Abanye bethu abayisebenzisi i-Intanethi ngaphandle kwe-VPN ngesizathu esisodwa noma esinye: othile udinga i-IP ezinikezele, futhi kulula futhi ishibhile ukuthenga i-VPS ngama-IP amabili kunokuthenga ikheli kumhlinzeki, othile ufuna ukufinyelela kuwo wonke amawebhusayithi. , futhi hhayi kuphela labo abavunyelwe endaweni ye-Russian Federation, abanye badinga i-IPv6, kodwa umhlinzeki akayihlinzeki...
Ngokuvamile, uxhumano lwe-VPN lusungulwa kudivayisi ngokwayo esetshenziswa ngesikhathi esithile, okunengqondo uma unekhompyutha eyodwa kuphela nefoni eyodwa futhi ungavamile ukuzisebenzisa ngesikhathi esifanayo. Uma kunamadivayisi amaningi kunethiwekhi yakho yasekhaya, noma, ngokwesibonelo, kukhona amanye i-VPN engakwazi ukumiswa kuwo, kungaba lula kakhulu ukwakha umhubhe ngqo kumzila wasekhaya ukuze ungacabangi ukusetha idivayisi ngayinye ngokwehlukana. .
Uma uke wafaka i-OpenVPN kumzila wakho, kungenzeka ukuthi umangale ngendlela eshesha ngayo. Ama-SoC ngisho nama-routers ashibhile adlula cishe ngethrafikhi ye-gigabit ngaphandle kwezinkinga, ngenxa yokudluliselwa kwemizila kanye nemisebenzi ye-NAT ku-chip ehlukile eklanyelwe lo msebenzi kuphela, futhi ama-processor ayinhloko anjalo abuthakathaka, ngoba Cishe awukho umthwalo kubo. Lokhu kuvumelana kukuvumela ukuthi ufinyelele isivinini esikhulu se-router futhi unciphise kakhulu intengo yedivayisi eqediwe - ama-routers anamaprosesa anamandla abiza izikhathi eziningana ngaphezulu, futhi abekwe hhayi nje njengebhokisi lokusabalalisa i-Intanethi, kodwa futhi njenge-NAS, isifufula. umlandi kanye nesistimu ye-multimedia yasekhaya.
I-router yami, i-TP-Link TL-WDR4300, ayikwazi ukubizwa ngokuthi yintsha - imodeli yavela maphakathi no-2012, futhi ine-560 MHz MIPS32 74Kc processor yezakhiwo, amandla ayo anele kuphela i-20-23 Mb/s yethrafikhi ebethelwe. nge-OpenVPN, okungokwezindinganiso Ijubane le-inthanethi yasekhaya yesimanje liphansi kakhulu.
Singasenyusa kanjani isivinini somhubhe obethelwe? Irutha yami iyasebenza impela, isekela i-3x3 MIMO, futhi ngokuvamile isebenza kahle, angifuni ukuyishintsha.
Njengoba manje sekuyisiko ukwenza amakhasi e-inthanethi angu-10-megabyte, bhala izinhlelo zokusebenza zedeskithophu ku-node.js futhi uzipakishe efayeleni le-100-megabyte, ukwandisa amandla e-computing esikhundleni sokwenza kahle, sizokwenza into embi kakhulu - sizodlulisela uxhumano lwe-VPN ku- "ikhompyutha" yebhodi elilodwa elikhiqizayo i-Orange Pi One, esizoyifaka ku-router case ngaphandle kokuthatha inethiwekhi ekhona kanye nezimbobo ze-USB, ngo-$9.99* kuphela!
* + ukulethwa, + izintela, + ubhiya, + i-MicroSD.
I-OpenVPN
Iphrosesa ye-router ayikwazi ukubizwa ngokuthi ibuthakathaka ngokuphelele - iyakwazi ukubethela kanye ne-hashing idatha isebenzisa i-algorithm ye-AES-128-CBC-SHA1 ngesivinini esingu-50 Mb/s, eshesha kakhulu kunendlela i-OpenVPN esebenza ngayo, kanye nokusakaza kwesimanje CHACHA20. i-cipher ene-POLY1305 hash ifinyelela ngisho kumamegabhithi angu-130 ngomzuzwana! Kungani ijubane lomhubhe we-VPN liphansi kangaka? Konke kumayelana nokushintsha komongo phakathi kwesikhala somsebenzisi nesikhala se-kernel: I-OpenVPN ibethela ithrafikhi futhi ixhumane nomhlaba wangaphandle kumongo womsebenzisi, futhi umzila ngokwawo uyenzeka kumongo we-kernel. Isistimu yokusebenza kufanele ihlale ishintsha iye emuva naphambili kuwo wonke amaphakethe atholiwe noma adluliswayo, futhi lokhu kusebenza kuhamba kancane. Le nkinga itholakala kuzo zonke izinhlelo zokusebenza ze-VPN ezisebenza ngomshayeli we-TUN/TAP, futhi akunakushiwo ukuthi inkinga yejubane eliphansi ibangelwa ukungasebenzi kahle kwe-OpenVPN (nakuba, kunjalo, kunezindawo ezidinga ukusetshenzwa kabusha). Alikho nelilodwa iklayenti le-VPN yendawo yomsebenzisi elinikeza ngisho negigabhithi enokubethela kukhutshaziwe kukhompyutha yami ephathekayo, ingasaphathwa eyezinhlelo ezinephrosesa ebuthaka.
I-Orange Pi One
I-Orange Pi One enebhodi elilodwa evela ku-Xunlong iyisipho esingcono kakhulu ngokwesilinganiso sokusebenza/intengo okwamanje. Ngo-$9.99* uthola iphrosesa eqinile ye-quad-core ARM Cortex-A7 egijima (ezinzile) ngo-1008 MHz, futhi ibadlula ngokusobala omakhelwane bayo bephuzu lentengo i-Raspberry Pi Zero ne-Next Thing CHIP. Yilapho izinzuzo ziphela khona. Inkampani yakwaXunlong ayinaki ngokuphelele isoftware yamabhodi ayo, futhi ngesikhathi i-One yethulwa ukudayiswa, ayizange inikeze ngisho nefayela lokumisa ibhodi, ingasaphathwa ezithombe esezilungile. U-Allwinner, umkhiqizi we-SoC, naye akazweli ikakhulukazi ekusekeleni umkhiqizo wakhe. Banentshisekelo kuphela ekusebenzeni okuncane ku-Android 4.4.4 OS, okusho ukuthi siphoqeleka ukuthi sisebenzise i-kernel engu-3.4 enamapeshi e-Android. Ngenhlanhla, kunabashisekeli abahlanganisa ukusatshalaliswa, bahlele i-kernel, babhale ikhodi ukuze basekele amabhodi ku-kernel eyinhloko, i.e. empeleni benza umsebenzi womkhiqizi, okwenza lobu buwula busebenze ngokwamukelekayo. Ngezinjongo zami, ngikhethe ukusatshalaliswa kwe-Armbian; ibuyekezwa kaningi futhi kalula (izikhwebu ezintsha zifakwa ngokuqondile ngomphathi wephakheji, hhayi ngokukopisha amafayela esahlulelweni esikhethekile, njengoba kuvamise ukuba njalo ku-Allwinner), futhi isekela kakhulu. ama-peripherals, ngokungafani nezinye.
Umzila
Ukuze singalayishi iphrosesa ebuthakathaka yerutha ngokubethela futhi sisheshise uxhumano lwethu lwe-VPN, singahambisa lo msebenzi emahlombe ephrosesa ye-Orange Pi enamandla kakhulu ngokuyixhuma kumzila ngandlela thize. Ukuxhuma nge-Ethernet noma nge-USB kuyafika engqondweni - womabili la mazinga asekelwa yiwo womabili amadivayisi, kodwa angizange ngifune ukuthatha izimbobo ezikhona. Ngenhlanhla, ikhona indlela yokuphuma.
I-GL850G USB hub chip, esetshenziswa kumzila, isekela izimbobo ze-USB ezi-4, ezimbili zazo ezingenazintambo. Akucaci ukuthi kungani umkhiqizi engazange azikhiphe, ngicabanga, ukuvimbela abasebenzisi ukuthi baxhume amadivayisi angu-4 ngokusetshenziswa okuphezulu kwamanje (isibonelo, ama-hard drive) ngesikhathi esisodwa. Ukunikezwa kwamandla okujwayelekile kwe-router akuklanyelwe umthwalo onjalo. Kunoma yikuphi, lokhu kuyinzuzo yethu.
Ukuze uthole enye imbobo ye-USB, udinga nje ukudayisa izintambo ezimbili ukuze uphine u-8(D-) no-9(D+) noma u-11(D-) no-12(D+).
Kodwa-ke, akwanele ukumane uxhume amadivaysi amabili e-USB bese uthemba ukuthi yonke into izosebenza yodwa, njengoba ibingenza nge-Ethernet. Okokuqala, sidinga ukwenza enye yazo isebenze kumodi yeKlayenti le-USB, hhayi i-USB Host, futhi okwesibili, sidinga ukunquma ukuthi amadivayisi azobonana kanjani. Kunabashayeli abaningi balokho okubizwa ngokuthi Amagajethi e-USB (aqanjwe nge-Linux kernel subsystem), ekuvumela ukuthi ulingise izinhlobo ezahlukahlukene zamadivaysi e-USB: i-adaptha yenethiwekhi, ikhadi lomsindo, ikhibhodi negundane, i-flash drive, ikhamera, ikhonsoli nge-serial. itheku. Njengoba idivayisi yethu izosebenza nenethiwekhi, ukulingisa i-adaptha ye-Ethernet kungcono kakhulu kithi.
Kunamazinga amathathu e-Ethernet-over-USB:
- I-NDIS ekude (RNDIS). Izinga eliphelelwe yisikhathi elivela ku-Microsoft, elisetshenziswa ngokuyinhloko phakathi ne-Windows XP.
- Imodeli yokulawula ye-Ethernet (ECM). Izinga elilula elihlanganisa ozimele be-Ethernet ngaphakathi kwamaphakethe e-USB. Kuhle kakhulu kumamodemu anezintambo ezinoxhumo lwe-USB, lapho kulula khona ukudlulisa amafreyimu ngaphandle kokucubungula, kodwa ngenxa yokulula nokulinganiselwa kwebhasi le-USB, akusheshi kakhulu.
- Imodeli yokulingisa ye-Ethernet (EEM). Iphrothokholi ehlakaniphe kakhudlwana ecabangela ukulinganiselwa kwe-USB futhi ihlanganise ngokufanelekile ozimele abaningi babe munye, ngaleyo ndlela ikhulise okokusebenza.
- Imodeli Yokulawula Inethiwekhi (NCM). Iphrothokholi entsha kakhulu. Inezinzuzo ze-EEM futhi ithuthukisa ngokwengeziwe umuzwa webhasi.
Ukuze senze noma iyiphi yalezi zivumelwano isebenze ebhodini lethu, njengenjwayelo, kuzodingeka sibhekane nobunzima obuthile. Ngenxa yokuthi i-Allwinner inentshisekelo kuphela ezingxenyeni ze-Android ze-kernel, yiGajethi ye-Android kuphela esebenza ngokujwayelekile - ikhodi esebenzisa ukuxhumana ne-adb, ikhiphe idivayisi ngephrothokholi ye-MTP futhi ilingise i-flash drive kumadivayisi we-Android. Igajethi ye-Android ngokwayo nayo isekela iphrothokholi ye-RNDIS, kodwa yephukile ku-Allwinner kernel. Uma uzama ukuhlanganisa i-kernel nanoma iyiphi enye Igajethi ye-USB, idivayisi ngeke ivele ohlelweni, kungakhathaliseki ukuthi wenzani.
Ukuze uxazulule inkinga, ngendlela enokuthula, udinga ukuthola indawo lapho isilawuli se-USB siqaliswa khona kukhodi yegajethi ye-Android i-android.c elungiswe abathuthukisi, kodwa kukhona futhi indlela yokusebenza yokwenza okungenani ukulingiswa kwe-Ethernet ngaphezulu. Umsebenzi we-USB:
--- sun8i/drivers/usb/sunxi_usb/udc/sunxi_udc.c 2016-04-16 15:01:40.427088792 +0300
+++ sun8i/drivers/usb/sunxi_usb/udc/sunxi_udc.c 2016-04-16 15:01:45.339088792 +0300
@@ -57,7 +57,7 @@
static sunxi_udc_io_t g_sunxi_udc_io;
static u32 usb_connect = 0;
static u32 is_controller_alive = 0;
-static u8 is_udc_enable = 0; /* is udc enable by gadget? */
+static u8 is_udc_enable = 1; /* is udc enable by gadget? */
#ifdef CONFIG_USB_SUNXI_USB0_OTG
static struct platform_device *g_udc_pdev = NULL;Lesi siqeshana siphoqa imodi yeklayenti le-USB, ikuvumela ukuthi usebenzise amagajethi e-USB ajwayelekile avela ku-Linux.
Manje kufanele wakhe kabusha i-kernel ngalesi siqeshana kanye negajethi edingekayo. Ngikhethe i-EEM ngoba... Ngokwemiphumela yokuhlolwa, kuvele ukuthi ikhiqize kakhulu kune-NCM.
Iqembu lase-Armenia liyahlinzeka kuwo wonke amabhodi asekelwe ekusabalaliseni. Vele uyilande, faka isiqeshana sethu userpatches/kernel/sun8i-default/otg.patch, hlela kancane compile.sh bese ukhetha igajethi edingekayo:
I-kernel izohlanganiswa ibe iphakheji ye-deb, okungeke kube nzima ukuyifaka ebhodini ngokusebenzisa dpkg.
Okusele nje ukuxhuma ibhodi nge-USB futhi ulungiselele i-adaptha yethu entsha yenethiwekhi ukuze uthole ikheli nge-DHCP. Ukuze wenze lokhu udinga ukwengeza okuthile okufana nalokhu okulandelayo ku /etc/network/interfaces:
auto usb0
iface usb0 inet dhcp
hwaddress ether c2:46:98:49:3e:9d
pre-up /bin/sh -c 'echo 2 > /sys/bus/platform/devices/sunxi_usb_udc/otg_role'Kungcono ukusetha ikheli le-MAC ngesandla, ngoba... kuzoba okungahleliwe ngaso sonke isikhathi uma idivayisi iqalwa kabusha, okuyinto ephazamisayo futhi enzima.
Sixhuma ikhebula le-MicroUSB kusixhumi se-OTG, sixhuma amandla asuka kumzila (anganikezwa izikhonkwane 2 no-3 zekamu, hhayi nje kusixhumi samandla).
Okusele nje ukumisa i-router. Kwanele ukufaka iphakheji nomshayeli we-EEM bese wengeza idivayisi yethu entsha yenethiwekhi ye-USB ebhulohweni lendawo yendawo yokuvikela umlilo:
opkg install kmod-usb-net-cdc-eem
Ukuze uhambise yonke ithrafikhi emhubheni we-VPN, udinga ukwengeza umthetho we-SNAT ekhelini le-IP lebhodi ohlangothini lwerutha, noma usabalalise ikheli lebhodi njengekheli lesango nge-dnsmasq. Lokhu kokugcina kwenziwa ngokungeza umugqa olandelayo ku /etc/dnsmasq.conf:
dhcp-option = tag:lan, option:router, 192.168.1.100kuphi 192.168.1.100 - Ikheli le-IP lebhodi lakho. Ungakhohlwa ukufaka ikheli le-router kuzilungiselelo zenethiwekhi ebhodini ngokwayo!
Isipontshi se-melamine sisetshenziswe ukuhlukanisa oxhumana nabo ebhodini koxhumana nabo be-router. Kwavela into enjengale:
isiphetho
Inethiwekhi nge-USB isebenza ngokushesha ngokumangalisayo: 100-120 Mb/s, bengilindele okuncane. I-OpenVPN idlula cishe ku-70 Mb/s wethrafikhi ebethelwe, nayo engeyiningi kakhulu, kodwa eyanele izidingo zami. Isivalo se-router asivali ngokuqinile, sishiya igebe elincane. Ama-aesthetes angasusa i-Ethernet ne-USB Host izixhumi ebhodini, okuzovumela isivalo ukuthi sivale ngokuphelele futhi kusasele isikhala esithile.
Kungcono ukungahlanganyeli ezithombeni ezingcolile ezinjalo futhi uthenge .
Source: www.habr.com