Pages

Monday, 2 April 2018

vpn程序-glorytun

编译libsodium和python3.6.4
apt-get install pkg-config -y

wget https://github.com/mesonbuild/meson/releases/download/0.45.1/meson-0.45.1.tar.gz
tar zxvf meson-0.45.1.tar.gz
cd meson-0.45.1
python3 setup.py install
会显示:
Installing meson script to /usr/local/python-3.6.4/bin
Installing wraptool script to /usr/local/python-3.6.4/bin
Installing mesontest script to /usr/local/python-3.6.4/bin
Installing mesonintrospect script to /usr/local/python-3.6.4/bin
Installing mesonconf script to /usr/local/python-3.6.4/bin
Installed /usr/local/python-3.6.4/lib/python3.6/site-packages/meson-0.45.1-py3.6.egg
Processing dependencies for meson==0.45.1
Finished processing dependencies for meson==0.45.1
root@ar:~/meson-0.45.1# cd ~
root@ar:~# wget https://github.com/ninja-build/ninja/releases/download/v1.8.2/ninja-linux.zip
root@ar:~# unzip ninja-linux.zip
Archive:  ninja-linux.zip
  inflating: ninja                 
root@ar:~# ./ninja --version
1.8.2
root@ar:~# mv ninja /usr/local/bin/
root@ar:~# which ninja
/usr/local/bin/ninja
(以上橘黄色部分就安装ninja完毕)
root@ar:~# git clone https://github.com/angt/glorytun
root@ar:~# cd glorytun
root@ar:~/glorytun# git submodule update --init
root@ar:~/glorytun# mkdir build
root@ar:~/glorytun# meson build
会显示:

The Meson build system
Version: 0.45.1
Source dir: /root/glorytun
Build dir: /root/glorytun/build
Build type: native build
Project name: glorytun
Native C compiler: cc (gcc 4.9.2 "cc (Debian 4.9.2-10+deb8u1) 4.9.2")
Build machine cpu family: x86_64
Build machine cpu: x86_64
Found pkg-config: /usr/bin/pkg-config (0.28)
Native dependency libsodium found: YES 1.0.16
Library m found: YES
Native dependency systemd found: YES 215
Configuring glorytun@.service using configuration
Build targets in project: 1
Found ninja-1.8.2 at /usr/bin/ninja
root@ar:~/glorytun# ninja -C build install
会显示:
...
Installing glorytun to /usr/local/bin/glorytun
Installing /root/glorytun/build/glorytun@.service to /lib/systemd/system
Installing /root/glorytun/systemd/glorytun.network to /lib/systemd/network
Installing /root/glorytun/systemd/glorytun-client.network to /lib/systemd/network
Installing /root/glorytun/systemd/glorytun-run to /usr/local/bin
Installing /root/glorytun/systemd/glorytun-setup to /usr/local/bin
root@ar:~/glorytun# which glorytun
/usr/local/bin/glorytun
root@ar:~/glorytun# which glorytun-run
/usr/local/bin/glorytun-run
root@ar:~/glorytun# which glorytun-setup
/usr/local/bin/glorytun-setup
root@ar:~/glorytun# cd ~
root@ar:~# glorytun-setup
Config filename (tun0):
Server ip (enter for server conf): 0.0.0.0
Server port (5000): 6000
Server key (enter to generate a new one):
Your new key: 显示一串字符
Start glorytun now ? (enter to skip): y
root@ar:~# ps aux|grep glorytun
root      5108  0.0  0.0  77244   916 ?        SLs  21:29   0:00 glorytun bind keyfile /etc/glorytun/tun0/key 0.0.0.0 dev gtc-tun0 to 0.0.0.0 6000
root      5117  0.0  0.0  11072   816 pts/3    S+   21:29   0:00 grep glorytun
root@ar:~# cat /etc/glorytun/tun0/key
(可以查看到上面生成的Server key的值)
root@ar:~#
服务器端就搭建好了。

客户端,建议安装在linux桌面系统上。

项目地址:https://github.com/angt/glorytun
-------

Glorytun SD-WAN的开源实现


Glorytun是一款小型、简单,但又非常安全的隧道软件,支持AES-NI和ChaCha20-Poly1305加密,程序依赖libsodium >= 1.0.4,并且要求服务端和客户端的时间必须同步,误差不超过十分钟,安全性可以说非常高了。在功能上,与MPLS相比,支持多路径和故障转移(SD-WAN功能实现),也支持mtudp(UDP多端口复用),可极大限度的利用网络带宽。
项目地址:
安装方式
使用较新的Linux发行版,比如Ubuntu 16,CentOS 7,在安装完libsodium依赖后,可直接下载项目仓库的x86_64稳定版本,代码也可以自行编译安装,移植到其他系统或嵌入式系统,可以支持BSD系统,MacOS系统
示例
首先下载二进制执行文件,测试系统为Linux,图省事直接跳过编译过程了。
服务端和客户端都需要下载
root@VM:~# wget https://github.com/angt/glorytun/releases/download/v0.2.2/glorytun-0.2.2-x86_64-linux-musl.bin
root@VM:~# mv glorytun-0.2.2-x86_64-linux-musl.bin /usr/local/sbin/glorytun
root@VM:~# chmod +x /usr/local/sbin/glorytun
配置服务端
生成密钥gt.key并启动server,这个密钥客户端也需要用到,只需要生成一次。
root@VM:~# (umask 066; glorytun keygen > gt.key)
root@VM:~# glorytun bind 0.0.0.0 2914 dev tun0 keyfile gt.key chacha &
添加服务端ip到tun0,并指向客户端ip
root@VM:~# ifconfig tun0 10.0.1.1 pointopoint 10.0.1.2 up
然后设置路由,将来自glorytun隧道(tun0)的流量进行转发到物理网口(eth0)
root@VM:~# iptables -t nat -I POSTROUTING -s 10.0.1.0/24 -o eth0 -j MASQUERADE
允许来自tun0接口的请求:
root@VM:~# iptables -I INPUT -i tun0 -j ACCEPT
启用tun0(glorytun)和eth0(物理接口)之间的转发:
root@VM:~# iptables -I FORWARD -i eth0 -o tun0 -j ACCEPT
root@VM:~# iptables -I FORWARD -i tun0 -o eth0 -j ACCEPT
客户端配置
启动客户端,将服务端生成的gt.key保存到路径,然后执行:
root@VM:~# glorytun bind 0.0.0.0 to 2914 dev tun0 keyfile gt.key chacha &
添加客户端ip到tun0,并指向服务端ip
root@VM:~# ifconfig tun0 10.0.1.2 pointopoint 10.0.1.1 up
设置最大速率,一般以客户端的最大上传与下载设置即可
root@VM:~# glorytun path up rate tx 1mbit rx 20mbit
注:
tx:上传
rx:下载
测试
root@VM:~# ping 10.0.1.1
PING 10.0.1.1 (10.0.1.1) 56(84) bytes of data.
64 bytes from 10.0.1.1: icmp_seq=1 ttl=64 time=10.954 ms
64 bytes from 10.0.1.1: icmp_seq=2 ttl=64 time=11.024 ms
64 bytes from 10.0.1.1: icmp_seq=3 ttl=64 time=10.858 ms
64 bytes from 10.0.1.1: icmp_seq=4 ttl=64 time=10.966 ms
64 bytes from 10.0.1.1: icmp_seq=5 ttl=64 time=10.994 ms
64 bytes from 10.0.1.1: icmp_seq=6 ttl=64 time=11.246 ms
^C
至此,Glorytun隧道已经建立.