Akoko ti o dara!
Ninu nkan yii Mo fẹ sọ fun ọ bi MO ṣe ṣe imuse () Iwe afọwọkọ Bash fun sisopọ awọn kọnputa meji ti o wa lẹhin NAT nipa lilo imọ-ẹrọ punching iho UDP nipa lilo Ubuntu/Debian OS gẹgẹbi apẹẹrẹ.
Ṣiṣeto asopọ kan ni awọn igbesẹ pupọ:
- Bibẹrẹ ipade kan ati ki o nduro fun ipade latọna jijin lati ṣetan;
- Ṣiṣe ipinnu adiresi IP ita ati ibudo UDP;
- Gbigbe adiresi IP ita ati ibudo UDP si alejo gbigba latọna jijin;
- Ngba adiresi IP ita ati ibudo UDP lati ọdọ ogun latọna jijin;
- Eto ti oju eefin IPIP;
- Abojuto asopọ;
- Ti asopọ ba sọnu, pa eefin IPIP rẹ.
Mo ronu fun igba pipẹ ati pe o tun ronu ohun ti a le lo lati ṣe paṣipaarọ data laarin awọn apa, rọrun julọ ati iyara fun mi ni akoko yii n ṣiṣẹ nipasẹ Yandex.disk.
- Ni akọkọ, o rọrun lati lo - o nilo awọn iṣe mẹta: ṣẹda, ka, paarẹ. Pẹlu curl, eyi ni:
Ṣẹda:curl -s -X MKCOL --user "$usename:$password" https://webdav.yandex.ru/$folderKa:
curl -s --user "$usename:$password" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/$folderPaarẹ:
curl -s -X DELETE --user "$usename:$password" https://webdav.yandex.ru/$folder - Ni apa keji, o rọrun lati fi sori ẹrọ:
apt install curl
Lati pinnu adiresi IP ita ati ibudo UDP, lo pipaṣẹ alabara-stun:
stun stun.sipnet.ru -v -p $1 2>&1 | grep "MappedAddress"Fifi sori ẹrọ pẹlu aṣẹ:
apt install stun-clientLati ṣeto eefin kan, awọn irinṣẹ OS boṣewa lati package iproute2 ni a lo. O wa eyi ti o le dide nipa lilo boṣewa ọna (L2TPv3, GRE, ati be be lo), sugbon mo ti yàn IPIP nitori ti o ṣẹda pọọku afikun fifuye lori awọn eto. Mo gbiyanju L2TPv3 lori UDP ati pe o bajẹ, iyara naa lọ silẹ ni awọn akoko 10, ṣugbọn awọn wọnyi le jẹ awọn ihamọ pupọ ti o ni ibatan si awọn olupese tabi nkan miiran. Niwọn igba ti oju eefin IPIP nṣiṣẹ ni ipele IP, oju eefin FOU ni a lo lati ṣiṣẹ ni ipele ibudo UDP. Lati ṣeto eefin IPIP o nilo:
- fifuye module FOU:
modprobe fou- tẹtisi ibudo agbegbe:
ip fou add port $localport ipproto 4- ṣẹda oju eefin kan:
ip link add name fou$name type ipip remote $remoteip local $localip encap fou encap-sport $localport encap-dport $remoteport- gbe wiwo oju eefin soke:
ip link set up dev fou$name- fi agbegbe inu ati awọn adirẹsi IP latọna jijin inu eefin naa:
ip addr add $intIP peer $peerip dev fou$namePa eefin kan rẹ:
ip link del dev fou$nameip fou del port $localportIpo oju eefin naa ni abojuto nipasẹ pinging lorekore adiresi IP inu ti oju eefin ipade latọna jijin pẹlu aṣẹ:
ping -c 1 $peerip -s 0Pingi igbakọọkan ni a nilo nipataki lati ṣetọju ikanni naa, bibẹẹkọ, nigbati oju eefin ba ṣiṣẹ, awọn tabili NAT lori awọn onimọ-ọna le jẹ imukuro ati lẹhinna asopọ naa yoo bajẹ.
Ti ping ba sọnu, lẹhinna oju eefin IPIP ti paarẹ ati duro de imurasilẹ lati ọdọ agbalejo latọna jijin.
Iwe afọwọkọ funrararẹ:
#!/bin/bash
username="[email protected]"
password="password"
folder="vpnid"
intip="10.0.0.1"
localport=`shuf -i 10000-65000 -n 1`
cid=`shuf -i 10000-99999 -n 1`
tid=`shuf -i 10-99 -n 1`
function yaread {
curl -s --user "$1:$2" -X PROPFIND -H "Depth: 1" https://webdav.yandex.ru/$3 | sed 's/></>n</g' | grep "displayname" | sed 's/<d:displayname>//g' | sed 's/</d:displayname>//g' | grep -v $3 | grep -v $4 | sort -r
}
function yacreate {
curl -s -X MKCOL --user "$1:$2" https://webdav.yandex.ru/$3
}
function yadelete {
curl -s -X DELETE --user "$1:$2" https://webdav.yandex.ru/$3
}
function myipport {
stun stun.sipnet.ru -v -p $1 2>&1 | grep "MappedAddress" | sort | uniq | awk '{print $3}' | head -n1
}
function tunnel-up {
modprobe fou
ip fou add port $4 ipproto 4
ip link add name fou$7 type ipip remote $1 local $3 encap fou encap-sport $4 encap-dport $2
ip link set up dev fou$7
ip addr add $6 peer $5 dev fou$7
}
function tunnel-check {
sleep 10
pings=0
until [[ $pings == 4 ]]; do
if ping -c 1 $1 -s 0 &>/dev/null;
then echo -n .; n=0
else echo -n !; ((pings++))
fi
sleep 15
done
}
function tunnel-down {
ip link del dev fou$1
ip fou del port $2
}
trap 'echo -e "nDisconnecting..." && yadelete $username $password $folder; tunnel-down $tunnelid $localport; echo "IPIP tunnel disconnected!"; exit 1' 1 2 3 8 9 14 15
until [[ -n $end ]]; do
yacreate $username $password $folder
until [[ -n $ip ]]; do
mydate=`date +%s`
timeout="60"
list=`yaread $username $password $folder $cid | head -n1`
yacreate $username $password $folder/$mydate:$cid
for l in $list; do
if [ `echo $l | sed 's/:/ /g' | awk {'print $1'}` -ge $(($mydate-65)) ]; then
#echo $list
myipport=`myipport $localport`
yacreate $username $password $folder/$mydate:$cid:$myipport:$intip:$tid
timeout=$(( $timeout + `echo $l | sed 's/:/ /g' | awk {'print $1'}` - $mydate + 3 ))
ip=`echo $l | sed 's/:/ /g' | awk '{print $3}'`
port=`echo $l | sed 's/:/ /g' | awk '{print $4}'`
peerip=`echo $l | sed 's/:/ /g' | awk '{print $5}'`
peerid=`echo $l | sed 's/:/ /g' | awk '{print $6}'`
if [[ -n $peerid ]]; then tunnelid=$(($peerid*$tid)); fi
fi
done
if ( [[ -z "$ip" ]] && [ "$timeout" -gt 0 ] ) ; then
echo -n "!"
sleep $timeout
fi
done
localip=`ip route get $ip | head -n1 | sed 's|.*src ||' | cut -d' ' -f1`
tunnel-up $ip $port $localip $localport $peerip $intip $tunnelid
tunnel-check $peerip
tunnel-down $tunnelid $localport
yadelete $username $password $folder
unset ip port myipport
done
exit 0Awọn oniyipada olumulo, ọrọigbaniwọle и folda yẹ ki o jẹ kanna ni ẹgbẹ mejeeji, ṣugbọn yoju - o yatọ si, fun apẹẹrẹ: 10.0.0.1 ati 10.0.0.2. Akoko lori awọn apa gbọdọ wa ni mimuuṣiṣẹpọ. O le ṣiṣe awọn iwe afọwọkọ bi eyi:
nohup script.sh &Emi yoo fẹ lati fa ifojusi rẹ si otitọ pe oju eefin IPIP ko ni aabo lati oju-ọna ti o daju pe ijabọ naa ko ni ifipamo, ṣugbọn eyi le ni irọrun ni rọọrun nipa lilo IPsec lori , o dabi ẹnipe o rọrun ati oye si mi.
Mo ti nlo iwe afọwọkọ yii lati sopọ si PC iṣẹ fun awọn ọsẹ pupọ ni bayi ati pe ko ṣe akiyesi eyikeyi awọn iṣoro. Rọrun ni awọn ofin ti ṣeto ati gbagbe rẹ.
Boya o yoo ni awọn asọye ati awọn imọran, Emi yoo dun lati gbọ.
Ṣayẹwo bayi!
orisun: www.habr.com