Skip to content

Instantly share code, notes, and snippets.

Avatar

Adam Ayala swoopsta

View GitHub Profile
@swoopsta
swoopsta / port-forward-splitvpn.sh
Last active May 11, 2017
Port Forwarding for Raspberry Pi 3 Split VPN for PIA and Transmission
View port-forward-splitvpn.sh
#!/usr/bin/env bash
# Author: Adam Ayala
# Adapted from https://github.com/blindpet/piavpn-portforward/
# Author: Mike
# Based on https://github.com/crapos/piavpn-portforward
# Set path for root Cron Job
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
USERNAME=piauser
@swoopsta
swoopsta / iptables.sh
Last active Apr 10, 2018
IP Tables for VPN LXC Instance
View iptables.sh
#! /bin/bash
# Flush
iptables -t nat -F
iptables -t mangle -F
iptables -F
iptables -X
# Flush V6
ip6tables -t nat -F
@swoopsta
swoopsta / routing.sh
Created May 4, 2017
Make VPN loopback failsafe
View routing.sh
#! /bin/bash
VPNIF="tun0"
VPNUSER="vpn"
GATEWAYIP=$(ifconfig $VPNIF | egrep -o '([0-9]{1,3}\.){3}[0-9]{1,3}' | egrep -v '255|(127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})' | tail -n1)
if [[ `ip rule list | grep -c 0x1` == 0 ]]; then
ip rule add from all fwmark 0x1 lookup $VPNUSER
fi
ip route replace default via $GATEWAYIP table $VPNUSER
ip route append default via 127.0.0.1 dev lo table $VPNUSER
@swoopsta
swoopsta / pia-port-forwarding.sh
Last active May 12, 2017
PIA Port Forwarding For Transmission
View pia-port-forwarding.sh
#!/usr/bin/env bash
#
# Enable port forwarding when using Private Internet Access
#
echo 'Loading port forward assignment information...'
pia_client_id=`head -n 100 /dev/urandom | sha256sum | tr -d " -"` forwarded_port=$(curl "http://209.222.18.222:2000/\?client_id=$pia_client_id" 2>/dev/null | awk -F ':' '{ print $2 }'| awk -F '}' '{ print $1 }')
json=`curl "http://209.222.18.222:2000/?client_id=$client_id" 2>/dev/null`
if [ "$json" == "" ]; then
echo "Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding"
else
View gist:ebd6fbe79ae23bc7b268568728926ae8
<?php
/*
* Template Name: Example Custom Template
* See the codex entry on custom template for more information: http://codex.wordpress.org/Page_Templates#Custom_Page_Template
*
* Add html above or below the_content inside the comments
* Add php snippets as well with their own opening and closing php
*/
global $avia_config, $post;
View Whitelist Cloudflare
# Source:
# https://www.cloudflare.com/ips
# https://support.cloudflare.com/hc/en-us/articles/200169166-How-do-I-whitelist-CloudFlare-s-IP-addresses-in-iptables-
for i in `curl https://www.cloudflare.com/ips-v4`; do iptables -I INPUT -p tcp -m multiport --dports http,https -s $i -j ACCEPT; done
for i in `curl https://www.cloudflare.com/ips-v6`; do ip6tables -I INPUT -p tcp -m multiport --dports http,https -s $i -j ACCEPT; done
# Avoid racking up billing/attacks
# WARNING: If you get attacked and CloudFlare drops you, your site(s) will be unreachable.
iptables -A INPUT -p tcp -m multiport --dports http,https -j DROP
View WP Perms
#!/bin/bash
#
# This script configures WordPress file permissions based on recommendations
# from http://codex.wordpress.org/Hardening_WordPress#File_permissions
#
# Author: Michael Conigliaro
#
WP_OWNER=www-data
WP_GROUP=www-data
P_ROOT=/home/changeme
View Gravity Email
<html>
<head>
<title>New submission from Upload Documents</title>
</head>
<body>
<table width="99%" border="0" cellpadding="1" cellspacing="0" bgcolor="#EAEAEA"><tr><td>
<table width="100%" border="0" cellpadding="5" cellspacing="0" bgcolor="#FFFFFF">
<tr bgcolor="#EAF2FA">
<td colspan="2">
<font style="font-family: sans-serif; font-size:12px;"><strong>File</strong></font>
@swoopsta
swoopsta / split_tunnel_VPN.md
Last active Mar 2, 2021 — forked from GAS85/split_tunnel_VPN.md
Force Torrent/user Traffic through VPN Split Tunnel on Ubuntu 18.04
View split_tunnel_VPN.md

Difference to Original:

  1. Add random VPN Land change on start/restart.
  2. Add IP Tables rules that avoid nginx reverse proxy usage.

Lets start

You have fullcontrol over which applications you want to route over VPN. You will have an Automatic Kill Switch implemented (using firewall rules) so if your VPN connection drops or breaks, your real IP address will not be revealed and torrent traffic will stop. DNS leaks are also prevented. Remote access to your Torrent client of choice (Transmission or Deluge) is possible.

View Split Tunnel In An LXC Container
Finally Got it. It's not a split tunnel since that would be fairly redundant in a container.
Cloned LXC Container named vpn
Changed Config. Added this to the vpn config:
# Allow Tun Device
lxc.cgroup.devices.allow = c 10:200 rwm
# Run an autodev hook to setup the device
lxc.autodev = 1
lxc.hook.autodev = /lxc/vpn/autodev