# Check module information:
cat /etc/modules
# Check loop module information
modinfo loop
# Found two paramters: max_loop, max_part
# Change count of loop device to 256
sed -i “s/^loop/loop max_loop=64/” /etc/modules
# Reload loop in kernel
rmmod loop
modprobe loop
http://www.syslinux.org/wiki/index.php/PXELINUX#Options
https://help.ubuntu.com/community/PXEInstallMultiDistro
http://www.unixmen.com/setup-local-repository-with-debian-7/
# Setup tftp server
apt-get install tftpd-hpa
/etc/init.d/tftpd-hpa start
# Testing tftp server
apt-get install tftp
uname -a >/srv/tftp/test
tftp 127.0.0.1
>get test
>quit
diff test /srv/tftp/test
# Install syslinux
apt-get install syslinux
cp /usr/lib/syslinux/pxelinux.0 /srv/tftp/ # copy other interested support files
cp /usr/lib/syslinux/menu.c32 /srv/tftp cp /usr/lib/syslinux/memdisk /srv/tftp cp /usr/lib/syslinux/mboot.c32 /srv/tftp cp /usr/lib/syslinux/chain.c32 /srv/tftp
mkdir -pv /srv/tftp/pxelinux.cfg
Privoxy phttp roxy server
Polipo caching http proxy server
http://www.pps.univ-paris-diderot.fr/~jch/software/polipo/
Tor SOCKS proxy
http://webbreacher.blogspot.com/2013/08/dns-host-enumeration-tool-bake-off.html
subbrute https://github.com/TheRook/subbrute
Fierce http://ha.ckers.org/fierce/
dnsmap: https://code.google.com/p/dnsmap/
dns-discovery https://code.google.com/p/dns-discovery/
dnsenum https://code.google.com/p/dnsenum/
https://github.com/fwaeytens/dnsenum
NameList: https://github.com/darkoperator/dnsrecon/blob/master/namelist.txt
https://pentest-tools.com/reconnaissance/find-subdomains-of-domain#
The issus was caused by gnutls library, if network bandwidth is low
Fix:
Build git with openssl from source:
cat git_build.sh
GIT_MAJOR=1.7.9
GIT_MINOR=7
GIT_VER=${GIT_MAJOR}.${GIT_MINOR}
GIT_NAME=git-${GIT_VER}
OPENSSL_VER=1.0.1i
OPENSSL_NAME=openssl-${OPENSSL_VER}
CURL_VER=7.38.0
CURL_NAME=curl-${CURL_VER}
EXPAT_VER=2.1.0
EXPAT_NAME=expat-${EXPAT_VER}
TARGET_DIR=/usr/local/git-${GIT_MAIN}
TARGET_DIR=/tmp/local
BUILD_OPENSSL=0
BUILD_CURL=0
BUILD_EXPAT=0
BUILD_GIT=1
if [ “${BUILD_OPENSSL}” == “1” ];then
if [ ! -f ${OPENSSL_NAME}.tar.gz ];then
wget http://www.openssl.org/source/${OPENSSL_NAME}.tar.gz
fi
if [ -d ${OPENSSL_NAME} ];then
rm -rf ${OPENSSL_NAME}
fi
tar xvfz ${OPENSSL_NAME}.tar.gz
cd ${OPENSSL_NAME}
./config no-shared no-dso –prefix=${TARGET_DIR}
make -j4
#make test
sudo make install
cd ..
fi
if [ “${BUILD_CURL}” == “1” ];then
if [ ! -f ${CURL_NAME}.tar.gz ];then
wget http://curl.haxx.se/download/${CURL_NAME}.tar.gz
fi
if [ -d ${CURL_NAME} ];then
rm -rf ${CURL_NAME}
fi
tar xvfz ${CURL_NAME}.tar.gz
cd ${CURL_NAME}
env PKG_CONFIG_PATH=${TARGET_DIR}/lib/pkgconfig ./configure –disable-shared –prefix=${TARGET_DIR} –without-gnutls –with-ssl
make -j4
sudo make install
cd ..
fi
if [ “${BUILD_EXPAT}” == “1” ];then
if [ ! -f ${EXPAT_NAME}.tar.gz ];then
wget http://sourceforge.net/projects/expat/files/expat/${EXPAT_VER}/${EXPAT_NAME}.tar.gz
fi
if [ -d ${EXPAT_NAME} ];then
rm -rf ${EXPAT_NAME}
fi
tar xvfz ${EXPAT_NAME}.tar.gz
cd ${EXPAT_NAME}
./configure –disable-shared –prefix=${TARGET_DIR}
make
sudo make install
fi
if [ “${BUILD_GIT}” == “1” ];then
if [ ! -f v${GIT_VER}.tar.gz ];then
wget http://github.com/git/git/archive/v${GIT_VER}.tar.gz
fi
if [ -d ${GIT_NAME} ];then
rm -rf ${GIT_NAME}
fi
tar xvfz v${GIT_VER}.tar.gz
cd ${GIT_NAME}
make configure
./configure –prefix=${TARGET_DIR} –with-curl –with-openssl=${TARGET_DIR} –with-lib=${TARGET_DIR}
make -j4
#make test
sudo make install
fi
Become open source at Jan 4, 2014
Ethernet-bridging (L2) and IP-routing (L3) over VPN
Embedded dynamic-DNS and NAT-traversal
6 major VPN protocols:
OpenVPN
IPsec
L2TP
MS-SSTP
L2TP V3
EtherIP
VPN over ICMP or DNS feature
FROM
This article from Microsoft is outdated, as mentioned by Linda Garth ( linda@thebestvpn.com), and they have a review of the VPN technology, the link is:
https://thebestvpn.com/pptp-l2tp-openvpn-sstp-ikev2/
Seem’s the Cisco VPN is still missing in their document, that is Ocserv & OpenConnect client, an open source project hosted at www.infradead.org
Similar to OpenVPN, the Cisco VPN protocol is an application level protocol, and widely used in Corporation environment
I put the link here, dosen’t mean any suggestions to adopt Cisco VPN, or OpenVPN.
In fact, I am using
Road Worrie: Just ssh socket forward, it’s easy and convenient, together with wpad text file for the sake of proxy selection. Performance or payload is not important for me,
As I have my own VPS server.
Access External Server with public IP, from Corp’s network: Using Stunnel with SNI to enable setup multiple tcp link via http proxy
Access Internal server within Corp’s network from public IP: Stunnel with SNI + tgcd
Access Google Play from Handset, Using PPTP VPN
From my experience:
The Stunnel is the most stable software, the dante (sock5) is the second stable, and OpenVPN.
The unstable issue may caused by the fact that the handshake protocol of openvpn can be easy detected, not only the software code it’s self. The same for the shadowsocks or socks5 protocol. Traffic Obfuscation is more important than encryption strength in some use case.
May 11 2017
Applies To: Windows Server 2008
Tunneling enables the encapsulation of a packet from one type of protocol within the datagram of a different protocol. For example, VPN uses PPTP to encapsulate IP packets over a public network, such as the Internet. A VPN solution based on Point-to-Point Tunneling Protocol (PPTP), Layer Two Tunneling Protocol (L2TP), or Secure Socket Tunneling Protocol (SSTP) can be configured.
PPTP, L2TP, and SSTP depend heavily on the features originally specified for Point-to-Point Protocol (PPP). PPP was designed to send data across dial-up or dedicated point-to-point connections. For IP, PPP encapsulates IP packets within PPP frames and then transmits the encapsulated PPP-packets across a point-to-point link. PPP was originally defined as the protocol to use between a dial-up client and a network access server.
PPTP allows multiprotocol traffic to be encrypted and then encapsulated in an IP header to be sent across an IP network or a public IP network, such as the Internet. PPTP can be used for remote access and site-to-site VPN connections. When using the Internet as the public network for VPN, the PPTP server is a PPTP-enabled VPN server with one interface on the Internet and a second interface on the intranet.
PPTP encapsulates PPP frames in IP datagrams for transmission over the network. PPTP uses a TCP connection for tunnel management and a modified version of Generic Routing Encapsulation (GRE) to encapsulate PPP frames for tunneled data. The payloads of the encapsulated PPP frames can be encrypted, compressed, or both. The following figure shows the structure of a PPTP packet containing an IP datagram.
Structure of a PPTP Packet Containing an IP Datagram
The PPP frame is encrypted with Microsoft Point-to-Point Encryption (MPPE) by using encryption keys generated from the MS-CHAP v2 or EAP-TLS authentication process. Virtual private networking clients must use the MS-CHAP v2 or EAP-TLS authentication protocol in order for the payloads of PPP frames to be encrypted. PPTP is taking advantage of the underlying PPP encryption and encapsulating a previously encrypted PPP frame.
L2TP allows multiprotocol traffic to be encrypted and then sent over any medium that supports point-to-point datagram delivery, such as IP or asynchronous transfer mode (ATM). L2TP is a combination of PPTP and Layer 2 Forwarding (L2F), a technology developed by Cisco Systems, Inc. L2TP represents the best features of PPTP and L2F.
Unlike PPTP, the Microsoft implementation of L2TP does not use MPPE to encrypt PPP datagrams. L2TP relies on Internet Protocol security (IPsec) in Transport Mode for encryption services. The combination of L2TP and IPsec is known as L2TP/IPsec.
Both L2TP and IPsec must be supported by both the VPN client and the VPN server. Client support for L2TP is built in to the Windows Vista® and Windows XP remote access clients, and VPN server support for L2TP is built in to members of the Windows Server® 2008 and Windows Server 2003 family.
L2TP is installed with the TCP/IP protocol.
Encapsulation for L2TP/IPsec packets consists of two layers:
A PPP frame (an IP datagram) is wrapped with an L2TP header and a UDP header.
The following figure shows the structure of an L2TP packet containing an IP datagram.
Structure of an L2TP Packet Containing an IP Datagram
The resulting L2TP message is then wrapped with an IPsec Encapsulating Security Payload (ESP) header and trailer, an IPsec Authentication trailer that provides message integrity and authentication, and a final IP header. In the IP header is the source and destination IP address that corresponds to the VPN client and VPN server.
The following illustration shows L2TP and IPsec encapsulation for a PPP datagram.
Encryption of L2TP Traffic with IPsec ESP
The L2TP message is encrypted with either Data Encryption Standard (DES) or Triple DES (3DES) by using encryption keys generated from the Internet Key Exchange (IKE) negotiation process.
Secure Socket Tunneling Protocol (SSTP) is a new tunneling protocol that uses the HTTPS protocol over TCP port 443 to pass traffic through firewalls and Web proxies that might block PPTP and L2TP/IPsec traffic. SSTP provides a mechanism to encapsulate PPP traffic over the Secure Sockets Layer (SSL) channel of the HTTPS protocol. The use of PPP allows support for strong authentication methods, such as EAP-TLS. SSL provides transport-level security with enhanced key negotiation, encryption, and integrity checking.
When a client tries to establish a SSTP-based VPN connection, SSTP first establishes a bidirectional HTTPS layer with the SSTP server. Over this HTTPS layer, the protocol packets flow as the data payload.
SSTP encapsulates PPP frames in IP datagrams for transmission over the network. SSTP uses a TCP connection (over port 443) for tunnel management as well as PPP data frames.
The SSTP message is encrypted with the SSL channel of the HTTPS protocol.
When choosing between PPTP, L2TP/IPsec, and SSTP remote access VPN solutions, consider the following:
| Primary Server |
208.67.222.222
|
OpenDNS-2 |
| Secondary Server |
156.154.70.1
|
UltraDNS |
| Tertiary Server |
4.2.2.2
|
Level 3/GTEI-2 |
IP |
Descr. | Hostname | Avg (ms) | Diff | Min | Max | TO | N |
| 208.67.222.222 | OpenDNS-2 | resolver1.opendns.com | 460.57 | 3.6% | 261.0 | 3500.0 | 2 | 1 |
8.8.8.8 |
SYS-8.8.8.8 | google-public-dns-a.google.com | 476.94 | 273.9 | 3500.0 | 3 | 0 |
209.253.113.18 |
Mcleod 3 US | cachens3.mcleodusa.net | 513.36 | -7.1% | 262.7 | 3500.0 | 2 | 1 |
| 216.165.129.157 | 216.165.129.157 | ns6.dns.tds.net | 529.09 | -9.9% | 262.6 | 3500.0 | 2 | 0 |
| 216.170.153.146 | TDS 8 US | ns8.dns.tds.net | 560.03 | -14.8% | 262.7 | 3500.0 | 3 | 0 |
| 216.52.129.1 | Internap CHI US | ns1.chi.pnap.net | 567.64 | -16.0% | 264.2 | 3500.0 | 3 | 0 |
| 134.48.1.32 | Marquette Uni US | dns1.mu.edu | 596.11 | -20.0% | 266.2 | 3500.0 | 7 | 0 |
| 4.2.2.2 | Level 3/GTEI-2 | b.resolvers.Level3.net | 603.13 | -20.9% | 261.8 | 3500.0 | 2 | 0 |
| 156.154.70.1 | UltraDNS | rdns1.ultradns.net | 610.57 | -21.9% | 261.7 | 3500.0 | 4 | 0 |
| 216.52.129.33 | 216.52.129.33 | ns2.chi.pnap.net | 611.23 | -22.0% | 263.8 | 3500.0 | 5 | 0 |
| 4.2.2.3 | Level 3/GTEI-3 | c.resolvers.level3.net | 630.44 | -24.3% | 261.9 | 3500.0 | 3 | 0 |
| 4.2.2.1 | Level 3/GTEI | a.resolvers.level3.net | 654.94 | -27.2% | 262.4 | 3500.0 | 3 | 0 |
| 216.81.128.132 | 216.81.128.132 | nscache3-mngt.dsm.lightedge.com | 690.13 | -30.9% | 268.0 | 3500.0 | 3 | 2 |
| 174.34.129.34 | 174.34.129.34 | 174.34.129.34.rdns.ubiquityservers.com | 690.90 | -31.0% | 264.0 | 3500.0 | 5 | 0 |
| 64.58.254.2 | 64.58.254.2 | ns1.met-net.com | 750.62 | -36.5% | 275.8 | 3500.0 | 12 | 0 |
| 216.146.35.35 | DynGuide | resolver1.dyndnsinternetguide.com | 1222.12 | -61.0% | 262.4 | 3500.0 | 55 |
2 |
| Primary Server |
12.127.17.71
|
Wtechlink/Pacinfo/AT&T-2 US |
| Secondary Server |
74.82.42.42
|
Hurricane Electric |
| Tertiary Server |
208.64.28.219
|
208.64.28.219 7.68
74.222.30.2 7.90
72.11.150.10 7.66
72.11.150.74 7.59
72.37.141.91 ns1.belairinternet.com 7.86
74.82.42.42 ordns.he.net 7.73
4.2.2.1 Verizon 10
4.2.2.2 Verizon 10
8.3.48.20 dns1.linknetinc.com 11.2
8.3.48.22 dns2.linknetinc.com 11.6
12.127.17.71 dns-rs1.bgtmo.ip.att.net 9.00
12.127.17.72 dns-rs2.bgtmo.ip.att.net 9.00
216.146.35.35 dyn 8.26
216.146.36.36 dyn 8.17
209.244.0.3 Level3 10
209.244.0.4 Level3 10
208.67.222.222 OPENDNS Primary 18.3
208.67.222.220 OPENDNS Second 18.3