tracyhatemice

<?php
/**
 * Returns a pre-signed URL to access a restricted AWS S3 object.
 *
 * @param string $access_key the AWS access key
 * @param string $secret_key the AWS secret key associated with the access key
 * @param string $bucket the S3 bucket
 * @param string $canonical_uri the object in the S3 bucket expressed as a canonical URI.
 * This should begin with the / character, and should not be URL-encoded
 * @param int $expires the time that the pre-signed URL will expire, in seconds

tracyhatemice

# ------------------------------------------------
# Config files are located in /etc/wireguard/wg0
# ------------------------------------------------

# ---------- Server Config ----------
[Interface]
Address = 10.10.0.1/24 # IPV4 CIDR 
Address = fd86:ea04:1111::1/64 # IPV6 CIDR 
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # Add forwarding when VPN is started
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE # Remove forwarding when VPN is shutdown

tracyhatemice

Stangri's VPN Policy Routing package is a mainstay of my OpenWRT builds. It works great for IPv4, but I couldn't, for the life of me, get it working with IPv6. Instead, I had to faux-implement PBR as follows.

My VPN provider only gave me a single IP address with a /128 prefix, so I was forced to use NAT6. This left me with a stanza in my firewall config that looks like this; note the masq6 option

config zone
	option name 'wan_vpn'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'

tracyhatemice

Roll your own dynamic DNS service using Route53

tracyhatemice

127.0.0.1 api.ad.xiaomi.com
127.0.0.1 sdkconfig.ad.xiaomi.com
127.0.0.1 ad.mi.com
127.0.0.1 ad.xiaomi.com
127.0.0.1 ad1.xiaomi.com

127.0.0.1 adv.sec.miui.com
127.0.0.1 test.ad.xiaomi.com
127.0.0.1 new.api.ad.xiaomi.com

tracyhatemice

#!/bin/sh

# Script to route traffic from home network through VPN selectively.
# Based off the discussion at http://www.smallnetbuilder.com/forums/showthread.php?t=9311
# The setup is a Roku box, a Home PC running Plex, and a Synology NAS with a torrent client running a web interface.
# The aim is to have all traffic from Roku go through the VPN, all traffic from the Home PC (and all other devices) bypassing the VPN, 
# and the Synology NAS using the VPN. There are however some exceptions. Since Plex uses port 32400, Roku has to bypass the VPN when
# using that port. In addition, port 9091 has to bypass the VPN as well in order to access the Synology torrent client.
#
# Requirements: Asuswrt-Merlin with OpenVPN already set up

tracyhatemice

auth_basic              "Restricted";
auth_basic_user_file    /etc/nginx/htpasswd;

tracyhatemice

#!/usr/bin/env python
#encoding: utf-8
import urllib2
from base64 import b64decode


LIST_URL   = 'https://autoproxy-gfwlist.googlecode.com/svn/trunk/gfwlist.txt'
BLACK_FILE = 'gfw.url_regex.lst'
WHITE_FILE = 'cn.url_regex.lst'

tracyhatemice

echo "this file isn't supposed to run"
exit 0

# <------------------------------ Enviroment Variables ------------------------------->
FQDN = <Server DNS Name> # can also get from PTR record
ORG_NAME = <Org name>
RELEASE_NAME = $(lsb_release -sc)

# <------------------------------ Network Stack Setups ------------------------------->
# Please edit /etc/default/ufw first

tracyhatemice

#!/usr/bin/env python
"""

Code to read a squid log file
    
Sample usage:

f = SquidLog('access.log.1.gz')
for l in f:
    print l.ts, l.remhost, l.url