Возможно ли использовать ВПН в скрипте?

  • Добрый вечер. Есть ли возможность вписать в скрипт использование ВПН (для смены айпи после каждого цикла)? Допустим если это расширение в браузере или отдельное приложение?

  • @Encoder95 используйте openvpn и конфиги вашего впн сервиса(нужно уточнять у сервиса есть ли конфиги под openvpn)
    Потом просто через запустить процесс можно переподключать новый vpn

  • @DrPrime а подробней?

  • У меня та же проблема. Спрашивал у техподдержки впн, они ответили все можно -типа работайте с приложением из командной строки и все)) без подробностей. Подскажите как переключать айпи!!

  • Запустил впн-приложение в смd, получил вот такой лист... может посоветуйте что делать для смены ip??

                              has been verified.

    --management-client-pf : management interface clients must specify a packet
    filter file for each connecting client.
    --plugin m [str]: Load plug-in module m passing str as an argument
    to its initialization function.

    Multi-Client Server options (when --mode server is used):
    --server network netmask : Helper option to easily configure server mode.
    --server-ipv6 network/bits : Configure IPv6 server mode.
    --server-bridge [IP netmask pool-start-IP pool-end-IP] : Helper option to
    easily configure ethernet bridging server mode.
    --push "option" : Push a config file option back to the peer for remote
    execution. Peer must specify --pull in its config file.
    --push-reset : Don't inherit global push list for specific
    client instance.
    --ifconfig-pool start-IP end-IP [netmask] : Set aside a pool of subnets
    to be dynamically allocated to connecting clients.
    --ifconfig-pool-linear : Use individual addresses rather than /30 subnets
    in tun mode. Not compatible with Windows clients.
    --ifconfig-pool-persist file [seconds] : Persist/unpersist ifconfig-pool
    data to file, at seconds intervals (default=600).
    If seconds=0, file will be treated as read-only.
    --ifconfig-ipv6-pool base-IP/bits : set aside an IPv6 network block
    to be dynamically allocated to connecting clients.
    --ifconfig-push local remote-netmask : Push an ifconfig option to remote,
    overrides --ifconfig-pool dynamic allocation.
    Only valid in a client-specific config file.
    --ifconfig-ipv6-push local/bits remote : Push an ifconfig-ipv6 option to
    remote, overrides --ifconfig-ipv6-pool allocation.
    Only valid in a client-specific config file.
    --iroute network [netmask] : Route subnet to client.
    --iroute-ipv6 network/bits : Route IPv6 subnet to client.
    Sets up internal routes only.
    Only valid in a client-specific config file.
    --disable : Client is disabled.
    Only valid in a client-specific config file.
    --client-cert-not-required : Don't require client certificate, client
    will authenticate using username/password.
    --username-as-common-name : For auth-user-pass authentication, use
    the authenticated username as the common name,
    rather than the common name from the client cert.
    --auth-user-pass-verify cmd method: Query client for username/password and
    run command cmd to verify. If method='via-env', pass
    user/pass via environment, if method='via-file', pass
    user/pass via temporary file.
    --opt-verify : Clients that connect with options that are incompatible
    with those of the server will be disconnected.
    --auth-user-pass-optional : Allow connections by clients that don't
    specify a username/password.
    --no-name-remapping : Allow Common Name and X509 Subject to include
    any printable character.
    --client-to-client : Internally route client-to-client traffic.
    --duplicate-cn : Allow multiple clients with the same common name to
    concurrently connect.
    --client-connect cmd : Run command cmd on client connection.
    --client-disconnect cmd : Run command cmd on client disconnection.
    --client-config-dir dir : Directory for custom client config files.
    --ccd-exclusive : Refuse connection unless custom client config is found.
    --tmp-dir dir : Temporary directory, used for --client-connect return file and
    plugin communication.
    --hash-size r v : Set the size of the real address hash table to r and the
    virtual address table to v.
    --bcast-buffers n : Allocate n broadcast buffers.
    --tcp-queue-limit n : Maximum number of queued TCP output packets.
    --tcp-nodelay : Macro that sets TCP_NODELAY socket flag on the server
    as well as pushes it to connecting clients.
    --learn-address cmd : Run command cmd to validate client virtual addresses.
    --connect-freq n s : Allow a maximum of n new connections per s seconds.
    --max-clients n : Allow a maximum of n simultaneously connected clients.
    --max-routes-per-client n : Allow a maximum of n internal routes per client.
    --stale-routes-check n [t] : Remove routes with a last activity timestamp
    older than n seconds. Run this check every t
    seconds (defaults to n).

    Client options (when connecting to a multi-client server):
    --client : Helper option to easily configure client mode.
    --auth-user-pass [up] : Authenticate with server using username/password.
    up is a file containing the username on the first line,
    and a password on the second. If either the password or both
    the username and the password are omitted OpenVPN will prompt
    for them from console.
    --pull : Accept certain config file options from the peer as if they
    were part of the local config file. Must be specified
    when connecting to a '--mode server' remote host.
    --auth-retry t : How to handle auth failures. Set t to
    none (default), interact, or nointeract.
    --static-challenge t e : Enable static challenge/response protocol using
    challenge text t, with e indicating echo flag (0|1)
    --server-poll-timeout n : when polling possible remote servers to connect to
    in a round-robin fashion, spend no more than n seconds
    waiting for a response before trying the next server.
    --explicit-exit-notify [n] : On exit/restart, send exit signal to
    server/remote. n = # of retries, default=1.

    Data Channel Encryption Options (must be compatible between peers):
    (These options are meaningful for both Static Key & TLS-mode)
    --secret f [d] : Enable Static Key encryption mode (non-TLS).
    Use shared secret file f, generate with --genkey.
    The optional d parameter controls key directionality.
    If d is specified, use separate keys for each
    direction, set d=0 on one side of the connection,
    and d=1 on the other side.
    --auth alg : Authenticate packets with HMAC using message
    digest algorithm alg (default=SHA1).
    (usually adds 16 or 20 bytes per packet)
    Set alg=none to disable authentication.
    --cipher alg : Encrypt packets with cipher algorithm alg
    Set alg=none to disable encryption.
    --prng alg [nsl] : For PRNG, use digest algorithm alg, and
    nonce_secret_len=nsl. Set alg=none to disable PRNG.
    --keysize n : Size of cipher key in bits (optional).
    If unspecified, defaults to cipher-specific default.
    --engine [name] : Enable OpenSSL hardware crypto engine functionality.
    --no-replay : Disable replay protection.
    --mute-replay-warnings : Silence the output of replay warnings to log file.
    --replay-window n [t] : Use a replay protection sliding window of size n
    and a time window of t seconds.
    Default n=64 t=15
    --no-iv : Disable cipher IV -- only allowed with CBC mode ciphers.
    --replay-persist file : Persist replay-protection state across sessions
    using file.
    --test-crypto : Run a self-test of crypto features enabled.
    For debugging only.

    TLS Key Negotiation Options:
    (These options are meaningful only for TLS-mode)
    --tls-server : Enable TLS and assume server role during TLS handshake.
    --tls-client : Enable TLS and assume client role during TLS handshake.
    --key-method m : Data channel key exchange method. m should be a method
    number, such as 1 (default), 2, etc.
    --ca file : Certificate authority file in .pem format containing
    root certificate.
    --capath dir : A directory of trusted certificates (CAs and CRLs).
    --dh file : File containing Diffie Hellman parameters
    in .pem format (for --tls-server only).
    Use "openssl dhparam -out dh1024.pem 1024" to generate.
    --cert file : Local certificate in .pem format -- must be signed
    by a Certificate Authority in --ca file.
    --extra-certs file : one or more PEM certs that complete the cert chain.
    --key file : Local private key in .pem format.
    --tls-version-min <version> ['or-highest'] : sets the minimum TLS version we
    will accept from the peer. If version is unrecognized and 'or-highest'
    is specified, require max TLS version supported by SSL implementation.
    --tls-version-max <version> : sets the maximum TLS version we will use.
    --pkcs12 file : PKCS#12 file containing local private key, local certificate
    and optionally the root CA certificate.
    --verify-hash : Specify SHA1 fingerprint for level-1 cert.
    --cryptoapicert select-string : Load the certificate and private key from the
    Windows Certificate System Store.
    --tls-cipher l : A list l of allowable TLS ciphers separated by : (optional).
    : Use --show-tls to see a list of supported TLS ciphers.
    --tls-timeout n : Packet retransmit timeout on TLS control channel
    if no ACK from remote within n seconds (default=2).
    --reneg-bytes n : Renegotiate data chan. key after n bytes sent and recvd.
    --reneg-pkts n : Renegotiate data chan. key after n packets sent and recvd.
    --reneg-sec n : Renegotiate data chan. key after n seconds (default=3600).
    --hand-window n : Data channel key exchange must finalize within n seconds
    of handshake initiation by any peer (default=60).
    --tran-window n : Transition window -- old key can live this many seconds
    after new key renegotiation begins (default=3600).
    --single-session: Allow only one session (reset state on restart).
    --tls-exit : Exit on TLS negotiation failure.
    --tls-auth f [d]: Add an additional layer of authentication on top of the TLS
    control channel to protect against DoS attacks.
    f (required) is a shared-secret passphrase file.
    The optional d parameter controls key directionality,
    see --secret option for more info.
    --askpass [file]: Get PEM password from controlling tty before we daemonize.
    --auth-nocache : Don't cache --askpass or --auth-user-pass passwords.
    --crl-verify crl ['dir']: Check peer certificate against a CRL.
    --tls-verify cmd: Run command cmd to verify the X509 name of a
    pending TLS connection that has otherwise passed all other
    tests of certification. cmd should return 0 to allow
    TLS handshake to proceed, or 1 to fail. (cmd is
    executed as 'cmd certificate_depth subject')
    --tls-export-cert [directory] : Get peer cert in PEM format and store it
    in an openvpn temporary file in [directory]. Peer cert is
    stored before tls-verify script execution and deleted after.
    --verify-x509-name name: Accept connections only from a host with X509 subject
    DN name. The remote host must also pass all other tests
    of verification.
    --ns-cert-type t: Require that peer certificate was signed with an explicit
    nsCertType designation t = 'client' | 'server'.
    --x509-track x : Save peer X509 attribute x in environment for use by
    plugins and management interface.
    --remote-cert-ku v ... : Require that the peer certificate was signed with
    explicit key usage, you can specify more than one value.
    value should be given in hex format.
    --remote-cert-eku oid : Require that the peer certificate was signed with
    explicit extended key usage. Extended key usage can be encoded

                  as an object identifier or OpenSSL string representation.

    --remote-cert-tls t: Require that peer certificate was signed with explicit
    key usage and extended key usage based on RFC3280 TLS rules.
    t = 'client' | 'server'.

    PKCS#11 Options:
    --pkcs11-providers provider ... : PKCS#11 provider to load.
    --pkcs11-protected-authentication [0|1] ... : Use PKCS#11 protected authenticati
    path. Set for each provider.
    --pkcs11-private-mode hex ... : PKCS#11 private key mode mask.
    0 : Try to determind automatically (default
    1 : Use Sign.
    2 : Use SignRecover.
    4 : Use Decrypt.
    8 : Use Unwrap.
    --pkcs11-cert-private [0|1] ... : Set if login should be performed before
    certificate can be accessed. Set for each prov
    --pkcs11-pin-cache seconds : Number of seconds to cache PIN. The default is
    cache until token is removed.
    --pkcs11-id-management : Acquire identity from management interface.
    --pkcs11-id serialized-id 'id' : Identity to use, get using standalone --show-p

    SSL Library information:
    --show-ciphers : Show cipher algorithms to use with --cipher option.
    --show-digests : Show message digest algorithms to use with --auth option.
    --show-engines : Show hardware crypto accelerator engines (if available).
    --show-tls : Show all TLS ciphers (TLS used only as a control channel).

    Windows Specific:
    --win-sys path : Pathname of Windows system directory. Default is the pathnam
    from SystemRoot environment variable.
    --ip-win32 method : When using --ifconfig on Windows, set TAP-Windows adapter
    IP address using method = manual, netsh, ipapi,
    dynamic, or adaptive (default = adaptive).
    Dynamic method allows two optional parameters:
    offset: DHCP server address offset (> -256 and < 256).
    If 0, use network address, if >0, take nth
    address forward from network address, if <0,
    take nth address backward from broadcast
    Default is 0.
    lease-time: Lease time in seconds.
    Default is one year.
    --route-method : Which method to use for adding routes on Windows?
    adaptive (default) -- Try ipapi then fall back to exe.
    ipapi -- Use IP helper API.
    exe -- Call the route.exe shell command.
    --dhcp-option type [parm] : Set extended TAP-Windows properties, must
    be used with --ip-win32 dynamic. For options
    which allow multiple addresses,
    --dhcp-option must be repeated.
    DOMAIN name : Set DNS suffix
    DNS addr : Set domain name server address(es)
    NTP : Set NTP server address(es)
    NBDD : Set NBDD server address(es)
    WINS addr : Set WINS server address(es)
    NBT type : Set NetBIOS over TCP/IP Node type
    1: B, 2: P, 4: M, 8: H
    NBS id : Set NetBIOS scope ID
    DISABLE-NBT : Disable Netbios-over-TCP/IP.
    --dhcp-renew : Ask Windows to renew the TAP adapter lease on startup.
    --dhcp-pre-release : Ask Windows to release the previous TAP adapter lease on
    --dhcp-release : Ask Windows to release the TAP adapter lease on shutdown.
    --register-dns : Run net stop dnscache, net start dnscache, ipconfig /flushdns
    and ipconfig /registerdns on connection initiation.
    --tap-sleep n : Sleep for n seconds after TAP adapter open before
    attempting to set adapter properties.
    --pause-exit : When run from a console window, pause before exiting.
    --service ex [0|1] : For use when OpenVPN is being instantiated by a
    service, and should not be used directly by end-users.
    ex is the name of an event object which, when
    signaled, will cause OpenVPN to exit. A second
    optional parameter controls the initial state of ex.
    --show-net-up : Show OpenVPN's view of routing table and net adapter list
    after TAP adapter is up and routes have been added.
    --block-outside-dns : Block DNS on other network adapters to prevent DNS leaks

    Windows Standalone Options:

    --show-adapters : Show all TAP-Windows adapters.
    --show-net : Show OpenVPN's view of routing table and net adapter list.
    --show-valid-subnets : Show valid subnets for --dev tun emulation.
    --allow-nonadmin [TAP-adapter] : Allow OpenVPN running without admin privileges
    to access TAP adapter.

    Generate a random key (only for non-TLS static key encryption mode):
    --genkey : Generate a random key to be used as a shared secret,
    for use with the --secret option.
    --secret file : Write key to file.

    PKCS#11 standalone options:
    --show-pkcs11-ids [provider] [cert_private] : Show PKCS#11 available ids.
    --verb option can be added BEFORE

    General Standalone Options:
    --show-gateway : Show info about default gateway.

    C:\Program Files (x86)\VPN Monster\OpenVPN>pause
    Press any key to continue . . .

Log in to reply

  • 2
  • 5
  • 16
  • 12
  • 2
  • 3
  • 2
  • 5