之前为了翻墙,专门写过一篇《关于shadowsocks的一些思考》来说明它的工作原理,借助博客深入原理沉淀下来,对自己对他人都会有很大的帮助。
ss翻墙有一个必要的前提就是客户端本身必须支持socks5协议(比如浏览器一般都支持socks5配置),这样才能将和客户端本地的shadowsocks socks5代理进程互换数据,不过这也造成了很多软件是没法通过ss实现翻墙的,因此,我需要vpn来解决这个问题。
vpn的原理
vpn:英文全称是“Virtual Private Network”,翻译过来就是“虚拟专用网络”。vpn通常拿来做2个事情,一个是可以让世界上任意2台机器进入一个虚拟的局域网中(当然这个局域网的数据通讯是加密的,很安全,用起来和一个家庭局域网没有区别),一个是可以用来翻墙。
vpn比ss更加底层,它通过操作系统的接口直接虚拟出一张网卡,后续整个操作系统的网络通讯都将通过这张虚拟的网卡进行收发。这和任何一个代理的实现思路都差不多,应用层并不知道网卡是虚拟的,这样vpn虚拟网卡将以中间人的身份对数据进行加工,从而实现各种神奇的效果。具体来说,vpn是通过编写一套网卡驱动并注册到操作系统实现的虚拟网卡,这样数据只要经过网卡收发就可以进行拦截处理。
一句话,vpn在IP层工作,而ss在TCP层工作。
翻墙用途
需要在vps上部署vpn server,客户端所有数据将经过虚拟网卡的加密封装后都转发给vps上的vpn server,由它来转发给目标服务器,这和ss server原理类似,由vpn协议加密从而绕过GFW实现访问墙外网站,下面将以pptp vpn协议为例说明。
假设要访问谷歌,那么客户端发出的数据包首先通过协议栈处理封装成IP包,其源地址是虚拟网卡的地址,例如:192.168.0.2,而目标地址是谷歌的IP。
原始IP包交给虚拟网卡发送时,PPTP网卡驱动会按PPP协议对这个IP包整体加密封装作为新的payload,用一层新的IP头封装这个payload发送出去,这个新IP头的目标地址是vpn server,源地址是客户端的外网IP。
vpn server的协议栈会剥离掉新IP头,将内部PPP协议的payload交给pptpd进程处理,pptpd进程会按PPP协议解包得到原始的IP包,我们知道这个IP包的源地址是192.168.0.2,目标地址google。因此,pptpd进程需要做的是将这个IP包的源IP地址改为vps的地址,然后将IP包发给谷歌,从而和谷歌进行数据交换。最终,pptpd理所应当将谷歌的应答IP包的目标IP地址换成192.168.0.2,然后经过PPP协议封装并添加新的IP头后发回给客户端既可。
不过要注意在pptpd的实现里,这个源地址修改是通过iptables实现的,也就是添加通过iptables添加一个NAT规则,实现来源地址的映射转换,这个在你配置pptp的过程中就会看到。
局域网用途
大家知道,玩CS的时候都是局域网搜索房间的,要求大家坐在一个网吧里连着一台交换机。如果大家各自坐在家里玩CS想联机,通常要登录一个对战平台,其实对战平台做的事情就是VPN,也就是虚拟一个局域网,大家感受起来就和坐在一起一样。
虚拟网卡的驱动会尽力伪装成一个物理网卡的样子,我们知道DHCP协议是局域网动态分配客户端IP的协议,那么VPN的虚拟网卡其实也会和vpn server进行一些协商得到一个虚拟局域网的IP,比如192.168.0.2。得到虚拟IP后,后续数据将通过虚拟网卡发送至vpn server所在的IP,最终被pptpd进程处理。
既然各个客户端的虚拟网卡都是和同一个pptpd进程交互,那么这个pptpd进程自然知道这个虚拟的局域网内有哪些局域网用户,因此当2个虚拟局域网用户192.168.0.2和192.168.0.3之间想互相通讯的时候,pptpd会完成数据的中转。不过要注意,虚拟局域网用户间的通讯是不需要像访问谷歌那样修改数据包的源IP地址的,这个很容易想明白。
上面只是站在一个小白的角度理解这个过程,真实的pptp协议还用到了GRE协议,但并不是理解的重点。一个真实的pptpd进程包含一个在端口1723上tcp监听的父进程用来与各vpn client协商隧道信息,pptpd后续会给每个client创建一个子进程专门负责client的数据交互,而这个交互的协议就是GRE协议。
GRE直接在IP层之上实现,内核剥离IP透之后会解析GRE协议并根据GRE中的隧道ID将数据包分派给对应的pptpd子进程。子进程则通过raw socket对GRE包进行读写,利用raw socket可以方便的向任何隧道写出数据和读入数据,可以说pptpd的vpn隧道是直接依赖GRE协议的,有了GRE协议可以很方便的实现不同隧道间的数据交互,因为每个隧道的数据在GRE头中都有唯一ID标识(ID是1723端协商而来的),这就是虚拟局域网的大概实现原理。
当然,就像上面的图片描述的那样,VPN也常用于在家连接办公网,这是因为VPN server有另外一张网卡与办公网是局域网的关系,因此可以通过VPN server间接的访问到办公网,此时vpn server的帐号密码鉴权系统就显得尤为重要了。
最后
由上可知,pptpd工作起来很像一个路由器,除了能访问谷歌,还能实现虚拟局域网。同时,由于其实现上是一张虚拟网卡,因此对所有应用都可以适用。
PPTPD搭建请参考:http://blog.mimvp.com/2016/07/aliyun-centos7-set-up-vpn/
在最新MAC系统里,已经不支持PPTPD协议了,所以可以付费购买shimo vpn client或者免费不太好用的的flowvpn connect。
本文内容可能存在理解偏差,欢迎纠正。
如果文章帮助您解决了工作难题,您可以帮我点击屏幕上的任意广告,或者赞助少量费用来支持我的持续创作,谢谢~
Pingback引用通告: 利用vpn连通vps上的samba – 鱼儿的博客
干货。大神快更。
感谢评价。
推荐个目前自用的V2ray+Trojan翻墙梯子,不限流量免费试用三天能刷奈飞超高清视频,还有高质量IPLC线路,客服售后给力
https://xbsj3462.fun/i/xy052
大家可以试试
楼主,我想问一下,你是怎么把wordpress和php,结合的,我想和Javaweb结合。
wordpress是php开源项目,是一个CMS,你可以写自己的java web,通过CMS链接页面过去~
多谢,形象生动,言简意赅。
谢谢~
我是个学生,之前分别配置过shadowsocks和vpn来避开校园网收费,但是原理一直没搞清楚,看了您的博客后,困扰已久的问题终于搞清楚了,谢谢!!!
不客气!
你像个der
搭建方法让封了,能私聊告诉我吗,帅哥楼主
现在pptpd基本淘汰了,建议学习openvpn搭建,谷歌一下就知道!!
多谢,形象生动,言简意赅。
客气!
那么使用vpn 就是用了 虚拟网卡了白,怎么控制 流量的分流呢???也就是说一部分走虚拟网卡,一部分走 真实网卡???? 路由么????
这个与你本机路由表有关吧,VPN网卡的网段,物理网卡的网段,默认网关是哪个。
根据我似有似无的记忆,好像默认网关都被改成了VPN。
Pingback引用通告: 优雅地科学上网 – 洛逸轩
有没有办法做一个收费VPN
VPN本来就有帐号密码呀,你想做肯定可以的,但是在中国是违法的。
Pingback引用通告: 翻墙原理 – hello littlepudding
感谢作者的文章,对很多东西理解又深了一层。但是《关于shadowsocks的一些思考》这篇文档链接失效了,作者能付重新发一下这篇文档。感谢!
在博客内搜索,或者看一下我最新的斐讯N1翻墙系列文章。
一名大二计算机学生,看完您的文章后懂了一点,还是想问,应该从哪学起呢?搭建ss服务器么?
实现一个SS。
你好,我翻墙访问youtube,连接的是(美国10:电信联通高速),是不是youtube会识别我是在美国上网
那肯定。
Pingback引用通告: 使用Node实现简单的内网穿透 – Python量化投资
请问一下博主,建立翻墙的vpn是不是一定需要一台国外的服务器。
是
pptpd理所应当将谷歌的应答IP包的目标IP地址换成192.168.0.2,然后经过PPP协议封装并添加新的IP头后发回给客户端既可。
这个地方的应答包的IP地址不应该hi客户端的外网地址吗?
这样才能发送给原来的客户端吗?
mark 挺好的,有更深理解了
For many, this is the stage most likely to lead to relapse as many patients find it almost impossible to cope. Some facilities begin therapy and other forms of treatment at this stage, depending on the patient’s condition and ability. In inpatient detox, patients reside at a facility where they will receive constant supervision.
Trim Life Keto Reviews >> https://www.supplementz.org/trim-life-keto/
thanks For sharing a great info with us:
thanks for the great sharing information .
Get Independent female escorts service in Pune. we have high profile female escorts service in Pune.
Mount abu Escorts It would be a fine range of satiation gained in while you are trying out these charming hot angels here. It is very much effective for each one of you to be in relation to our girls here involved.
Ludhiana Escorts are active all the days and nights to deliver the best while being compared to others in the entire list.
The Zirakpur Escorts are therefore the finest of professionals here who can relive all the minds and souls of men. It is a fair journey enough to be involved with these positive skilled horny babes.
Mohali Escorts are the most demanding partners who can easily meet all your demands to the fullest. It is never any doubt that men are willing to perform the best of services being engaged to our well trained beauties.
Panchkula Escorts keeps a good collection of Panchkula escorts girls. We offer VIP full night Panchkula escorts, Call Girls Service In Panchkula.
Jalandhar Escorts offers one of the best and most dependable Independent Jalandhar Escort Service. We are very dependable and have a group of gorgeous girls just waiting to get together you and spend some excellent time with you.
thanks For the great post.
Beauti of Zirakpur and have fun with us in the night
Thanks for sharing this amazing post! I found many interesting things in it.
We are very dependable and have a group of gorgeous girls just waiting to get together you and spend some excellent time with you.
The Call Girls in Ludhiana are therefore the finest of professionals here who can relive all the minds and souls of men.
原来如此,vpn就是加密,给人一种在一个专用网下通信的感觉,因为不会经过外网上的设备,之前一直以为是给B一个和A同一子网的ip呢…
IZSPA, is the heaven in form of spa we are best body massage service provider in Bangalore.We offer our customers massages like Female to Male,Body to Body Massage, Thai Massage and many more modern and traditional types massages provided by IZSPA in best prices.
Female to male spa near me
感谢分享
After surfing a Pune Escorts website, you would get to know about all the advantages you are being offered and you can also go through the reviews mentioned by the previous clients to get reassured about the service you will be getting.
我想问一下博主如何能检测“翻墙”的终端呢?
我想问一下博主如何能检测“翻墙”的终端呢?
Thank you for your valuable post
https://www.bunnymodels.com/
1
Hello guys! I am Rituparna Roy. Presently I fly from Bagdogra to Delhi as an air hostess. My passion for sex had made me a part-time Siliguri escort. I am sexy and beautiful. I am delicate and spoken. Being an air hostess I am very stylish too. You will spend your sexiest moments with me. I can give you a massive blow. https://www.siliguriescorts.co.in – Siliguri Female Escorts | Siliguri Call Girls.
Hi and welcome to my website. Myself Rupali Mathur. Actually, I am from Darjeeling but presently living in Siliguri as a housewife. My husband often goes to Kolkata, Delhi, and Mumbai for days for his business work. I preferred to choose the Siliguri escort service to get company from the loneliness. You will get very caring treatment from me. http://www.escortsinsiliguri.co.in – Siliguri Escorts Service | Call Girls in Siliguri
Hay Buddy! I am Sweta Singh. I am presently living in Jaipur. I am a college student but provide Jaipur escort service on a part-time basis. I have a perfect bust along with a round back. I look very sexy in a western outfit. Spend a night with me to make it the hottest night of your life. You will definitely appreciate my company. https://www.hotgarima.com – Jaipur Call Girls | Jaipur Escorts.
Hello! I am Garima Kapoor. I am an Independent Pune escort. I am in my early twenties. I have a mysterious body curve and perfect blossom. I love to play with boys and men. I welcome mature men. https://hotescortgirls.in/pune.html – Pune Escorts | Independent Call Girls Service
All of our escort models are mature and know everything about sexual pleasure for which you are waiting for a long time. Visit my site https://www.hotescortgirls.in/pune.html
All of our escort models are mature and know everything about sexual pleasure for which you are waiting for a long time. Visit my site https://www.hotescortgirls.in/pune.html
I know from you that this is a very useful and important post. Everyone should know that it is valuable and refined. I want to thank you for your sharing.
Great post and great work. Thank you so much for sharing.
This is a very wonderful and well written post, keep posting like this, thank you from the bottom of my heart for sharing. I am very happy
https://www.nurescorts.in
escorts in abbottabad
escorts in Islamabad
Are you looking for the hottest call girls in Lahore? Look no further! In this blog post, we will provide you with a comprehensive overview of the best call girls in Lahore. We have done our research to make sure that you are able to find the perfect call girl to fulfill your needs. Whether you are looking for an unforgettable night or just a fun evening out on the town, our selection of call girls in Lahore will ensure that your needs are met. So, read on to find out more about the hottest call girls in Lahore!
Karachi is one of the most beautiful and vibrant cities in the world. It is known for its rich culture and stunning sights. But the city is also home to some of the most beautiful and sexy escorts in the world. These ladies are not only beautiful but they are also highly skilled professionals who are trained to provide the best possible service to their clients. In this blog post, we will be looking at the amazing Karachi girls – the most beautiful and sexy escorts in the city. From their backgrounds and personalities to the services they offer, get to know everything about these stunning ladies and the services they provide.
If you’re looking for the hottest and sexiest Call Girls and Escorts in Islamabad, then you’ve come to the right place! Whether you’re looking for a night of passion, or a companion for a special event, Islamabad has some of the best Call Girls and Escorts in the city. In this blog post, we’ll go over some of the most popular Call Girls and Escorts in Islamabad, what they offer, and why they are the hottest and sexiest in the city.
Thank you for selecting Chennai escorts we tend to represent Chennai best escorts, whether or not your budget is low for a naughty hour of fun or maybe you’re seeking a model girlfriend for an extended weekend or week away with? Rest assured you’ll only meet the simplest ladies within the business through this agency. Feedback is of the utmost importance therefore why our standards are therefore high.
Myself Anjana Joshi Me and you and all are living in this world to have happy life and always try our self best to relax our mind Someday leaving all our social work for few days…
thanku sir share this website visit my website and all service available
Our housewife escorts in Pune have kept up their figure well. They are voluptuous and lovely. They likewise long for some manly brotherhood to fulfill their craving.
Hiring a female escort in Pune is the best choice to spend quality time and celebrate the moments in a joyful way. If you are planning to spend time indoors at the five star hotels then you are lucky to have beautiful escorts in Pune from who reach to your place and let you enjoy sex, fun and love extremely which you never experienced before in any of female relation.
wow sir very nice artical and thanku sir share this website and my website web development
Based in Mumbai, India, Devki infotech provides a complete range of web development services including website hosting and maintenance, domain registration, on-page search engine optimization, and website integration with social media platforms such as Facebook, Twitter, LinkedIn, Google Maps, and Google Local Directory.
very nice sharing thanks
wooow amazing article, this is the best and useful article i found in google, please add more this type of useful articles on future, i can share this to my all frnds and groups.