fi
done
done
Ili hati ifanye kazi unahitaji:
- Nakili kwenye ubao wa kunakili na ubandike kwenye kihariri, kwa mfano:
# nano vpn10.sh - onyesha kuingia (mstari wa 2) na nenosiri la Yandex.disk (mstari wa 3).
- taja anwani ya IP ya ndani ya handaki (mstari wa 4).
- fanya hati itekelezwe:
# chmod +x vpn10.sh - endesha hati:
# ./vpn10.sh nZbVGBuX5dtturDambapo nZbVGBuX5dtturD ni kitambulisho cha muunganisho kilichotolewa
Kwenye node ya mbali, fanya vivyo hivyo, taja anwani inayofanana ya IP ya ndani ya handaki na kitambulisho cha uunganisho.
Ili kuorodhesha hati inapowashwa, mimi hutumia amri "nohup /<path to the script>/vpn10.sh nZbVGBuX5dtturD > /var/log/vpn10.log 2>/dev/null &" iliyo kwenye faili /etc/ rc.ndani
Hitimisho
Hati inafanya kazi, iliyojaribiwa kwenye Ubuntu (18.04, 19.10, 20.04) na Debian 9. Unaweza kutumia huduma nyingine yoyote kama kisambazaji, lakini kwa uzoefu nilitumia Yandex.disk.
Wakati wa majaribio, iligunduliwa kuwa baadhi ya aina za watoa huduma za NAT haziruhusu kuanzisha muunganisho. Hasa kutoka kwa waendeshaji wa simu ambapo mito imezuiwa.
Ninapanga kuboresha katika suala la:
- Uzalishaji wa kiotomatiki wa secret.key kila wakati unapoanza, simba kwa njia fiche na unakili kwa Yandex.disk ili uhamishe kwa nodi ya mbali (Kwa kuzingatia toleo lililosasishwa)
- Ugawaji otomatiki wa anwani za IP za violesura
- Inasimba data kabla ya kupakia kwenye Yandex.disk
- Uboreshaji wa msimbo
Acha kuwe na IPv6 katika kila nyumba!
Imesasishwa! Faili za hivi punde na kifurushi cha DEB hapa -
Chanzo: mapenzi.com