Red Hat Enterprise Linux 5 security updates after EOL (End of Life)

Get security updates for CentOS 5 / Scientific Linux 5 / Red Hat Enterprise Linux 5 security updates after EOL (End of Life) from Riken Repository, mirror from Linux @ CERN

change 511 to 5x of your distro version, e.g. 55 for version 5.5

Download the GPG Key:

wget http://ftp.riken.jp/Linux/cern/slc511/x86_64/RPM-GPG-KEYs/RPM-GPG-KEY-CentOS-5 -O /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5

Create repo file:

vim /etc/yum.repos.d/slc511.repo

[scientifc_linux_511]
name=Scientific Linux 5.11 Updates
baseurl=http://ftp.riken.jp/Linux/cern/slc511/$basearch/updates/RPMS/
enabled=1
gpgcheck=1

UPDATES!

yum clean all
yum update

Stream PC Games to Raspberry Pi 3 with Parsec (AMD supported)

Sign up at https://parsec.tv/signup
Download and install Parsec Gaming Server at https://parsec.tv/downloads
Run and login Parsec Gaming Server on your PC
Download and install Raspbian Jessie Lite at https://www.raspberrypi.org/downloads/raspbian/
(Optional for Wi-Fi connection) Configure the Raspbian network
```
sudo nano /etc/wpa_supplicant/wpa_supplicant.conf
```
Add:
network={
ssid=”The_ESSID_from_earlier”
psk=”Your_wifi_password”
}
```
sudo wpa_cli reconfigure
```
Change the GPU memory split to 128mb
```
sudo raspi-config
```
>7 Advanced Options
>A3 Memory Split
Enter 128, accept the option, and exit choosing to reboot

Download and extract the Parsec Raspberry Pi 3 client

wget https://s3.amazonaws.com/parseccloud/package/client-rpi.tar.gz
tar xvfz client-rpi.tar.gz

Run the Parsec client
```
cd parsec
./client
```
Login Parsec account and select your server
Happy Gaming!!!

Reference
https://www.raspberrypi.org/documentation/configuration/wireless/wireless-cli.md
https://parsec.tv/faq#rpi

IP over ICMP with Hans

Server Side

Download, extract, and compile Hans http://code.gerade.org/hans/
tar -xzf hans-version.tar.gz
cd hans-version
make
Run as root
./hans -s 10.1.2.0 -p password
Enable IPv4 forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
Edit /etc/sysconfg/iptables
-A FORWARD -i tun0 -o eth0 -m state –state NEW,ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -i eth0 -o tun0 -m state –state ESTABLISHED,RELATED -j ACCEPT
service iptables restart
Run as root to forward traffic
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Client Side

Download and extract Hans http://code.gerade.org/hans/
(For Linux, compile with make, for mac just download and extract)
(macOS only) Download and install TUNTAP http://tuntaposx.sourceforge.net/
Run as root
(normal) ./hans -c server_ip -p password
(verbose) ./hans -fv -c server_ip -p password
Set routing table (Linux)
route add -host server_ip gw router_gateway_ip
route add default gw 10.1.2.1
route del default gw router_gateway_ip
Set routing table (macOS)
sudo route add -host server_ip router_gateway_ip
sudo route delete default router_gateway_ip
sudo route add default 10.1.2.1

Reference:
http://code.gerade.org/hans/
http://zhiwei.li/text/2012/11/30/ip-over-icmp/

SOCKS5 Server Setup on Redhat Enterprise Linux 7

Download the latest source rpm from sourceforge.net
wget http://downloads.sourceforge.net/ss5/ss5-3.8.9-8.src.rpm
Download and install compliation tools
yum install gcc.x86_64 rpm-build.x86_64 openldap-devel.x86_64 pam-devel.x86_64 openssl-devel.x86_64 -y
Download and install dependencies
wget http://vault.centos.org/5.11/os/x86_64/CentOS/libgssapi-devel-0.10-2.x86_64.rpm
wget http://vault.centos.org/5.11/os/x86_64/CentOS/libgssapi-0.10-2.x86_64.rpm
rpm -ivh install libgssapi-0.10-2.x86_64.rpm libgssapi-devel-0.10-2.x86_64.rpm
Compile the the source RPM
rpmbuild –rebuild ss5-3.8.9-8.src.rpm
Install the compiled RPM
rpm -ivh rpmbuild/RPMS/x86_64/ss5-3.8.9-6.x86_64.rpm
Edit /etc/init.d/ss5 and put following lines at the top after shabang(#!/bin/sh):
export SS5_SOCKS_PORT=59
export SS5_SOCKS_USER=root
SS5 configuration file is /etc/opt/ss5/ss5.conf. The ‘auth’ directive sets the authentication policy.
For no authentication,
auth 0.0.0.0/0 – –

For user/pass authentication,
auth 0.0.0.0/0 – u
Set permission

Allow all hosts to connect:
permit – 0.0.0.0/0 – 0.0.0.0/0 – – – – –
The user/password pairs are stored in /etc/opt/ss5/ss5.passwd (user1 pass1) in each line. Make sure that this file is readable only by root:
chown root.root /etc/opt/ss5/ss5.passwd
chmod 750 /etc/opt/ss5/ss5.passwd
Start ss5
systemctl start ss5

Reference: http://blog.yegorgavrilov.com/2014/10/howto-ss5-socks5-proxy-server-on-centos.html

Create a DNS Tunnel (IP over DNS) connection in Android using iodine

DNS Server Setup

Get a domain name for your computer and set it to point to the IP address of your computer. You can use dyndns.org or no-ip.com to get one for free. If you have a dynamic IP, these services provide you with an application that updates the domain whenever the IP address changes. In the following, we assume that your computer is identified by mycomputer.dyndns.org.
Get a domain name for the tunnel. Go to your registrar and create a domain (or a subdomain) for the tunnel. We assume that you created a subdomain mytunnel.mydomain.org. After you created it, point its NS entry to mycomputer.dyndns.org that you set up above. This means that all queries of the form asdfasdfasdwre.mytunnel.mydomain.org will be forwarded to your own computer, on which you run the DNS tunneling server.

Server Side

Download and install iodine from http://code.kryo.se/iodine/
wget http://code.kryo.se/iodine/iodine-0.7.0.tar.gz
tar xzvf iodine-0.7.0.tar.gz
cd iodine-0.7.0
make
Launch the server
sudo ./bin/iodined -c -P my_password -d tap0 192.168.233.1/24 mytunnel.mydomain.org
Setup the iptables
# Allow the DNS server to send and receive queries
$ sudo iptables -A INPUT -p udp -m multiport –dports 53 -i eth0 -j ACCEPT
$ sudo iptables -A OUTPUT -p udp -m multiport –dports 53 -o eth0 -j ACCEPT# Allow the connected clients to talk to the server machine
$ sudo iptables -A INPUT -i tap0 -j ACCEPT
$ sudo iptables -A OUTPUT -o tap0 -j ACCEPT# Forward Internet traffic
$ sudo iptables -A FORWARD -i tap0 -o eth0 -m state –state NEW,ESTABLISHED,RELATED -j ACCEPT
$ sudo iptables -A FORWARD -i eth0 -o tap0 -m state –state ESTABLISHED,RELATED -j ACCEPT
$ sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Allow ip forward
echo 1 > /proc/sys/net/ipv4/ip_forward

Client Side

Install AndIodine
http://web.archive.org/web/20170710044858/http://f-droid.org/repo/org.xapek.andiodine_3.apk
Setup a connection with the password defined in server (my_password) in this case.
Connected and done.

Reference

http://code.kryo.se/iodine/
http://www.magictunnel.net/install.php
https://f-droid.org/repository/browse/?fdid=org.xapek.andiodine

Lenovo Newifi (Y1) OpenWrt Notes

Install OpenWrt Chaos Calmer 15.05.1

https://downloads.openwrt.org/chaos_calmer/15.05.1/ramips/mt7620/openwrt-15.05.1-ramips-mt7620-Lenovo-y1-squashfs-sysupgrade.bin

Press and hold “Reset” button on the back.
Power on the router, you will see 2.4G and 5G LED light is flashing
Set the PC connected to the router to address 192.168.1.2 (or whatever in 192.168.1 subnet)
Browse 192.168.1.1 from browser and select the firmware download above and click “恢復”
Wait it finish and browser to 192.168.1.1 again.

Install essential packages

# For 5Ghz WiFi
kmod-mt76

# For GRE Protocol, Allow VPN connections
kmod-nf-nathelper-extra

# For External HDD / USB Flash Drive
kmod-usb-storage
kmod-usb-storage-extras
block-mount
kmod-fs-ext4

# For VNStat
luci-app-vnstat
vnstat

# For BitTorrent
transmission-daemon
transmission-web
luci-app-transmission

# For PPTP VPN
kmod-mppe
kmod-gre
pptpd

# For Samba
samba36-server
luci-app-samba

# For DDNS
ddns-scripts
luci-app-ddns

Configure PPTP VPN

Edit /etc/config/pptpd set enable to “1” set login username and password, set the localip to the same subnet as the router, e.g 192.168.1.1, remoteip to 192.168.1.20-30
In luci, Network > Firewall > Traffic Rules, add a rule to open port 1723

Edit /etc/config/network, add

config rule
	option target 'ACCEPT'
	option _name 'pptp'
	option src 'wan'
	option proto 'tcp'
	option dest_port '1723'

config rule
	option target 'ACCEPT'
	option _name 'gre'
	option src 'wan'
	option proto '47'

In luci, Network > Firewall > Custom Rules, add below rules

# Allow all traffic in and out of the ppp interface. No reason to specify nets.
iptables -A input_rule -i ppp+ -j ACCEPT
iptables -A output_rule -o ppp+ -j ACCEPT
# This rule will allow traffic towards internet
iptables -A forwarding_rule -i ppp+ -j ACCEPT
iptables -A forwarding_rule -o ppp+ -j ACCEPT

Enable and start the service

/etc/init.d/pptpd enable
/etc/init.d/pptpd start

OpenWrt Wiki (outdated)

https://wiki.openwrt.org/toh/lenovo/lenovo_y1_v1

Newifi Mini 安装 OpenWrt

Original post: https://linuxtoy.org/archives/install-openwrt-on-newifi-mini.html

根据其他媒体及其产品页面介绍，Newifi Mini 身世复杂，简单的说就是本土化 OpenWrt 系统 + 联想出资做硬件 + 百度深度植入。其最近官方固件貌似又扯上了京东和搜狐，远离了百度……

不谈那扯不清理还乱的强国 IT 圈不谈，还是看下这款设备吧。和近两年雨后春笋般冒出的所谓智能路由产品一样，Newifi Mini 亦是使用 MediaTek MT7620A SoC + MT7612E 5G 方案的产品。那么这款产品又什么特别的呢？

相比某数字和五谷厂商的同类型产品，此款的 U-boot 并未锁
散热孔设计相对合理些
表面的镜面处理是个绝佳指纹收集器（误）
可控制的 LED 稍多些

其他的硬件特性为：

2×2 3db 外置天线
2.4GHz 802.11n 300M + 5GHz 802.11ac 866M
两个百兆 LAN 及一个百兆 WAN 口
16M Flash
128M DDR2 内存
具备一个 USB 2.0 接口

**** 官方系统

根据网上流传的早期固件版本评测，该设备官方固件使用需要百度账号，所以在下完全跳过了……不知道现在版本固件的内容如何。了解官方版本宣传的功能可参考其产品页面。

**** 安装 OpenWrt

前面说过这款设备的 U-boot 并没有锁，所以您完全可以直接刷入 OpenWrt 系统的，方法如下：

前往 OpenWrt 官网下载对应固件，设备实际型号名为 Lenovo Y1
通过有线连接设备，并将 PC 端设备 IP 设定为 192.168.1.11，子网掩码 255.255.255.0，网关 192.168.1.1 。
拔下路由器后面的电源，拿在手里，然后再次通电，之后迅速按下 RESET 按钮，若是设备上出现两个蓝灯连续闪烁，代表已经进入 U-boot 恢复模式。
在浏览器中输入 192.168.1.1 进入恢复模式页面，选择之前下载的 bin 文件即可开始刷机
将 PC 端设备 IP 重置为自动获取模式，即可开始常规 OpenWrt 配置了

**** 开启 5G 网络

这款设备的 OpenWrt 固件生成依然是遵循了极简原则，于是需要在配置好网络连接后自行安装 5G 网络驱动模块。其 MT7612E 5G 芯片被包含在 kmod-mt76 软件包中

opkg update && opkg install kmod-mt76

之后重新启动路由器，便可以在 LuCI 中看到 5G 网络的 radio 选项了。

**** 总结

和使用 Qulcomm Atheros 方案或者更高档次的 MT7621 双核方案相比，这个百兆双无线的无线路由器的价格优势显著，配合良好的 OpenWrt 支持及便利的刷机方式，那个 USB 2.0 接口可以玩转很多有趣的事情。

OpenWrt Wiki: Lenovo Y1

存在几个问题：1、刷完，三个网口顺序和原版是颠倒的。2、5G WiFi 设置参数后似乎没有办法立刻生效，UMU 都是 reboot 一下解决。

騰訊全民WiFi / 360 隨身 WiFi 第二代 / 小米隨身 WiFi / 小度 WiFi Linux AP模式（熱點）驅動

Install isc-dhcp-server
sudo apt-get install isc-dhcp-server
Download Driver https://github.com/eywalink/mt7601u
unzip mt7601u-master.zip
cd mt7601u-master
./miwifi_build.sh
sudo vim /etc/default/isc-dhcp-server
INTERFACES=”ra0″
sudo vim /etc/dhcp/dhcpd.conf
subnet 192.168.199.0 netmask 255.255.255.0 {
range 192.168.199.10 192.168.199.20;
option routers 192.168.199.1;
option domain-name-servers 8.8.8.8;
}
Create a start up script mywifi_start.sh
ifconfig ra0 up
ifconfig ra0 192.168.199.1
dhcpd ra0
echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE #Share Ethernet eth0 Connection
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE # Share VPN ppp0 connection
Create a stop script mywifi_stop.sh
ifconfig ra0 down
/etc/init.d/isc-dhcp-server stop
sudo ./mywifi_start.sh

Note:
SSID:MiWiFi_SuMang
PWD :52xiaomi
Change /etc/Wireless/RT2870AP/RT2870AP.dat for custom settings

Reference:

Install 360 WiFi 2 / Xiaomi WiFi USB Dongle on Linux

Install Linux Kernel Header of your Kernel.
Download Driver (mt7610u_wifi_sta_v3002_dpo_20130916.tar.bz2 )from http://www.mediatek.com/en/downloads1/downloads/mt7601u-usb/ OR http://s3.amazonaws.com/mtk.cfs/Downloads/linux/mt7610u_wifi_sta_v3002_dpo_20130916.tar.bz2
bzip2 -d DPO_MT7601U_LinuxSTA_3.0.0.4_20130913.tar.bz2
tar xopf DPO_MT7601U_LinuxSTA_3.0.0.4_20130913.tar
Update GCC and G++
cd DPO_MT7601U_LinuxSTA_3.0.0.4_20130913
vim common/rtusb_dev_id.c
add
{USB_DEVICE(0x148f,0x760b)}, /* 360 Wifi */
{USB_DEVICE(0x2717,0x4106)}, /* Xiaomi Wifi */
under
{USB_DEVICE(0x148f,0x7601)}, /* MT 6370 */
sudo apt-get install gcc-4.8 g++-4.8
Download kernel patch https://dl.dropboxusercontent.com/s/qlx4jn1t3y79zrg/rt2870-mt7601Usta-kuid_t-kgid_t.patch
patch -p0 < /tmp/DPO_MT7601U_LinuxSTA_3.0.0.4_20130913/rt2870-mt7601Usta-kuid_t-kgid_t.patch
sudo make
sudo make install
sudo reboot

Command-Line Pack (Backup)

Originated from http://www.neillcorlett.com/cmdpack
Use to convert ecm back to img file from EmulationPrardise

Compile from source:
tar xzvf cmdpack-1.03-src.tar.gz
cd cmdpack-1.03-src/src
./mkgcc ecm

Encode
ecm e cdimagefile ecmfile

Decode
ecm d ecmfile cdimagefile

[Downloads]
Command-Line Pack v1.03 source code
Command-Line Pack v1.03 source code (mirror)
DOS (16-bit, 8086)
DOS (32-bit, i386)
Windows (32-bit, i386)
Windows (32-bit, Alpha AXP)
Windows (32-bit, MIPS)
Windows (64-bit, x86_64)
Mac OS X (32-bit, PPC)
Mac OS X (32-bit, i386)
Mac OS X (64-bit, x86_64)
Human68k