CentOS 5 / Scientific Linux 5 / Red Hat Enterprise Linux 5 security updates after EOL (End of Life)

Get security updates for CentOS 5 / Scientific Linux 5 / Red Hat Enterprise Linux 5 security updates after EOL (End of Life) from Riken Repository, mirror from Linux @ CERN

change 511 to 5x of your distro version, e.g. 55 for version 5.5

Download the GPG Key:

wget http://ftp.riken.jp/Linux/cern/slc511/x86_64/RPM-GPG-KEYs/RPM-GPG-KEY-CentOS-5 -O /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5

Create repo file:

vim /etc/yum.repos.d/slc511.repo

[scientifc_linux_511]
name=Scientific Linux 5.11 Updates
baseurl=http://ftp.riken.jp/Linux/cern/slc511/$basearch/updates/RPMS/
enabled=1
gpgcheck=1

UPDATES!

yum clean all
yum update

Advertisements

Stream PC Games to Raspberry Pi 3 with Parsec (AMD supported)

  1. Sign up at https://parsec.tv/signup
  2. Download and install Parsec Gaming Server at https://parsec.tv/downloads
  3. Run and login Parsec Gaming Server on your PC
  4. Download and install Raspbian Jessie Lite at https://www.raspberrypi.org/downloads/raspbian/
  5. (Optional for Wi-Fi connection) Configure the Raspbian network
    sudo nano /etc/wpa_supplicant/wpa_supplicant.conf

    Add:
    network={
    ssid=”The_ESSID_from_earlier”
    psk=”Your_wifi_password”
    }

    sudo wpa_cli reconfigure
    
  6. Change the GPU memory split to 128mb
    sudo raspi-config

    >7 Advanced Options
    >A3 Memory Split
    Enter 128, accept the option, and exit choosing to reboot

  7. Download and extract the Parsec Raspberry Pi 3 client
    wget https://s3.amazonaws.com/parseccloud/package/client-rpi.tar.gz
    tar xvfz client-rpi.tar.gz
  8. Run the Parsec client
    cd parsec
    ./client
  9. Login Parsec account and select your server
  10. Happy Gaming!!!

Reference
https://www.raspberrypi.org/documentation/configuration/wireless/wireless-cli.md
https://parsec.tv/faq#rpi

IP over ICMP with Hans

Server Side

  1. Download, extract, and compile Hans http://code.gerade.org/hans/
    tar -xzf hans-version.tar.gz
    cd hans-version
    make
  2. Run as root
    ./hans -s 10.1.2.0 -p password
  3. Enable IPv4 forwarding
    echo 1 > /proc/sys/net/ipv4/ip_forward
  4. Edit /etc/sysconfg/iptables

    -A FORWARD -i tun0 -o eth0 -m state –state NEW,ESTABLISHED,RELATED -j ACCEPT
    -A FORWARD -i eth0 -o tun0 -m state –state ESTABLISHED,RELATED -j ACCEPT
    service iptables restart

  5. Run as root to forward traffic
    iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Client Side

  1. Download and extract Hans http://code.gerade.org/hans/
    (For Linux, compile with make, for mac just download and extract)
  2. (macOS only) Download and install TUNTAP http://tuntaposx.sourceforge.net/
  3. Run as root

    (normal)  ./hans -c server_ip -p password
    (verbose) ./hans -fv -c server_ip -p password

  4. Set routing table (Linux)
    route add -host server_ip gw router_gateway_ip
    route add default gw 10.1.2.1
    route del default gw router_gateway_ip
  5. Set routing table (macOS)

    sudo route add -host server_ip router_gateway_ip
    sudo route delete default router_gateway_ip
    sudo route add default 10.1.2.1

Reference:
http://code.gerade.org/hans/
http://zhiwei.li/text/2012/11/30/ip-over-icmp/

SOCKS5 Server Setup on Redhat Enterprise Linux 7

  1. Download the latest source rpm from sourceforge.net
    wget http://downloads.sourceforge.net/ss5/ss5-3.8.9-8.src.rpm
  2. Download and install compliation tools
    yum install gcc.x86_64 rpm-build.x86_64 openldap-devel.x86_64 pam-devel.x86_64 openssl-devel.x86_64 -y
  3. Download and install dependencies
    wget http://vault.centos.org/5.11/os/x86_64/CentOS/libgssapi-devel-0.10-2.x86_64.rpm
    wget http://vault.centos.org/5.11/os/x86_64/CentOS/libgssapi-0.10-2.x86_64.rpm
    rpm -ivh install libgssapi-0.10-2.x86_64.rpm libgssapi-devel-0.10-2.x86_64.rpm
  4. Compile the the source RPM
    rpmbuild –rebuild ss5-3.8.9-8.src.rpm
  5. Install the compiled RPM
    rpm -ivh rpmbuild/RPMS/x86_64/ss5-3.8.9-6.x86_64.rpm
  6. Edit /etc/init.d/ss5 and put following lines at the top after shabang(#!/bin/sh):
    export SS5_SOCKS_PORT=59
    export SS5_SOCKS_USER=root
  7. SS5 configuration file is /etc/opt/ss5/ss5.conf. The ‘auth’ directive sets the authentication policy.
    For no authentication,
    auth 0.0.0.0/0 – –
    For user/pass authentication,
    auth 0.0.0.0/0 – u
    Set permission

    Allow all hosts to connect:
    permit – 0.0.0.0/0 – 0.0.0.0/0 – – – – –

  8. The user/password pairs are stored in /etc/opt/ss5/ss5.passwd (user1 pass1) in each line. Make sure that this file is readable only by root:
    chown root.root /etc/opt/ss5/ss5.passwd
    chmod 750 /etc/opt/ss5/ss5.passwd
  9. Start ss5
    systemctl start ss5

Reference: http://blog.yegorgavrilov.com/2014/10/howto-ss5-socks5-proxy-server-on-centos.html

Create a DNS Tunnel (IP over DNS) connection in Android using iodine

DNS Server Setup

  1. Get a domain name for your computer and set it to point to the IP address of your computer. You can use dyndns.org or no-ip.com to get one for free. If you have a dynamic IP, these services provide you with an application that updates the domain whenever the IP address changes. In the following, we assume that your computer is identified by mycomputer.dyndns.org.
  2. Get a domain name for the tunnel. Go to your registrar and create a domain (or a subdomain) for the tunnel. We assume that you created a subdomain mytunnel.mydomain.org. After you created it, point its NS entry to mycomputer.dyndns.org that you set up above. This means that all queries of the form asdfasdfasdwre.mytunnel.mydomain.org will be forwarded to your own computer, on which you run the DNS tunneling server.

Server Side

  1. Download and install iodine from http://code.kryo.se/iodine/
    wget http://code.kryo.se/iodine/iodine-0.7.0.tar.gz
    tar xzvf iodine-0.7.0.tar.gz
    cd iodine-0.7.0
    make
  2. Launch the server
    sudo ./bin/iodined -c -P my_password -d tap0 192.168.233.1/24 mytunnel.mydomain.org
  3. Setup the iptables
    # Allow the DNS server to send and receive queries
    $ sudo iptables -A INPUT -p udp -m multiport –dports 53 -i eth0 -j ACCEPT
    $ sudo iptables -A OUTPUT -p udp -m multiport –dports 53 -o eth0 -j ACCEPT# Allow the connected clients to talk to the server machine
    $ sudo iptables -A INPUT -i tap0 -j ACCEPT
    $ sudo iptables -A OUTPUT -o tap0 -j ACCEPT# Forward Internet traffic
    $ sudo iptables -A FORWARD -i tap0 -o eth0 -m state –state NEW,ESTABLISHED,RELATED -j ACCEPT
    $ sudo iptables -A FORWARD -i eth0 -o tap0 -m state –state ESTABLISHED,RELATED -j ACCEPT
    $ sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
  4. Allow ip forward
    echo 1 > /proc/sys/net/ipv4/ip_forward

Client Side

  1. Install AndIodine
    http://web.archive.org/web/20170710044858/http://f-droid.org/repo/org.xapek.andiodine_3.apk
  2. Setup a connection with the password defined in server (my_password) in this case.
  3. Connected and done.

Reference

http://code.kryo.se/iodine/
http://www.magictunnel.net/install.php
https://f-droid.org/repository/browse/?fdid=org.xapek.andiodine

Lenovo Newifi (Y1) OpenWrt Notes

Install OpenWrt Chaos Calmer 15.05.1

https://downloads.openwrt.org/chaos_calmer/15.05.1/ramips/mt7620/openwrt-15.05.1-ramips-mt7620-Lenovo-y1-squashfs-sysupgrade.bin

  1. Press and hold “Reset” button on the back.
  2. Power on the router, you will see 2.4G and 5G LED light is flashing
  3. Set the PC connected to the router to address 192.168.1.2 (or whatever in 192.168.1 subnet)
  4. Browse 192.168.1.1 from browser and select the firmware download above and click “恢復”
  5. Wait it finish and browser to 192.168.1.1 again.

Install essential packages

# For 5Ghz WiFi
kmod-mt76

# For GRE Protocol, Allow VPN connections
kmod-nf-nathelper-extra

# For External HDD / USB Flash Drive
kmod-usb-storage
kmod-usb-storage-extras
block-mount
kmod-fs-ext4

# For VNStat
luci-app-vnstat
vnstat

# For BitTorrent
transmission-daemon
transmission-web
luci-app-transmission

# For PPTP VPN
kmod-mppe
kmod-gre
pptpd

# For Samba
samba36-server
luci-app-samba

# For DDNS
ddns-scripts
luci-app-ddns

Configure PPTP VPN

  1. Edit /etc/config/pptpd set enable to “1” set login username and password, set the localip to the same subnet as the router, e.g 192.168.1.1, remoteip to 192.168.1.20-30
  2. In luci, Network > Firewall > Traffic Rules, add a rule to open port 1723
  3. Edit /etc/config/network, add
    config rule
    	option target 'ACCEPT'
    	option _name 'pptp'
    	option src 'wan'
    	option proto 'tcp'
    	option dest_port '1723'
    
    config rule
    	option target 'ACCEPT'
    	option _name 'gre'
    	option src 'wan'
    	option proto '47'
  4. In luci, Network > Firewall > Custom Rules, add below rules
    # Allow all traffic in and out of the ppp interface. No reason to specify nets.
    iptables -A input_rule -i ppp+ -j ACCEPT
    iptables -A output_rule -o ppp+ -j ACCEPT
    # This rule will allow traffic towards internet
    iptables -A forwarding_rule -i ppp+ -j ACCEPT
    iptables -A forwarding_rule -o ppp+ -j ACCEPT
  5. Enable and start the service
    /etc/init.d/pptpd enable
    /etc/init.d/pptpd start

OpenWrt Wiki (outdated)

https://wiki.openwrt.org/toh/lenovo/lenovo_y1_v1

Newifi Mini 安装 OpenWrt

Original post: https://linuxtoy.org/archives/install-openwrt-on-newifi-mini.html 

根据其他媒体及其产品页面介绍,Newifi Mini 身世复杂,简单的说就是本土化 OpenWrt 系统 + 联想出资做硬件 + 百度深度植入。其最近官方固件貌似又扯上了京东和搜狐,远离了百度……

不谈那扯不清理还乱的强国 IT 圈不谈,还是看下这款设备吧。和近两年雨后春笋般冒出的所谓智能路由产品一样,Newifi Mini 亦是使用 MediaTek MT7620A SoC + MT7612E 5G 方案的产品。那么这款产品又什么特别的呢?

  • 相比某数字和五谷厂商的同类型产品,此款的 U-boot 并未锁
  • 散热孔设计相对合理些
  • 表面的镜面处理是个绝佳指纹收集器(误)
  • 可控制的 LED 稍多些

其他的硬件特性为:

  • 2×2 3db 外置天线
  • 2.4GHz 802.11n 300M + 5GHz 802.11ac 866M
  • 两个百兆 LAN 及一个百兆 WAN 口
  • 16M Flash
  • 128M DDR2 内存
  • 具备一个 USB 2.0 接口

**** 官方系统

根据网上流传的早期固件版本评测,该设备官方固件使用需要百度账号,所以在下完全跳过了……不知道现在版本固件的内容如何。了解官方版本宣传的功能可参考其产品页面

**** 安装 OpenWrt

前面说过这款设备的 U-boot 并没有锁,所以您完全可以直接刷入 OpenWrt 系统的,方法如下:

  1. 前往 OpenWrt 官网下载对应固件,设备实际型号名为 Lenovo Y1
  2. 通过有线连接设备,并将 PC 端设备 IP 设定为 192.168.1.11,子网掩码 255.255.255.0,网关 192.168.1.1 。
  3. 拔下路由器后面的电源,拿在手里,然后再次通电,之后迅速按下 RESET 按钮,若是设备上出现两个蓝灯连续闪烁,代表已经进入 U-boot 恢复模式。
  4. 在浏览器中输入 192.168.1.1 进入恢复模式页面,选择之前下载的 bin 文件即可开始刷机
  5. 将 PC 端设备 IP 重置为自动获取模式,即可开始常规 OpenWrt 配置了

**** 开启 5G 网络

这款设备的 OpenWrt 固件生成依然是遵循了极简原则,于是需要在配置好网络连接后自行安装 5G 网络驱动模块。其 MT7612E 5G 芯片被包含在 kmod-mt76 软件包中

opkg update && opkg install kmod-mt76

之后重新启动路由器,便可以在 LuCI 中看到 5G 网络的 radio 选项了。

**** 总结

和使用 Qulcomm Atheros 方案或者更高档次的 MT7621 双核方案相比,这个百兆双无线的无线路由器的价格优势显著,配合良好的 OpenWrt 支持及便利的刷机方式,那个 USB 2.0 接口可以玩转很多有趣的事情。

OpenWrt Wiki: Lenovo Y1

存在几个问题:1、刷完,三个网口顺序和原版是颠倒的。2、5G WiFi 设置参数后似乎没有办法立刻生效,UMU 都是 reboot 一下解决。