Skip to content

Instantly share code, notes, and snippets.

@bao3
bao3 / add.ipsec.user.sh
Last active Sep 30, 2022
iOS IKEv2 PSK Auth(No Need Certification) 无需证书 Stongswan
View add.ipsec.user.sh
#!/bin/sh
# Set your Server Name 设置成你的域名或者 IP
#
SERVER="SOMETHING.your.ServeName"
VPN_PASSWORD="$(LC_CTYPE=C tr -dc 'A-HJ-NPR-Za-km-z2-9' < /dev/urandom | head -c 12)"
#VPN_PASSWORD_ENC=$(openssl passwd -1 "$VPN_PASSWORD")
UUID1=$(/usr/bin/uuidgen -r)
UUID2=$(/usr/bin/uuidgen -r)
UUID3=$(/usr/bin/uuidgen -r)
sed -i.bak /$1/d /etc/ipsec.secrets
View YouTubeAdHostnames
r4---sn--cxaaj5o5q5-tt16.googlevideo.com
r2---sn--u2oxu-2v16.googlevideo.com
r3---sn--q5u5bgv02-3c26.googlevideo.com
r7---sn--w5nuxa-o536.googlevideo.com
r1---sn--nx5e6n76.googlevideo.com
r2---sn--nx5e6n76.googlevideo.com
r3---sn--nx5e6n76.googlevideo.com
r4---sn--nx5e6n76.googlevideo.com
r5---sn--nx5e6n76.googlevideo.com
r6---sn--nx5e6n76.googlevideo.com
@bao3
bao3 / GFW_ADBlock.conf
Last active Jul 29, 2021
由于 Surge for ios 的条目数量不能过大,导致手机内存不足,所以将 GFW 和 广告过滤集中后进行了人工挑选,压缩在 1万条左右,你仍然可以自己添加大约 900条规则,理论上足够你长久使用了,配置文件默认是直连,方便普通国内用户使用。配置文件中,我自己调整过的、有可能有误伤的条目我都放在了前面,方便你自己修改,不过运行自 2016/01 ~ 2016/02 我自己日常没有遇到问题。有误伤不要怕,打开软件可以自己调试添加。
View GFW_ADBlock.conf
[General]
#我的注释都是 # 开头,所以如果你用 vim,直接 :g/^#/d 就可以一次性清除所有注释
#开头这段skip包含以下几个目的:1,私网IP跳过,提高内网性能;2,苹果的一些服务跳过,比如公共热点wifi要先测试captive.apple.com。可解决很多内网的 TCP毛病,例如 kodi remote软件无法遥控
skip-proxy = 10.0.0.0/8,169.254/16,172.16.0.0/12,192.168.0.0/16,224.0.0.0/4, localhost, *.local,api.smoot.apple.com,configuration.apple.com,xp.apple.com,smp-device-content.apple.com,guzzoni.apple.com,captive.apple.com,*.ess.apple.com,*.push.apple.com,*.push-apple.com.akadns.net
#下面这一段则是完全跳过 Surge,最重要的一个是让 UDP包可以传输,解决很多内网毛病,例如DLNA,NFS或者btsync等组播类/UDP类应用
bypass-tun = 10.0.0.0/8, 169.254.0.0/16, 172.16.0.0/12, 192.168.0.0/16, 224.0.0.0/4, 0.0.0.0/8, 1.0.0.0/9, 1.160.0.0/11, 1.192.0.0/11, 10.0.0.0/8, 14.0.0.0/11, 14.96.0.0/11, 14.128.0.0/11, 14.192.0.0/11, 27.0.0.0/10, 27.96.0.0/11, 27.128.0.0/9, 36.0.0.0/10, 36.96.0.0/11, 36.128.0.0/9, 39.0.0.0/11, 39.64.0.0/10, 39.128.0.0/10, 42.0.0.0/8, 43.224.0.0/11, 45.64.0.0/10, 47.64.0.0/10, 49.0.0.0/9, 49.128.0.0/11, 49.192.0.0/10, 54.192.0.0/11, 58.0.0.0/9, 58.128.0.0/11, 58.192.0.0/10, 59.32.0.0/11, 5
@bao3
bao3 / autopin.sh
Last active Jul 4, 2021
reaver PIN时每10分钟模拟键盘输入Ctrl+C中断,因为无线网卡运行在monitor模式大约10分钟后就性能下降,因此需要强制中断reaver。使用时 sudo ./10pin aa:bb:cc:dd:ee:ff:11(即路由器MAC) 额外的reaver指令 请在空格后使用""(双引号)中写入,例如channel 6 ,可以使用 sudo ./10pin aa:bb:cc:dd:ee:ff:11 "-c 6" 如果你要实时查看进度,可以使用 tail -f /var/log/reaer.pin.log
View autopin.sh
#!/bin/sh
reaverCMD()
{
reaver -i mon0 -b $1 -v -a -S -N -r 100:60 $2 >>/var/log/reaver.pin.log &
tmp_pid=$(ps a| grep reaver | grep -v grep | awk '{print $1}' );
echo $tmp_pid;
}
while true :
do
@bao3
bao3 / supervisord
Created Apr 9, 2020 — forked from saitodev/supervisord
supervisord init script for CentOS
View supervisord
#!/bin/sh
#
# Startup script for the Supervisor server
#
# chkconfig: - 90 10
# description: Supervisor is a client/server system that allows its users to \
# monitor and control a number of processes on UNIX-like \
# operating systems.
#
# processname: supervisord
@bao3
bao3 / cert-client.sh
Created Oct 6, 2014
这是几个用来签发证书的脚本,请注意这需要你安装了gnutls才可以,主要当时是为了ocserv而写,纯偷懒。基本上,你只要用 ./cert-client.sh you-user-name 这种格式,就可以自动生成 you-user-name-key.pem/ your-user-name-cert.pem /your-user-name.p12
View cert-client.sh
#! /bin/sh
#! /usr/bin/expect -f
certtool --generate-privkey --outfile $1-key.pem
sed -i "1ccn = "${1}"" client.tmpl
sed -i "3cemail = ${1}@abc.org" client.tmpl
certtool --generate-certificate --load-privkey $1-key.pem --load-ca-certificate ca-cert.pem --load-ca-privkey ca-key.pem --template client.tmpl --outfile $1-cert.pem
openssl pkcs12 -export -inkey $1-key.pem -in $1-cert.pem -name "$1 VPN Client Cert" -certfile ca-cert.pem -out $1.cert.p12
@bao3
bao3 / install_StrongSwan.sh
Created Nov 15, 2017 — forked from leolovenet/install_StrongSwan.sh
IPSEC VPN on Centos6 with StrongSwan for iOS9
View install_StrongSwan.sh
#!/bin/bash
## Main reference https://raymii.org/s/tutorials/IPSEC_vpn_with_CentOS_7.html
yum -y install epel-release
yum -y install haveged strongswan
/etc/init.d/haveged start
chkconfig haveged on
cd /etc/strongswan || exit
cat > strongswan.conf <<'EOF'
@bao3
bao3 / build-freebsd-on-pi
Created Oct 23, 2017 — forked from datastream/build-freebsd-on-pi
build freebsd on raspberry pi
View build-freebsd-on-pi
#!/bin/sh
export MAKEOBJDIRPREFIX=/srv/obj
export SRCROOT=/srv
# build kernel
svn co svn://svn.freebsd.org/base/head $SRCROOT/head
cd $SRCROOT/head
make buildkernel KERNCONF=RPI-B
make installkernal KERNCONF=RPI-B
@bao3
bao3 / profile.xml
Last active Sep 21, 2017
用于 ocserv的profile.xml,会自动被思科客户端读取。这个配置文件有两个服务地址( VPN Server和 Full VPN Server),前者是区分路由模式的,后者是同一台服务不同端口的完全走VPN的模式。你可以在此基础上加入休眠后自动恢复项等等,但是请切记,一旦你改错了这个文档就会造成服务器不认证书或者客户端干脆禁止你连接。救赎的方法。。。。可耻的匿了。
View profile.xml
<?xml version="1.0" encoding="UTF-8"?>
<AnyConnectProfile xmlns="http://schemas.xmlsoap.org/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/encoding/ AnyConnectProfile.xsd">
<ClientInitialization>
<UseStartBeforeLogon UserControllable="false">false</UseStartBeforeLogon>
<StrictCertificateTrust>false</StrictCertificateTrust>
<RestrictPreferenceCaching>false</RestrictPreferenceCaching>
<RestrictTunnelProtocols>IPSec</RestrictTunnelProtocols>
<BypassDownloader>true</BypassDownloader>
<WindowsVPNEstablishment>AllowRemoteUsers</WindowsVPNEstablishment>
@bao3
bao3 / ntp.bat
Created Jun 1, 2017 — forked from maxbelyanin/ntp.bat
Starts the Windows NTP-Server
View ntp.bat
reg add "HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config" /v "AnnounceFlags" /t REG_DWORD /d 5 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer" /v "Enabled" /t REG_DWORD /d 1 /f
net stop w32time && net start w32time