Skip to content

Instantly share code, notes, and snippets.

🙃
Let's Talk!

Amin Khoshnood amnkh

🙃
Let's Talk!
Block or report user

Report or block amnkh

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@amnkh
amnkh / ask.sh
Created Sep 28, 2019 — forked from davejamesmiller/ask.sh
Bash General-Purpose Yes/No Prompt Function ("ask")
View ask.sh
# This is a general-purpose function to ask Yes/No questions in Bash, either
# with or without a default answer. It keeps repeating the question until it
# gets a valid answer.
ask() {
# https://gist.github.com/davejamesmiller/1965569
local prompt default reply
if [ "${2:-}" = "Y" ]; then
prompt="Y/n"
@amnkh
amnkh / openssl-notes.txt
Created Sep 11, 2019 — forked from tsaarni/openssl-notes.txt
Generate self-signed certs with different key types
View openssl-notes.txt
*** RSA
# Generate self-signed certificate with RSA 4096 key-pair
openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout rsakey.pem -out rsacert.pem
# print private and public key
openssl rsa -in rsakey.pem -text -noout
# print certificate
openssl x509 -in rsacert.pem -text -noout
@amnkh
amnkh / SSL-certs-OSX.md
Last active Sep 4, 2019 — forked from croxton/SSL-certs-OSX.md
Generate ssl certificates with Subject Alt Names
View SSL-certs-OSX.md

Generate ssl certificates with Subject Alt Names on OSX

Open ssl.conf in a text editor.

Edit the domain(s) listed under the [alt_names] section so that they match the local domain name you want to use for your project, e.g.

DNS.1   = my-project.dev

Additional FQDNs can be added if required:

@amnkh
amnkh / asn
Created Jun 24, 2019 — forked from nitefood/asn
ASN/IP/Route/hostname command line lookup tool to map any network to the corresponding ASN and prefix
View asn
#!/bin/bash
############################################################################################################
# ----------------------------------------------------------------------
# ASN/IPv4/Prefix lookup tool. Uses Team Cymru's whois service for data.
# ----------------------------------------------------------------------
# example usage:
# asn <ASnumber> -- to lookup matching ASN data. Supports "as123" and "123" formats (case insensitive)
# asn <IP.AD.DR.ESS> -- to lookup matching route and ASN data
# asn <ROUTE> -- to lookup matching ASN data
@amnkh
amnkh / ipsec.conf
Created Jun 17, 2019 — forked from dunkelstern/ipsec.conf
StrongSWAN ipsec config for IKEv2 VPN
View ipsec.conf
# ipsec.conf - strongSwan IPsec configuration file
config setup
charondebug="ike 4, knl 4, cfg 4, net 4, esp 4, dmn 4, mgr 4"
conn %default
keyexchange=ike
ike=aes128-sha1-modp1024,aes128-sha1-modp1536,aes128-sha1-modp2048,aes128-sha256-ecp256,aes128-sha256-modp1024,aes128-sha256-modp1536,aes128-sha256-modp2048,aes256-aes128-sha256-sha1-modp2048-modp4096-modp1024,aes256-sha1-modp1024,aes256-sha256-modp1024,aes256-sha256-modp1536,aes256-sha256-modp2048,aes256-sha256-modp4096,aes256-sha384-ecp384,aes256-sha384-modp1024,aes256-sha384-modp1536,aes256-sha384-modp2048,aes256-sha384-modp4096,aes256gcm16-aes256gcm12-aes128gcm16-aes128gcm12-sha256-sha1-modp2048-modp4096-modp1024,3des-sha1-modp1024!
esp=aes128-aes256-sha1-sha256-modp2048-modp4096-modp1024,aes128-sha1,aes128-sha1-modp1024,aes128-sha1-modp1536,aes128-sha1-modp2048,aes128-sha256,aes128-sha256-ecp256,aes128-sha256-modp1024,aes128-sha256-modp1536,aes128-sha256-modp2048,aes128gcm12-aes128gcm16-aes256gcm12-aes256gcm16-modp2048-modp4096-modp
@amnkh
amnkh / rc.local
Created Jun 17, 2019 — forked from dunkelstern/rc.local
iptables rules for vpn config
View rc.local
# for ISAKMP (handling of security associations)
iptables -A INPUT -p udp --dport 500 --j ACCEPT
# for NAT-T (handling of IPsec between natted devices)
iptables -A INPUT -p udp --dport 4500 --j ACCEPT
# for ESP payload (the encrypted data packets)
iptables -A INPUT -p esp -j ACCEPT
# for the routing of packets on the server
iptables -t nat -A POSTROUTING -j SNAT --to-source %IP% -o eth0
# internet access
iptables -t nat -A POSTROUTING -s 10.0.42.0/24 -o eth0 -m policy --dir out --pol ipsec -j ACCEPT
You can’t perform that action at this time.