Remote computer support on Linux OS
Setting up an IPv6 tunnel for symmetric NAT and remote management via VNC
Not so long ago, I was looking for a solution for remote system administration on Linux. The main problem is that it is connected to the Internet through providers using symmetric NAT. That is, from the internet machines are not available. If you search, you can find some programs for remote administration, but as a rule they cost a lot. I will describe how you can make access outside without such programs using an IPv6 tunnel through gogonet and VNC.
Ready programs
Having spent a lot of time searching, I found some programs. And there is one free for non-commercial use - this is TeamViewer 6 (works through wine). It works fine, there are a lot of functions, but it has some flaws: it tries to calculate commercial use by itself and can limit it. What happened to me, although in fact I used it only for personal purposes. And also the program constantly shows warnings about non-commercial use of the window, which is a bit in the way.
Run through Wine
Under Windows there is a wonderful program Ammy Admin , which allows you to connect to a remote system via the Internet and it does not interfere with firewalls and NAT. At the same time, it can be installed as a service, which eliminates actions on that side: no launch, transfer of new codes, or passwords to the controlling side is required, once set up, connected, and allowed.
You can also turn on the sound, transfer files and configure various settings.
')
The first idea is to run it under wine in Ubuntu. At startup, errors appear, but then the program works, but only as an operator (I use it to connect to win-machines). That is, to manage the machine running under linux will not work.
Having tried different programs under wine, it turned out that they all work, but all with one problem: the programs cannot transmit the Linux X screen (with sound, too, trouble). The solution needs another.
Solution 1 - Teredo
Teredo tunnel
Some were lucky with the provider and they would like the Teredo tunnel: IPv6 over IPv4 option. Under ubuntu, there is a program called Miredo that creates a tunnel and after that it already has its own IPv6 address. To install you just need to run:
sudo apt-get install miredoNow you can see your address:
ifconfig ... teredo Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet6 addr: fe80::ffff:ffff:ffff/64 Scope:Link inet6 addr: 2001:0:53aa:64c:2ca9:1bc4:9253:b1e2/32 Scope:Global UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1280 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:3 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:500 RX bytes:0 (0.0 B) TX bytes:144 (144.0 B) You can test IPv6 connectivity by also opening Test-ipv6.com .
Teredo works through symmetric NAT, but only for outgoing connections - it will not be possible to get outside.
Putting on two machines checked that the sites determine my IPv6-address normally. Next, I try to ping Google first:
ping6 -n ipv6.google.com
PING ipv6.google.com(2a00:1450:4001:c01::63) 56 data bytes
64 bytes from 2a00:1450:4001:c01::63: icmp_seq=1 ttl=59 time=85.2 ms
64 bytes from 2a00:1450:4001:c01::63: icmp_seq=2 ttl=59 time=79.8 ms
64 bytes from 2a00:1450:4001:c01::63: icmp_seq=3 ttl=59 time=82.2 msAnd then each other:
ping6 2001:0:53aa:64c:2ca9:1bc4:9253:b1e2If the ping in this case goes, then NAT is unbalanced and you can use teredo.
I did not go ping and had to look for another option.
Solution 2 - Freenet6
This tunnel works through symmetric NAT, but here it is a bit more complicated.
Go to the website gogonet.gogo6.com and register with gogoNET. Next, download the gogoCLIENT client for linux. In the same place we are registered already for access to servers. If anyone has not found the link: gogonet.gogo6.com/page/freenet6-registration
There is also anonymous access, but I registered and for good reason. At the end of the article I will explain why.
Moving on to installing the gogoc program:
tar -xzf gogoc-1_2-RELEASE.tar.gz
cd gogoc-1_2-RELEASE/For compilation, I lack the libssl-dev package:
sudo apt-get install libssl-devCompile:
make all
sudo make installdir=/usr/local/gogoc installNow we need to tweak the gogo client configuration:
sudo gedit /usr/local/gogoc/bin/gogoc.confIn the userid and passwd, we fill in our data obtained during the second registration (where is the name, not the box).
Change server:
server=amsterdam.freenet6.netor montreal.freenet6.net (with standard sometimes problems).
Change the authentication method:
auth_method=anyThe rest is left as is. And you can check:
cd /usr/local/gogoc/bin/
sudo ./gogocThe client tells us that he does not know such a server and asks about the addition of a key: (Y / N) , agree: Y.
Now we check the interfaces with the ifconfig command:
tun Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet6 addr: 2001:5c0:1000:b::9f29/128 Scope:Global UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1280 Metric:1 RX packets:5 errors:0 dropped:0 overruns:0 frame:0 TX packets:1 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:500 RX bytes:336 (336.0 B) TX bytes:56 (56.0 B) Check that the ping from the second computer goes:
ping6 2001:5c0:1000:b::9f29The tunnel is ready.
X11VNC
Now you need a VNC server that supports IPv6 for management.
Install:
sudo apt-get install x11vncAnd on the connecting machine, put the VNC client - remmina:
sudo apt-get install remminaRun x11vnc on the server. I run this line:
x11vnc -display :0 -forever -unixpw -noxrecord -noxfixes -ncache 10Such parameters correct glitches with ATI (the session crashed), the server also continues to work after the client is disconnected and unix authorization is used.
And we try to connect from the second system through the remmina, specifying the type of VNC and the address 2001: 5c0: 1000: b :: 9f29.
Here is the first connection. There was one problem.
Startup and how to find out the IPv6 address of the machine
Here I will give my decision, although I think it is far from ideal, but it works.
Auto-loading gogoc after connecting to the Internet and restarting if completed by mistake using a shell script I started in /etc/rc.local with the line
/etc/autostart_gogoc & .Contents of the autostart_gogoc file:
#!/bin/sh cd /usr/local/gogoc/bin while [ true ]; do gogoc=`ps ax|grep gogoc|grep -P -o "\d:\d\d\s\./gogoc"` if [ "$gogoc" = "" ]; then #echo " gogoc , " IP="0" while [ $IP = "0" ] do ping -c 3 www.ya.ru if [ $? -eq 0 ]; then echo "pinged_ok" IP="OK" fi sleep 10 done ./gogoc fi #echo "" sleep 10 done You can remove comments before the echo and, running from the root (through sudo), see how it works.
For autoloading x11vnc, I added a command (see above) to autorun (Startup Applications).
Next, to find out the current IP, I did the following (everyone can think of their own version).
1. A PHP script that lies on one of my sites and saves the sent ip-addresses in a text document:
<?php
$d=$_POST['data'];
$x=implode("",file("ipsforme.txt"));
$y=array();
$y=explode("\r\n",$x);
$d=date("dmY H:i ").$d;
array_unshift($y,$d);
if (count($y)>200) {
array_splice($y,190);
}
$z=implode("\r\n",$y);
$a=fopen("ipsforme.txt","w");
fputs($a,$z);
fclose($a);
echo "OK";
?>2. A PHP script through which I look collected:
<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' lang='ru' dir='ltr'>
<head>
<title> IP</title>
<meta http-equiv='content-type' content='text/html; charset=utf-8'>
</head>
<body>
<b> :</b><hr>
<?
#myipsview.php
$x=implode("",file("ipsforme.txt"));
$x=str_replace("\r","",$x);
$x=str_replace("\n","<br>",$x);
print $x;
?>
</body>
</html>
3. The script for python, which constantly works and when changing the ip-address, sends it to the server along with the machine name (it works under Windows, only python 2.6 needs to be installed):
#!/usr/bin/python2.6 # -*- coding: utf-8 -*- import sys import re import os from socket import * import subprocess from httplib import HTTPConnection import time print "##########################################################" print "\n\n\n\n\n\n" lastinfo="" #sss=raw_input('pausa') print "Start Cycle" while 1: retcode = os.spawnlp(os.P_WAIT, "sh", "sh", "-c", "uname -n >/home/andrey/sendipinfo.txt") retcode = os.spawnlp(os.P_WAIT, "sh", "sh", "-c", "/sbin/ip addr show dev tun | grep inet6 >>/home/andrey/sendipinfo.txt") f=file('/home/andrey/sendipinfo.txt','r') lines=f.readlines() f.close() s='' for line in lines: line=line.strip('\n') s=s+' = '+line print s if (lastinfo != s) and (re.search('inet6.*\w{1,4}:\w{0,4}(:\w{0,4})+',s)): print "" lastinfo=s BOUNDARY="$Python-Essential-Reference$" CRLF='\r\n' closing='--'+BOUNDARY+"--\r\n" server='www.armavirportal.ru:80' xname='data' xvalue=s section = ['--'+BOUNDARY,'Content-disposition: form-data; name=%s' % xname,'',xvalue] st=CRLF.join(section)+CRLF content_size=len(st)+len(closing) conn = HTTPConnection(server) conn.putrequest('POST','/myips.php') conn.putheader('Content-type','multipart/form-data; boundary=%s' % BOUNDARY) conn.putheader('Content-length', str(content_size)) conn.endheaders() conn.send(st) conn.send(closing) r = conn.getresponse() responsedata = r.read() conn.close() print "GET RESPONSE: "+responsedata time.sleep(10) print " " Print output can be removed everywhere using I did it for verification.
To start it with loading X's, I also added a command to the autorun:
sh -c /home/andrey/sendip.pyWhat we have
Now I have three systems on Ubuntu (Mint), which, when connected to the Internet, automatically restore the tunnel, and send the address to my website, which I can see at any time. Yes, it adds unnecessary actions, but this system is free and works.
The result of the work looks like this (http://www.armavirportal.ru/myipsview.php):
25-08-2011 19:30 = andrey = inet6 addr: 2001: 5c0: 1400: b :: acdd / 128 Scope: General
25-08-2011 14:11 = neo = inet6 addr: 2001: 5c0: 1400: a :: 1665/128 Scope: General
25-08-2011 14:07 = neo = inet6 addr: 2001: 5c0: 1400: a :: 11b7 / 128 Scope: General
25-08-2011 09:46 = neo = inet6 addr: 2001: 5c0: 1400: a :: 1677/128 Scope: General
25-08-2011 09:31 = neo = inet6 addr: 2001: 5c0: 1400: a :: 74d / 128 Scope: General
25-08-2011 08:43 = neo = inet6 addr: 2001: 5c0: 1400: a :: 459/128 Scope: General
24-08-2011 23:03 = neo = inet6 addr: 2001: 5c0: 1000: a :: 233/128 Scope: General
24-08-2011 10:26 = neo = inet6 addr: 2001: 5c0: 1000: a :: 90f / 128 Scope: Common
22-08-2011 11:18 = = IPv6 address ............: 2001: 5c0: 1400: a :: 819 (Primary)
22-08-2011 11:18 = = IPv6 address ............: 2001: 5c0: 1400: a :: 819 (Trial)
The last two lines from Windows.
Can be easier
When I wrote this article, I still did not know about one particular feature. When we register on freenet6, we will additionally receive an address of the form username .broker.freenet6.net , that is, the address you may not know the ipv6, but you can connect directly by name. We register for each axis, where the tunnel will have a separate freenet6 account (in this case it is possible under one account on gogo6) and there will be addresses for each system.
You can check the created tunnel now simply by name:
ping6 virtustilus5.broker.freenet6.netAnd also see it on the page ipv6-test.com , where I actually saw it.
As a result, the python script and php on the site are no longer needed.
VNC IPv6 for Windows
The tunnel rises even faster and easier than in Linux through gogoCLIENT.
Under Windows, I haven’t yet found a free IPv6-enabled VNC server.
VNC client with IPv6 under Windows Enhanced TightVNC Viewer works fine. I disable certificate checking, enter the address of the computer and connect.
Teredo
gogo6
Python documentation: httplib
Teamviewer
AmmyAdmin
Join.me
Meredo
Enhanced TightVNC Viewer
ipv6-test.com
other test-ipv6.com
Source: https://habr.com/ru/post/127405/
All Articles