Skip to content

Instantly share code, notes, and snippets.

Avatar

Adam Ayala swoopsta

View GitHub Profile
@swoopsta
swoopsta / split_tunnel_VPN.md
Last active Mar 2, 2021 — forked from GAS85/split_tunnel_VPN.md
Force Torrent/user Traffic through VPN Split Tunnel on Ubuntu 18.04
View split_tunnel_VPN.md

Difference to Original:

  1. Add random VPN Land change on start/restart.
  2. Add IP Tables rules that avoid nginx reverse proxy usage.

Lets start

You have fullcontrol over which applications you want to route over VPN. You will have an Automatic Kill Switch implemented (using firewall rules) so if your VPN connection drops or breaks, your real IP address will not be revealed and torrent traffic will stop. DNS leaks are also prevented. Remote access to your Torrent client of choice (Transmission or Deluge) is possible.

View Change Default User On Raspian
The Raspberry Pi comes with a default user called “pi”, whose initial password is also set to a well known default. While this makes it easy to use the system, it is not very secure. Anyone with physical access to your Pi could login with these widely known credentials. Furthermore, if you have enabled the SSH server, users on the local network could do the same.
Even if you have changed the “pi” user password, just having a user name that is universally known is still a security risk. The following article explains how to safely rename the “pi” user to something more secure. This article was last updated on 31st May 2020 and tested with Raspbian (Raspios) Buster release 27/5/2020.
The procedure starts with a Raspberry Pi running the latest Raspbian (Raspio) image (Buster), with no other modifications. It should also work with the older Raspbian versions Stretch and Jessie.
Caution for Jessie users: Changing the name of the “pi” might cause a couple of the features of the raspi-config script to stop worki
@swoopsta
swoopsta / Initial Setup of Raspberry Pi.txt
Last active Jan 31, 2021
Initial Setup of Raspberry Pi
View Initial Setup of Raspberry Pi.txt
Assuming:
A brand new raspberry pi
You want to change the default username pi to mypie
You want to adapt also the main group from pi to mypie
You want other things to work out like sudo
Initial Setup for Raspian Hardware and Software
These instructions assume that your Pi will not
have WAN access. There are security options that
should never be facing outside your LAN
View Split Tunnel In An LXC Container
Finally Got it. It's not a split tunnel since that would be fairly redundant in a container.
Cloned LXC Container named vpn
Changed Config. Added this to the vpn config:
# Allow Tun Device
lxc.cgroup.devices.allow = c 10:200 rwm
# Run an autodev hook to setup the device
lxc.autodev = 1
lxc.hook.autodev = /lxc/vpn/autodev
View Gravity Email
<html>
<head>
<title>New submission from Upload Documents</title>
</head>
<body>
<table width="99%" border="0" cellpadding="1" cellspacing="0" bgcolor="#EAEAEA"><tr><td>
<table width="100%" border="0" cellpadding="5" cellspacing="0" bgcolor="#FFFFFF">
<tr bgcolor="#EAF2FA">
<td colspan="2">
<font style="font-family: sans-serif; font-size:12px;"><strong>File</strong></font>
View WP Perms
#!/bin/bash
#
# This script configures WordPress file permissions based on recommendations
# from http://codex.wordpress.org/Hardening_WordPress#File_permissions
#
# Author: Michael Conigliaro
#
WP_OWNER=www-data
WP_GROUP=www-data
P_ROOT=/home/changeme
View Whitelist Cloudflare
# Source:
# https://www.cloudflare.com/ips
# https://support.cloudflare.com/hc/en-us/articles/200169166-How-do-I-whitelist-CloudFlare-s-IP-addresses-in-iptables-
for i in `curl https://www.cloudflare.com/ips-v4`; do iptables -I INPUT -p tcp -m multiport --dports http,https -s $i -j ACCEPT; done
for i in `curl https://www.cloudflare.com/ips-v6`; do ip6tables -I INPUT -p tcp -m multiport --dports http,https -s $i -j ACCEPT; done
# Avoid racking up billing/attacks
# WARNING: If you get attacked and CloudFlare drops you, your site(s) will be unreachable.
iptables -A INPUT -p tcp -m multiport --dports http,https -j DROP
@swoopsta
swoopsta / iptables.sh
Last active Apr 10, 2018
IP Tables for VPN LXC Instance
View iptables.sh
#! /bin/bash
# Flush
iptables -t nat -F
iptables -t mangle -F
iptables -F
iptables -X
# Flush V6
ip6tables -t nat -F
View gist:ebd6fbe79ae23bc7b268568728926ae8
<?php
/*
* Template Name: Example Custom Template
* See the codex entry on custom template for more information: http://codex.wordpress.org/Page_Templates#Custom_Page_Template
*
* Add html above or below the_content inside the comments
* Add php snippets as well with their own opening and closing php
*/
global $avia_config, $post;
@swoopsta
swoopsta / pia-port-forwarding.sh
Last active May 12, 2017
PIA Port Forwarding For Transmission
View pia-port-forwarding.sh
#!/usr/bin/env bash
#
# Enable port forwarding when using Private Internet Access
#
echo 'Loading port forward assignment information...'
pia_client_id=`head -n 100 /dev/urandom | sha256sum | tr -d " -"` forwarded_port=$(curl "http://209.222.18.222:2000/\?client_id=$pia_client_id" 2>/dev/null | awk -F ':' '{ print $2 }'| awk -F '}' '{ print $1 }')
json=`curl "http://209.222.18.222:2000/?client_id=$client_id" 2>/dev/null`
if [ "$json" == "" ]; then
echo "Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding"
else