Skip to content

Instantly share code, notes, and snippets.

View mzpqnxow's full-sized avatar

AG mzpqnxow

105 followers · 50 following
View GitHub Profile
@mzpqnxow
mzpqnxow / set-fastest-nordvpn.sh
Created May 17, 2019 14:48
Script to periodically reset an OpenVPN tunnel for NordVPN to the fastest server on Ubiquiti EdgeRouters
#!/bin/vbash
#
# Script for Ubiquiti devices to find the fastest NordVPN OpenVPN
# server and switch your current VPN tunnel over to it fairly
# seamlessly
#
# COUNTRY_ID=38 # Canada
# COUNTRY_ID=228 # USA
# COUNTRY_ID=140 # Mexico
IP_PROTOCOL=udp
@mzpqnxow
mzpqnxow / noip6.ovpn
Last active April 21, 2023 08:22
OpenVPN client when IPv6 is disabled
# If your system has IPv6 disabled, OpenVPN will error out when receiving
# route6 and ip6 information from the server (assuming it supports IPv6)
# Add the following to your OpenVPN configuration to allow the connection
# to succeed by ignoring them
#
# You'll see the following in your error messages after the session is established
# if you're having this issue. It is fatal and the tunnel will fail to come up
#
# ...
# do_ifconfig, tt->did_ifconfig_ipv6_setup=1
@mzpqnxow
mzpqnxow / fastest-nord-openvpn-udp.sh
Last active April 16, 2023 04:38
Pull the top 5 recommended NordVPN server addresses for OpenVPN over UDP
ubnt@edgerouter:/home/ubnt$ HOSTNAME_LIST=$(curl "https://nordvpn.com/wp-admin/admin-ajax.php?action=servers_recommendations&filters=\{%22country_id%22:228,%22servers_groups%22:\[11\],%22servers_technologies%22:\[3\]\}" \
-H 'accept-language: en-US,en;q=0.9' \
-H 'user-agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36' \
-H 'authority: nordvpn.com' \
-H 'x-requested-with: XMLHttpRequest' \
-H 'referer: https://nordvpn.com/servers/tools/' | \
jq -r '.[].hostname' | tr '\n' ' ' | tee /tmp/nord)
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 13685 0 13685 0 0 35725 0 --:--:-- --:--:-- --:--:-- 35731
@mzpqnxow
mzpqnxow / hexdump.py
Last active April 9, 2023 20:19
Python3 bytes to ASCII hexdump function using format
def hexdump(src, length=16, sep='.'):
"""Hex dump bytes to ASCII string, padded neatly
In [107]: x = b'\x01\x02\x03\x04AAAAAAAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBBBBBBBBBBBBBBBB'
In [108]: print('\n'.join(hexdump(x)))
00000000 01 02 03 04 41 41 41 41 41 41 41 41 41 41 41 41 |....AAAAAAAAAAAA|
00000010 41 41 41 41 41 41 41 41 41 41 41 41 41 41 42 42 |AAAAAAAAAAAAAABB|
00000020 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 |BBBBBBBBBBBBBBBB|
@mzpqnxow
mzpqnxow / get-vyprvpn-servers.py
Last active March 9, 2023 21:28
Get a list of all VyprVPN server IP addresses, hostnames and countries or a subset based on specified country/countries
#!/usr/bin/env python2
# -*- coding: utf-8 -*-
"""
Retrieve list of all VyprVPN servers, relying on their publicly posted list which
is referenced on their site as an "official" source .. it seems this could change
but it hasn't in a long time
Dependency on BeautifulSoup
(Optional) dependency on the `progress` project @ https://pypi.org/project/progress/
@mzpqnxow
mzpqnxow / ubiquiti-edgerouter-2fa-vpn.sh
Created February 13, 2023 15:16 — forked from billdenney/ubiquiti-edgerouter-2fa-vpn.sh
# This could use some cleanup and robustness changes, but it works for me. Modifications are welcome!
# How to setup a Ubiquiti EdgeRouter POE for FreeRADIUS
# Based on
# https://community.ui.com/questions/FreeRADIUS-on-Edgerouter-2-x/6869cef3-aeca-42c3-9081-e69daa44f397
# https://networkjutsu.com/freeradius-with-two-factor-authentication/
# https://wiki.freeradius.org/guide/Getting-Started
# SSH into your router
@mzpqnxow
mzpqnxow / config-aes-gcm.h
Created September 8, 2020 18:04
Configure mbedtls for aes-gcm ONLY as a static library
#ifndef MBEDTLS_CONFIG_H
// Build mbtedtls with this as your configuration file and you'll have only what you need
// for AES GCM. You'll find a pretty small statically linked exe, at least when compared
// with WolfSL, OpenSSL, etc, etc. which (to be fair) are really meant to always have some
// amount of SSL/TLS support enabled
#define MBEDTLS_CONFIG_H
#define MBEDTLS_AES_FEWER_TABLES
#define MBEDTLS_NO_UDBL_DIVISION
#define MBEDTLS_AES_C
#define MBEDTLS_CIPHER_C
@mzpqnxow
mzpqnxow / pbr.md
Last active December 23, 2022 16:39
Multiple default routes in Azure - solving with policy-based routing

Azure and Public IP Addresses

In Microsoft Azure, even when a VM has a public IP address internface, the system sees it as a private network address. It also uses a private IP address as the gateway. The only way to "fix" this without making routing table changes is to use setsockopt() with SO_BINDTODEVICE, which is a privileged operation. In addition to that (and this can't be worked around in any generic way) you will need to do the standard socket bind() with the private IP address corresponding to the interface you want to use.

Solving With Policy Based Routing

The new generation of network configuration tools (I guess they're not that new, but they replaced route and ifconfig) makes policy-based routing pretty easy, especially if you don't require anything too special

Set Up Name Mappings for Routing Tables (Optional)

@mzpqnxow
mzpqnxow / build-smbclient-static.sh
Last active December 8, 2022 17:20
Building lightweight (somewhat statically linked) smbclient executable
```
# This won't build a *complete* statically linked smbclient exe, but it will do better ... :/
$ ./configure --without-winbind --without-ldap --without-ads --disable-cups --without-quotas --disable-avahi --without-syslog --without-pam --disable-pthreadpool --without-acl-support --without-automount --without-pie --nopyc --nopyo --hostcc=musl-gcc --disable-python --without-ad-dc --disable-fault-handling --without-libunwind --disable-iprint --without-gettext --disable-python --without-json --with-iconv --without-libarchive --with-static-modules=ALL --without-systemd --disable-cephfs --disable-glusterfs --without-ads --without-winbind --without-ldap --disable-cups --disable-iprint --without-pam --disable-avahi --disable-tdb-mutex-locking --without-gpgme --hostcc=musl-gcc CC=musl-gcc LDFLAGS=-static
```
@mzpqnxow
mzpqnxow / Parse CEF with logstash when you can't use the input codec
Last active November 30, 2022 22:28
## Description
Sometimes you need to parse CEF with logstash but it is wrapped in some other format, such as JSON or syslog. In this case, you can't use the CEF codec in the input, so you're doomed to do it yourself since there is not currently a CEF codec for filter blocks. Try this logstash recipe, it works well. Just rmeember a comma will break it- so feel free to replace "," with a more rare character like "|" or something...
## Context
At this point, the message has been processed so its a full CEF message starting in cef_message. Syslog "headers" were already removed in a previous step.
## Stripped from production