Category: Tech

在OpenWRT路由器上，安装和配置WireGuard AzireVPN 有一篇很好的文章讲解了安装和配置的过程，这里将要点重复一下。首先是安装OpenWRT到路由器，我使用的是小米路由器Mini，安装的是OpenWrt 18.06.1，下载地址为https://downloads.openwrt.org/releases/18.06.1/targets/ramips/mt7620/openwrt-18.06.1-ramips-mt7620-miwifi-mini-squashfs-sysupgrade.bin， 官方安装教程https://openwrt.org/toh/xiaomi/mini ,刷机后默认前指示灯为红色，不是刷机失败。刷机完成后网线插入LAN口，访问192.168.1.1，默认密码为空，登陆后设置密码，然后开启WiFi功能，radio0是5G，radio1是2.4G。默认的LAN地址是192.168.1.1，如果做二级路由可能有冲突，所以我通过SSH改为192.168.31.1，通过Luci图形界面修改是不行的。 重启后就需要访问192.168.31.1来进入Luci界面和SSH到路由器了。接下来是安装WireGuard： 重启后进入Network->Interfaces，添加新的网络，Name填WG0，Protocol选择WireGuard VPN，回到Interfaces，配置新添加的接口，General Setup根据TunSafe下载的配置文件填写，如果申请了AzireVPN的WireGuard测试节点，同样可以将下载的配置填入相应的字段。需要注意的是Allowed IPs为0.0.0.0/0时外网流量才走VPN。Firewall Settings里Create / Assign firewall-zone填写wg，即新建一个名为wg的区域。若配置没有问题，可进入Status->WireGuard Status查看状态，Latest Handshake应该出现，Data Received应该不为零。接下来配置防火墙，进入Network->Firewall,Zones 编辑lan，Allow forward to destination zones: 选择wan和wg0，保存。回到防火墙，配置wg，Input->reject，outpub->accept，Forward->reject，Masquerading->yes，MSS clamping->yes。 执行opkg update测试网络。这时还不能上Google进行测试，因为还没有配置正确的DNS。在Network->Interfaces->WAN->Edit，Advanced Settings，取消Use DNS servers advertised by peer后的对勾，保存。在Network->DHCP and DNS，DNS forwardings填入8.8.8.8，滚动到最下面点击保存，进入System->Reboot，重新启动。到现在为止已经可以访问Google了，PS4的联机网络测试NAT类型为NAT2，Ping值根据地理位置和网络情况而定，并不一定有直连好，如果WireGuard服务器在国内的话应该能在实现NAT2的同时保存较好的网络延迟。最后做的优化就是PS4游戏更新的下载速度。因为PS4在国内有CDN服务器，所以下载游戏还是要走国内网络。断开路由器的连接，电脑直连ISP网络，使用nslookup 查看gs2.ww.prod.dl.playstation.net的IP地址。 也可以访问ipip.net CDN 查询 选择离自己最近的测试点，填入gs2.ww.prod.dl.playstation.net查询，Ping解析出来的CDN域名，选择延迟最低的IP，填入OpenWRT的/etc/hosts文件里： 其中gs2.ww.prod.dl.playstation.net是游戏下载服务器的域名，post.net.playstation.net是上传测试的域名，填入hosts文件后OpenWRT会将DNS解析为指定IP，再添加路由表让指定IP不走VPN。进入Network->Static Routes，添加IPv4路由表，Interface选择wan，Target为Hosts中的IP， IPv4-Netmask可为空或者填写255.255.255.255，IPv4-Gateway填写上级路由的网关地址，Route type为unicast。Hosts文件中有几个固定IP就添加几条静态路由。注意网关地址为上级路由器的网关地址，不是192.168.31.1。PS4的DNS要使用DHCP分配的路由器DNS服务器才会生效。测试可以Ping 222.138.6.98看延迟是否增加，或者tracert 222.138.6.98查看是否全部走国内地址，可以使用PS4的网络测试查看下载速度和上传速度，同时观察WireGuard Status的流量是否增加。最终效果就是获得了NAT2的网络，又不影响游戏下载速度。网络延迟和丢包可以在接入路由器的电脑上测试，接入该路由器的设备都会使用VPN作为网络出口。参考链接：AzireVPNTunSafeOpenWRTHow to configure WireGuard on OpenWrt/LEDE using LuCi———- OpenWRT路由器上，使用chnroute.sh 环境准备，将ftp.apnic.net添加到静态路由，防止通过VPN连接失败。 固定IP地址添加到…

Introduction Often web servers (or hosting subscriptions) are writing in tmp folder. Therefore, it’s good to keep the tmp folder clean and safe. A good way to secure your tmp folder on a linux machine is to disallow script execution in the tmp folder. I will show you how to check and secure your tmp…

Introduction In this tutorial I will show you how to install SolusVM with 2 nodes, 1 as master with OpenVZ virtualization and 1 as a slave with KVM virtualization. Prerequisites 2 servers with root access Step 1 – Order your servers Login to your account, for example at Hetzner from Hetzner Accounts Choose the master servers…

Introduction Before you start installing the WordPress CMS on the server, you must meet the following conditions: Prerequisites Server with Operating System Linux CentOS 7 Minimal Installation ISO LAMP Stack (Linux, Apache, MySQL, PHP), if you don’t have it installed, please follow this tutorial Root access SSH Tools Putty For Windows OpenSSH in Linux/macOS (available by default)…

Introduction In this tutorial, I explain how to install the IonCube Loader on CentOS6. IonCube was founded in 2002, and introduced tools to protect software written using the PHP programming language from being viewed, changed, and run on unlicensed computers. The encoding technology grew out of earlier work on the PHP Accelerator project, and at…

Introduction In this tutorial, I will show you how to set up a GitLab CE server on a Hetzner Cloud server using docker and docker-compose. As reverse proxy and to provide a LetsEncrypt certificate we use Traefik. Also, we provide a docker image registry with GitLab. Prerequisites A Hetzner Cloud machine (I recommend at least…

Introduction This tutorials is about installing and configuring SteamCMD on Linux systems. The installation and setup of game servers is covered in subsequent tutorials. Game server tutorials: Counter-Strike: Global Offensive Requirements An x86 / x64 compatible system Linux operating system Step 1 – Preparations Create a new user to run SteamCMD and the game servers:…

Introduction This article is about installing and configuring a CSGO game server on Linux systems. Requirements An x86 / x64 compatible system Ubuntu 16.04 LTS Installed steamcmd CX21 server or better Step 1 – Preparations Creating the CSGO server folder, where the server files will be found: All commands should be executed as steamcmd user. Step 2 –…

Introduction If you forget your root MySQL or MariaDB password, don’t worry! It can be reset easily with this tutorial. Prerequisites To recover your MySQL or MariaDB password, make sure you are logged into your server with a sudo user. Step 1 – Stop the MySQL/MariaDB Service Before you can reset the root password, you must…

Introduction This tutorial will guide you through the installation of Rancher, an Open Source multi-cluster management solution, based on Kubernetes. Rancher will unleash the full power of cloud servers by easily creating and maintaining your own Kubernetes cluster through a clean and unobtrusive UI. This tutorial guides through a “single node” installation of Rancher. This means we…