sunsong

• Amnezia VPN (OpenVPN & WireGuard protocols) - Windows, MacOS, iOS, Android, Linux (no ARM support)
• boringproxy (in-house developed "NameDrop" protocol) - Windows, MacOS, Linux, FreeBSD, OpenBSD
• boringtun (WireGuard protocol) - MacOS, Linux (mobile clients not open source)
• Brook (in-house developed "Brook" protocol as well as WebSocket Secure, SOCKS5, and QUIC protocols) - Windows, MacOS, Linux, OpenWrt (mobile clients not open source)
• Chisel (SSH protocol) - Windows, MacOS, Linux
• cjdns (in-house developed "CryptoAuth" protocol) - Windows, MacOS, Linux, FreeBSD, NetBSD
• Cloak (OpenVPN & Shadowsocks protocols) - Windows, MacOS

sunsong

Add regular-expression filter under /etc/fail2ban/filter.d/keycloak.conf:

[INCLUDES]

before = common.conf

[Definition]

_threadName = [a-z][-_0-9a-z]*(\s[a-z][-_0-9a-z]*)*
_userId = (null|[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})

sunsong

Linux NetFilter, IP Tables and Conntrack Diagrams

IPTABLES TABLES and CHAINS

IPTables has the following 4 built-in tables.

1) Filter Table

Filter is default table for iptables. So, if you don’t define you own table, you’ll be using filter table. Iptables’s filter table has the following built-in chains.

sunsong

#!/bin/bash

# 你的代理服务器的 IP
PROXY_IP="1.2.3.4"
PROXY_IPSET="proxy_ipset"
INTERNAL_IPSET="internal_ipset"
GFW_IPSET="gfw_ipset"
CHINA_IPSET="china_ipset"

SNI_PORT=443

sunsong

Client-side SSL

For excessively paranoid client authentication.

Using self-signed certificate.

Create a Certificate Authority root (which represents this server)

Organization & Common Name: Some human identifier for this server CA.

openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt