Akoko ti o dara!
Ninu nkan yii Mo fẹ sọ fun ọ bi MO ṣe ṣe imuse (
Ṣiṣeto asopọ kan ni awọn igbesẹ pupọ:
- Bibẹrẹ ipade kan ati ki o nduro fun ipade latọna jijin lati ṣetan;
- Ṣiṣe ipinnu adiresi IP ita ati ibudo UDP;
- Gbigbe adiresi IP ita ati ibudo UDP si alejo gbigba latọna jijin;
- Ngba adiresi IP ita ati ibudo UDP lati ọdọ ogun latọna jijin;
- Eto ti oju eefin IPIP;
- Abojuto asopọ;
- Ti asopọ ba sọnu, pa eefin IPIP rẹ.
Mo ronu fun igba pipẹ ati pe o tun ronu ohun ti a le lo lati ṣe paṣipaarọ data laarin awọn apa, rọrun julọ ati iyara fun mi ni akoko yii n ṣiṣẹ nipasẹ Yandex.disk.
- Ni akọkọ, o rọrun lati lo - o nilo awọn iṣe mẹta: ṣẹda, ka, paarẹ. Pẹlu curl, eyi ni:
Ṣẹda:curl -s -X MKCOL --user "$usename:$password" https://webdav.yandex.ru/$folder
Ka:
curl -s --user "$usename:$password" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/$folder
Paarẹ:
curl -s -X DELETE --user "$usename:$password" https://webdav.yandex.ru/$folder
- Ni apa keji, o rọrun lati fi sori ẹrọ:
apt install curl
Lati pinnu adiresi IP ita ati ibudo UDP, lo pipaṣẹ alabara-stun:
stun stun.sipnet.ru -v -p $1 2>&1 | grep "MappedAddress"
Fifi sori ẹrọ pẹlu aṣẹ:
apt install stun-client
Lati ṣeto eefin kan, awọn irinṣẹ OS boṣewa lati package iproute2 ni a lo. O wa
- fifuye module FOU:
modprobe fou
- tẹtisi ibudo agbegbe:
ip fou add port $localport ipproto 4
- ṣẹda oju eefin kan:
ip link add name fou$name type ipip remote $remoteip local $localip encap fou encap-sport $localport encap-dport $remoteport
- gbe wiwo oju eefin soke:
ip link set up dev fou$name
- fi agbegbe inu ati awọn adirẹsi IP latọna jijin inu eefin naa:
ip addr add $intIP peer $peerip dev fou$name
Pa eefin kan rẹ:
ip link del dev fou$name
ip fou del port $localport
Ipo oju eefin naa ni abojuto nipasẹ pinging lorekore adiresi IP inu ti oju eefin ipade latọna jijin pẹlu aṣẹ:
ping -c 1 $peerip -s 0
Pingi igbakọọkan ni a nilo nipataki lati ṣetọju ikanni naa, bibẹẹkọ, nigbati oju eefin ba ṣiṣẹ, awọn tabili NAT lori awọn onimọ-ọna le jẹ imukuro ati lẹhinna asopọ naa yoo bajẹ.
Ti ping ba sọnu, lẹhinna oju eefin IPIP ti paarẹ ati duro de imurasilẹ lati ọdọ agbalejo latọna jijin.
Iwe afọwọkọ funrararẹ:
#!/bin/bash
username="[email protected]"
password="password"
folder="vpnid"
intip="10.0.0.1"
localport=`shuf -i 10000-65000 -n 1`
cid=`shuf -i 10000-99999 -n 1`
tid=`shuf -i 10-99 -n 1`
function yaread {
curl -s --user "$1:$2" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/$3 | sed 's/></>n</g' | grep "displayname" | sed 's/<d:displayname>//g' | sed 's/</d:displayname>//g' | grep -v $3 | grep -v $4 | sort -r
}
function yacreate {
curl -s -X MKCOL --user "$1:$2" https://webdav.yandex.ru/$3
}
function yadelete {
curl -s -X DELETE --user "$1:$2" https://webdav.yandex.ru/$3
}
function myipport {
stun stun.sipnet.ru -v -p $1 2>&1 | grep "MappedAddress" | sort | uniq | awk '{print $3}' | head -n1
}
function tunnel-up {
modprobe fou
ip fou add port $4 ipproto 4
ip link add name fou$7 type ipip remote $1 local $3 encap fou encap-sport $4 encap-dport $2
ip link set up dev fou$7
ip addr add $6 peer $5 dev fou$7
}
function tunnel-check {
sleep 10
pings=0
until [[ $pings == 4 ]]; do
if ping -c 1 $1 -s 0 &>/dev/null;
then echo -n .; n=0
else echo -n !; ((pings++))
fi
sleep 15
done
}
function tunnel-down {
ip link del dev fou$1
ip fou del port $2
}
trap 'echo -e "nDisconnecting..." && yadelete $username $password $folder; tunnel-down $tunnelid $localport; echo "IPIP tunnel disconnected!"; exit 1' 1 2 3 8 9 14 15
until [[ -n $end ]]; do
yacreate $username $password $folder
until [[ -n $ip ]]; do
mydate=`date +%s`
timeout="60"
list=`yaread $username $password $folder $cid | head -n1`
yacreate $username $password $folder/$mydate:$cid
for l in $list; do
if [ `echo $l | sed 's/:/ /g' | awk {'print $1'}` -ge $(($mydate-65)) ]; then
#echo $list
myipport=`myipport $localport`
yacreate $username $password $folder/$mydate:$cid:$myipport:$intip:$tid
timeout=$(( $timeout + `echo $l | sed 's/:/ /g' | awk {'print $1'}` - $mydate + 3 ))
ip=`echo $l | sed 's/:/ /g' | awk '{print $3}'`
port=`echo $l | sed 's/:/ /g' | awk '{print $4}'`
peerip=`echo $l | sed 's/:/ /g' | awk '{print $5}'`
peerid=`echo $l | sed 's/:/ /g' | awk '{print $6}'`
if [[ -n $peerid ]]; then tunnelid=$(($peerid*$tid)); fi
fi
done
if ( [[ -z "$ip" ]] && [ "$timeout" -gt 0 ] ) ; then
echo -n "!"
sleep $timeout
fi
done
localip=`ip route get $ip | head -n1 | sed 's|.*src ||' | cut -d' ' -f1`
tunnel-up $ip $port $localip $localport $peerip $intip $tunnelid
tunnel-check $peerip
tunnel-down $tunnelid $localport
yadelete $username $password $folder
unset ip port myipport
done
exit 0
Awọn oniyipada olumulo, ọrọigbaniwọle и folda yẹ ki o jẹ kanna ni ẹgbẹ mejeeji, ṣugbọn yoju - o yatọ si, fun apẹẹrẹ: 10.0.0.1 ati 10.0.0.2. Akoko lori awọn apa gbọdọ wa ni mimuuṣiṣẹpọ. O le ṣiṣe awọn iwe afọwọkọ bi eyi:
nohup script.sh &
Emi yoo fẹ lati fa ifojusi rẹ si otitọ pe oju eefin IPIP ko ni aabo lati oju-ọna ti o daju pe ijabọ naa ko ni ifipamo, ṣugbọn eyi le ni irọrun ni rọọrun nipa lilo IPsec lori
Mo ti nlo iwe afọwọkọ yii lati sopọ si PC iṣẹ fun awọn ọsẹ pupọ ni bayi ati pe ko ṣe akiyesi eyikeyi awọn iṣoro. Rọrun ni awọn ofin ti ṣeto ati gbagbe rẹ.
Boya o yoo ni awọn asọye ati awọn imọran, Emi yoo dun lati gbọ.
Ṣayẹwo bayi!
orisun: www.habr.com