Skip to content

Instantly share code, notes, and snippets.

Avatar

Adam Ayala swoopsta

View GitHub Profile
@swoopsta
swoopsta / routing.sh
Created May 4, 2017
Make VPN loopback failsafe
View routing.sh
#! /bin/bash
VPNIF="tun0"
VPNUSER="vpn"
GATEWAYIP=$(ifconfig $VPNIF | egrep -o '([0-9]{1,3}\.){3}[0-9]{1,3}' | egrep -v '255|(127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})' | tail -n1)
if [[ `ip rule list | grep -c 0x1` == 0 ]]; then
ip rule add from all fwmark 0x1 lookup $VPNUSER
fi
ip route replace default via $GATEWAYIP table $VPNUSER
ip route append default via 127.0.0.1 dev lo table $VPNUSER
@swoopsta
swoopsta / port-forward-splitvpn.sh
Last active May 11, 2017
Port Forwarding for Raspberry Pi 3 Split VPN for PIA and Transmission
View port-forward-splitvpn.sh
#!/usr/bin/env bash
# Author: Adam Ayala
# Adapted from https://github.com/blindpet/piavpn-portforward/
# Author: Mike
# Based on https://github.com/crapos/piavpn-portforward
# Set path for root Cron Job
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
USERNAME=piauser
@swoopsta
swoopsta / pia-port-forwarding.sh
Last active May 12, 2017
PIA Port Forwarding For Transmission
View pia-port-forwarding.sh
#!/usr/bin/env bash
#
# Enable port forwarding when using Private Internet Access
#
echo 'Loading port forward assignment information...'
pia_client_id=`head -n 100 /dev/urandom | sha256sum | tr -d " -"` forwarded_port=$(curl "http://209.222.18.222:2000/\?client_id=$pia_client_id" 2>/dev/null | awk -F ':' '{ print $2 }'| awk -F '}' '{ print $1 }')
json=`curl "http://209.222.18.222:2000/?client_id=$client_id" 2>/dev/null`
if [ "$json" == "" ]; then
echo "Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding"
else
View gist:ebd6fbe79ae23bc7b268568728926ae8
<?php
/*
* Template Name: Example Custom Template
* See the codex entry on custom template for more information: http://codex.wordpress.org/Page_Templates#Custom_Page_Template
*
* Add html above or below the_content inside the comments
* Add php snippets as well with their own opening and closing php
*/
global $avia_config, $post;
@swoopsta
swoopsta / iptables.sh
Last active Apr 10, 2018
IP Tables for VPN LXC Instance
View iptables.sh
#! /bin/bash
# Flush
iptables -t nat -F
iptables -t mangle -F
iptables -F
iptables -X
# Flush V6
ip6tables -t nat -F
View Whitelist Cloudflare
# Source:
# https://www.cloudflare.com/ips
# https://support.cloudflare.com/hc/en-us/articles/200169166-How-do-I-whitelist-CloudFlare-s-IP-addresses-in-iptables-
for i in `curl https://www.cloudflare.com/ips-v4`; do iptables -I INPUT -p tcp -m multiport --dports http,https -s $i -j ACCEPT; done
for i in `curl https://www.cloudflare.com/ips-v6`; do ip6tables -I INPUT -p tcp -m multiport --dports http,https -s $i -j ACCEPT; done
# Avoid racking up billing/attacks
# WARNING: If you get attacked and CloudFlare drops you, your site(s) will be unreachable.
iptables -A INPUT -p tcp -m multiport --dports http,https -j DROP
View WP Perms
#!/bin/bash
#
# This script configures WordPress file permissions based on recommendations
# from http://codex.wordpress.org/Hardening_WordPress#File_permissions
#
# Author: Michael Conigliaro
#
WP_OWNER=www-data
WP_GROUP=www-data
P_ROOT=/home/changeme
View Gravity Email
<html>
<head>
<title>New submission from Upload Documents</title>
</head>
<body>
<table width="99%" border="0" cellpadding="1" cellspacing="0" bgcolor="#EAEAEA"><tr><td>
<table width="100%" border="0" cellpadding="5" cellspacing="0" bgcolor="#FFFFFF">
<tr bgcolor="#EAF2FA">
<td colspan="2">
<font style="font-family: sans-serif; font-size:12px;"><strong>File</strong></font>
View Split Tunnel In An LXC Container
Finally Got it. It's not a split tunnel since that would be fairly redundant in a container.
Cloned LXC Container named vpn
Changed Config. Added this to the vpn config:
# Allow Tun Device
lxc.cgroup.devices.allow = c 10:200 rwm
# Run an autodev hook to setup the device
lxc.autodev = 1
lxc.hook.autodev = /lxc/vpn/autodev
@swoopsta
swoopsta / Initial Setup of Raspberry Pi.txt
Last active Jan 31, 2021
Initial Setup of Raspberry Pi
View Initial Setup of Raspberry Pi.txt
Assuming:
A brand new raspberry pi
You want to change the default username pi to mypie
You want to adapt also the main group from pi to mypie
You want other things to work out like sudo
Initial Setup for Raspian Hardware and Software
These instructions assume that your Pi will not
have WAN access. There are security options that
should never be facing outside your LAN