Category Archives: Memo

搭设 OpenConnect VPN for IOS

Leave a reply

OpenConnect server, also known as ocserv, is a VPN server that communicates over SSL. By design, its goal is to become a secure, lightweight, and fast VPN server. OpenConnect server uses the OpenConnect SSL VPN protocol. At the time of writing, it also has experimental compatibility with clients that use the AnyConnect SSL VPN protocol.
Why AnyConnect? Although any connect protocol is simple for GFW to discover, it has been used for many large companies having relation of GDP. So right now it’s more safe than pptp openvpn and some other VPN protocols.

Update On Jan 2018
新建了一个可以快速搭建Docker镜像,可以不读下面冗长的内容了。

这里主要讲一下debian系统搭建ocserv的方式方法。

Continue reading

How to create an accesspoint using a RealTek 8192cu Usb Wifi Dongle In RPI1 B+

Leave a reply

8192cu is now supplied in default kernel, but it is not working when running as an access point. So I need to recompile the driver.

1.get the kernel’s headers

You have to get the kernel’s header files, the common way is

sudo apt-get install linux-headers-...

But in RPI, the easiest way is rpi-source.

sudo wget https://raw.githubusercontent.com/notro/rpi-source/master/rpi-source -O /usr/bin/rpi-source && sudo chmod +x /usr/bin/rpi-source && /usr/bin/rpi-source -q --tag-update

The kernel is compiled by gcc-4.8.3+, so if you have the gcc below 4.8.3, you have to install it.
first add

deb http://mirrordirector.raspbian.org/raspbian/ jessie main contrib non-free rpi

in /etc/apt/sources.list, and then

sudo apt-get install -t jessie gcc-4.8 g++-4.8

maybe you want to manage multi gcc versions

sudo update-alternatives --remove-all gcc
sudo update-alternatives --remove-all g++
sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-4.6 20
sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-4.8 50
sudo update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-4.6 20
sudo update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-4.8 50

also you need curses for make menuconfig

sudo apt-get install libncurses5-dev

Continue reading

搭建翻墙Host

Leave a reply

翻墙的方法有很多,譬如PPTP,SSH-D,SOCK5,但是终究需要在客户端安装一些软件,而且如果提供给其他人使用又会有安全问题,比如暴露密码。有一种翻墙的方法最容易,那就是Host,通过修改客户端的Host文件、路由的自定义Host或者局域网DNS服务,来达到翻墙的目的。
譬如我想翻 www.google.com 那么只需要配置

x.x.x.x www.google.com

甚至如果你在路由设置好这个,访问该路由的人都自然而然的翻墙了。

Continue reading

GFW拦截socks5诡异的规则

Leave a reply

GFW会拦截socks5明文的包,今天发现一个诡异的现象,就是有些包虽然含有一些敏感词,譬如google.com还是能通过,所以就跟了一下,发现和初始化socks5有关。
初始化socks5连接的时候客户端会发送一个“我能接受何种验证的包”,格式大概为
05 02 00 02
05意思为socks5版本,02支持两种验证格式,后两位就是两种验证格式,所有的验证格式如下

  1. 0x00: No authentication
  2. 0x01: GSSAPI[12]
  3. 0x02: Username/Password[13]
  4. 0x03–0x7F: methods assigned by IANA[14]
  5. 0x80–0xFE: methods reserved for private use

如果支持的验证方式包含GSSAPI,即便最终的交互没有用到这种方式,那么后续正文内容的包就不会被扫描拦截。
也就是如果一旦是
05 03 00 01 02
GFW就休息了。
煞是奇怪。起码最近是这样。所以为了自由一点,所以还是stunnel吧

Runtime error when setting innerHTML in IE8

Leave a reply

When I use plupload, I was puzzled by an exception.
It’s simple.
I reproduce it with the critical code.
HTML:

<p id="container"></p>

Javascript:

var a = document.createElement('div');
document.getElementById('container').appendChild(a);
a.innerHTML="222";

In IE8,It throws runtime exception.

I found some same situations, just like to modify a element triggered by itself, but this one seems unreasonable.

Finally, I found out why: the html content models, Each element defined in this specification has a content model: a description of the element’s expected contents. An HTML element must have contents that match the requirements described in the element’s content model.

The link of description http://www.w3.org/TR/2011/WD-html5-20110525/content-models.html

And The content models http://www.w3.org/TR/html-markup/common-models.html

I thought IE has more powerful fault tolerant, may be sometimes.