分类: VPS

  • road warrior & ssh share port 443

    With help of SNI in stunnel,  we can  support both  road warrior and ssh function on the same TCP/443 port.

     

    VPS Server:

    Install  stunnel v5.31 with  openssl  v1.0.2, and listen on port 443

    Install dante v1.4.1,  and listen on port 1080

    Install openssh, and listen on port 22

     

    Stunnel config for VPS server

    chroot = /var/lib/stunnel/
    pid=/stunnel.pid
    setuid = stunnel
    setgid = stunnel

    ;debug =debug
    debug = err
    ;foreground = yes

    log = append
    ;log = overwrite
    output = /stunnel.log

    cert = /etc/stunnel/stunnel.pem
    ;key = /etc/stunnel/stunnel.pem

    verify = 3
    CApath = /certs

    ; performance
    socket = l:TCP_NODELAY=1

    ;compression = deflate
    compression = zlib

    [tls]
    accept = 0.0.0.0:443
    connect = 127.0.0.1:1080

    [ssh]
    sni = tls:22.vps.server.net
    connect = 127.0.0.1:22

    [socks]
    sni = tls:vps.server.net
    connect = 127.0.0.1:1080

     

    stunnel listen on 22 for ssh connection

    stunnel listen on 1080 for socks connection

     

    Stunnel config for client within Corp’s network:

    chroot = /var/lib/stunnel/
    pid=/stunnel.pid
    setuid = stunnel
    setgid = stunnel

    ;debug = alert/crit/err/warning/notice/info/debug
    debug = err

    ;foreground = yes

    cert = /etc/stunnel/stunnel.pem

    ;compression = deflate | zlib
    compression = zlib

    client = yes

    ; performance
    socket = l:TCP_NODELAY=1

    [socks-http-proxy]
    accept = 127.0.0.1:1080
    connect = http_proxy_ip:http_proxy_port

    protocol = connect
    protocolHost = vps.server.net:443

    [ssh-http-proxy]
    accept = 0.0.0.0:22
    connect = http_proxy_ip:http_proxy_port
    protocol = connect
    protocolHost = vps.server.net:443
    sni = 22.vps.server.net

     

     

    How to

    Road Warrier: 

    set socks proxy of browser to 127.0.0.1:1080

     

    SSH to vps.server.net

    ssh -p 22  user@localhost

     

  • VPS 测速

    17ce测速

    http://www.17ce.com/

     

    站长工具:

    http://tool.chinaz.com/speedtest.aspx

     

     

    http://www.speedtest.net/

  • proxytunnel HOWTO

    http://blog.cppse.nl/apache-proxytunnel-ssh-tunnel

     

     

  • VPS

    1. hostodo.com                                   (  as8100.net / 15 hops ,  8/22/2018)

    2. www.owned-networks.net               ( 16 hops,    July 21, 2019 )

    3. hostodo.com                                    (  Quadranet / 15 hops,  8/22/2018 )

    4. http://www.comforthost.net/             (  Support rDNS / 17 hops,  July 2, 2019 )

    5. http://www.comforthost.net/             ( 17 hops ,  1/1/2019)

    6. https://www.hostus.us/                      (  Support rDNS,   14 hops,  20 Apr, 2019 )

    https://manage.woothosting.com  (  KVM/rDNS,  Quadranet/14 hops ,  Feb 22 ,2019 )

    8. https://www.berry.pw                        ( Stopped at 2016/8/24  )     https://manage.woothosting.com      (  OpenVZ/rDNS/5TB,  Quadranet / 14 hops  )

    https://justhost.ru/auth/login          ( 512m/1cpu/6G Disk/KVM  / 16 hops)

    https://cn8.justhost.ru:8006/ Login: u23245 Passwd=xxxxxx Proxmox VE authentication server  

    9. https://www.alpharacks.com/         (  Stopped at 5/2017 ) https://www.linode.com/                  ( Japan / 13 hops)  

    10. aliyun     ECS (1核/2GB RAM/ 1Mbps IP,   stopped at 2018/07 ) 新手第一年 199元, 续费无优惠 DNS:100.100.2.138 / 100.100.2.136

    manage.woothosting.com   (OpenVZ/rDNS/5TB, Quadranet / 14 hops, Feb 22,2019  )    

  • Setup SSH VPN between two linux device

    https://help.ubuntu.com/community/SSH_VPN

    SSH_VPN

    work with ddwrt (with openssh+ ip installed)

     

     

     

  • Unix Benchmark On Debian VPS

    # Install & Run UnixBench

    apt-get install build-essential

    apt-get install libx11-dev libgl1-mesa-dev libxext-dev

    apt-get install git

    git clone  https://github.com/kdlucas/byte-unixbench

    cd byte-unixbench/UnixBench

    ./Run

     

     

     

    # UnixBench Result

    AlphaRacks
    Spring VPS 1GB:

    – 1024MB RAM
    – 1024MB vSwap
    – 2 vCPU
    – 15GB Disk Space
    – 2TB transfer
    – 1000Mbps uplink
    – 1x IPv4
    – 20x IPv6 (free on request)
    – DDoS Protection powered by QuadraNet Vest
    – OpenVZ / SolusVM
    – $14.00/year
    System Benchmarks Index Score 1538.9

    Owned-network:   512MB OVZLive Yearly Special/$13

    1 CPU in system; running 1 parallel copy of tests
    System Benchmarks Index Score 783.5

     

    Hostodo – $12/year 512MB VPS in Miami

    Score:   986.7            (4 CPUs in system; running 1 parallel copy of tests)

    Score:   1833.9          (4 CPUs in system; running 4 parallel copies of tests)

     

    Comforthost.net:      256M OpenVZ,  Las Vegas,  $11.99/year

    Score 1239.7  (1 parallel copies of tests)

    Score 2259.6  (2 parallel copies of tests)

     

    Comforthost.net:      128M SpotVps Basic,  Buffalo/NewYork,  $11.99/year

    Score 1152.2  (1 parallel copies of tests)

     

    (更多…)

  • tor + ssl

    Server:

    Enable ssh server

    Setup Tor server, and listen on 127.0.0.1:9050

    Setup Privoxy Daemon with following rule:

    Listen on:  localhost: 8118

    forward-socks5    /    127.0.0.1:9050

     

    Windows Client

    Bitvise:   ssh login to the server,   with following C2S config

    enable  127.0.0.1:8118    localhost 8118

    Firefox:   http proxy= 127.0.0.1:8118

    https proxy=127.0.0.1 8118

     

     

    P.S
    Build on Server

    git clone https://git.torproject.org/tor.git

    sudo apt-get clean
    sudo apt-get update
    sudo apt-get install autogen
    sudo apt-get install automake
    sudo apt-get install libssl-dev
    sudo apt-get install libevent-dev

    cd tor
    ./configure –disable-asciidoc
    make
    sudo make install

    sudo apt-get install privoxy
    sudo echo forward-socks5 / 127.0.0.1:9050 >>/etc/privoxy/config

     

    Launch on Server

    #/bin/bash

    sudo tor &

    sudo /etc/init.d/privoxy start

     

  • DNS software: rbldnsd

    rbldnsd:
    http://www.corpit.ru/mjt/rbldnsd.html

    git://git.corpit.ru/rbldnsd.git

    RBLDNSD :- Meaning is “DNS daemon suitable for running DNS-based blocklists”.
    rbldnsd is a small DNS-protocol daemon which is designed to handle queries to DNS-based IP-listing or NAME-listing services. Such services are a simple way to share/publish a list of IP addresses or (domain) names which are “listed” for for some reason, for example in order to be able to refuse a service to a client which is “listed” in some blocklist.

    http://linux.die.net/man/8/rbldnsd

     http://www.blue-quartz.com/rbl/

    Example

    http://www.uceprotect.net/en/?m=6&s=10

     

    Setup within Debian

    # Disable existed DNS service
    update-rc.d bind9 disable
    /etc/init.d/bind9 stop

    # Install rbldnsd

    setup.zip

  • Install dd-wrt onto wndr3700 v4

    Hardware:                       2.4G/5G Wifi,  USB,  128MB RAM/128B NAND

    Version Installed:             DD-WRT v24-sp2 (01/04/15) std – build 25760

    Feature Integrated:

    FreeRadius,                   PPPoE Server / Relay
    PPTP Server / Client,     OpenVPN Server / Client
    USB:                               Printer,  Storage,     USB Over IP
    FTP Server,                    DLNA Server,          Samba Server
    SIP Proxy,                       Http Server (Lighttpd)
    Mikrotik MAC Telnet,      IP over DNS Tunneling (nstx)
    SNMP,                            VNC Repeat,          Zabbix client

     

    Add 32G USB key with following partition setting:

    Part1 LABEL=”EXEC”   SIZE=2G   TYPE=”ext4″ With Journal

    Part2  LABEL=”DATA”   SIZE=30G  TYPE=”ext4″ Without Journal

     

    SSH into the route and execute:

    umount /dev/sda1
    umount /dev/sda2
    mkdir /mnt/exec
    mkdir /mnt/data
    mount /dev/sda1 /mnt/exec
    mount /dev/sda2 /mnt/data
    cp -r -p  /opt /mnt/exec/
    cp -r -p  /etc /mnt/exec/
    cp -r -p /www /mnt/exec/
    cp -r -p /jffs /mnt/exec/

    Startup Script:
    umount /dev/sda1
    umount /dev/sda2
    cp -r -p /tmp /tmp/mnt
    mkdir /mnt/exec
    mkdir /mnt/data
    mount /dev/sda1 /mnt/exec
    mount /dev/sda2 /mnt/data
    mount –bind /mnt/exec/www /www
    mount –bind /mnt/exec/opt /opt
    mount –bind /mnt/exec/etc /etc
    mount –bind /mnt/exec/jffs /jffs
    mv /tmp/mnt/tmp /mnt/exec/
    mount –bind /mnt/exec/tmp /tmp

  • Block IP Addr

    How To List Your Existing IP Address Rules

    iptables -L

    How To Help

    iptables -h

    How do I block an IP address ?

    iptables -A INPUT -s xx.xx.xx.xx -j DROP

    How To Block A Range of IP Addresses ?

    iptables -A INPUT -s xx.xx.xx.xx/8 -j DROP

    How can I block a particular PORT for a particular IP ?

    iptables -A INPUT -s IP-ADD -p tcp --destination-port portnumber -j DROP
    iptables -A INPUT -s xx.xx.xx.xx -p tcp --destination-port 25 -j DROP

     How to start/stop iptables

             /etc/init.d/iptables stop/etc/init.d/iptables start

    How do I unblock an IP address ?
    iptables -D INPUT -s IP-ADDR -j DROP

     How do I save iptables ?

           /etc/rc.d/init.d/iptables save
           service iptables save
    *****************************************************
    Script for Debian 6
      /etc/init.d/save_iptables
      /etc/init.d/load_iptables
      /usr/sbin/blockip
      /etc/network/if-pre-up.d/load_iptables  -> /etc/init.d/load_iptables
      How to Block IP:
      blockip  103.41.124.64
      cat /usr/sbin/blockip
           #!/bin/sh
           if  [  $# -eq 0 ];then
              echo “Usage:  $0 ip_addr”
              exit
           fi
           echo “ip address $1 will be blocked”
           iptables -A INPUT -s $1 -j DROP
           /etc/init.d/save_iptables
          clear
          iptables -L
       cat /etc/init.d/save_iptables
       #!/bin/sh
       /sbin/iptables-save > /etc/iptables
      cat /etc/init.d/load_iptables
      #!/bin/sh
      /sbin/iptables-restore < /etc/iptables