Skip to content

Commit cc1e227

Browse files
logotypelogotype
committed
update
1 parent 0e611f5 commit cc1e227

File tree

2 files changed

+26
-7
lines changed

2 files changed

+26
-7
lines changed

IPSec.md

Lines changed: 19 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,23 +1,24 @@
1-
Create IPSec VPN server (Ubuntu 15.04 Vivid Vervet)
1+
Create IPSec VPN server (Ubuntu Server 16.04 LTS)
22
----------------------
33

44
_Replace **`<SERVER-IP>`** with your servers external, public IP._
55

66
Install dependencies:
77

88
```bash
9-
$ sudo apt-get install libnss3-dev libnspr4-dev pkg-config libpam-dev libcap-ng-dev libcap-ng-utils libselinux-dev libcurl4-nss-dev libgmp3-dev flex bison gcc make libunbound-dev libnss3-tools libevent-dev xmlto
9+
$ export USE_FIPSCHECK=false
10+
$ sudo apt-get install libnss3-dev libnspr4-dev pkg-config libpam-dev libcap-ng-dev libcap-ng-utils libselinux-dev libcurl3-nss-dev flex bison gcc make libunbound-dev libnss3-tools libevent-dev xmlto libsystemd-dev
1011
```
1112

1213
Download Libreswan, unpack and compile:
1314

1415
```bash
15-
$ wget https://github.com/libreswan/libreswan/archive/v3.15.tar.gz
16-
$ tar -xvzf v3.15.tar.gz
17-
$ cd libreswan-3.15/
16+
$ wget https://github.com/libreswan/libreswan/archive/v3.20.tar.gz
17+
$ tar -xvzf v3.20.tar.gz
18+
$ cd libreswan-3.20/
1819
$ make programs
1920
$ sudo make install
20-
$ systemctl enable ipsec.service
21+
$ sudo systemctl enable ipsec.service
2122
```
2223

2324
Enable kernel IP packet forwarding and disable ICMP redirects by adding the below.
@@ -37,10 +38,17 @@ echo 0 > /proc/sys/net/ipv4/conf/default/accept_redirects
3738
echo 0 > /proc/sys/net/ipv4/conf/eth0/accept_redirects
3839
echo 0 > /proc/sys/net/ipv4/conf/lo/accept_redirects
3940

41+
# Disable rp_filter
42+
echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
43+
echo 0 > /proc/sys/net/ipv4/conf/default/rp_filter
44+
echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter
45+
echo 0 > /proc/sys/net/ipv4/conf/lo/rp_filter
46+
echo 0 > /proc/sys/net/ipv4/conf/ip_vti0/rp_filter
47+
4048
# Enable IPV4 forwarding
4149
echo 1 > /proc/sys/net/ipv4/ip_forward
4250

43-
iptables -t nat -A POSTROUTING -j SNAT --to-source <SERVER-IP> -o eth0
51+
sudo iptables -t nat -A POSTROUTING -j SNAT --to-source <SERVER-IP> -o eth0
4452
```
4553

4654
Edit `/etc/ipsec.conf`:
@@ -79,3 +87,7 @@ Verify everything is okay:
7987
```bash
8088
$ sudo ipsec verify
8189
```
90+
91+
Notes for AWS/EC2
92+
-----------------
93+
The Pluto service is listening for IKE and IKE/NAT-T on specific ports. In your Security Group, add a Custom UDP Rule for port 500 and 4500 with source 0.0.0.0/0.

useful-unix-stuff.sh

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -81,6 +81,9 @@ script_dir=$(dirname $(echo $0 | sed -e "s,^\([^/]\),$(pwd)/\1,"))
8181
# Clear console in Node.js (*nix)
8282
console.log('\033[2J');
8383

84+
# Connect to Cisco ASA devices via USB console cable
85+
screen /dev/tty.usbserial-a103xxxxx
86+
8487
# 1. OpenCV: Compile with C++11
8588
# 2. OpenCV: Build
8689
CC=clang CXX=clang++ CFLAGS='-m64' CXXFLAGS='-std=c++0x -stdlib=libc++ -m64 -Wno-c++11-narrowing' cmake -G "Unix Makefiles" -D CMAKE_INSTALL_PREFIX=/Users/<username>/Library/Developer/opencv/ -D WITH_QUICKTIME=OFF -D BUILD_EXAMPLES=OFF -D BUILD_NEW_PYTHON_SUPPORT=OFF -D WITH_CARBON=OFF -D CMAKE_OSX_ARCHITECTURES=x86_64 -D BUILD_PERF_TESTS=OFF -D BUILD_SHARED_LIBS=OFF -D BUILD_opencv_legacy=NO ..
@@ -167,3 +170,7 @@ htop
167170

168171
# Convert PNG image sequence (image-000.png) to H.264 using ffmpeg
169172
ffmpeg -i ./image-%03d.png -f mp4 -vcodec libx264 -pix_fmt yuv420p <filename>.mp4
173+
174+
# AWS S3: Get total size and number of files of bucket
175+
aws s3api list-objects --bucket <bucket_name> --output json --query "[sum(Contents[].Size), length(Contents[])]"
176+

0 commit comments

Comments
 (0)