Pages

Monday, 16 February 2015

共享翻墙通道的翻墙方式-ZeroTier


需要先在 https://www.zerotier.com/  安装一个客户端软件,安装启动后会生成一个你的10位数的ID。 (如果是WINDOWS系统,需要WIN7或更高版本)

如果你已经翻墙出去,那么可以在网页管理界面(https://www.zerotier.com/admin.html )生成一个公共网络的16位的ID,供你的朋友加入。

如果你只是想借朋友的网络翻出去,那么在下面界面填入你朋友的16位的公共网络 ID 就可以.

官方网站:https://www.zerotier.com/,我暂未测试。
-------

用ZeroTier进行内网穿透


简单来说,ZeroTier 是一款简单易用的,在任何有网络的地方,都可以连回家里、公司、学校,而无需公网 IP 和复杂端口转发配置,基于 p2p 技术的内网穿透工具。
更形象一点的说法是,ZeroTier 就像虚拟的交换机,所有 ZeroTier 的客户端节点都可以互访互通。
ZeroTier 的优势是什么
  1. 跨平台。客户端涵盖主流的设备: Windows、MacOS、Linux、iOS、Android、QNAP NAS、Synology NAS、Western Digital MyCloud NAS、Openwrt
  2. 控制端(ZeroTier 官网)功能足够强大。可以下发路由表、设备准入控制、IP 分配、流量规则等,ZeroTier 会自动下发配置,只需启动客户端即可。
  3. 客户端配置简单。ZeroTier 会自动下发配置,所以只需填入 Network ID 启动 ZeroTier 就可以了,这对于很多智能设备、嵌入式设备很友好。
  4. 可以建立中转服务器(Moon 服务器)。在网络高峰期,或者某些众所周知(qiang)的原因会导致 ZeroTier 官方服务器链接困难,此时可以自己建立 Moon 服务器,从而实现更好的链接效果。
  5. 接近于免费。个人用户最多可以接入 100 节点设备,完全能满足一般人的需求,而在路由表配置得当的情况下,两个节点就可以使两个内网完全互联(异地组网),这样就远不止100 设备那么少了。
  6. 客户端开源。这就意味着在官方不提供客户端的设备上,你完全可以自己编译。

端口映射

端口映射的前提是我们的路由器分得公网 IP,也就是说路由器是有地址门牌号的,然后将路由器下内网某台设备需要用到的端口,映射到路由,让这台设备也有门牌号,这样外界就可以直接连接到这台设备。
对于电驴、BT、PT 等 P2P 网络连接方式,端口映射会带来速度上的提升。
但是对于现在的网络环境来说,端口映射基本残废,因为前文说过,如今大部分路由器都是内网 IP。这种情况下做端口映射,相当于从五环到了六环,还是没出市区,再映射也没鸟用。
优点
  • 比较安全
缺点
  • 设置繁琐,没有很强的实力跟基础不建议碰,而且端口套端口,非常不稳定。外部80端口长期被光猫霸占是个无法回避的问题。

DDNS

英文 Dynamic Domain Name Server 的缩写,即动态域名服务器,属于技术手段,可以通过多种途径实现。
我们每次路由拨号分得的 IP 各不相同,DDNS 捕获用户每次变化的 IP 地址,然后将其与域名对应,从而做到 IP 变化,对应的域名不变。
优点
  • 较为安全
缺点
  • 有些DDNS在境外,注册登录比较麻烦。在国内的DDNS,只有部分免费流量,甚至注册使用都要钱。设置过程还好。对于多层嵌套路由,设置非常繁琐,麻烦。

花生壳

属于 DDNS 的一种,一般也需要路由器的公网 IP 支持。
而花生壳内网版则可以对路由器内网情况进行支持。
但花生壳是收费服务,流量和速度都有严格限制,不适用于大量文件传输等流量较大的情况。一般不建议使用,当然了,土豪朋友随意。
优点
  • 设置简单,内置版花生壳需注意80端口的问题
缺点
  • 免费的账户,每个月只有1G的流量,可能不够用
  • 80端口的设置问题要注意

测评

对于以上方式Frp和ZeroTier还有ngrok是最好配置的 DDNS要看同步时间,而端口映射比较麻烦
对于速度 ZeroTier的点对点我觉得应该是要优于其他模式的.其他要综合考虑各种因素.比如说本地及外网环境.

本人建议

本人目前在使用Frp做内网穿透,其实以上工具都是不错的,内网穿透方式有很多种,可根据个人喜好决定.结合网络状态来选择,目前来看,Frp和ZeroTier比较符合大众.
-------------------------------------------------
Download ZeroTier One, install it, and run the app.
If you're running Linux or have built from source, see the command line wiki for instructions on how to control ZeroTier One from the command line. More information about Linux installation can be found here.

The Basics: ZeroTier Addresses and Network IDs

Two kinds of numbers control everything. They look like this:
2cf72b4985
- The author's laptop's ZeroTier address
8056c2e21c000001
- Network ID of Earth, a public network
A 16-digit network ID identifies a virtual network. A 10-digit address identifies a device.
To join a network from a device, enter the network's ID and click "Join." To authorize a device to join a private network, log in to the network administration interface and authorize it by its address. (Public networks don't require authorization. Anyone can join them.)
These numbers are not secrets. They're safe to freely distribute. The graphical control panel has a convenient feature to make it easier for users to send these numbers around: if you click on your computer's address (shown in the lower left hand corner) or a network ID, it is automatically copied to the clipboard. This makes it easy to paste it into a chat window, an e-mail, etc.
>> Hey, can you add my new laptop to the company network? It's 01d34db33f.
That's all there is to it.

Using Virtual Networks

In general, anything that can be done with a regular wired or WiFi LAN can be done over a virtual one. The most common use cases for ZeroTier One are as a VPN alternative and as a cloud network backplane.

Virtual Private Networking

We use the term network virtualization instead of VPN to differentiate between how ZeroTier One works versus the way most conventional VPNs are used. Usually VPNs are configured to act as tunnels or gateways between networks, while virtual networks are themselves networks.
When you install ZeroTier One on two or more computing devices and join the same net, it's just like pluggin a LAN cable into each device and connecting them all to a common hub/switch.
With a virtual network a mobile consulting team can have an "office LAN" even if they don't all sit in the same office. It's also possible to use virtual networks for collaboration the way you might use an e-mail list, a chat room, or a conference call. Academic users for example have used ZeroTier One to create LANs for inter-organizational collaborative agencies that span institutions, allowing researchers and developers to access the common resources of the project as if organizational network boundaries didn't exist.

Cloud Network Backplanes

Most cloud providers offer "private networking" of one form or another. This lets you add a second network port to your virtual machines that they can use for things like database synhronization and file replication. Yet cloud provider private networking is almost always limited to nodes hosted by the same provider. It's also usually limited to the same data center, or even to the same cluster or "availability zone" within a data center.
With ZeroTier One you can create a private network backplane that works everywhere, allowing you to spread across data centers and even mix and match cloud providers to get the best service in a given region. It also makes heterogenous clouds -- those with both local and remote nodes -- trivial to deploy. From the virtual network's point of view everything is the same whether the physical machine is on premise or at a data center on another continent.
Since virtual network ports are mobile, it also makes migrations and restorations from backups a breeze. Just copy or restore your node to another instance and it'll re-appear with the same private address it had before.
Users of Docker might want to check out the docker-zerotier project at GitHub. It contains a Dockerfile and instructions for deploying ZeroTier as a virtual networking endpoint within Docker containers.

Other Uses

A growing number of users have explored other uses for virtual networks, like providing remote access to embedded devices in the field. We recently added official support for Linux/ARM devices like the Raspberry Pi for this reason. Others have used ZeroTier One to prototype peer-to-peer distributed computing and data transfer protocols without having to worry about the complexities and headaches of NAT traversal.
We're curious to learn what else people are doing with virtual networks. If you have a novel application, drop us a line and let us know.

Troubleshooting

Firewall Issues

If you can't connect or are experiencing poor performance, the first thing to check is your computer's local firewall. We recommend adding a rule allowing UDP traffic to and from local port 9993. This is done automatically by the Windows installer but must be done manually on other operating systems (for now). You also might need to add manual exceptions if you're running a third party firewall by a vendor like McAfee or Symantec.
ZeroTier One's virtual network ports look just like physical ones as far as your operating system is concerned. That means usually your local firewall rules will apply to them as well. If you want to use things like drive sharing over a virtual network, you might need to add special exceptions.
If ZeroTier works but performance is poor, you might be behind a NAT router or firewall that isn't allowing peer to peer connections. In this case ZeroTier will relay traffic by bouncing it off our central servers, which is slow. If you can, try checking this device to see if it has a setting for what kind of NAT (network address translation) it uses. If "symmetric" or "port restricted" NAT is selected, try "full cone" or "normal" NAT mode. You might also check firewall rules, since some devices don't allow UDP traffic at all. If UDP traffic isn't allowed, ZeroTier will fall back to TCP tunneling. This is even slower than ordinary UDP relaying.

Identity Collisions when Cloning Systems

The address of each device on a virtual network is determined by its identity, a cryptographic public/private key pair generated by ZeroTier automatically the first time it is launched. The security section of the wiki explains where these keys are located.
If you make a copy of a machine, such as by "cloning" it in a virtual machine manager, the copy will have the same address. This is usually not what you want. If you want a cloned device to have a new address, just stop the ZeroTier service and delete its identity.public and identity.secret files. A new identity will be created the next time the service is started. If the network is private, you'll need to authorize this new identity just like you would for any new device. If you deploy systems by cloning from templates, these files should probably be excluded.

Windows Driver Problems

Some users have reported an issue with the virtual network driver on Windows 7. While we can't duplicate this issue on our own test systems, users have reported that it may be a problem with Windows 7 installations that have not been updated through Windows Update. Until we have a fix for this issue, try running Windows Update if it appears.
In any case we strongly recommend keeping your system up to date for security reasons. If you've never run Windows Update your system is vulnerable to hundreds of known security issues.

Techical Support and Reporting Bugs

Visit our support portal to ask a question or report a bug. If you have a GitHub account you can also report issues there.

More Information

The Github project wiki hosts technical FAQs, operating system specific guides, and other detailed information

FROM https://www.zerotier.com/quickstart.html

https://www.zerotier.com/download.shtml
https://download.zerotier.com/dist/ZeroTier%20One.pkg
------------------

ZeroTier One

ZeroTier One is an app for Windows, Macintosh, Linux, BSD, Android, and iOS that connects devices, servers, and containers to virtual networks.

Getting Started

After installing and starting the service (which happens automatically on most platforms) your device will generate a ZeroTier address. This is a ten-digit address that looks like 89e92ceee5.
To actually connect to anything you will need to join a network. These have 16-digit network IDs that look like 8056c2e21c000001. You can get a network ID from someone else or you can create your own network at my.zerotier.com.
Mac and Windows platforms have graphical interfaces that provide tray or task bar icons. All platforms have the zerotier-cli command line interface. Use zerotier-cli help to get help. On Unix-like systems you may need to preface this with sudo, while on Windows you will need to use an administrator-mode command prompt.
Read the manual or visit our knowledge base and our community chat for more help.

Download Links

Lastest Version: 1.2.4 / Release Notes

Microsoft Windows

ZeroTier One.msi
Be sure to approve installation of the driver during the install process.
Windows 7 and Windows Server 2012 or later are supported. ZeroTier One might work on Vista and Server 2008, but these are not officially supported and you may have to override certificate checking on install as these often have issues with newer SHA256 EV certificates. XP is not supported as it lacks many important network API functions. If you are installing via a remote desktop session read this knowledge base entry.

Apple Macintosh

The service will run on MacOS 10.7 or newer, while the GUI application (installed as ZeroTier One in your applications folder) requires 10.9 or newer. The command line interface will work for everyone, and you can also easily uninstall and restart ZeroTier One from a terminal.
# Get your ZeroTier address and check the service status sudo zerotier-cli status # Join, leave, and list networks sudo zerotier-cli join ################ sudo zerotier-cli leave ################ sudo zerotier-cli listnetworks # Stop and start the service with launchctl sudo launchctl unload /Library/LaunchDaemons/com.zerotier.one.plist sudo launchctl load /Library/LaunchDaemons/com.zerotier.one.plist # Cleanly uninstall ZeroTier One, preserving only your secret identity sudo "/Library/Application Support/ZeroTier/One/uninstall.sh"

iOS (iPhone / iPad / iPod Touch)

ZeroTier One App
Supports iOS 9 or newer.

Android

ZeroTier One App
Get the app via the Google Play store.

Linux (DEB and RPM distributions)

We've found a way to make the easy but infamous "curl|bash" more secure. If your system has GPG, try this:
curl -s 'https://pgp.mit.edu/pks/lookup?op=get&search=0x1657198823E52A61' | gpg --import && \ if z=$(curl -s 'https://install.zerotier.com/' | gpg); then echo "$z" | sudo bash; fi
Some users may need to replace gpg with gpg2 in the above commands.
This first makes sure you have the contact@zerotier.com GPG key. If this succeeds it then fetches our install script and pipes it through GPG. This verifies the script against its embedded signature, and if it is valid only the verified portion is forwarded through to "sudo bash." Otherwise the script is not executed and you will see a GPG error about signature check failure.
The install.zerotier.com script first characterizes your Linux distribution and adds the ZeroTier official package repository if we have one available for you. It then installs the zerotier-one package, enables and starts the service, and prints your new 10-digit ZeroTier address.
For those who are a bit more careless lazy brave, the script also works without GPG:
curl -s https://install.zerotier.com/ | sudo bash
RPMs are available for x86 and x64. DEBs for a wide variety of architectures are present, with x86 and x64 for almost any distribution and armhf, armel, mipsel, mips64, aarch64, etc. available for certain others.
If you want to manually add our repositories they can be found on download.zerotier.com and source code can be found on GitHub

from https://www.zerotier.com/download.shtml
---------------------------------------------------------------

使用ZeroTier组建虚拟内网/如何搭建MOON转发服务器


ZeroTier可以构建网状结构的虚拟局域网,方便我们将不同的设备连入这个虚拟的网络,实现内网通信的需求。然而在中国如果要用好ZeroTier,则需要搭建几个MOON转发服务器。
名词解释:
  • PLANET 行星服务器,ZeroTier 各地的根服务器,有美国、德国、日本、新加坡等地
  • MOON 卫星级服务器,ZeroTier允许用户在靠近Leaf的位置建立的带公网IP的转发服务器,可以帮助信令的中转加速
  • LEAF 枝叶节点,即你连上这个网络时,你就是这个网状结构中的一个枝叶末端节点
ZeroTier有各个平台的客户端软件,这里不赘述了。所谓MOON卫星级服务器,其实就是将一台带公网IP地址的枝叶节点转换为MOON,实操如下:
1. 首先在阿里云香港购买1个ECS,然后安装ZeroTier:
curl -s https://install.zerotier.com/ | sudo bash
2. 然后加入到你创建好的网络
zerotier-cli join
3. 生成MOON模板
cd /var/lib/zerotier-one
zerotier-idtool initmoon identity.public > moon.json
4. 修改模板,编辑器打开moon.json,把公网IP地址填到里面去,端口保持默认即可
“stableEndpoints”: [ “8.8.8.8/9993” ] #8.8.8.8 改为你的公网IP
5. 生成MOON签名
zerotier-idtool genmoon moon.json
这一步会生成一个类似000000xxxxx.moon的文件,.moon前面的即这台MOON的ID,后续使用时需要,注意保存
6. 把MOON加入网络中
在 Zerotier 安装目录下(/var/lib/zerotier-one)建立文件夹 moons.d,将刚刚生成的 .moon 文件拷贝进去。
cd /var/lib/zerotier-one
mkdir moons.d
cp 000000xxxxx.moon moons.d
7. 重启 ZeroTier之后,MOON即可在该网段可用。
8. 在你的LEAF节点,执行命令
zerotier-cli orbit 000000xxxxx 000000xxxxx #没错,这个值要输入两遍
之后,你的信令就会经过这台中转服务器进行转发,查看是否存在MOON服务器,可以执行命令进行查看
zerotier-cli listpeers|grep MOON