Abanye bethu abayisebenzisi i-Intanethi ngaphandle kweVPN ngesizathu esinye okanye esinye: umntu ufuna i-IP ezinikeleyo, kwaye kulula kwaye ingabizi ukuthenga iVPS ngee-IP ezimbini kunokuthenga idilesi kumnikezeli, umntu ufuna ukufikelela kuzo zonke iiwebhusayithi. , kwaye kungekhona kuphela abo bavunyelwe kwintsimi yeRussian Federation, abanye bafuna i-IPv6, kodwa umboneleli akayiboneleli...
Amaxesha amaninzi, uqhagamshelo lwe-VPN lusekwe kwisixhobo ngokwaso esisetyenziswa ngexesha elithile, enengqiqo ukuba unekhompyuter enye kunye nefowuni enye kwaye unqabile ukuzisebenzisa ngaxeshanye. Ukuba kukho izixhobo ezininzi kwinethiwekhi yakho yasekhaya, okanye, umzekelo, kukho ezinye apho i-VPN ayinakho ukuqwalaselwa, kuya kuba lula ngakumbi ukwenza itonela ngokuthe ngqo kwi-router yasekhaya ukuze ungacingi ngokuseta isixhobo ngasinye ngokwahlukileyo. .
Ukuba ukhe wafaka i-OpenVPN kwi-router yakho, mhlawumbi ungothukanga ngendlela esebenza ngayo ngokukhawuleza. Ii-SoCs ze-router ezinexabiso eliphantsi zidlula malunga netrafikhi yegigabit ngaphandle kweengxaki, ngenxa yokudluliselwa kwendlela kunye nemisebenzi ye-NAT kwi-chip eyahlukileyo eyenzelwe lo msebenzi kuphela, kwaye iiprosesa eziphambili zeendlela ezinjalo zibuthathaka kakhulu, kuba Enyanisweni akukho mthwalo kubo. Oku kuhambelana kukuvumela ukuba ufezekise isantya esiphezulu se-router kwaye unciphise kakhulu ixabiso lesixhobo esigqityiweyo - ii-routers ezineprosesa ezinamandla zixabisa amaxesha amaninzi, kwaye zibekwe kungekhona nje ibhokisi yokusabalalisa i-Intanethi, kodwa njenge-NAS, i-torrent. umkhupheli kunye nenkqubo yemultimedia yasekhaya.
I-router yam, i-TP-Link TL-WDR4300, ayinakubizwa ngokuba yintsha - imodeli yavela phakathi kwe-2012, kwaye ine-560 MHz MIPS32 74Kc iprosesa yezakhiwo, amandla ayo anele kuphela kwi-20-23 Mb / s yetrafikhi efihliweyo. nge-OpenVPN, ngokwemigangatho Isantya se-Intanethi yanamhlanje yasekhaya siphantsi kakhulu.
Singasonyusa njani isantya setonela efihliweyo? I-router yam iyasebenza, ixhasa i-3x3 MIMO, kwaye isebenza kakuhle, andifuni ukuyitshintsha.
Kuba ngoku isiko ukwenza amaphepha e-Intanethi ye-10-megabyte, bhala izicelo zedesktop kwi-node.js kwaye uzipakishe kwifayile ye-megabyte eyi-100, ukwandisa amandla ekhompyuter endaweni yokuphucula, siya kwenza into embi - siya kudlulisela unxibelelwano lweVPN ibhodi enye evelisayo "ikhompyutheni" ye-Orange Pi One, esiya kuyifaka kwimeko ye-router ngaphandle kokuthatha inethiwekhi ekhoyo kunye namachweba e-USB, kuphela $ 9.99 *!
* + ukuhanjiswa, + iirhafu, + ibhiya, + MicroSD.
OpenVPN
Iprosesa ye-router ayikwazi ukubizwa ngokuba buthathaka ngokupheleleyo - iyakwazi ukubethela kunye nedatha ye-hashing usebenzisa i-algorithm ye-AES-128-CBC-SHA1 ngesantya se-50 Mb / s, ngokukhawuleza okubonakalayo kunokuba i-OpenVPN isebenza, kunye nomjelo we-CHACHA20 wale mihla. i-cipher ene-POLY1305 hash ide ifikelele kwi-130 megabits ngomzuzwana! Kutheni isantya setonela yeVPN siphantsi kangaka? Konke malunga nokutshintsha komxholo phakathi kwendawo yomsebenzisi kunye nendawo ye-kernel: I-OpenVPN ifihla i-traffic kwaye inxibelelana nehlabathi langaphandle kumxholo womsebenzisi, kwaye umzila ngokwawo uyenzeka kumxholo we-kernel. Inkqubo yokusebenza kufuneka isoloko ijika ngapha nangapha kwipakethi nganye efunyenweyo okanye ethunyelwayo, kwaye lo msebenzi uyacotha. Le ngxaki ihambelana nazo zonke izicelo ze-VPN ezisebenza ngomqhubi we-TUN / TAP, kwaye akunakutshiwo ukuba ingxaki yesantya esiphantsi ibangelwa ukungasebenzi kakuhle kwe-OpenVPN (nangona, kunjalo, kukho iindawo ezifuna ukulungiswa kwakhona). Akukho nasinye isithuba somsebenzisi weVPN umxhasi obonelela ngegigabit enofihlo oluvaliweyo kwilaptop yam, ndingasathethi ke ngeenkqubo ezineprosesa ebuthathaka.
I-Orange Pi enye
I-Orange-yebhodi ye-Orange Pi One evela kwi-Xunlong yeyona nto inikezelayo malunga nokusebenza / umlinganiselo wexabiso okwangoku. I-9.99 yeedola * ufumana iprosesa eqinileyo ye-quad-core ARM Cortex-A7 eqhuba (ezinzile) kwi-1008 MHz, kwaye igqithise ngokucacileyo abamelwane bayo bexabiso le-Raspberry Pi Zero kunye ne-Next Thing CHIP. Apha kulapho ii-advants ziphela khona. Inkampani ye-Xunlong ihlawula ngqo i-zero kwi-software yeebhodi zayo, kwaye ngexesha elinye lasungulwa ukuba lithengiswe, ayizange ibonelele ngefayile yoqwalaselo lwebhodi, singasathethi ke ngemifanekiso esele yenziwe. UAllwinner, umenzi we-SoC, naye akakhathali ngakumbi ekuxhaseni imveliso yakhe. Banomdla kuphela ekusebenzeni okuncinci kwi-Android 4.4.4 OS, oku kuthetha ukuba sinyanzelekile ukuba sisebenzise i-kernel ye-3.4 kunye neepatches ze-Android. Ngethamsanqa, kukho abanomdla abahlanganisa ukuhanjiswa, bahlele i-kernel, babhale ikhowudi yokuxhasa iibhodi kwi-kernel engundoqo, okt. ngokwenene benza umsebenzi kumvelisi, ukwenza le crap ukusebenza ngokwamkelekileyo. Ngeenjongo zam, ndikhethe unikezelo lweArmbian; luhlaziywa rhoqo kwaye luluncedo (iinkozo ezintsha zifakwe ngokuthe ngqo ngomphathi wephakheji, kwaye hayi ngokukhuphela iifayile kwisahlulelo esikhethekileyo, njengoko kuqhele ukuba njalo nge Allwinner), kwaye ixhasa kakhulu. peripherals, ngokungafaniyo nabanye.
Umzila
Ukuze ungalayishi iprosesa ebuthathaka ye-router kunye ne-encryption kunye nokukhawulezisa uxhumano lwethu lwe-VPN, sinokutshintshela lo msebenzi kumagxa e-Orange Pi processor enamandla ngakumbi ngokuyixhuma kwi-router ngandlela-thile. Ukuqhagamshela nokuba nge-Ethernet okanye i-USB ifika engqondweni - yomibini le migangatho ixhaswa zizo zombini izixhobo, kodwa andizange ndifune ukuthatha izibuko ezikhoyo. Ngethamsanqa, kukho indlela yokuphuma.
I-GL850G USB hub chip, esetyenziswa kwi-router, isekela i-4 USB port, ezimbini zazo ezingenazintambo. Akucaci ukuba kutheni umenzi engazange azikhuphe, ndicinga, ukuthintela abasebenzisi ukuba badibanise izixhobo ezi-4 ngokusetyenziswa okuphezulu kwangoku (umzekelo, ii-hard drives) kanye. Umbane osemgangathweni we-router awulungiselelwe umthwalo onjalo. Kuyo nayiphi na imeko, oku kuyingenelo kuthi.
Ukuze ufumane enye izibuko USB, kufuneka nje solder iingcingo ezimbini izikhonkwane 8(D-) kunye 9(D+) okanye 11(D-) kunye 12(D+).
Nangona kunjalo, akwanelanga nje ukuplaga kwizixhobo ezibini ze-USB kwaye unethemba lokuba yonke into iya kusebenza yodwa, njengoko bekuya kuba njalo nge-Ethernet. Okokuqala, kufuneka senze enye yazo isebenze kwimowudi yoMthengi we-USB, kwaye kungekhona i-USB Host, kwaye okwesibini, kufuneka sithathe isigqibo sokuba izixhobo ziya kubonana njani. Kukho abaqhubi abaninzi bezinto ezibizwa ngokuba ziiGajethi ze-USB (ezithiywe emva kwe-Linux kernel subsystem), ekuvumela ukuba ulinganise iintlobo ezahlukeneyo zezixhobo ze-USB: iadaptha yenethiwekhi, ikhadi leaudio, ikhibhodi kunye nemouse, i-flash drive, ikhamera, ikhonsoli nge-serial. izibuko. Kuba isixhobo sethu siya kusebenza kunye nenethiwekhi, ukulinganisa iadaptha ye-Ethernet yeyona nto ilungileyo kuthi.
Kukho imigangatho emithathu ye-Ethernet-over-USB:
- Ukude NDIS (RNDIS). Umgangatho ophelelwe lixesha ovela kuMicrosoft, osetyenziswa kakhulu ngexesha leWindows XP.
- Imodeli yoLawulo ye-Ethernet (ECM). Umgangatho olula ofaka iifreyimu ze-Ethernet ngaphakathi kweepakethi ze-USB. Inkulu kwiimodem ezinocingo kunye noqhagamshelo lwe-USB, apho kulungele ukudlulisa iifreyimu ngaphandle kokucubungula, kodwa ngenxa yokulula kunye nokulinganiselwa kwebhasi ye-USB, ayikhawulezi kakhulu.
- Imodeli yokulinganisa i-Ethernet (EEM). Iprothokholi ekrelekrele ethathela ingqalelo imida ye-USB kwaye idibanise ngokufanelekileyo iifreyimu ezininzi zibe nye, ngaloo ndlela inyusa ukuphuma.
- Imodeli yoLawulo lweNethiwekhi (NCM). Iprothokholi entsha. Unezibonelelo ze-EEM kwaye ulungiselela ngakumbi amava ebhasi.
Ukufumana nayiphi na kwezi protocol ukuba isebenze kwibhodi yethu, njengesiqhelo, kuya kufuneka sidibane nobunzima. Ngenxa yokuba i-Allwinner inomdla kuphela kwiindawo ze-Android ze-kernel, iGadget ye-Android kuphela isebenza ngokuqhelekileyo - ikhowudi eyenza unxibelelwano kunye ne-adb, ukuthumela ngaphandle isixhobo nge-protocol ye-MTP kunye nokuxelisa i-flash drive kwizixhobo ze-Android. IGajethi ye-Android ngokwayo ixhasa iprotocol ye-RNDIS, kodwa yaphukile kwi-Allwinner kernel. Ukuba uzama ukuqokelela i-kernel nayo nayiphi na enye iGajethi ye-USB, isixhobo asizukubonakala kwindlela, nokuba wenza ntoni.
Ukusombulula ingxaki, ngendlela enobubele, kufuneka ufumane indawo apho isilawuli se-USB siqaliswa kwikhowudi yegajethi ye-Android android.c elungiswe ngabaphuhlisi, kodwa kukwakho i-workaround yokwenza ubuncinci ukulinganisa kwe-Ethernet ngaphezulu. Umsebenzi we-USB:
--- sun8i/drivers/usb/sunxi_usb/udc/sunxi_udc.c 2016-04-16 15:01:40.427088792 +0300
+++ sun8i/drivers/usb/sunxi_usb/udc/sunxi_udc.c 2016-04-16 15:01:45.339088792 +0300
@@ -57,7 +57,7 @@
static sunxi_udc_io_t g_sunxi_udc_io;
static u32 usb_connect = 0;
static u32 is_controller_alive = 0;
-static u8 is_udc_enable = 0; /* is udc enable by gadget? */
+static u8 is_udc_enable = 1; /* is udc enable by gadget? */
#ifdef CONFIG_USB_SUNXI_USB0_OTG
static struct platform_device *g_udc_pdev = NULL;Le patch inyanzelisa imowudi yomxhasi we-USB, ikuvumela ukuba usebenzise iGajethi ye-USB eqhelekileyo esuka kwiLinux.
Ngoku kufuneka uphinde wakhe i-kernel ngesi siqwenga kunye negajethi eyimfuneko. Ndikhethe i-EEM kuba... Ngokweziphumo zovavanyo, kwavela ukuba kunemveliso ngakumbi kune-NCM.
Iqela lase-Armbian libonelela kuzo zonke iibhodi ezixhaswayo kunikezelo. Yikhuphele nje, faka isiqwenga sethu userpatches/kernel/sun8i-default/otg.patch, hlela kancinci compile.sh kwaye ukhethe igajethi efunekayo:
I-kernel iya kuqulunqwa kwiphakheji ye-deb, engayi kuba nzima ukuyifaka ebhodini nge dpkg.
Konke okuseleyo kukudibanisa ibhodi nge-USB kwaye ulungiselele i-adapter yethu entsha yenethiwekhi ukuze ufumane idilesi nge-DHCP. Ukwenza oku kufuneka udibanise into efana nale ilandelayo kwi /etc/network/interfaces:
auto usb0
iface usb0 inet dhcp
hwaddress ether c2:46:98:49:3e:9d
pre-up /bin/sh -c 'echo 2 > /sys/bus/platform/devices/sunxi_usb_udc/otg_role'Kungcono ukuseta idilesi ye-MAC ngesandla, kuba... iya kuba yinto engaqhelekanga ngalo lonke ixesha isixhobo siqalwa ngokutsha, into engalunganga kwaye iyinkathazo.
Sidibanisa ikhebula le-MicroUSB kwikhonkco ye-OTG, qhagamshela amandla avela kwi-router (inokunikezelwa kwizikhonkwane ze-2 kunye ne-3 ze-comb, kwaye kungekhona nje kwisixhumi samandla).
Konke okuseleyo kukuqwalasela i-router. Kwanele ukufaka ipakethe kunye nomqhubi we-EEM kwaye wongeze isixhobo sethu esitsha sothungelwano lwe-USB kwibhulorho yendawo ye-firewall yendawo:
opkg install kmod-usb-net-cdc-eem
Ukuhambisa yonke i-traffic kwi-tunnel ye-VPN, kufuneka udibanise umgaqo we-SNAT kwidilesi ye-IP yebhodi kwicala le-router, okanye usasaze idilesi yebhodi njengedilesi yesango nge-dnsmasq. Le yokugqibela yenziwa ngokongeza umgca olandelayo ku /etc/dnsmasq.conf:
dhcp-option = tag:lan, option:router, 192.168.1.100apho 192.168.1.100 - Idilesi ye-IP yebhodi yakho. Ungalibali ukufaka idilesi ye-router kwiisethingi zenethiwekhi kwibhodi ngokwayo!
Isiponji se-melamine sasetyenziselwa ukwahlula abafowunelwa bebhodi kubafowunelwa be-router. Kwavela into enje:
isiphelo
Inethiwekhi nge-USB isebenza ngokumangalisayo ngokukhawuleza: 100-120 Mb / s, ndandilindele ngaphantsi. I-OpenVPN idlula malunga ne-70 Mb / s yetrafikhi efihliweyo, nayo engekho kakhulu, kodwa eyaneleyo kwiimfuno zam. Isivalo se-router asivali ngokuqinileyo, sishiya isithuba esincinci. I-Aesthetes inokususa i-Ethernet kunye ne-USB Host connectors ebhodini, eya kuvumela isiciko ukuba sivale ngokupheleleyo kwaye sibe nesithuba esisele.
Kungcono ukungazibandakanyi kwimifanekiso engamanyala kwaye uthenge .
umthombo: www.habr.com