wpa_supplicant及wpa_cli使用方法
wpa_supplicant
是一个连接、配置WIFI
的工具,它主要包含wpa_supplicant
与wpa_cli
两个程序。通常情况下,可以通过wpa_cli
来进行WIFI
的配置与连接,如果有特殊的需要,可以编写应用程序直接调用wpa_supplicant
的接口直接开发。
wpa_supplicant
是一个连接、配置WIFI
的工具,它主要包含wpa_supplicant
与wpa_cli
两个程序。通常情况下,可以通过wpa_cli
来进行WIFI
的配置与连接,如果有特殊的需要,可以编写应用程序直接调用wpa_supplicant
的接口直接开发。
ssh root@服务器IP地址 -p服务器端口号 -b 本地IP地址
多个网卡的情况下,需要走不同的网关出去, 以及白名单限制IP的情况, 指定连接IP可以省下麻烦的配置更改问题.
公网端:
socat TCP4-LISTEN:转发端口 TCP4-LISTEN:公网服务端口
socat TCP4:公网IP:转发端口 TCP4:127.0.0.1:内网服务端口
例如内网22端口, 公网转发端口 3333, 转发端口3334(公网IP接收内网IP数据的端口)
这时候连接方法 就是 ssh root@公网IP -p 3333 就连接上了内网服务器的22端口.
通俗讲就是: 内网机器通过公网IP的3333端口进行握手连接通信, 客户端透过公网的3333端口桥接到了内网机器的22端口.
PS:这里的内网指的是靠nat联网没有独立IP的网络设备.
socat虽然简单, 但握手中断后无法自动重新连接, 仅用于临时或者两端有监控脚本的运行方式能应急使用.
最近在弄树莓派内网透传串口的解决方案.
成本列表: Zero-w是找基友白piao的, Mcuzone 单网口网络扩展板(扩展板49.99,CNC外壳50).
到手使用体验效果一般, 扩展板挺好的,,顶针的供电和通信的设计把zero-w用螺丝固定上去就可以了.
扩展板的tpye-c供电也非常不错, 方便不用准备一堆的线束.
3个USB-A口, 1一个10/100Mbps的RJ45口.
两micro-usb+一个tpye-c的供电口, 可以实现不断电切换和外挂 充电宝方案, 这个比较实在.
50块钱的壳子比较掉价, 设计上比较欠缺, 8颗螺丝忒长了, 两面的挡板全是毛刺, 直接买亚克力的就行了.
装机运行后SOC温度在50左右.(没有散热风扇也没有加散热片)
目前先搞系统配置方案, 后期购入 Zero 4GLTE CAT1的扩展板再折腾下.
sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g' /etc/sysctl.conf
sysctl -p
apt -y install mtr tcpdump iftop kpartx ipmitool dnsutils ddrescue autossh whois unzip wget vim-conque golang git htpdate
cd /tmp
VERSION=$(curl -Ss https://api.github.com/repos/fatedier/frp/releases/latest |grep tag_name|grep -Po '[0-9]+\.[0-9]+\.[0-9]+.*(?=")')
#wget $(curl -Ss https://api.github.com/repos/fatedier/frp/releases/latest |grep browser_download_url|grep linux_arm| cut -d '"' -f 4) -O - | tar xz
wget https://github.com/fatedier/frp/releases/download/v${VERSION}/frp_${VERSION}_linux_arm.tar.gz -O - | tar xz
cd frp_*_linux_arm
mkdir /etc/frp
sed -i 's/network.target/network.target ntpdate.service/g' systemd/frp{c,s}.service
install frp{c,s} /usr/bin/
install systemd/frp{c,s}.service /usr/lib/systemd/system/
install frp{c,s}.ini /etc/frp/
systemctl daemon-reload
systemctl enable frpc.service
systemctl start frpc.service
systemctl status frpc.service
frpc.ini配置为默认.
附:
stream {
server {
listen 3501;
proxy_connect_timeout 15s;
proxy_timeout 30s;
proxy_pass unix:/dev/ttyUSB0;
#allow 333.333.333.0/24; #白名单IP段
#deny all;
}
server {
listen 3502;
proxy_connect_timeout 15s;
proxy_timeout 30s;
proxy_pass unix:/dev/ttyUSB1;
#allow 333.333.333.0/24; #白名单IP段
#deny all;
}
}
通过frp可以直接把串口丢到公网上去, 直接用telnet登陆进入串口.
telnet 公网IP 端口
frp和nginx主要做转发方案, 其他的还有隧道内网方案, 但基于没有独立IP的情况涉及第三方服务器服务, 像wireguard/ZeroTier/花生壳/蒲公英等等, 由于精力有限这里就暂时不涉及了. .
本文为草稿, 未完待续.
sed -i 's/#GatewayPorts no/GatewayPorts yes/g' /etc/ssh/sshd_config service sshd restart
yum install autossh -y -q
在内网主机 A 上,利用 AutoSSH 建立一条 SSH 隧道
autossh -M 4010 -NR 80:localhost:4000 username@Remote-Public-Server (-p PORT) ~/.ssh/id_rsa
参数解释:
“-M 4010”意思是使用内网主机 A 的 4010 端口监视 SSH 连接状态,连接出问题了会自动重连
“ -N”意思是不执行远程命令
“-R”意思是将远程主机(公网主机 B)的某个端口转发到本地指定机器的指定端口
can解释:
“80:localhost:4000”意思是将内网主机 A 的 4000 号端口转发至公网主机 B 的 80 号端口上
“[email protected]”意思是公网主机 B 的用户名和 IP
“-p xxxx”意思是公网主机 B 的 SSH 端口,如果是默认的 22 号端口,则可以不输入.
-f:SSH客户端在后台运行。
-C:压缩数据传输。
-N:仅做端口转发。
正向代理(-L):相当于iptable 的port forwarding.
反向代理(-R):相当于frp 或者ngrok.
socks5 代理(-D):相当于ss.
============================================================
$ cat ~/.ssh/config Host Public-Server HostName Remote-Public-Server-IP User USERNAME Port 22 IdentityFile ~/.ssh/id_rsa LocalForward 80 localhost:4000 ServerAliveInterval 30 ServerAliveCountMax 3
autossh -M 4010 -NR Public-Server ssh -M 0 -f -T -N Public-Server
#cat /lib/systemd/system/autossh.service [Unit] Description=autossh Wants=network-online.target After=network-online.target [Service] Type=simple User=autossh EnvironmentFile=/etc/default/autossh ExecStart= ExecStart=/usr/bin/autossh $SSH_OPTIONS Restart=always RestartSec=60 [Install] WantedBy=multi-user.target
$ cat /etc/default/autossh AUTOSSH_POLL=60 AUTOSSH_FIRST_POLL=30 AUTOSSH_GATETIME=0 AUTOSSH_PORT=22000 SSH_OPTIONS="-N -R 2222:localhost:22 example.com -i /home/autossh/.ssh/id_rsa"
systemctl daemon-reload systemctl enable autossh systemctl start autossh
直接ssh进行跳板连接转发
ssh -N -T -L Public-server-Port:<local server Host>:local-server-PORT USER@Remote-Public-Server
shellinabox 这玩意也挺好用, ajax实现的web页面操作终端.
最近在弄远程访问串口以及一些项目, 很早前就知道有frp这个东西, 但是一直没用过.
主要是centos7安装部署, debian安装过程差不多,稍微变通一下.
frp分为公网端(frps)和内网端(frpc), 桌面端通过公网端的IP进入内网.
由于一般只运行一个端, 所以下面的配置全表以frp进行命名.
yum install epel-release -y -q yum install golang git wget -y -q git clone https://github.com/fatedier/frp cd frp export GO111MODULE=on export GOPROXY=https://goproxy.io make #由于一般只运行一个端, 下面的配置全表以frp进行命名, 所以此处的install根据情况选择一个进行使用. #install bin/frps /usr/bin/frp #install bin/frpc /usr/bin/frp
cat >/etc/frp.conf<<EOF [common] bind_addr = 0.0.0.0 bind_port = 7000 vhost_http_port = 8000 vhost_https_port = 8001 dashboard_port = 7500 privilege_token = 123456 dashboard_user = ubuntu dashboard_pwd = 123 log_file = /var/log/frps.log log_level = info log_max_days = 3 max_pool_count = 5 authentication_timeout = 900 tcp_mux = true EOF
cat >/etc/frp.conf<<EOF [common] server_addr = 服务器域名 server_port = 7000 # for authentication privilege_token = 12345678 #if you want to connect frps by http proxy or socks5 proxy, you can set http_proxy here or in global environment variables # it only works when protocol is tcp # http_proxy = http://user:[email protected]:8080 # http_proxy = socks5://user:[email protected]:1080 # console or real logFile path like ./frpc.log #log_file = /var/log/frpc.log # trace, debug, info, warn, error log_level = debug log_max_days = 3 #启用压缩 use_compression = true login_fail_exit = false [ssh] type = tcp local_ip = 127.0.0.1 local_port = 22 remote_port = 2200 #http代理 [HTTP] type = http local_ip = 127.0.0.1 local_port = 8080 #自己的域名 custom_domains = xxxx remote_port = 800 EOF
frps -c /etc/frp.conf #启动公网服务端 frpc -c /etc/frc.conf #启动内网端
cat>/lib/systemd/system/frp.service<<EOF [Unit] Description=fraps service After=network.target syslog.target Wants=network.target [Service] Type=simple ExecStart=/usr/bin/frp -c /etc/frp.conf [Install] WantedBy=multi-user.target EOF systemctl daemon-reload systemctl enable frps systemctl start frps
=============================
apt install supervisor -y cat>/etc/supervisor/conf.d/frp.conf<<EOF [program:frp] command = /usr/bin/frp -c /etc/frp.conf autostart = true EOF systemctl restart supervisor
systemctl services 配置文件
cat>/usr/lib/systemd/system/frpc.service<<EOF
[Unit]
Description=Frp Client Service
After=network.target
[Service]
Type=simple
User=nobody
Restart=on-failure
RestartSec=5s
ExecStart=/usr/bin/frpc -c /etc/frp/frpc.ini
ExecReload=/usr/bin/frpc reload -c /etc/frp/frpc.ini
[Install]
WantedBy=multi-user.target
EOF
cat>/usr/lib/systemd/system/[email protected]<<EOF
[Unit]
Description=Frp Client Service
After=network.target
[Service]
Type=idle
User=nobody
Restart=on-failure
RestartSec=5s
ExecStart=/usr/bin/frpc -c /etc/frp/%i.ini
ExecReload=/usr/bin/frpc reload -c /etc/frp/%i.ini
[Install]
WantedBy=multi-user.target
cat> /usr/lib/systemd/system/[email protected]
[Unit]
Description=Frp Server Service
After=network.target
[Service]
Type=simple
User=nobody
Restart=on-failure
RestartSec=5s
ExecStart=/usr/bin/frps -c /etc/frp/%i.ini
[Install]
WantedBy=multi-user.target
EOF
cat>/usr/lib/systemd/system/frps.service<<EOF
[Unit]
Description=Frp Server Service
After=network.target
[Service]
Type=simple
User=nobody
Restart=on-failure
RestartSec=5s
ExecStart=/usr/bin/frps -c /etc/frp/frps.ini
[Install]
WantedBy=multi-user.target
EOF
思科的隧道默认是gre模式, 用tunnel mode ipip可以选择ipip模式
interface Tunnel0 ip address 172.16.1.1 255.255.255.0 ip tcp adjust-mss 1420 tunnel source 10.23.30.1 #tunnel mode ipip tunnel destination 10.23.30.206
linux下的操作: modprobe ip_gre iptunnel add tun0 mode gre remote 10.23.30.1 local 10.23.30.206 ttl 225 ifconfig tun0 172.16.1.2/24 ifconfig tun0 up ifconfig tun0 pointopoint 172.16.1.1 ifconfig tun0 multicast
思科隧道能玩的参数大致如下
tunnel bandwidth tunnel checksum tunnel destination tunnel endpoint service-policy output tunnel entropy tunnel key tunnel mode tunnel path-mtu-discovery tunnel rbscp ack_split tunnel rbscp delay tunnel rbscp input_drop tunnel rbscp long_drop tunnel rbscp report tunnel rbscp window_stuff tunnel route-via tunnel sequence-datagrams tunnel source tunnel tos tunnel ttl tunnel vrftunnel bandwidth tunnel checksum tunnel destination tunnel endpoint service-policy output tunnel entropy tunnel key tunnel mode tunnel path-mtu-discovery tunnel rbscp ack_split tunnel rbscp delay tunnel rbscp input_drop tunnel rbscp long_drop tunnel rbscp report tunnel rbscp window_stuff tunnel route-via tunnel sequence-datagrams tunnel source tunnel tos tunnel ttl tunnel vrf
interface g0/1 switchport trunk encapsulation dot1q switchport mode trunk switchport trunk native vlan 99 switchport trunk allowed vlan 1-100,111
Sw1(confit-if)#switchport access vlan 30 Sw1(confit-if)#switchport mode dotlq-tunnel Q-in-Q switchport trunk encapsulation [dot1q | isl]
https://github.com/robcowart/elastiflow
https://hub.docker.com/r/elastiflow/flow-collector
树莓派空中串口透传工具
快速安装:在命令行执行
wget -qO- https://tech.biko.pub/resource/rpi-ws-uart-setup.sh | sudo bash
源码仓库:
https://github.com/hardcore-rpi/pilib/tree/main/packages/ws-uart# 默认参数启动 sudo pilib-ws-uart # 指定参数启动 sudo PORT=8081 UART_COM='/dev/ttyUSB1' UART_BAUD_RATE=9600 pilib-ws-uart
==========
# curl https://tech.biko.pub/resource/rpi-ws-uart-setup.sh #!/bin/bash set -e echo "开始安装树莓派空中串口 pilib-ws-uart" if ! command cnpm &> /dev/null then npm install -g cnpm --registry=https://registry.npm.taobao.org fi cnpm i pilib-ws-uart -g echo "[电气罐头] 树莓派空中串口 pilib-ws-uart 安装完成" echo "使用文档:https://tech.biko.pub/#/posts/rpi-ws-uart"
用yum和dnf都可以直接操作.
dnf install centos-release-stream dnf distro-sync cat /etc/centos-release
yum -y -q install imapsync imapsync --host1 mail.gmail.com \ --user1 [email protected] \ --password1 passwordold \ --host2 mail.newhost.com \ --user2 [email protected] \ --password2 passwordnew \ --ssl1 \ --ssl2
yum -y -q install getmail mkdir -p /root/.getmail/maildir/{new,cur,tmp} cat>/root/.getmail/getmailrc.buddha<<EOF [retriever] type = SimplePOP3Retriever server = pop.qq.com #如果是gmail则改为pop.gmail.com username = budda password = password [destination] type = Maildir path = ~/.getmail/maildir/ #就是刚才在~/.getmail/建立的目录,注意该目录下一定要有new,cur,tmp这三个子目录 [options] read_all = False #只接受以前没有收取的邮件,如果改成True则收取邮箱中所有邮件 delete = False #下载邮件后不在服务器上删除该邮件,如果改成True则删除 EOF getmail --rcfile=getmailrc.buddha
show ip bgp regexp ^6939 show ip bgp neighbors 100.64.163.1 show ip bgp neighbors 100.64.163.1 advertised-routes
Cisco BGP常用show命令 1.常用的show 命令 查看BGP路由表 XRV8#show ip bgp all For address family: IPv4 Unicast BGP table version is 217, local router ID is 10.255.255.8 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *> 10.33.0.0/19 0.0.0.0 32768 i *> 10.33.1.0/24 0.0.0.0 0 32768 i *> 10.33.2.0/24 0.0.0.0 0 32768 i *> 10.33.3.0/24 0.0.0.0 0 32768 i 查看BGP邻居表 XRV8#show ip bgp summary BGP router identifier 10.255.255.8, local AS number 65002 BGP table version is 217, main routing table version 217 72 network entries using 10368 bytes of memory 76 path entries using 6080 bytes of memory 3/3 BGP path/bestpath attribute entries using 456 bytes of memory 1 BGP AS-PATH entries using 24 bytes of memory 0 BGP route-map cache entries using 0 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory BGP using 16928 total bytes of memory BGP activity 140/68 prefixes, 220/144 paths, scan interval 60 secs Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.201.1.1 4 65000 95 89 217 0 0 01:08:02 4 10.201.2.1 4 65000 86 90 217 0 0 01:01:00 4 查看路由表中的BGP路由 XRV8#show ip route bgp Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP a - application route + - replicated route, % - next hop override Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 141 subnets, 4 masks B 10.33.0.0/19 [200/0], 01:07:50, Null0 B 10.63.0.0/19 [20/0] via 10.201.2.1, 00:14:30 B 10.79.0.0/19 [20/0] via 10.201.2.1, 00:14:30 B 10.118.0.0/19 [200/0], 01:07:50, Null0 B 10.123.0.0/19 [200/0], 01:07:50, Null0 B 10.133.0.0/19 [20/0] via 10.201.2.1, 00:14:30 B 10.149.0.0/19 [200/0], 01:07:50, Null0 B 10.158.0.0/19 [20/0] via 10.201.2.1, 00:14:30 查看BGP路由含有某些特定路由的信息 XRV8#show ip route bgp | include 10.133.0.0 B 10.133.0.0/19 [20/0] via 10.201.2.1, 00:19:04 查看含有某些前缀的BGP路由信息 XRV8#show ip bgp 10.133.0.0 BGP routing table entry for 10.133.0.0/19, version 216 Paths: (2 available, best #2, table default) Not advertised to any peer Refresh Epoch 4 65000 65001, (aggregated by 65001 10.255.255.7) 10.201.1.1 from 10.201.1.1 (10.255.255.5) Origin IGP, localpref 100, valid, external, atomic-aggregate rx pathid: 0, tx pathid: 0 Refresh Epoch 4 65000 65001, (aggregated by 65001 10.255.255.7) 10.201.2.1 from 10.201.2.1 (10.255.255.6) Origin IGP, localpref 100, valid, external, atomic-aggregate, best rx pathid: 0, tx pathid: 0x0 查看某个特定的掩码区间的路由 XRV8#show ip bgp 10.133.0.0/16 longer-prefixes BGP table version is 217, local router ID is 10.255.255.8 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path * 10.133.0.0/19 10.201.1.1 0 65000 65001 i *> 10.201.2.1 0 65000 65001 i 查看起源于某个特定AS的路由 XRV8#show ip bgp regexp 65001$ BGP table version is 217, local router ID is 10.255.255.8 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path * 10.63.0.0/19 10.201.1.1 0 65000 65001 i *> 10.201.2.1 0 65000 65001 i * 10.79.0.0/19 10.201.1.1 0 65000 65001 i *> 10.201.2.1 0 65000 65001 i * 10.133.0.0/19 10.201.1.1 0 65000 65001 i *> 10.201.2.1 0 65000 65001 i * 10.158.0.0/19 10.201.1.1 0 65000 65001 i *> 10.201.2.1 0 65000 65001 i