kevin-smets
/ iterm2-solarized.md
Last active
April 15, 2025 03:42
iTerm2 + Oh My Zsh + Solarized color scheme + Source Code Pro Powerline + Font Awesome + [Powerlevel10k] - (macOS)
##ss-redir 的 iptables 配置(透明代理)
透明代理指对客户端透明,客户端不需要进行任何设置就使用了网管设置的代理规则
创建 /etc/ss-redir.json 本地监听 7777
运行ss-redir -v -c /etc/ss-redir.json
iptables -t nat -N SHADOWSOCKS
# 在 nat 表中创建新链
iptables -t nat -A SHADOWSOCKS -p tcp --dport 23596 -j RETURN
# 23596 是 ss 代理服务器的端口,即远程 shadowsocks 服务器提供服务的端口,如果你有多个 ip 可用,但端口一致,就设置这个
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // vim: set et sw=2 ts=2 sts=2 ff=unix fenc=utf8: | |
| // Author: Binux<[email protected]> | |
| // http://binux.me | |
| // Created on 2013-11-11 18:50:58 | |
| (function(){ | |
| function getOffset(elem) { | |
| var top = 0; | |
| var left = 0; | |
| do { |
lwr
/ autopac.sh
Last active
June 7, 2024 07:34
使用 https://github.com/clowwindy/gfwlist2pac 生成自定义 PAC 的辅助脚本
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| GFWLIST=https://autoproxy-gfwlist.googlecode.com/svn/trunk/gfwlist.txt | |
| PROXY=127.0.0.1:7070 | |
| cd `dirname "${BASH_SOURCE[0]}"` | |
| echo "Downloading gfwlist from $GFWLIST" | |
| curl "$GFWLIST" --socks5-hostname "$PROXY" > /tmp/gfwlist.txt | |
| /usr/local/bin/gfwlist2pac \ | |
| --input /tmp/gfwlist.txt \ |
losisli
/ linux上用strongswan搭建ikev2协议vpn.md
Last active
October 21, 2024 05:52
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # sniproxy example configuration file | |
| # lines that start with # are comments | |
| # lines with only white space are ignored | |
| user daemon | |
| # PID file | |
| pidfile /var/run/sniproxy.pid | |
| resolver { |
pingec
/ Disable mstsc NLA (client)
Last active
August 1, 2024 11:35
Disable NLA on remote desktop (mstsc) client (fixing password expired problem)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Sometimes you try to open a remote desktop connection to a machine only to get an error message that "the password has expired". | |
| If the remote machine does not enforce NLA (Network Level Authentication), it is still possible to start a remote desktop session by disabling NLA on the client (currenlty not possible from the menu on my remote desktop client v.6.3.96000 that came with windows 8.1). | |
| Add the following setting to your .rdp file ("C:\Users\<User>\Documents\Default.rdp" if you aren't using a specific one). | |
| enablecredsspsupport:i:0 | |
| Optionally you might need to specify |
由于路由管控系统的建立,实时动态黑洞路由已成为最有效的封锁手段,TCP连接重置和DNS污染成为次要手段,利用漏洞的穿墙方法已不再具有普遍意义。对此应对方法是多样化协议的VPN来抵抗识别。这里介绍一种太简单、有时很朴素的“穷人VPN”。
朴素VPN只需要一次内核配置(Linux内核),即可永久稳定运行,不需要任何用户态守护进程。所有流量转换和加密全部由内核完成,原生性能,开销几乎没有。静态配置,避免动态握手和参数协商产生指纹特征导致被识别。并且支持NAT,移动的内网用户可以使用此方法。支持广泛,基于L2TPv3标准,Linux内核3.2+都有支持,其他操作系统原则上也能支持。但有两个局限:需要root权限;一个隧道只支持一个用户。
朴素VPN利用UDP封装的静态L2TP隧道实现VPN,内核XFRM实现静态IPsec。实际上IP-in-IP隧道即可实现VPN,但是这种协议无法穿越NAT,因此必须利用UDP封装。内核3.18将支持Foo-over-UDP,在UDP里面直接封装IP,与静态的L2TP-over-UDP很类似。
superfish.pem contains:
- the Superfish certificate as found by both Chris Palmer and Matt Burke;
- the encrypted private key as found by Karl Koscher.
$ openssl x509 -in superfish.pem -text
Certificate:
Data:
Version: 3 (0x2)