Skip to content

Instantly share code, notes, and snippets.

View wongsyrone's full-sized avatar
😂
Babysitting

Syrone Wong wongsyrone

😂
Babysitting
View GitHub Profile

平台:DigitalOcean VPS ubuntu14.04 x64, strongswan5.2.2 运行以下命令请使用root权限

一:安装strongswan

由于ubuntu软件仓库中strongswan版本较低,因此从官网源码编译安装

apt-get install build-essential     #编译环境
aptitude install libgmp10 libgmp3-dev libssl-dev pkg-config libpcsclite-dev libpam0g-dev     #编译所需要的软件
@wongsyrone
wongsyrone / SOS.md
Last active August 29, 2015 14:15 — forked from vodik/SOS.md

Once upon a time there was a user that wanted to install firefox.

The user tried to do pacman -S firefox but it didn't work. The all mighty pacman reported that firefox-3.2.4-1.i686.pkg.tar.gz could not be found on his mirror. So the user tried pacman -Sy firefox. It worked and the user rejoiced since he could once again go and troll /h/.

But all was not good. The user had made a grave error!

See, when the user told the almighty pacman to -Sy firefox, pacman did

@wongsyrone
wongsyrone / ocserv.conf
Last active October 31, 2022 22:28 — forked from tinkernels/ocserv.conf
ocserv configuration file example.
# User authentication method. Could be set multiple times and in
# that case all should succeed. To enable multiple methods use
# multiple auth directives. Available options: certificate, certificate[optional],
# plain, pam.
#auth = "certificate"
#auth = "plain[./ocserv-passwd]"
#auth = "pam"
# This indicates that a user may present a certificate. When that option
# is set, individual users or user groups can be forced to present a valid
@wongsyrone
wongsyrone / Naive-VPN.md
Created January 11, 2016 00:39 — forked from klzgrad/Naive-VPN.md
朴素VPN:一个纯内核级静态隧道

朴素VPN:一个纯内核级静态隧道

由于路由管控系统的建立,实时动态黑洞路由已成为最有效的封锁手段,TCP连接重置和DNS污染成为次要手段,利用漏洞的穿墙方法已不再具有普遍意义。对此应对方法是多样化协议的VPN来抵抗识别。这里介绍一种太简单、有时很朴素的“穷人VPN”。

朴素VPN只需要一次内核配置(Linux内核),即可永久稳定运行,不需要任何用户态守护进程。所有流量转换和加密全部由内核完成,原生性能,开销几乎没有。静态配置,避免动态握手和参数协商产生指纹特征导致被识别。并且支持NAT,移动的内网用户可以使用此方法。支持广泛,基于L2TPv3标准,Linux内核3.2+都有支持,其他操作系统原则上也能支持。但有两个局限:需要root权限;一个隧道只支持一个用户。

朴素VPN利用UDP封装的静态L2TP隧道实现VPN,内核XFRM实现静态IPsec。实际上IP-in-IP隧道即可实现VPN,但是这种协议无法穿越NAT,因此必须利用UDP封装。内核3.18将支持Foo-over-UDP,在UDP里面直接封装IP,与静态的L2TP-over-UDP很类似。

创建一个朴素VPN

@wongsyrone
wongsyrone / gist:ed5f5a8326edb288ebac
Created March 29, 2016 09:13 — forked from paulirish/gist:4158604
Learn JavaScript concepts with recent DevTools features

Learn JavaScript concepts with the Chrome DevTools

Authored by Peter Rybin , Chrome DevTools team

In this short guide we'll review some new Chrome DevTools features for "function scope" and "internal properties" by exploring some base JavaScript language concepts.

Closures

Let's start with closures – one of the most famous things in JS. A closure is a function, that uses variables from outside. See an example:

@wongsyrone
wongsyrone / gpg-import-and-export-instructions.md
Created April 7, 2016 08:55 — forked from chrisroos/gpg-import-and-export-instructions.md
Instructions for exporting/importing (backup/restore) GPG keys

Every so often I have to restore my gpg keys and I'm never sure how best to do it. So, I've spent some time playing around with the various ways to export/import (backup/restore) keys.

Method 1

Backup the public and secret keyrings and trust database

cp ~/.gnupg/pubring.gpg /path/to/backups/
cp ~/.gnupg/secring.gpg /path/to/backups/
cp ~/.gnupg/trustdb.gpg /path/to/backups/

or, instead of backing up trustdb...

@wongsyrone
wongsyrone / gpgmutt.md
Created April 7, 2016 08:57 — forked from bnagy/gpgmutt.md
Mutt, Gmail and GPG

GPG / Mutt / Gmail

About

This is a collection of snippets, not a comprehensive guide. I suggest you start with Operational PGP.

Here is an incomplete list of things that are different from other approaches:

  • I don't use keyservers. Ever.
  • Yes, I use Gmail instead of some bespoke hipster freedom service
@wongsyrone
wongsyrone / GNUPG Cheatsheet.md
Last active April 7, 2016 09:15 — forked from turingbirds/GNUPG Cheatsheet.md
GPG (GNUPG) Cheatsheet

GNUPG CHEATSHEET

Setting up: key generation

This generates a public/private keypair.

$ gpg --gen-key

$ gpg --list-secret-keys

@wongsyrone
wongsyrone / sysctl.conf
Created April 30, 2016 00:33 — forked from chenshaoju/sysctl.conf
sysctl.conf
#
# /etc/sysctl.conf - Configuration file for setting system variables
# See /etc/sysctl.d/ for additonal system variables
# See sysctl.conf (5) for information.
#
#kernel.domainname = example.com
# Uncomment the following to stop low-level messages on console
#kernel.printk = 3 4 1 3
@wongsyrone
wongsyrone / hash.c
Created June 15, 2016 07:09 — forked from tonious/hash.c
A quick hashtable implementation in c.
#define _XOPEN_SOURCE 500 /* Enable certain library functions (strdup) on linux. See feature_test_macros(7) */
#include <stdlib.h>
#include <stdio.h>
#include <limits.h>
#include <string.h>
struct entry_s {
char *key;
char *value;