Skip to content

Instantly share code, notes, and snippets.

@klzgrad
klzgrad / Naive-VPN.md
Created Nov 17, 2014
朴素VPN:一个纯内核级静态隧道
View Naive-VPN.md

朴素VPN:一个纯内核级静态隧道

由于路由管控系统的建立,实时动态黑洞路由已成为最有效的封锁手段,TCP连接重置和DNS污染成为次要手段,利用漏洞的穿墙方法已不再具有普遍意义。对此应对方法是多样化协议的VPN来抵抗识别。这里介绍一种太简单、有时很朴素的“穷人VPN”。

朴素VPN只需要一次内核配置(Linux内核),即可永久稳定运行,不需要任何用户态守护进程。所有流量转换和加密全部由内核完成,原生性能,开销几乎没有。静态配置,避免动态握手和参数协商产生指纹特征导致被识别。并且支持NAT,移动的内网用户可以使用此方法。支持广泛,基于L2TPv3标准,Linux内核3.2+都有支持,其他操作系统原则上也能支持。但有两个局限:需要root权限;一个隧道只支持一个用户。

朴素VPN利用UDP封装的静态L2TP隧道实现VPN,内核XFRM实现静态IPsec。实际上IP-in-IP隧道即可实现VPN,但是这种协议无法穿越NAT,因此必须利用UDP封装。内核3.18将支持Foo-over-UDP,在UDP里面直接封装IP,与静态的L2TP-over-UDP很类似。

创建一个朴素VPN

@chrisroos
chrisroos / gpg-import-and-export-instructions.md
Created Sep 9, 2011
Instructions for exporting/importing (backup/restore) GPG keys
View gpg-import-and-export-instructions.md

Every so often I have to restore my gpg keys and I'm never sure how best to do it. So, I've spent some time playing around with the various ways to export/import (backup/restore) keys.

Method 1

Backup the public and secret keyrings and trust database

cp ~/.gnupg/pubring.gpg /path/to/backups/
cp ~/.gnupg/secring.gpg /path/to/backups/
cp ~/.gnupg/trustdb.gpg /path/to/backups/
# or, instead of backing up trustdb...
@nickbudi
nickbudi / README.md
Last active Oct 30, 2021
Budi's Counter-Strike: Source config
View README.md

Budi's CS:S Config

This is my constantly updated CS:S autoexec config.

Put the file autoexec.cfg in ...\Steam\steamapps\*steam username*\counter-strike source\cstrike\cfg or take what you want from it and add to your autoexec config!

Launch Options

-novid -noborder -high -threads 4 -freq 144 +exec autoexec.cfg
@lotem
lotem / luna_pinyin.custom.yaml
Last active May 29, 2021
在【朙月拼音】裏使用Emoji表情(這份配置已過時,新的emoji實現代碼在 https://github.com/rime/rime-emoji
View luna_pinyin.custom.yaml
# luna_pinyin.custom.yaml
#
# 在【朙月拼音】裏使用Emoji表情(這份配置已過時,新的emoji實現代碼在 https://github.com/rime/rime-emoji )
#
# 保存到Rime用戶文件夾後,重新部署生效
# ~/.config/ibus/rime (linux)
# ~/Library/Rime (macos)
# %APPDATA%\Rime (windows)
#
# 如果目標文件已經包含其他修改內容,只需按照縮進合併 patch: 以下的部分
@Harry-Chen
Harry-Chen / book.tex
Last active Nov 23, 2018
XeLaTeX template for short novel (as book)
View book.tex
\documentclass[zihao=-4,oneside,UTF8]{ctexbook}
\usepackage{titlesec,fancyhdr,xltxtra,hyperxmp}
\usepackage[xetex,a4paper,centering,scale=0.8]{geometry}
\input{config.tex}
\xeCJKsetup{CheckSingle}
\pagestyle{fancy}
\setmainfont{\bookmainfont}
@yszou
yszou / sina_sso.py
Created Dec 9, 2013
新浪的SSO授权登录
View sina_sso.py
# -*- coding: utf-8 -*-
import rsa
import re
import time
import json
import traceback
from urllib import urlencode, unquote, quote
from Cookie import SimpleCookie
import tornado
View weiboLogin.py
#! /usr/bin/env python
# -*- coding: utf-8 -*-
import sys
import urllib
import urllib2
import cookielib
import base64
import re
import json
View remove-hackaday-comments.user.js
// ==UserScript==
// @name Remove Hackaday comments
// @namespace http://numin.it
// @version 0.6
// @description remove all potential clues that comments may exist on hackaday.com
// @author numinit
// @match http://hackaday.com/*
// @match https://hackaday.com/*
// @grant none
// ==/UserScript==
View Arma3_tcp_optimizing.bat
:: this is dwarden's experimental TCP related batch
@netsh int tcp set global chimney=enabled
@netsh int tcp set global dca=enabled
@netsh int tcp set global ecncapability=enabled
@netsh int tcp set global congestionprovider=ctcp
@netsh int tcp set global timestamps=enabled
@rem netsh int tcp set global autotuninglevel=disabled
@netsh int tcp show global autotuninglevel
:: disabling autotuning needs testing, sometimes help sometimes not
@bauer1j
bauer1j / gist:1320355
Created Oct 27, 2011
ECN testing configuration
View gist:1320355
#!/bin/bash
# This script depends upon the conntrack, connmark, connbytes, and the ecn modules of iptables.
# These are installed by default on the Linux boxes we employed, but if your distribution is
# older, you may need to update your kernel and iptables. This script also assumes that the users
# which runs it has the sufficient privileges to run all the commands below.
# Careful, this script flushes the filter and mangle tables.
iptables -t filter -F
iptables -t mangle -F