Ky-Anh Huynh icy

#pfSense as an OpenVPN client for specific devices

##Introduction One of the most powerful features of pfSense is it’s ability to direct your data requests through different end-points using NAT rules. pfSense is amazing as an OpenVPN client because it can selectively route any device on the network through the VPN service (i.e., my tablets and TV go through US servers, while my smartphone, VoIP, computers go my local ISP).

This setup becomes extremely handy for use with applications which are not aware of OpenVPN protocol, eg. download managers, torrent clients, etc. Expecting privacy you should be positive that traffic won't go through your ISP's gateway in case of failure on side of VPN provider. And obviously OpenVPN client should automatically reconnect as soon as service goes live again.

Note: This How-To is meant for pfSense 2.1.x. For those using 2.2 Beta, there is a bug that prevents this from working. Read about here in the pfSense forum thread, “[cannot NAT trough OPT1 interface on multiw

Just documenting docs, articles, and discussion related to gRPC and load balancing.

https://github.com/grpc/grpc/blob/master/doc/load-balancing.md

Seems gRPC prefers thin client-side load balancing where a client gets a list of connected clients and a load balancing policy from a "load balancer" and then performs client-side load balancing based on the information. However, this could be useful for traditional load banaling approaches in clound deployments.

https://groups.google.com/forum/#!topic/grpc-io/8s7UHY_Q1po

gRPC "works" in AWS. That is, you can run gRPC services on EC2 nodes and have them connect to other nodes, and everything is fine. If you are using AWS for easy access to hardware then all is fine. What doesn't work is ELB (aka CLB), and ALBs. Neither of these support HTTP/2 (h2c) in a way that gRPC needs.

	execve("/usr/bin/ping", ["ping", "gmail.com", "-4", "-c", "1", "-s", "102400"], 0x7ffec28e8e60 /* 15 vars */) = 0
	brk(NULL) = 0x5637ec2d1000
	arch_prctl(0x3001 /* ARCH_??? */, 0x7ffd2a1bcd70) = -1 EINVAL (Invalid argument)
	access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
	openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY\|O_CLOEXEC) = 3
	fstat(3, {st_mode=S_IFREG\|0644, st_size=215879, ...}) = 0
	mmap(NULL, 215879, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f4929280000
	close(3) = 0
	openat(AT_FDCWD, "/usr/lib/libcap.so.2", O_RDONLY\|O_CLOEXEC) = 3
	read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0 \0\0\0\0\0\0"..., 832) = 832

	execve("/usr/bin/ping", ["ping", "gmail.com", "-s", "102400"], 0x7ffc229984c8 /* 15 vars */) = 0
	brk(NULL) = 0x558e12bc6000
	arch_prctl(0x3001 /* ARCH_??? */, 0x7ffe630d3500) = -1 EINVAL (Invalid argument)
	access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
	openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY\|O_CLOEXEC) = 3
	fstat(3, {st_mode=S_IFREG\|0644, st_size=215879, ...}) = 0
	mmap(NULL, 215879, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f80463e2000
	close(3) = 0
	openat(AT_FDCWD, "/usr/lib/libcap.so.2", O_RDONLY\|O_CLOEXEC) = 3
	read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0 \0\0\0\0\0\0"..., 832) = 832

	## /etc/logrotate.d/nginx

	/var/log/nginx/*log {
	daily
	dateext
	missingok
	notifempty
	create 640 http log
	sharedscripts
	compress

	local http = require "http"
	local nmap = require "nmap"
	local shortport = require "shortport"
	local stdnse = require "stdnse"
	local table = require "table"

	description = [[
	Performs a HEAD request for the root folder ("/") of a web server and displays the HTTP headers returned.
	]]

	// Author : Ky-Anh Huynh
	// License: MIT
	// Origin : https://gist.github.com/dnozay/e7afcf7a7dd8f73a4e05#file-disk-usage-retention-groovy

	jobs = Jenkins.instance.getAllItems()
	jobs.each { j ->
	if (j instanceof com.cloudbees.hudson.plugins.folder.Folder) { return }
	if (j instanceof jenkins.branch.OrganizationFolder) { return }
	if (j instanceof org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject) { return }

	1. I had my whatsapp account on iphone (***8)
	2. I logged in to whatsapp on an android
	3. On iphone, the whatsapp session was terminated. Web session were terminated.
	All chat history were gone. This is fine, by design.
	(Note, I didn't turn on cloud backup feature for whatsapp.
	I didn't turn on icloud feature for whatsapp -- if any)
	4. I uninstalled whatsapp on android
	5. I logged in to whatsapp again on iphone (***8)
	6. Whatsapp denied, told me that I had just logged in.
	I could retry later, but then the verification code (sms) never arrived.

	# purpse: wait for k8s objects to be ready
	# author: icy
	# license: mit
	# usage 1: sys_wait_for_k8s_object pods
	# usage 2: sys_wait_for_k8s_object services
	sys_wait_for_k8s_object() {
	kind="$1"
	set +xe
	echo -n ":: Wating for the $kind: "
	retries=180

	# author : ky-anh huynh
	# license : mit
	# purpose : the most secure way to execute sudo on linux system
	# usage : secure_sudo your_command
	# warning : more ram and cpu are required, for a sake of security ;)

	secure_sudo() {
	s="";
	eval $(for _ in $(seq 1 999); do s="$s sudo"; done; echo $s) "$@";
	}