Skip to content

Instantly share code, notes, and snippets.

Avatar
🙃
Let's Talk!

Amin Khoshnood amnkh

🙃
Let's Talk!
View GitHub Profile
View self-signed-certificate-with-custom-ca.md

Create Root CA (Done once)

Create Root Key

Attention: this is the key used to sign the certificate requests, anyone holding this can sign certificates on your behalf. So keep it in a safe place!

openssl genrsa -des3 -out rootCA.key 4096
@amnkh
amnkh / port-forwarding.py
Created May 26, 2020 — forked from WangYihang/port-forwarding.py
port forwarding via python socket
View port-forwarding.py
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# TCP Port Forwarding (Reverse Proxy)
# Author : WangYihang <wangyihanger@gmail.com>
# Requires Python 3.6 or above.
import socket
import threading
import sys
@amnkh
amnkh / ask.sh
Created Sep 28, 2019 — forked from davejamesmiller/ask.sh
Bash General-Purpose Yes/No Prompt Function ("ask")
View ask.sh
# This is a general-purpose function to ask Yes/No questions in Bash, either
# with or without a default answer. It keeps repeating the question until it
# gets a valid answer.
ask() {
# https://gist.github.com/davejamesmiller/1965569
local prompt default reply
if [ "${2:-}" = "Y" ]; then
prompt="Y/n"
@amnkh
amnkh / openssl-notes.txt
Created Sep 11, 2019 — forked from tsaarni/openssl-notes.txt
Generate self-signed certs with different key types
View openssl-notes.txt
*** RSA
# Generate self-signed certificate with RSA 4096 key-pair
openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout rsakey.pem -out rsacert.pem
# print private and public key
openssl rsa -in rsakey.pem -text -noout
# print certificate
openssl x509 -in rsacert.pem -text -noout
@amnkh
amnkh / SSL-certs-OSX.md
Last active Sep 4, 2019 — forked from croxton/SSL-certs-OSX.md
Generate ssl certificates with Subject Alt Names
View SSL-certs-OSX.md

Generate ssl certificates with Subject Alt Names on OSX

Open ssl.conf in a text editor.

Edit the domain(s) listed under the [alt_names] section so that they match the local domain name you want to use for your project, e.g.

DNS.1   = my-project.dev

Additional FQDNs can be added if required:

@amnkh
amnkh / asn
Created Jun 24, 2019 — forked from nitefood/README.md
ASN/IP/Route/hostname command line lookup tool to map any network to the corresponding ASN and prefix
View asn
#!/bin/bash
############################################################################################################
# ----------------------------------------------------------------------
# ASN/IPv4/Prefix lookup tool. Uses Team Cymru's whois service for data.
# ----------------------------------------------------------------------
# example usage:
# asn <ASnumber> -- to lookup matching ASN data. Supports "as123" and "123" formats (case insensitive)
# asn <IP.AD.DR.ESS> -- to lookup matching route and ASN data
# asn <ROUTE> -- to lookup matching ASN data
@amnkh
amnkh / ipsec.conf
Created Jun 17, 2019 — forked from dunkelstern/ipsec.conf
StrongSWAN ipsec config for IKEv2 VPN
View ipsec.conf
# ipsec.conf - strongSwan IPsec configuration file
config setup
charondebug="ike 4, knl 4, cfg 4, net 4, esp 4, dmn 4, mgr 4"
conn %default
keyexchange=ike
ike=aes128-sha1-modp1024,aes128-sha1-modp1536,aes128-sha1-modp2048,aes128-sha256-ecp256,aes128-sha256-modp1024,aes128-sha256-modp1536,aes128-sha256-modp2048,aes256-aes128-sha256-sha1-modp2048-modp4096-modp1024,aes256-sha1-modp1024,aes256-sha256-modp1024,aes256-sha256-modp1536,aes256-sha256-modp2048,aes256-sha256-modp4096,aes256-sha384-ecp384,aes256-sha384-modp1024,aes256-sha384-modp1536,aes256-sha384-modp2048,aes256-sha384-modp4096,aes256gcm16-aes256gcm12-aes128gcm16-aes128gcm12-sha256-sha1-modp2048-modp4096-modp1024,3des-sha1-modp1024!
esp=aes128-aes256-sha1-sha256-modp2048-modp4096-modp1024,aes128-sha1,aes128-sha1-modp1024,aes128-sha1-modp1536,aes128-sha1-modp2048,aes128-sha256,aes128-sha256-ecp256,aes128-sha256-modp1024,aes128-sha256-modp1536,aes128-sha256-modp2048,aes128gcm12-aes128gcm16-aes256gcm12-aes256gcm16-modp2048-modp4096-modp
@amnkh
amnkh / rc.local
Created Jun 17, 2019 — forked from dunkelstern/rc.local
iptables rules for vpn config
View rc.local
# for ISAKMP (handling of security associations)
iptables -A INPUT -p udp --dport 500 --j ACCEPT
# for NAT-T (handling of IPsec between natted devices)
iptables -A INPUT -p udp --dport 4500 --j ACCEPT
# for ESP payload (the encrypted data packets)
iptables -A INPUT -p esp -j ACCEPT
# for the routing of packets on the server
iptables -t nat -A POSTROUTING -j SNAT --to-source %IP% -o eth0
# internet access
iptables -t nat -A POSTROUTING -s 10.0.42.0/24 -o eth0 -m policy --dir out --pol ipsec -j ACCEPT
You can’t perform that action at this time.