äŒçµ±çã«ãèšäºã®ã»ãšãã©ã¯çè«ãšéå±ãªã¹ã¯ãªããã«æ§ããããŸã-èšäºã®çµããã«ã æžã蟌ã¿ã¯Webãã©ãŠã¶ãŒãå«ããã¹ãŠã®ã¢ããªã±ãŒã·ã§ã³ã«é©çšã§ããŸãããSteamã¯å®éšã®äž»é¡ãšããŠäœ¿çšãããŸãã
ãšã³ããªãŒã®ä»£ããã«ã ãã®åçã衚瀺ããŸãã

147ïŒ ...æãåºããããã®ã ãã ããHabrã¯æ¿æ²»ã®ããã§ã¯ãããŸããã
Steamã®ã²ãŒã ã®äŸ¡æ Œã¯å°åã«ãã£ãŠç°ãªããŸãã å°å-IP'shnikããã ãŠãŒãã§ã¯ãªãã«ãŒãã«ã§äŸ¡æ Œãèšå®ããããšããèŠæããããŸãã
ãããè¡ãã«ã¯ãtunããã€ã¹ãšãããã¯ãŒã¯åå空éã䜿çšããŠSSHçµç±ã§VPNã䜿çšããä»ã®ãã¹ãŠã®ãããã¯ãŒã¯ããã€ã¹ããã¢ããªã±ãŒã·ã§ã³ãåé¢ããŸãã
ãããã¯ãŒã¯åå空é
åŸæ¥ããŠãŒã¶ãŒæš©éã§èµ·åããã¢ããªã±ãŒã·ã§ã³ã«ã¯ããããã¯ãŒã¯ãžã®ãã«ã¢ã¯ã»ã¹ããããŸãã ã·ã¹ãã ã«ååšããä»»æã®ãããã¯ãŒã¯ã¢ãã¬ã¹ã䜿çšããŠãã±ãããéä¿¡ã§ããŸãã
ããã«ãã»ãšãã©ã®ãã¹ã¯ãããã¢ããªã±ãŒã·ã§ã³ã¯ãã·ã¹ãã ã®ãããã¯ãŒã¯ã€ã³ã¿ãŒãã§ã€ã¹ã1ã€ã ãã§ãããã©ã®ã€ã³ã¿ãŒãã§ã€ã¹ã䜿çšããããæå®ã§ããªããšæ³å®ããŠãããããã€ã³ã¿ãŒãã§ã€ã¹ã§äœãç解ããŸããã éåžžããµãŒããŒãœãããŠã§ã¢ã«ã¯ãã®ãªãã·ã§ã³ïŒéä¿¡è ã¢ãã¬ã¹ãšããŠäœ¿çšããã¢ãã¬ã¹ïŒããããŸããããã¹ã¯ãããã§ã¯ããã¯åãå ¥ããããªãèŽ æ²¢ã§ãã
è€æ°ã®ã€ã³ã¿ãŒãã§ãŒã¹ïŒVPNã«é¢é£ããã€ã³ã¿ãŒãã§ãŒã¹ïŒãããå Žåãeth0 / wlan0ã§ã¯ãªãã䜿çšããå¿ èŠãããããšãSteamã«éç¥ããæšæºçãªæ¹æ³ã¯ãããŸããã ããæ£ç¢ºã«ã¯ãVPNå ã®ãã¹ãŠã®ãã©ãã£ãã¯ããã©ãããã§ããŸãããããã¯å¿ ãããæãŸãããšã¯éããŸããã å°ãªããšããé 延ã®å¢å ãšé床ã®äœäžïŒVPNãè¶ é«éãµãŒããŒã«ã€ãªããå Žåã§ããé 延ã®å¢å ããã³ãã«ããã®ãªãŒããŒããããããŒã«ã«ãã£ãã«ã®åºå®å¹ ã«ãããTCPã¯é床ãèœãšãå¿ èŠãããäœçœ®ã«çœ®ãããŸãïŒã æ倧ã§ãããã·ã¢ã®VPNçµç±ã§è³Œå ¥ãããããšãšããã¹ãŠã®ãã©ãã£ãã¯ãããã«éãããšã§ãã Roskomnadzorã«ããå察ãèªç±ãªæèããã®ä¿è·ãåŸãããã« VPN ã䜿çšããããšã«ãç§ã¯ãŸã£ããæ¹ãããŸããã
ãããã®æ¡ä»¶äžã§ã¯ã1ã€ã®ç¹å®ã®ã¢ããªã±ãŒã·ã§ã³ãšç¹å®ã®ãããã¯ãŒã¯ã€ã³ã¿ãŒãã§ã€ã¹ã«1ã€ãæ®ããããšãã倧ããªèŠæããããŸãã äžã ãã®ã¢ããªã±ãŒã·ã§ã³ã®ããŒãºã®ã¿ã«åãããŠæ§æãããŠããŸãã
Linuxã§ãã®åé¡ã解決ããããã«ãããªãé·ãéïŒ2007幎以æ¥ïŒããããã¯ãŒã¯åå空éãã€ãŸããããã¯ãŒã¯ã®åå空éãšåŒã°ããæè¡ããããŸãã ãã¯ãããžãŒã®æ¬è³ªïŒäžçš®ã®ããã£ã¬ã¯ããªãããããã¯ãŒã¯ã€ã³ã¿ãŒãã§ãŒã¹äžã«äœæãããåãã£ã¬ã¯ããªã¯è€æ°ã®ãããã¯ãŒã¯ã€ã³ã¿ãŒãã§ãŒã¹ãšã¢ããªã±ãŒã·ã§ã³ãæã€ããšãã§ããŸãã ç¹å®ã®ãããã¯ãŒã¯åå空éã§èªèº«ãæ€åºããã¢ããªã±ãŒã·ã§ã³ã¯ããã®ã¹ããŒã¹ã«å²ãåœãŠãããŠãããããã¯ãŒã¯ã€ã³ã¿ãŒãã§ã€ã¹ã®ã¿ã䜿çšïŒããã³è¡šç€ºïŒã§ããŸãã
次ã®å³ã¯ãäœãèµ·ãã£ãŠããã®ãã説æããŠããŸãã

ãã¡ããããã®ãããªè±å¯ãªæ§æã¯ãã¹ã¯ãããã§ã¯ãããŸããããäœãèµ·ããŠããã®ããçŽç²ãªåœ¢ã§èª¬æããããšãã§ããŸãã
ç°ãªãåå空éã¯ç°ãªãè²ã§åŒ·èª¿è¡šç€ºãããŸãã æå®ãããã€ã³ã¿ãŒãã§ãŒã¹ã¯ãæå®ãããåå空éããã®ã¿å©çšå¯èœã§ãããä»ã«ã¯äœããããŸããã ããšãã°ãèµ€ã®ããŒã ã¹ããŒã¹ã¯ãtap1ãveth1ããã³loãéã¯eth1ãeth2ãloããã³veth0ãç·ã¯tun0ããã³loã®ã¿ã«ã¢ã¯ã»ã¹ã§ããŸãã ããŒã ã¹ããŒã¹ã®å€ã§ã¯ãeth0ãæ®ãããã€ãã£ãã€ã³ã¿ãŒãã§ã€ã¹ã¯br1ãtap0ãloã§ãã
ååå空éã«ã¯ç¬èªã®loãããããšã«æ³šæããŠãã ããïŒ loã®éãåå空éã§mysqlããªãã¹ã³ããå Žåãç·ã®ïŒããã³é以å€ã®ïŒåå空éããã¯ã¢ã¯ã»ã¹ã§ããŸããã ãããããããæã楜ããæ©èœã§ãã 2çªç®ã®æ©èœã¯ãç°ãªãã€ã³ã¿ãŒãã§ã€ã¹ã®ç°ãªãåå空éã§åãIPã¢ãã¬ã¹ã䜿çšã§ããããšã§ãããäœããããŸããã ãã¡ãããååå空éã®ã«ãŒãã£ã³ã°ããŒãã«ã¯ç°ãªããŸãã
ç±å¿ãªèªè ã¯ãä»®æ³åã®ç²Ÿç¥ãæããŸããã ã¯ãããã¡ããã§ãã ãããã¯ãŒã¯åå空éã¯ïŒãã®ã¬ãã«ã®ä»ã®ãã¯ãããžãŒãšäžç·ã«ïŒLXCïŒLinuxã§ã®ã³ã³ãããŒä»®æ³åïŒã®éèŠãªéšåã§ãã ããããopenvzãä»ã®å€ãã®åæ§ã®ãã¯ãããžãŒãšã¯ç°ãªããLXCã³ã³ããŒãã³ãã¯éåžžã«äžè¬çã§ãããããã¹ã¿ã³ãã¢ãã³ããŒã«ãšããŠäœ¿çšã§ããŸãã ãããŠãããã¯æ£ããUnixã®æ¹æ³ã§ãã誰ãã1ã€ã ããè¡ããŸãããããã¯è¯ãããšã§ãã çŽç²äž»çŸ©è ã¯ããã¹ãŠãã³ã¢ã«æŒã蟌ãã®ã¯æªãããšèšããããããŸããã
çŸåšã®ãããã¯ãŒã¯ã®å€éšã«ã€ãªããtun / tapã€ã³ã¿ãŒãã§ã€ã¹ã䜿çšããŠã¢ããªã±ãŒã·ã§ã³ãçµäºãããšãæãèå³æ·±ãç»åãåŸãããŸãïŒäžã®å³ã§ã¯ãç·è²ã®åå空éã«å€ç«ããtunããããŸãïŒã tunãã³ã³ãã¥ãŒã¿ãŒã®å€éšïŒvpnãµãŒããŒãªã©ïŒã«ããå Žåãã¢ããªã±ãŒã·ã§ã³ã¯ã³ã³ãã¥ãŒã¿ãŒãå®éã«æã£ãŠãããããã¯ãŒã¯èšå®ãç解ããæ¹æ³ããããŸããã ããšãã°ãVPNããããã¹ãããã·ã¢ã«ã€ãªããå Žåãç·è²ã®åå空éã§å®è¡ãããŠããã¢ããªã±ãŒã·ã§ã³ã¯ãã¹ãŠãã·ã¢ããã¢ãã¬ã¹ãåãåãããã·ã¢ã«ãããã®ããã«ãããã¯ãŒã¯ã«ç§»åããŸãã å®éãããã¯Steamããã·ã¢ã®IPãææããŠãããšä¿¡ããã²ãŒã ãåé¡ã§è²©å£²ããããšã«åæããããã«å¿ èŠãªãã®ã§ãã
åœã®å®çŸ©ã§ã¯ãSteamã¯å°ãå¥åŠã§ãã VPNããªãå ŽåãSteamã¯æã äŸ¡æ ŒããŠãŒãã§ãæã«ã¯ã«ãŒãã«ã§è¡šç€ºãããã¿ãŒã³ãç解ã§ããŸããã§ããã ãã·ã¢ã®VPNã¯ãã¹ãŠã®è³ªåãåé€ããŸãã-äŸ¡æ Œã¯åžžã«ã«ãŒãã«ã§ãã
ãããã¯ãŒã¯åå空éã®æäœã«é¢ããç°¡åãªãã³ãïŒèšäºã®çµããè¿ãã®å®çšçãªãã³ãïŒïŒ
ip netns
ãããã¯ãŒã¯åå空éã®ãªã¹ãïŒãã¹ãŠã®ip netnsã³ãã³ãã§ip netã«ççž®ã§ããŸãïŒ
ip netns add/delete foo
ãšããååã®ãããã¯ãŒã¯åå空éãäœæ/åé€
ip netns exec foo /usr/bin/bin
æå®ããããããã¯ãŒã¯åå空éã§ããã°ã©ã ãå®è¡ããŸãïŒãã§ã«å®è¡äžã®ã¢ããªã±ãŒã·ã§ã³ããã©ãã°ã§ããªãããšã«æ³šæããŠãã ããïŒ
ip link set eth99 netns foo
ã€ã³ã¿ãŒãã§ã€ã¹ãæå®ãããã¹ããŒã¹ã«
ip link set eth99 netns foo
ãŸã
ãããŠãããã€ãã®ããªãã¯ïŒ
ip netns exec foo ip link
-fooã¹ããŒã¹å ã®ã€ã³ã¿ãŒãã§ãŒã¹ã®ãªã¹ã
ip netns exec foo tcpdump -ni eth99
-tcpdump 泚æãexecã®ç¹å®ã®äœæ¥ã«ãããCtrl-CãæŒããåŸã«ã®ã¿ç»é¢ãžã®åºåã衚瀺ãããŸãã è¿·æãªå Žå-以äžãåç §ããŠãã ããã
sudo ip netns exec foo login -f username
åå空éå ã§ãã°ã€ã³ãå®è¡ããŸãã ãã°ã€ã³ãããŠãŒã¶ãŒã¯ã端æ«/ã°ã«ãŒããªãŒããŒã®èšå®ãªã©ãå®å šã«æ§æãããç¶æ ã§ãæå®ãããããŒã ã¹ããŒã¹ã§æ¢ã«åäœããŠããŸãã
SSHãä»ããVPNçµç¹
åé·æ§ã®ããã«ãopenvpnãopenswanãããã³ãã®ä»ã®ã¢ããªã±ãŒã·ã§ã³ã奜ãã§ã¯ãããŸããã ç§ã¯ããã€ãã®ç¶æ³ã§åœŒãã®å¿ èŠæ§ãèªèããŠããŸãããã§ãããšãã¯SSHã䜿çšããããšããŸãã ããã€ãã®çç±ããããŸãã
1ïŒSSHã¯ãã©ã®ãµãŒããŒã§ãããã«äœ¿çšã§ããŸãã
2ïŒSSHã¯gre / udpã§ã¯ãªãTCPã䜿çšããŸãããšããŸããã¯ãªå Žæãã䟡å€ã®ãªãWiFiã§æ¥ç¶ããå¿ èŠãããå Žåã¯ãããŒã22ããã³443ã®sshã䜿çšãããŸãã 22çªç®ã®ããŒãããŸã éããããšãã§ããå Žåã443-ééããªãã HTTPSã¯ããã䜿çšããŸãïŒãããã¯ãããå Žåãinãããã ã¹ã¿ãŒã¯ãã¹ãŠãGoogle / Facebookãªã©ã«éããŸãïŒ
3ïŒå±ãç¯å²ã®ãã·ã³ã«SSHã¯ã©ã€ã¢ã³ãããããŸããã€ãŸããUnixãã·ã³ããå¿ èŠãªãã³ãã«ã解é€ã§ããŸãã 3ã5ã¹ããã-çªä»ãã
4ïŒãã³ããªã³ã°èšå®ã®çšåºŠã¯ç°¡åã«èª¿æŽã§ããŸãã socks-proxyã®ã¿ãå¿ èŠãªå Žåã¯ãl2ãã³ãã«ãçºæããŸããã
5ïŒè¿œå ã®ã·ã£ãŒãããºã ãªãã§ãè€æ°ã®äžŠåæ¥ç¶ãä»»æã®çµã¿åããã§äœ¿çšã§ããŸã-ç°ãªãã¯ã©ã€ã¢ã³ãããã®1ã€ã®ãµãŒããŒãžã1ã€ã®ã¯ã©ã€ã¢ã³ãããã®ç°ãªããµãŒããŒãžãªã©ã å®å šã«
äž»ãªçç±ã¯ããã«åçŽã§ãããSSHã¯ãã«ã¿ã€ã ã®ããŒã«ãããã§ãããå¿ èŠãªãã¹ãŠãå®è¡ã§ããŸãã ãªãä»ã«ïŒ
ã ãããSSHãã³ãã«ã®çè«
TUNã€ã³ã¿ãŒãã§ãŒã¹
TUNã€ã³ã¿ãŒãã§ãŒã¹ã¯éåžžã«ã·ã³ãã«ã§ããã·ã¹ãã å ã«ä»®æ³ãããã¯ãŒã¯ã€ã³ã¿ãŒãã§ãŒã¹ïŒtun0ãtun1ãªã©ïŒãäœæããä»ã®ããšã³ãããšãšãã«ããããäœæããããã°ã©ã ã®fdïŒãã¡ã€ã«èšè¿°åïŒãæ€çŽ¢ããŸãã ããã°ã©ã ã¯fdããã®ãã©ãã£ãã¯ãã©ããããã決å®ããŸãã ãŸããã·ã¹ãã å ã®ã¢ããªã±ãŒã·ã§ã³èªäœãããããã¯ãŒã¯ã€ã³ã¿ãŒãã§ã€ã¹ã®åŠçæ¹æ³ã決å®ããŸãã
SSHã®å ŽåãSSHã¯ã©ã€ã¢ã³ãã«ãã®éšåã®tunã€ã³ã¿ãŒãã§ãŒã¹ããã®éšåã®SSHãµãŒããŒãäœæããããããæ¥ç¶ããããã«æ瀺ããŸãã äžæ¹ã§ã¯ïŒã¯ã©ã€ã¢ã³ãããïŒãã©ãã£ãã¯ãçä¿¡ããä»æ¹ã§ã¯ïŒãµãŒããŒããïŒãã©ãã£ãã¯ãçºä¿¡ãããããšãããããŸãã ãããŠãã®éã ãã³ãã«ãšã¯äœã§ããïŒ VPNã䜿çšããªãçç± SSHã¯ãã©ãã£ãã¯ãæå·åããæ¹æ³ãç¥ã£ãŠããã®ã§ãããã«äœ¿ããVââPNãåŸãããŸãã SSHå ã§ã¯ãããã¯ãã£ãã«ãšåŒã°ããå€éåãããŸãããããŸãæ°ã«ããŸããã
ããã«äœãèµ·ããŠããããç°¡åã«ç€ºããŸãïŒ

SSHãµãŒããŒããã®ååãå¿ èŠãªããšã«æ³šæããŠãã ããã 以äžã®ã»ã¯ã·ã§ã³ã§ãµãŒããŒäžã«ãã³ãã«ãäœæããèš±å¯ã«ã€ããŠèª¬æããŸãããNATèšå®ãã¢ãã¬ã¹æå®ãªã©ã®è©³çŽ°ããããFreedomç¢å°ãæ©èœããããã«ããŸãã
ããŒãžã³ã«é¢ãã泚æïŒtunã€ã³ã¿ãŒãã§ãŒã¹ã«å ããŠãã¿ããã€ã³ã¿ãŒãã§ãŒã¹ããããŸãã L2ã»ã°ã¡ã³ããçµåã§ããŸãã ããã¯å°çãææããœãããŒãç¡é§ã§ããã誰ããæ¬åœã«ããããå Žåã¯ãèªå® ã®å®æãããã·ã³ãžã®SSHæ¥ç¶ã䜿çšããŠãç°ãªãããŒã¿ã»ã³ã¿ãŒããã®ããã€ãã®ãããã¯ãŒã¯ãçµåããããšããããšãã§ããŸãã ããŸããããŸãïŒçµæãä¿èšŒããããšã¯ã§ããŸããïŒã
å®è·µçãªè¡å
æºåïŒ
- SSHããŒããµãŒããŒã®ã«ãŒãã«ã³ããŒããŸãïŒããŒããªãå Žåã¯ã
sudo ssh-keygen
çæãsudo ssh-keygen
ïŒã éåžžãããŒãããŒã«ã«ã«ãŒãã«äœæããŸããããã«ãããããŒãšèªåã®ããŒãæ··åããªãããã«ãªããŸãã ããŒã¯ãsudo ssh-copy-id root@server
ã³ãã³ãã§sudo ssh-copy-id root@server
ã - ãªã¢ãŒããµãŒããŒäžã®SSHããã³ãã«ã®äœ¿çšãèš±å¯ãããŠããããšã確èªããŸãã
/etc/ssh/sshd_config
PermitTunnel
å€æ°ã®ã³ã¡ã³ããå€ããŠyes
èšå®ããå¿ èŠãããyes
ã - ä»»æã®çªå·ãéžæããŸãïŒecho $ RANDOMïŒã ããããã³ãã«çªå·ã«ãªããŸãã ãããèŠããŠãããŠãã ããïŒãŸãã¯ã42ãªã©ã®å¥ã®ãæ°ã«å ¥ãã®çªå·ã䜿çšããŠãã ããïŒã
- ãªã¢ãŒããµãŒããŒãã»ããã¢ããããŸãã ç§ã¯ä»ã®ãã£ã¹ããªãã¥ãŒã·ã§ã³/ OSã®ããã»ã¹ã§ããdebian / ubuntuã®ããã«æžããŠããŸã-ãããã®ããã®ãããã¯ãŒã¯ã®ã»ããã¢ããã«é¢ããããã¥ã¡ã³ããåç
§ããŠãã ããã ãã¡ã€ã«/ etc / networking / interfacesã§ã次ã®è¡ãäœæããŸãã
allow-hotplug tun42 auto tun42 iface tun42 inet static address 100.64.42.1 netmask 255.255.255.0 pre-up iptables -A POSTROUTING -t nat -s 100.64.42.0/24 -j MASQUERADE post-down iptables -D POSTROUTING -t nat -s 100.64.42.0/24 -j MASQUERADE
ããã«ãããtun42ã€ã³ã¿ãŒãã§ã€ã¹ããµãŒããŒã«è¡šç€ºããããã³ã«ãæ§æãããã€ã³ã¿ãŒãã§ã€ã¹ãèªåçã«åä¿¡ã§ããŸãã åæã«ãNATããã³ãã«ãããã±ããããããŒããã£ã¹ãã§ããããã«ããã€ã³ã¿ãŒãã§ã€ã¹ãæ¶ãããããã«ãªãã«ããŸãã - ãµãŒããŒã§ã«ãŒãã£ã³ã°ãæå¹ã«ããŸãããã
/etc/sysctl.d/enable_routing.conf
net.ipv4.conf.all.forwarding = 1
ã»ãŒå®äºã§ãã èžæ°ãæµãã ãã§ãã ããŒã«ã«ãã·ã³ã§ä»¥äžã«èª¬æãããã¹ãŠã®ãã®ã
- ãã¬ã€ã¢ã€ã³ã³ãå«ãSteamã®ä»¥åã®ã³ããŒããã¹ãŠãªãã«ããŸã
- ãµãŒããŒã«æ¥ç¶ããŸãïŒ
sudo ssh -w 42:42 root@server
ã -wãªãã·ã§ã³ã¯ãtun42ãããŒã«ã«ã§äœæãããªã¢ãŒãtun42ãšïŒäœæããããšã«ããïŒé¢é£ä»ããããšãæ瀺ããŸãã - é£æ¥ããã³ã³ãœãŒã«ã§ïŒ
xhost + sudo ip net add steam sudo ip link set netns steam dev tun42 sudo ip net exec steam ip addr add 100.64.42.2/24 dev tun42 sudo ip net exec steam ip link set up dev tun42 sudo ip net exec steam ip route add default via 100.64.42.1 sudo ip net exec steam login -f $USER export DISPLAY=:0 steam
xhost +
ã¯ãxhost +
XãµãŒããŒã«æ¥ç¶ã§ããããã«ããŸãïŒæ³šæããŠãã ããïŒã ãã©ãã€ã¢ã¯man xhostãåŠç¿ããŠãããæ£ç¢ºãªã«ãŒã«ãæå®ã§ããŸãã
ip net add
ããã³ip net exec
ã¯ãip netns add
ããã³ip netns exec
-ãããã¯ãŒã¯åå空éãäœæããäœæ¥äžã®æ°ãããŠãŒã¶ãŒã»ãã·ã§ã³ãéå§ããŸããexport DISPLAY=:0
ã¯ããæåã®XãµãŒããŒã䜿çšããŸãã ããã©ã«ãã§ã¯ããã®å€æ°ã¯ãã°ã€ã³æã«ãªã»ãããããããããªããšãsteamã¯XãµãŒããŒã«æ¥ç¶ã§ããŸãã
å®éã«ã¯ãããã ãã§ãã åºå£ã§ã¯ãSteamã®ãã·ã¢äŸ¡æ Œãšãã·ã¢æ€é²ããããŸãã 幞ããªããšã«ãããã¯èžæ°ãä¿è·ããã ãã§ããã次ã®ãŠã£ã³ããŠã®ãã©ãŠã¶ã¯éåžžã«é«éã§ã¯ãªããéåžžã«ç¡æã®Cypriotã€ã³ã¿ãŒãããã䜿çšããŸãã
次ã®éšåã§ïŒ
- x86_64ãã·ã³ã§32ãããSteamãå®è¡ããæ¹æ³
- ã¹ããŒã ãå®å šã«åé¢ããŠåäœãããæ¹æ³ããã ããã«ãŒããŸãã¯ã¡ã€ã³ãŠãŒã¶ãŒããéå§ããããšã¯ãããŸããã pulsaduioãdriãè¡æ¹äžæã®ã©ã€ãã©ãªãç¹å®ããæ¹æ³ãSteamèªäœããããã°ããæ¹æ³ã«ããæãšæãã¿