解决 Linux 下直接拨号汇聚不好维护的问题, 解决,各种网络模式下,Linux 拨号问题, 反正就是兼容性强, 适合Linux 小白
安装 KVM 虚拟机 爱快
内核参数优化
bash -c "$(curl -sS https://gitee.com/lwmacct/web-vscode-shell/raw/main/workspace/shell/centos/kernel/sysctl.sh)"
KVM 安装启动
#!/usr/bin/env bash__main() {# 加载 kvm 模块modprobe kvmlsmod | grep kvm# 安装 kvm ,以及常用工具yum install -y \virt-* libvirt qemu-img qemu-kvm \net-tools bridge-utils socat# 设置开机启动并启动systemctl enable libvirtdsystemctl start libvirtdsystemctl daemon-reload}__main
关闭 SELINUX 和防火墙
#!/usr/bin/env bash__system_set() {firewall-cmd --statesystemctl stop firewalld.servicesystemctl disable firewalld.servicesed -i 's,^SELINUX=.*$,SELINUX=disabled,' /etc/selinux/config}__system_set
创建爱快 lan 网桥
- 以下命令复制粘贴,无需修改, 也不可修改
```bash
!/usr/bin/env bash
__ikuai_br_create() { _bridge=”br-ikuai-lan1” cat >/etc/sysconfig/network-scripts/ifcfg-br-ikuai-lan1 <<-AEOF DEVICE=”br-ikuai-lan1” ONBOOT=”yes” TYPE=”Bridge” STP=”off” DELAY=”0”
网桥上配置 IP
DEFROUTE=”no” BOOTPROTO=”static” GATEWAY=”192.168.1.1” IPADDR=”192.168.1.2” NETMASK=”255.255.255.0” DNS1=”223.5.5.5” DNS2=”119.29.29.29” AEOF
#_macaddr=$(echo "$(openssl rand -hex 5)" | sed -e 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/88:\1:\2:\3:\4:\5/')ifup br-ikuai-lan1ip link set up br-ikuai-lan1
} __ikuai_br_create
<a name="oCd2D"></a>## 网桥相关操作- 上面的账号配置中提到了网桥, 下面的脚本带你快速完成网桥配置<a name="JWTDq"></a>### 为网卡创建专属网桥- 注意修改默认网卡名 p4p1```bashIFNAME=p4p1 bash -c "$(curl -sS https://gitlab.biz.kuaicdn.cn/shell/centos/-/raw/main/network/create_br.sh)"
#!/usr/bin/env bash__create_br() {# linux 系统网卡名字长度有限制, 如果创建网络接口长度超过15位限制, 那么就会存在不兼容的情况, 需自行解决, 例如 br-if-ens33.1000 这是一个vlan 网桥,长度为16位,超过长度超过4位的网卡名, 如果vlan也有4位以上,那么会出现这个问题_nic=$1# 判断网卡是否存在ip,信息, 如果存在则把ip信息配置到网桥中_gateway=$(ip r | grep "default.*\s${_nic}\s" | head -1 | grep 'via\s[0-9.]{7,15}' -Eo | awk '{print $NF}')_ip=$(ip r | grep -E "/[0-9]{1,3}\sdev\s${_nic}\s" | head -1 | grep -Eo 'src\s[0-9.]{7,15}' | awk '{print $NF}')_mask=$(ip r | grep -E "/[0-9]{1,3}\sdev\s${_nic}\s" | head -1 | awk -F '/| ' '{print $2}')if [[ "${_gateway}" != "" ]]; thenread -r -d '' _ip_info <<-EOFDEFROUTE="yes"IPADDR="${_ip}"PREFIX="${_mask}"GATEWAY="${_gateway}"DNS1="223.5.5.5"DNS2="119.29.29.29"EOFfi_bridge="br-if-$_nic"# 创建网卡专属网桥cat >/etc/sysconfig/network-scripts/ifcfg-"$_bridge" <<AEOFDEVICE="${_bridge}"ONBOOT="yes"TYPE="Bridge"STP="off"DELAY="0"${_ip_info}AEOF# 将网卡加入专属网桥if [[ "$(echo "$_nic" | grep '\.' -Ec)" != "0" ]]; then_nic2=$(echo "$_nic" | awk -F '.' '{print $1}')_vlan=$(echo "$_nic" | awk -F '.' '{print $NF}')_parent_mac=$(cat /sys/class/net/"$_nic2"/address 2>/dev/null)_macaddr=$(echo "$_parent_mac-$_nic" | md5sum | sed -e 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/66:\1:\2:\3:\4:\5/')read -r -d '' _vlan_info <<-EOFVLAN="yes"VLAN_ID=${_vlan}MACADDR=${_macaddr}EOFficat >/etc/sysconfig/network-scripts/ifcfg-"$_nic" <<EOLDEVICE="${_nic}"BRIDGE="${_bridge}"ONBOOT="yes"${_vlan_info}EOL# 建议手动重启网卡# /etc/init.d/network restart}__create_br p4p1
验证网桥创建状态
- 需要先安装网桥工具包
yum install -y bridge-utils - 下图建了两个网桥 如果使用命令
brctl show能看得到 那就说明网桥是创建成功的状态, 而且已经起作用了
启动爱快软路由
下载安装好的爱快
- 这一步需要先安装 Docker
- 以下命令会解压爱快虚拟机系统镜像文件到 /data/kvm/vm/ikuai-host/disk/system.qcow2
- 操作系统位数的选择参考爱快官网的对比 https://www.ikuai8.com/zhic/install/yjcs.html
- 如果有了新版爱快, 及时联系作者更新, 截止 2022-11-21 13:30:02 最新版为 3.6.11
docker run -it --rm --pull=always -v /data/kvm/vm/ikuai-host/disk/:/dest registry.cn-hangzhou.aliyuncs.com/lwmacct/ikuai:file-images-x64_3.6.11.qcow2
docker run -it --rm --pull=always -v /data/kvm/vm/ikuai-host/disk/:/dest registry.cn-hangzhou.aliyuncs.com/lwmacct/ikuai:file-images-x32_3.6.11.qcow2
镜像默认设置了 2G 大小, 如果日志比较重要,可使用以下命令调整镜像大小
- 后面的 +2G 代表镜像 +2G
- 更多用法参考
qemu-img resize /data/kvm/vm/ikuai-host/disk/system.qcow2 +2G
创建启动脚本
- 下面的命令使用了 4G 内存, 大多数场景都是 64位系统
- 如果多次执行, 网卡绑定的 MAC 会发生变化, 这将导致, 爱快内的网卡绑定设置自动解绑
```bash
!/usr/bin/env bash
__create_ikuai_start_script() {创建 kvm 爱快启动脚本
_p_file=”/data/kvm/vm/ikuai-host/data/start_run.sh” mkdir -p ${_p_file%/} _mac_lan1=$(echo “$(openssl rand -hex 5)” | sed -e ‘s/^(..)(..)(..)(..)(..).$/88:\1:\2:\3:\4:\5/‘) cat >$_p_file <<EOF!/usr/bin/env bash
virsh destroy ikuai-host >/dev/null 2>&1 virsh undefine ikuai-host >/dev/null 2>&1 virt-install \ —name ikuai-host \ —cpu “host-passthrough” \ —vcpus $(grep ‘processor’ /proc/cpuinfo | sort -u | wc -l) \ —memory 4096 \ —noautoconsole \ —autostart \ —import \ —graphics vnc \ —disk /data/kvm/vm/ikuai-host/disk/system.qcow2,cache=none,bus=sata \ —network bridge=br-ikuai-lan1,model=virtio,mac=${_mac_lan1} \ EOF给虚拟机启动命令添加每张网卡的网桥
_br_if=$(brctl show | grep ‘br-if-‘ | awk ‘{print $1}’) _wc=$(echo “$_br_if” | wc -l) i=0 for _br in $_br_if; do
done chmod 777 $_p_file cat $_p_file((i++))if ((i < _wc)); then _linefeed="\\"; else _linefeed=""; fi_random_mac=$(echo "$(openssl rand -hex 5)" | sed -e 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/88:\1:\2:\3:\4:\5/')echo " --network bridge=$_br,model=virtio,mac=$_random_mac $_linefeed" >>$_p_file
}
__create_ikuai_start_script
<a name="G4i7T"></a>### 启动 KVM 爱快```bashbash /data/kvm/vm/ikuai-host/data/start_run.sh
绑定 CPU 可选
#!/usr/bin/env bash__kvm_cpu() {# 虚拟机 CPU 绑定_name="ikuai-host"_cpu_number=$(grep 'processor' /proc/cpuinfo | sort -u | wc -l)for ((i = 0; i < "$_cpu_number"; i++)); dovirsh vcpupin "${_name}" "${i}" "${i}" >/dev/null 2>&1doneecho "绑定完成 CPU 数量: $_cpu_number"}__kvm_cpu
管理 kvm ikuai
爱快登录信息
- 爱快登录用户名 admin 密码 admin
启动改容器后, 会自动创建一个 root 用户, 登录密码 为 路由 id
管理容器作用
端口转发 192.168.1.1:80 到 0.0.0.0:8825, 使其实现访问 CentOS IP 8825 端口能进 ikuai web
- 管理线路, 路由设置
curl -sSL https://bd-rce.coding.net/api/user/bd-rce/project/ikuai/shared-depot/kvm-tools-v1/git/blob/master/boot/install.sh | jq -r '.data.file.data' | bash
常用命令
账号转换, 将隔离模式账号转换为爱快格式
__main() {# 账号转换, 将隔离模式账号转换为爱快格式, 可加入变量 ENABLE_ACCOUNT 强制指定账号是否启用, 可选值 yes|nodocker exec -it rce-ikuai-tools sh -c "bash /apps/script/ikuai/config/account_to_ikuai.sh"# 账号导入爱快docker exec -it rce-ikuai-tools sh -c "WAN_PORT=wan1 bash /apps/script/ikuai/config/account_import.sh"}__main
启动拨号
添加DMZ主机
端口分流
更改上网模式为 NAT1
默认路由
检查是否有ikuai默认路由没有手动添加
route add default gw 192.168.1.1
删除 kvm 爱快
__del_ikuai() {virsh destroy ikuai-hostvirsh undefine ikuai-hostrm -rf /etc/cron.d/docker-kvm-ikuaidocker rm -f rce-ikuai-toolsdocker rm -f rce-ikuai-toolsip r del default via 192.168.1.1 dev br-ikuai-lan1/etc/init.d/network restart}__del_ikuai
扩展知识
VNC 管理
在导入kvm 爱快虚拟机是已近将 设置了vnc 端口 和密码,连接即可,可执行重置密码等操作
KVM GUI 图形界面管理
终端执行 virt-manager 需要连接工具 支持 x11
yum install -y mesa-libGLES-devel.x86_64 mesa-dri-drivers
命令行操作模拟爱快web 操作
添加用户
#!/usr/bin/env bash__add_user() {# 添加一个用户 root 密码_cookie=$(curl -sSi 'http://192.168.1.1/Action/login' \-H 'Accept: application/json, text/plain, */*' \-H 'Content-Type: application/json;charset=UTF-8' \-d'{"username":"admin","passwd":"21232f297a57a5a743894a0e4a801fc3","remember_password":""}' |grep -oP 'sess.+?;')if [[ "${_cookie}" != "" ]]; thencurl -sS 'http://192.168.1.1/Action/call' \-H 'Accept: application/json, text/plain, */*' \-H 'Content-Type: application/json;charset=UTF-8' \-H "Cookie: $_cookie" \-d '{"func_name":"usergroup","action":"add","param":{"group_name":"ikuai-host","perm_config":"monitor_iface:xr,monitor_lanip:xr,monitor_app_flow:xr,monitor_l7qos:xr,monitor_system:xr,cflow:xr,cloud_switch:xr,dev_control:xr,basic:xr,vrrp_config:xr,disk_mgmt:xr,file_mgmt:xr,raid_mgmt:xr,register:xr,alg:xr,irqbalance:xr,ik_sysctl:xr,webuser:xr,remote_control:xr,upgrade:xr,backup:xr,hardwareinfo:xr,reboots:xr,wan:xr,lan:xr,dhcp_server:xr,dhcp_lease:xr,dhcp_lease:xr,dhcp_acl_mac:xr,dns:xr,dns_replace:xr,ipgroup:xr,macgroup:xr,dtgroup:xr,static_rt:xr,static_rt_table:xr,vlan:xr,pptp_client:xr,l2tp_client:xr,openvpn-client:xr,ipsec-vpn:xr,ik_web_sdwan:xr,upnpd_leases:xr,upnpd:xr,nat_rule:xr,dnat:xr,netmap:xr,ipv6_new:xr,ipv6_new:xr,ipv6_neighbor:xr,igmp_proxy:xr,lb_pcc:xr,stream_layer7:xr,stream_ipport:xr,stream_domain:xr,stream_updown:xr,stream_control:xr,layer7_intell:xr,layer7_qos:xr,simple_qos:xr,mac_qos:xr,dprotos:xr,dprotos_l7:xr,ac_status:xr,ac_server:xr,ac_group:xr,ac_upgrade:xr,wls_black:xr,ac_online_clt:xr,ac_online_clt:xr,ac_scan_nearby_sig:xr,ac_scan_nearby_ap:xr,ppp_online:xr,webauth:xr,pppoe_server:xr,pptp_server:xr,l2tp_server:xr,openvpn-server:xr,ppp_package:xr,pppuser:xr,ppp_passwd:xr,ppp_paylog:xr,coupon:xr,notice_temp:xr,notice_cycle:xr,notice_remind:xr,notice_expires:xr,audit:xr,record_free_setting:xr,audit_url_log:xr,audit_im_log:xr,audit_terminal_log:xr,mac_comment:xr,acl_mac:xr,url_black:xr,domain_blacklist:xr,domain_group:xr,url_redirect:xr,url_keywords:xr,url_replace:xr,acl_l7:xr,acl_l2route:xr,acl_qq:xr,acl:xr,arp:xr,conn_limit:xr,advanced:xr,ik_web_cache:xr,ik_web_cache:xr,ddns:xr,nat_ddns:xr,netsnmp:xr,netsnmpc:xr,port_mirror:xr,qemu:xr,plugins:xr,wakeup:xr,ftp_server:xr,smbd:xr,http_server:xr,udp_proxy:xr,Ping:xr,tcpdump:xr,Traceroute:xr,iperf:xr,subnet:xr,speedtest:xr,iksyscheck:xr,watchdog:xr,syslog-pppauth:xr,syslog-arp:xr,syslog-apaction:xr,syslog-dhcpd:xr,syslog-ddns:xr,syslog-wanpppoe:xr,syslog-notice:xr,syslog-sysevent:xr,syslog-webadmin:xr,ikmessages:xr,usergroup:xr,wan:xr,alone_limit:xr,high_prio_host:xr,sysstat:r,homepage:r","ip_addr":"0.0.0.0","perm_default":"rx"}}'curl -sS 'http://192.168.1.1/Action/call' \-H 'Accept: application/json, text/plain, */*' \-H 'Content-Type: application/json;charset=UTF-8' \-H "Cookie: $_cookie" \-d'{"func_name":"webuser","action":"add","param":{"comment":"","enabled":"yes","username":"ikuai-host","passwd":"ecea1b2624b4020e1e2bfb9d77d87a46","group_id":2,"group_name":"ikuai-host","sesstimeout":120,"force":0,"interval":30}}'fi}__add_user
CURL 模拟Web 操作草稿
curl 'http://10.71.19.3:8825/Action/call' \-H 'Accept: application/json, text/plain, */*' \-H 'Connection: keep-alive' \-H 'Content-Type: application/json;charset=UTF-8' \-H 'Cookie: sess_key=f178323b96e582117077b1b5852f500a; username=admin; login=1' \--data-raw '{"func_name":"wan","action":"add_band","param":{"id":1,"bandif":"88:93:bc:e9:39:b7"}}' \--compressed \--insecure
curl 'http://10.71.19.3:8825/Action/call' \-H 'Accept: application/json, text/plain, */*' \-H 'Connection: keep-alive' \-H 'Content-Type: application/json;charset=UTF-8' \-H 'Cookie: sess_key=f178323b96e582117077b1b5852f500a; username=admin; login=1; wan1=0' \--data-raw '{"func_name":"wan","action":"save","param":{"id":1,"pppoe_ip_addr":"","modified_time":1650265609,"comment":"","name":"wan1","bandif":"88:93:bc:e9:39:b7","pppoe_macremote":"","bandmode":0,"internet":"4","mac":"","speed":0,"duplex":0,"upload":0,"download":0,"qos_upload":0,"qos_download":0,"wifi_wisp":1,"wifi_bssid":"","wifi_ssid":"","wifi_psk":"","ip_mask":"","gateway":"","username":"","passwd":"","timing_rst_switch":0,"timing_rst_week":"1234567","timing_rst_time":"12:00","cycle_rst_time":0,"pppoe_service":"","pppoe_ac":"","mtu":1480,"mru":1480,"default_route":0,"disc_auto_switch":1,"link_time":"00:00-23:59","check_link_mode":3,"check_link_host":"www.baidu.com","qos_switch":0,"enable_ipv6":0,"linkmode":0,"policy":1,"pppoe_ass_switch":0,"ass_multi_total":10,"ass_disc_rst_switch":0,"ass_rst_check_week":"1234567","ass_rst_check_time":"00:00-08:00","ass_rst_check_interval":10,"ass_rst_disc_num":5,"ass_rst_disc_norestart":0,"ass_check_errip_switch":0,"ass_check_errip_list":"10,172,192.168","pppoe_status":0,"dhcp_gateway":"","dhcp_lease":0,"dhcp_dns2":"","dhcp_dns1":"","dhcp_updatetime":0,"dhcp_status":0,"dhcp_netmask":"","dhcp_ip_addr":"","pppoe_dns2":"","pppoe_dns1":"","pppoe_updatetime":0,"pppoe_gateway":"","pppoe_netmask":"","netmask":"255.255.255.0","time_s":"00:00","time_e":"23:59","lan_visit":0}}' \--compressed \--insecure
curl 'http://10.71.19.3:8825/Action/call' \-H 'Accept: application/json, text/plain, */*' \-H 'Accept-Language: zh-CN,zh;q=0.9' \-H 'Connection: keep-alive' \-H 'Content-Type: application/json;charset=UTF-8' \-H 'Cookie: username=admin; login=1; sess_key=3d5edfe5bfa83bc608279adc17c6b160' \-H 'Origin: http://10.71.19.3:8825' \-H 'Referer: http://10.71.19.3:8825/' \-H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36' \--data-raw '{"func_name":"homepage","action":"show","param":{"TYPE":"sysstat,ac_status"}}' \--compressed \--insecure
{"Result": 30000,"ErrMsg": "Success","Data": {"sysstat": {"cpu": ["25.75%","26.00%","27.00%","23.23%","27.00%"],"cputemp": [],"freq": ["2399","2399","2399","2399"],"gwid": "080e8e74390149a2b805b3ddf10b0018","hostname": "iKuai","link_status": 0,"memory": {"total": 1924372,"available": 1642336,"free": 1674320,"cached": 26796,"buffers": 2464,"used": "14%"},"online_user": {"count": 1,"count_2g": 0,"count_5g": 0,"count_wired": 1,"count_wireless": 0},"stream": {"connect_num": 13,"upload": 0,"download": 0,"total_up": 12768034723,"total_down": 215503807},"uptime": 1922,"verinfo": {"modelname": "","verstring": "3.6.3 x32 Build202204071133","version": "3.6.3","build_date": 202204071133,"arch": "x86","sysbit": "x32","verflags": "","is_enterprise": 0,"support_i18n": 0,"support_lcd": 0}},"ac_status": {"ap_count": 0,"ap_online": 0}}}
若有收获,就点个赞吧
0 人点赞
