Listing posts

Displaying posts 1 - 5 of 342 in total
wireguard vpn setup
mouse 49 · person cloud · link
Last update
2025-02-14
2025
02-14
« — »

1. SETUP

1.1 Install

1
2
3
4
5
6
7
8
9
10
11
apt install wireguard

cd /etc/wireguard/
wg genkey | tee private.key | wg pubkey > public.key
touch wg-srv.conf
chmod 600 private.key wg-srv.conf

## turn on ip forward systemwide within /etc/sysctl.d
## OR do it later inside wg-srv.conf
#sysctl --write net.ipv4.ip_forward=1
#echo net.ipv4.ip_forward=1 >> /etc/sysctl.d/local.conf

1.2 Firewall

1
2
3
4
# open port and allow traffic from intranet
ufw allow 1053/udp           comment 'VPN server'
ufw allow from 10.1.1.0/24   comment 'intranet VPN'
ufw route allow in on wg-srv comment 'VPN forward'

1.3 Network interface up/down

NB: wg-name = interface name = config filename without the extension .conf.

1
2
3
4
5
6
7
wg-quick up   wg-name # start
wg                    # info
wg-quick down wg-name # stop

# enable service
systemctl start  wg-quick@wg-name
systemctl enable wg-quick@wg-name

2. SERVER

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
# /etc/wireguard/wg-srv.conf
# server (with rules to allow routing all traffic)
[Interface]
PrivateKey = KFSjreufI8MJq5DD4c94EIuVOMBRGB0cL00uAmy9+2s=  # server private key
ListenPort = 1053
Address    = 10.1.1.1/24
PostUp     = sysctl --write net.ipv4.ip_forward=1
PostUp     =   iptables -A FORWARD -i %i -j ACCEPT
PostUp     =   iptables -A FORWARD -o %i -j ACCEPT
PostUp     =   iptables -t nat -A POSTROUTING -o eth0   -j MASQUERADE
#PostUp   =   iptables -t nat -A POSTROUTING -o wg-xxx -j MASQUERADE  # can add other interfaces
PostDown   = sysctl --write net.ipv4.ip_forward=0
PostDown   =   iptables -D FORWARD -i %i -j ACCEPT
PostDown   =   iptables -D FORWARD -o %i -j ACCEPT
PostDown   =   iptables -t nat -D POSTROUTING -o eth0   -j MASQUERADE
#PostDown  =  iptables -t nat -D POSTROUTING -o wg-xxx -j MASQUERADE

# client A
[Peer]
PublicKey    = SCkqASUWoNXzDW59pZglfbUHMBzBMJmoH5HH7zffY0c=  # client public key
PresharedKey = tbAdUxK2T0uLIBk5IfSXXUYihPJUyGeFI0vP4MUPrUM=  # wg genpsk
AllowedIPs   = 10.1.1.2/32
PersistentKeepalive = 23

3. CLIENT

3.1 Standard client

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# /etc/wireguard/wg-cli.conf
# client A
[Interface]
PrivateKey = oP6Zfi5ud9i4OL/COrL4FK0luSYpxvf3H7XRk8xfN0w=  # client private key
ListenPort = 2053
Address    = 10.1.1.2/24
DNS        = 10.0.0.1,1.1.1.1

# server
[Peer]
PublicKey    = ECxm9+6EAt/PPgIiVQEjzl0E8VZ7JBphZjWADUv/mVs=  # server public key
PresharedKey = tbAdUxK2T0uLIBk5IfSXXUYihPJUyGeFI0vP4MUPrUM=  # wg genpsk
AllowedIPs   = 0.0.0.0/0     # route all traffic through the server
#AllowedIPs = 10.1.1.0/24   # OR route VPN subnet only
Endpoint     = 185.193.254.157:1053
PersistentKeepalive = 5

3.2. NordVPN client (gist)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
# create a linux access token
# => https://my.nordaccount.com/dashboard/nordvpn/manual-configuration/

# get my wg private key
curl -s -u token:XXXX https://api.nordvpn.com/v1/users/services/credentials | \
  jq -r .nordlynx_private_key

# get servers params
wget -qO - https://api.nordvpn.com/v1/servers?limit=15000 | gzip -9 > servers.json.gz

# get servers params (recommended)
curl -s "https://api.nordvpn.com/v1/servers/recommendations?&filters\[servers_technologies\]\[identifier\]=wireguard_udp&limit=1" | \
  jq -r '.[]|.hostname, .station, (.locations|.[]|.country|.city.name), (.locations|.[]|.country|.name), (.technologies|.[].metadata|.[].value), .load'

# create conf
[Interface]
PrivateKey = <PRIVATE_KEY>    # my private key
Address    = 10.5.0.2/32      # IP is always the same
DNS        = 127.0.0.1, 10.5.0.2, 1.1.1.1
# local ip/subnet/gateway rules to allow access to eth0 from outside
#PostUp    = ip rule  add from        192.168.1.110  table 1000         ; ip route add to 192.168.1.0/24 table 1000 dev eth0; ip route add default via 192.168.1.1    table 1000 dev eth0
#PreDown   = ip route del default via 192.168.1.1    table 1000 dev eth0; ip route del to 192.168.1.0/24 table 1000 dev eth0; ip rule  del from        192.168.1.110  table 1000

[Peer]
PublicKey  = <SRV_PUB_KEY>
AllowedIPs = 0.0.0.0/0, 192.168.1.110 # route everything, and allow binding to eth0 
Endpoint   = <SRV_IP>:51820   # port is always the same

Source Linux: Debian wiki 1 and 2, davidshomelab, deb10 wg server, dynamic IP reddit & script

Source NordVPN: myshittycode, gist, NordVPN-WireGuard-Config-Generator, NordVPN api


~~~ * ~~~

Useful Android apps
Last update
2025-02-14
2025
02-14
«a collection of must have android apps for many common needs
apps/addons/plugins»

Stores: Google Play, NeoStore, F-Droid, Droid-ify, Aurora (src)

To check

General

Media

Games

System

Home automation

Svago


Other lists: Retrial, Finalboss77


~~~ * ~~~

Linux process memory usage
mouse 21 · person cloud · link
Last update
2025-01-28
2025
01-28
«smem»
  • install the C version of smem (no multiple python dependency!):
1
apt install smemstat
  • simple wrapper to shows only top lines and support regexp filtering
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
#!/usr/bin/env ruby
if ARGV.include?('-h')
  puts "USAGE: #{File.basename __FILE__} [-a] [regexp]"
  exit
end

h, w = `stty size`.split(' ').map(&:to_i)

lines   = `sudo smemstat -d -m`.split("\n")
lines.pop # Note: Memory reported in units of megabytes.
lines.pop # empty lines
totals  = lines.pop # Totals
header  = lines.shift
cmd_col = header.index('Command')

if ARGV.include?('-a')
  ARGV.delete '-a'
  h = 100_000
end

# replace Command with full cmdline
lines = lines.map{|l|
  pid     = l.split(' ', 2).first.to_i
  next if pid == Process.pid
  cmd_src = l[cmd_col..]
  cmd_dst = File.read("/proc/#{pid}/cmdline") rescue cmd_src
  args    = cmd_dst.split(/[ \u0000]/)
  cmd_dst = [File.basename(args.shift)].concat(args).join(' ')
  "#{l[0...cmd_col]}#{cmd_dst}"
}.compact

lines = lines.grep Regexp.new(ARGV[0]) if ARGV[0]
lines = lines[0..(h-9)]
max_w = lines.map(&:size).max
sep   = '-' * (max_w > w ? (w-2) : max_w)

puts header
puts sep
lines.each{|l| puts l[0..(w-2)] }
puts sep
puts totals

Source: golinuxcloud, smem (python), smemstat (C)


~~~ * ~~~

SSH tunnel howto and hints attachment
mouse 2935 · person cloud · link
Last update
2025-01-26
2025
01-26
«relevant things about ssh tunnels, netcat port knocking»

A general tunnel command:

1
2
3
4
5
6
7
8
9
10
11
12
13
ssh myuser@mysrv
  -L   8080:localhost:80  # tunnel local_port:target:target_port
  -L *:8080:localhost:80  # tunnel open to everyone who can connect to this machine
  -R   3380:localhost:80  # reverse tunnel port_on_mysrv:target:target_port
  -R *:3322:localhost:22  # reverse tunnel open to everyone who can connect to mysrv
  -q # quiet mode
  -f # go to background
  -n # redirects stdin from /dev/null
  -N # do not execute a remote command
  -T # disable pseudo-terminal allocation
  -M -S /path/to/socket # enable master mode via a shared socket
  -o UserKnownHostsFile=/dev/null # do not update known_hosts file
  -o StrictHostKeyChecking=no     # do no check the empty known_hosts file

Note: to allow the creation of reverse tunnels opened to everyone (0.0.0.0) you have to set this option:

1
2
# server configuration: /etc/ssh/sshd_config
GatewayPorts clientspecified

Scriptable tunnels

You can look for process IDs via pgrep/pkill:

1
2
ssh -fnNT ... mysrv          # start
pkill -f -QUIT 'ssh.*mysrv'  # stop

or better use master mode to avoid both grepping and any timing issues:

1
2
3
ssh -fNM -S /path/to/socket ... mysrv  # start
ssh -S /path/to/socket -O check        # check
ssh -S /path/to/socket -O exit mysrv   # stop

Auto-closing tunnels

SSH runs the specified command and then exits only if no one is using the tunnel:

1
2
ssh -f myusr@mysrv sleep 10  # start auto-closing tunnel
vncviewer 127.0.0.1::25901   # use the tunnel

Keep alive your connection

Keep alive the connection for 60 seconds, 1440 times (= 24 hours):

1
2
3
4
# client configuration: /etc/ssh/ssh_config | ~/.ssh/config
Host *
  ServerAliveInterval 60
  ServerAliveCountMax 1440
1
2
3
# server configuration: /etc/ssh/sshd_config
ClientAliveInterval 60
ClientAliveCountMax 1440

Test connectivity

1
ssh -o BatchMode=yes -o ConnectTimeout=3 myusr@mysrv exit && echo ok || echo ko

List active tunnels and ports

1
sudo lsof -i -n | egrep sshd

Port knocking

1
2
3
4
5
6
7
# ip4, scan, UDP, verbose
nc -4znuv hostname_or_ip port1 port2 ...

# with wait interval (-u = UDP instead of TCP)
nc -4znuv hostname_or_ip port1 && sleep 1 && \
nc -4znuv hostname_or_ip port2 && sleep 1 && \
...

Source: Stackexchange - master mode, Patrickmn - keep alive, Stackoverflow - test, Superuser - list active tunnels


~~~ * ~~~

Create a custom locale in Linux
mouse 52 · person cloud · link
Last update
2024-12-30
2024
12-30
«USA English locale +EUR +ISO8601 dates +A4 paper»

commands

1
2
3
4
5
6
7
8
9
10
11
12
13
cp /usr/share/i18n/locales/en_US /usr/share/i18n/locales/en_US@iso8601
# integrate desired config from /usr/share/i18n/locales/it_IT

# add new entry to supported locales
mkdir -p /usr/local/share/i18n
echo "en_US@iso8601 UTF-8" >> /usr/local/share/i18n/SUPPORTED

# compile new entry
dpkg-reconfigure locales  # add en_US@iso8601 and set it as default

# test after re-login
locale  # LANG=en_US@iso8601
date    # 2024-12-30 15:32:51 CET

custom entry

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
comment_char %
escape_char /

% USA English locale +EUR +ISO8601 dates +A4 paper

LC_IDENTIFICATION
title      "English locale for the USA (+EUR +ISO8601 dates +A4 paper)"
source     "Free Software Foundation, Inc."
address    "https:////www.gnu.org//software//libc//"
contact    ""
email      "bug-glibc-locales@gnu.org"
tel        ""
fax        ""
language   "American English"
territory  "United States"
revision   "1.0"
date       "2024-12-30"

category "i18n:2012";LC_IDENTIFICATION
category "i18n:2012";LC_CTYPE
category "i18n:2012";LC_COLLATE
category "i18n:2012";LC_TIME
category "i18n:2012";LC_NUMERIC
category "i18n:2012";LC_MONETARY
category "i18n:2012";LC_MESSAGES
category "i18n:2012";LC_PAPER
category "i18n:2012";LC_NAME
category "i18n:2012";LC_ADDRESS
category "i18n:2012";LC_TELEPHONE
category "i18n:2012";LC_MEASUREMENT
END LC_IDENTIFICATION

LC_CTYPE
copy "en_GB"
END LC_CTYPE

LC_COLLATE
copy "iso14651_t1"
END LC_COLLATE

LC_MONETARY
int_curr_symbol     "EUR "
currency_symbol     "<U20AC>"
mon_decimal_point   "."
mon_thousands_sep   ","
mon_grouping        3;3
positive_sign       ""
negative_sign       "-"
int_frac_digits     2
frac_digits         2
p_cs_precedes       1
int_p_sep_by_space  1
p_sep_by_space      0
n_cs_precedes       1
int_n_sep_by_space  1
n_sep_by_space      0
p_sign_posn         1
n_sign_posn         1
END LC_MONETARY

LC_NUMERIC
decimal_point   "."
thousands_sep   ","
grouping        3;3
END LC_NUMERIC

LC_TIME
abday "Sun";"Mon";"Tue";"Wed";"Thu";"Fri";"Sat"
day   "Sunday";"Monday";"Tuesday";"Wednesday";"Thursday";"Friday";"Saturday"
abmon "Jan";"Feb";"Mar";"Apr";"May";"Jun";"Jul";"Aug";"Sep";"Oct";"Nov";"Dec"
mon   "January";"February";"March";"April";"May";"June";"July";"August";"September";"October";"November";"December"

week  7;19971130;4
first_weekday 2
first_workday 2

% date and time representation (%c)
d_t_fmt "%F %T"

% date representation (%x)
d_fmt   "%Y-%m-%d"

% time representation (%X)
t_fmt   "%T"

% Strings for AM/PM
am_pm "AM";"PM"

% AM/PM time representation (%r)
t_fmt_ampm "%I:%M:%S %p"

% Appropriate date and time representation for date(1).  This is
% different from d_t_fmt for historical reasons and has been different
% since 2000 when date_fmt was added as a GNU extension.  At the end
% of 2018 it was adjusted to use 12H time (bug 24046) instead of 24H.
date_fmt "%F %T %Z"
END LC_TIME

LC_PAPER
% show current: locale -k LC_PAPER  # A4 = 297 x 210
copy "i18n"
END LC_PAPER

LC_MEASUREMENT
copy "i18n"
END LC_MEASUREMENT

LC_MESSAGES
yesexpr "^[+1yY]"
noexpr  "^[-0nN]"
yesstr  "yes"
nostr   "no"
END LC_MESSAGES

LC_NAME
name_fmt    "%d%t%g%t%m%t%f"
name_miss   "Miss."
name_mr     "Mr."
name_mrs    "Mrs."
name_ms     "Ms."
END LC_NAME

LC_ADDRESS
postal_fmt    "%a%N%f%N%d%N%b%N%h %s %e %r%N%T, %S %z%N%c%N"
country_name  "United States"
country_post  "USA"
country_ab2   "US"
country_ab3   "USA"
country_num   840
country_car   "USA"
country_isbn  0
lang_name     "English"
lang_ab       "en"
lang_term     "eng"
lang_lib      "eng"
END LC_ADDRESS

LC_TELEPHONE
tel_int_fmt    "+%c (%a) %l"
tel_dom_fmt    "(%a) %l"
int_select     "11"
int_prefix     "1"
END LC_TELEPHONE

Source: serverfault, ccollins