road warrior & ssh share port 443

发表于20 4 月, 2016由Leic

With help of SNI in stunnel, we can support both road warrior and ssh function on the same TCP/443 port.

VPS Server:

Install stunnel v5.31 with openssl v1.0.2, and listen on port 443

Install dante v1.4.1, and listen on port 1080

Install openssh, and listen on port 22

Stunnel config for VPS server

chroot = /var/lib/stunnel/
pid=/stunnel.pid
setuid = stunnel
setgid = stunnel

;debug =debug
debug = err
;foreground = yes

log = append
;log = overwrite
output = /stunnel.log

cert = /etc/stunnel/stunnel.pem
;key = /etc/stunnel/stunnel.pem

verify = 3
CApath = /certs

; performance
socket = l:TCP_NODELAY=1

;compression = deflate
compression = zlib

[tls]
accept = 0.0.0.0:443
connect = 127.0.0.1:1080

[ssh]
sni = tls:22.vps.server.net
connect = 127.0.0.1:22

[socks]
sni = tls:vps.server.net
connect = 127.0.0.1:1080

stunnel listen on 22 for ssh connection

stunnel listen on 1080 for socks connection

Stunnel config for client within Corp’s network:

chroot = /var/lib/stunnel/
pid=/stunnel.pid
setuid = stunnel
setgid = stunnel

;debug = alert/crit/err/warning/notice/info/debug
debug = err

;foreground = yes

cert = /etc/stunnel/stunnel.pem

;compression = deflate | zlib
compression = zlib

client = yes

; performance
socket = l:TCP_NODELAY=1

[socks-http-proxy]
accept = 127.0.0.1:1080
connect = http_proxy_ip:http_proxy_port

protocol = connect
protocolHost = vps.server.net:443

[ssh-http-proxy]
accept = 0.0.0.0:22
connect = http_proxy_ip:http_proxy_port
protocol = connect
protocolHost = vps.server.net:443
sni = 22.vps.server.net

How to

Road Warrier:

set socks proxy of browser to 127.0.0.1:1080

SSH to vps.server.net

ssh -p 22 user@localhost

VPS 测速

发表于19 4 月, 2016由Leic

17ce测速：

http://www.17ce.com/

站长工具：

http://tool.chinaz.com/speedtest.aspx

http://www.speedtest.net/

proxytunnel HOWTO

发表于13 4 月, 2016由Leic

http://blog.cppse.nl/apache-proxytunnel-ssh-tunnel

VPS

发表于7 1 月, 2016由Leic

1. ~~hostodo.com ( as8100.net / 15 hops , 8/22/2018)~~

2. www.owned-networks.net ( 16 hops, July 21, 2019 )

3. hostodo.com ( Quadranet / 15 hops, 8/22/2018 )

4. http://www.comforthost.net/ ( Support rDNS / 17 hops, July 2, 2019 )

5. http://www.comforthost.net/ ( 17 hops , 1/1/2019)

6. https://www.hostus.us/ ( Support rDNS, 14 hops, 20 Apr, 2019 )

7 https://manage.woothosting.com ( KVM/rDNS, Quadranet/14 hops , Feb 22 ,2019 )

8. ~~https://www.berry.pw ( Stopped at 2016/8/24 )~~ ~~https://manage.woothosting.com ( OpenVZ/rDNS/5TB, Quadranet / 14 hops )~~

https://justhost.ru/auth/login ( 512m/1cpu/6G Disk/KVM / 16 hops)

https://cn8.justhost.ru:8006/ Login: u23245 Passwd=xxxxxx Proxmox VE authentication server

9. ~~https://www.alpharacks.com/ ( Stopped at 5/2017 )~~ https://www.linode.com/ ( Japan / 13 hops)

10. ~~aliyun ECS (1核/2GB RAM/ 1Mbps IP, stopped at 2018/07 ）~~ ~~新手第一年 199元，续费无优惠~~ ~~DNS：100.100.2.138 / 100.100.2.136~~

manage.woothosting.com (OpenVZ/rDNS/5TB, Quadranet / 14 hops, Feb 22,2019 )

Setup SSH VPN between two linux device

发表于9 12 月, 2015由Leic

https://help.ubuntu.com/community/SSH_VPN

SSH_VPN

work with ddwrt (with openssh+ ip installed)

Unix Benchmark On Debian VPS

发表于23 8 月, 2015由Leic

# Install & Run UnixBench

apt-get install build-essential

apt-get install libx11-dev libgl1-mesa-dev libxext-dev

apt-get install git

git clone https://github.com/kdlucas/byte-unixbench

cd byte-unixbench/UnixBench

./Run

# UnixBench Result

AlphaRacks
Spring VPS 1GB:

– 1024MB RAM
– 1024MB vSwap
– 2 vCPU
– 15GB Disk Space
– 2TB transfer
– 1000Mbps uplink
– 1x IPv4
– 20x IPv6 (free on request)
– DDoS Protection powered by QuadraNet Vest
– OpenVZ / SolusVM
– $14.00/year
System Benchmarks Index Score 1538.9

Owned-network: 512MB OVZLive Yearly Special/$13

1 CPU in system; running 1 parallel copy of tests
System Benchmarks Index Score 783.5

Hostodo – $12/year 512MB VPS in Miami

Score: 986.7 (4 CPUs in system; running 1 parallel copy of tests)

Score: 1833.9 (4 CPUs in system; running 4 parallel copies of tests)

Comforthost.net: 256M OpenVZ, Las Vegas, $11.99/year

Score 1239.7 (1 parallel copies of tests)

Score 2259.6 (2 parallel copies of tests)

Comforthost.net: 128M SpotVps Basic, Buffalo/NewYork, $11.99/year

Score 1152.2 (1 parallel copies of tests)

继续阅读 →

tor + ssl

发表于9 8 月, 2015由Leic

Server:

Enable ssh server

Setup Tor server, and listen on 127.0.0.1:9050

Setup Privoxy Daemon with following rule:

Listen on: localhost: 8118

forward-socks5 / 127.0.0.1:9050

Windows Client

Bitvise: ssh login to the server, with following C2S config

enable 127.0.0.1:8118 localhost 8118

Firefox: http proxy= 127.0.0.1:8118

https proxy=127.0.0.1 8118

P.S
Build on Server

git clone https://git.torproject.org/tor.git

sudo apt-get clean
sudo apt-get update
sudo apt-get install autogen
sudo apt-get install automake
sudo apt-get install libssl-dev
sudo apt-get install libevent-dev

cd tor
./configure –disable-asciidoc
make
sudo make install

sudo apt-get install privoxy
sudo echo forward-socks5 / 127.0.0.1:9050 >>/etc/privoxy/config

Launch on Server

#/bin/bash

sudo tor &

sudo /etc/init.d/privoxy start

DNS software: rbldnsd

发表于3 2 月, 2015由Leic

rbldnsd:
http://www.corpit.ru/mjt/rbldnsd.html

git://git.corpit.ru/rbldnsd.git

RBLDNSD :- Meaning is “DNS daemon suitable for running DNS-based blocklists”.
rbldnsd is a small DNS-protocol daemon which is designed to handle queries to DNS-based IP-listing or NAME-listing services. Such services are a simple way to share/publish a list of IP addresses or (domain) names which are “listed” for for some reason, for example in order to be able to refuse a service to a client which is “listed” in some blocklist.

http://linux.die.net/man/8/rbldnsd

http://www.blue-quartz.com/rbl/

Example

http://www.uceprotect.net/en/?m=6&s=10

Setup within Debian

# Disable existed DNS service
update-rc.d bind9 disable
/etc/init.d/bind9 stop

# Install rbldnsd

setup.zip

Install dd-wrt onto wndr3700 v4

发表于21 1 月, 2015由Leic

Hardware: 2.4G/5G Wifi, USB, 128MB RAM/128B NAND

Version Installed: DD-WRT v24-sp2 (01/04/15) std – build 25760

Feature Integrated:

FreeRadius,                   PPPoE Server / Relay
PPTP Server / Client,     OpenVPN Server / Client
USB:     Printer, Storage,     USB Over IP
FTP Server,                    DLNA Server,      Samba Server
SIP Proxy,    Http Server (Lighttpd)
Mikrotik MAC Telnet,      IP over DNS Tunneling (nstx)
SNMP,                            VNC Repeat,          Zabbix client

Add 32G USB key with following partition setting:

Part1 LABEL=”EXEC” SIZE=2G TYPE=”ext4″ With Journal

Part2 LABEL=”DATA” SIZE=30G TYPE=”ext4″ Without Journal

SSH into the route and execute:

umount /dev/sda1
umount /dev/sda2
mkdir /mnt/exec
mkdir /mnt/data
mount /dev/sda1 /mnt/exec
mount /dev/sda2 /mnt/data
cp -r -p /opt /mnt/exec/
cp -r -p /etc /mnt/exec/
cp -r -p /www /mnt/exec/
cp -r -p /jffs /mnt/exec/

Startup Script:
umount /dev/sda1
umount /dev/sda2
cp -r -p /tmp /tmp/mnt
mkdir /mnt/exec
mkdir /mnt/data
mount /dev/sda1 /mnt/exec
mount /dev/sda2 /mnt/data
mount –bind /mnt/exec/www /www
mount –bind /mnt/exec/opt /opt
mount –bind /mnt/exec/etc /etc
mount –bind /mnt/exec/jffs /jffs
mv /tmp/mnt/tmp /mnt/exec/
mount –bind /mnt/exec/tmp /tmp

Block IP Addr

发表于15 1 月, 2015由Leic

How To List Your Existing IP Address Rules

iptables -L

How To Help

iptables -h

How do I block an IP address ?

iptables -A INPUT -s xx.xx.xx.xx -j DROP

How To Block A Range of IP Addresses ?

iptables -A INPUT -s xx.xx.xx.xx/8 -j DROP

How can I block a particular PORT for a particular IP ?

iptables -A INPUT -s IP-ADD -p tcp --destination-port portnumber -j DROP

iptables -A INPUT -s xx.xx.xx.xx -p tcp --destination-port 25 -j DROP

How to start/stop iptables

/etc/init.d/iptables stop/etc/init.d/iptables start

How do I unblock an IP address ?

iptables -D INPUT -s IP-ADDR -j DROP

How do I save iptables ?

/etc/rc.d/init.d/iptables save

service iptables save

*****************************************************

Script for Debian 6

/etc/init.d/save_iptables

/etc/init.d/load_iptables

/usr/sbin/blockip

/etc/network/if-pre-up.d/load_iptables -> /etc/init.d/load_iptables

How to Block IP:

blockip 103.41.124.64

cat /usr/sbin/blockip

#!/bin/sh

if [ $# -eq 0 ];then

echo “Usage: $0 ip_addr”

exit

echo “ip address $1 will be blocked”

iptables -A INPUT -s $1 -j DROP

/etc/init.d/save_iptables

clear

iptables -L

cat /etc/init.d/save_iptables

#!/bin/sh

/sbin/iptables-save > /etc/iptables

cat /etc/init.d/load_iptables

#!/bin/sh

/sbin/iptables-restore < /etc/iptables

SSH_VPN

P.S Build on Server

Launch on Server

Part1 LABEL=”EXEC” SIZE=2G TYPE=”ext4″ With Journal

Part2 LABEL=”DATA” SIZE=30G TYPE=”ext4″ Without Journal

How To List Your Existing IP Address Rules

How To Help

How To Block A Range of IP Addresses ?

P.S
Build on Server