Skip to content

Instantly share code, notes, and snippets.

Yifan Gao gaoyifan

Block or report user

Report or block gaoyifan

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@hexchain
hexchain / Naive-VPN.md
Last active May 30, 2018 — forked from klzgrad/Naive-VPN.md
朴素VPN:一个纯内核级静态隧道
View Naive-VPN.md

朴素VPN:一个纯内核级静态隧道

由于路由管控系统的建立,实时动态黑洞路由已成为最有效的封锁手段,TCP连接重置和DNS污染成为次要手段,利用漏洞的穿墙方法已不再具有普遍意义。对此应对方法是多样化协议的VPN来抵抗识别。这里介绍一种太简单、有时很朴素的“穷人VPN”。

朴素VPN只需要一次内核配置(Linux内核),即可永久稳定运行,不需要任何用户态守护进程。所有流量转换和加密全部由内核完成,原生性能,开销几乎没有。静态配置,避免动态握手和参数协商产生指纹特征导致被识别。并且支持NAT,移动的内网用户可以使用此方法。支持广泛,基于L2TPv3标准,Linux内核3.2+都有支持,其他操作系统原则上也能支持。但有两个局限:需要root权限;一个隧道只支持一个用户。

朴素VPN利用UDP封装的静态L2TP隧道实现VPN,内核XFRM实现静态IPsec。实际上IP-in-IP隧道即可实现VPN,但是这种协议无法穿越NAT,因此必须利用UDP封装。内核3.18将支持Foo-over-UDP,在UDP里面直接封装IP,与静态的L2TP-over-UDP很类似。

创建一个朴素VPN

View curl-s3-v2.sh
# Based on a modified script from here: http://tmont.com/blargh/2014/1/uploading-to-s3-in-bash
S3KEY="YOUR-ACCESSKEY"
S3SECRET="YOUR-SECRETKEY"
function putS3
{
path=$1
file=$2
aws_path=$3
View ipsecctl
#!/bin/bash
function load_var {
eval $(cat ${1} <( echo -e '\nset -o posix;set\n') | env - bash --noprofile --norc --posix | sed 's/^/'$2'_/')
if [ -n "$IF_IPSEC6" ]; then
PEER_ENDPOINT=$PEER_ENDPOINT6
SELF_ENDPOINT=$SELF_ENDPOINT6
fi
}
@gbaman
gbaman / HowToOTG.md
Last active Apr 4, 2020
Simple guide for setting up OTG modes on the Raspberry Pi Zero
View HowToOTG.md

Raspberry Pi Zero OTG Mode

Simple guide for setting up OTG modes on the Raspberry Pi Zero - By Andrew Mulholland (gbaman).

The Raspberry Pi Zero (and model A and A+) support USB On The Go, given the processor is connected directly to the USB port, unlike on the B, B+ or Pi 2 B, which goes via a USB hub.
Because of this, if setup to, the Pi can act as a USB slave instead, providing virtual serial (a terminal), virtual ethernet, virtual mass storage device (pendrive) or even other virtual devices like HID, MIDI, or act as a virtual webcam!
It is important to note that, although the model A and A+ can support being a USB slave, they are missing the ID pin (is tied to ground internally) so are unable to dynamically switch between USB master/slave mode. As such, they default to USB master mode. There is no easy way to change this right now.
It is also important to note, that a USB to UART serial adapter is not needed for any of these guides, as may be documented elsewhere across the int

@klzgrad
klzgrad / Naive-VPN.md
Created Nov 17, 2014
朴素VPN:一个纯内核级静态隧道
View Naive-VPN.md

朴素VPN:一个纯内核级静态隧道

由于路由管控系统的建立,实时动态黑洞路由已成为最有效的封锁手段,TCP连接重置和DNS污染成为次要手段,利用漏洞的穿墙方法已不再具有普遍意义。对此应对方法是多样化协议的VPN来抵抗识别。这里介绍一种太简单、有时很朴素的“穷人VPN”。

朴素VPN只需要一次内核配置(Linux内核),即可永久稳定运行,不需要任何用户态守护进程。所有流量转换和加密全部由内核完成,原生性能,开销几乎没有。静态配置,避免动态握手和参数协商产生指纹特征导致被识别。并且支持NAT,移动的内网用户可以使用此方法。支持广泛,基于L2TPv3标准,Linux内核3.2+都有支持,其他操作系统原则上也能支持。但有两个局限:需要root权限;一个隧道只支持一个用户。

朴素VPN利用UDP封装的静态L2TP隧道实现VPN,内核XFRM实现静态IPsec。实际上IP-in-IP隧道即可实现VPN,但是这种协议无法穿越NAT,因此必须利用UDP封装。内核3.18将支持Foo-over-UDP,在UDP里面直接封装IP,与静态的L2TP-over-UDP很类似。

创建一个朴素VPN

View Ubuntu 12.04 下制作 OpenWRT iptables geoip 数据库文件.md

Ubuntu 12.04 下制作 OpenWRT iptables geoip 数据库文件

  1. 去[Xtables-addons][1]下载xtables-addons-x.x.tar.xz,解压并进入
  2. 依次执行
./configure
make
make install
@vishvananda
vishvananda / tunnel.sh
Created Oct 22, 2013
Script to set up an ipsec tunnel between two machines For Example: ./tunnel.sh 10.10.10.1 10.10.10.2 192.168.0.1 192.168.0.2 would set up an ipsec tunnel over 10.10.10.1 address using 192.168.0.1 as a virtual address passwordless sudo required for user on remote machine
View tunnel.sh
#!/bin/bash
if [ "$4" == "" ]; then
echo "usage: $0 <local_ip> <remote_ip> <new_local_ip> <new_remote_ip>"
echo "creates an ipsec tunnel between two machines"
exit 1
fi
SRC="$1"; shift
DST="$1"; shift
You can’t perform that action at this time.