Hexor/house-of-vanity.github.io
1
0
Fork 0
mirror of https://github.com/house-of-vanity/house-of-vanity.github.io.git synced 2025-08-21 23:17:22 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Deploy house-of-vanity/house-of-vanity.github.io to house-of-vanity/house-of-vanity.github.io:gh-pages

Browse Source
This commit is contained in:
GitHub Actions
2025-06-16 15:44:41 +00:00
commit 39256f4a65
70 changed files with 9189 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

267
posts/arch-repo/index.html Normal file
View File

@@ -0,0 +1,267 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>
Own Arch Linux Repository
</title>
<meta property="og:title" content="Own Arch Linux Repository" />
<meta property="og:description" content="self-hosted repository for your own Arch Linux packages" />
<meta name="description" content="self-hosted repository for your own Arch Linux packages" />
<link rel="icon" type="image/png" href=&#x2F;icon&#x2F;favicon.png />
<!-- Global site tag (gtag.js) - Google Analytics -->
<script async src="https://www.googletagmanager.com/gtag/js?id=G-ZQB83ET6VX"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'G-ZQB83ET6VX');
</script>
<script src=//btwiusearch.net/js/feather.min.js></script>
<link href=//btwiusearch.net/css/fonts.css rel="stylesheet" />
<link rel="stylesheet" type="text/css" media="screen" href=//btwiusearch.net/css/main.css />
<link
rel="stylesheet"
id="darkModeStyle"
type="text/css"
href=//btwiusearch.net/css/dark.css
disabled
/>
</head>
<body>
<div class="content">
<header>
<div class="main" id="main_title">
<a href=&#x2F;&#x2F;btwiusearch.net>btwiusearch.net</a>
</div>
<nav>
<a href=&#x2F;>Home</a>
<a href=&#x2F;posts>All posts</a>
<a href=&#x2F;about>About</a>
<a href=&#x2F;tags>Tags</a>
<a href=&#x2F;arch_repo&#x2F;>Private Arch Linux repo</a>
|
<a href=&#x2F;>en</a>
| <a id="dark-mode-toggle" onclick="toggleTheme()" href=""></a>
<script src=//btwiusearch.net/js/themetoggle.js></script>
</nav>
</header>
<main>
<article>
<div class="title">
<h1 class="title">Own Arch Linux Repository</h1>
<div class="meta">
Published by <a href="https:&#x2F;&#x2F;github.com&#x2F;house-of-vanity" target="_blank">@ultradesu</a>
on 2020-07-14
</div>
</div>
<section class="body">
<h2 id="prerequisites">Prerequisites</h2>
<ul>
<li>Ubuntu Server with Nginx and Docker</li>
</ul>
<hr />
<h2 id="creating-repository">Creating repository</h2>
<p>Repository database is managed via <code>repo-add</code> script bundled with Arch Linux <code>pacman</code> package manager. Since pacman is not available in Ubuntu repository I use docker <code>archlinux</code> image for managing repository. This guide assumes that repository located in <code>/srv/arch-repo</code>. First of all move all your packages into /srv/arch-repo. Following command will create or update repository database.</p>
<pre data-lang="sh" style="background-color:#f9f9f9;color:#111111;" class="language-sh "><code class="language-sh" data-lang="sh"><span style="color:#c82728;">REPO_URL</span><span style="color:#3e999f;">=</span><span style="color:#839c00;">repo.sun.hexor.ru
</span><span style="color:#c82728;">REPO_PATH</span><span style="color:#3e999f;">=</span><span style="color:#839c00;">/srv/arch-repo
</span><span style="color:#c82728;">docker</span><span style="color:#4271ae;"> run</span><span style="color:#f07219;"> -v </span><span style="color:#4271ae;">${</span><span style="color:#c82728;">REPO_PATH</span><span style="color:#4271ae;">}:/repo</span><span style="color:#f07219;"> --rm</span><span style="color:#4271ae;"> archlinux \
</span><span style="color:#4271ae;">bash</span><span style="color:#f07219;"> -c </span><span style="color:#839c00;">&quot;repo-add /repo/${</span><span style="color:#c82728;">REPO_URL</span><span style="color:#839c00;">}.db.tar.gz /repo/*pkg.tar.zst&quot;
</span></code></pre>
<h3 id="important-aspect"><strong>Important aspect</strong></h3>
<ul>
<li>Name of the database should be REPO_URL.db.tar.gz, in this case REPO_URL is repo.sun.hexor.ru.</li>
</ul>
<hr />
<h2 id="periodically-database-repo-update">Periodically database repo update</h2>
<p>I use systemd:</p>
<pre data-lang="ini" style="background-color:#f9f9f9;color:#111111;" class="language-ini "><code class="language-ini" data-lang="ini"><span style="color:#8e908c;"># Service unit
</span><span style="color:#8e908c;"># /etc/systemd/system/update-arch-repo.service
</span><span style="color:#8959a8;">[Unit]
</span><span style="color:#f07219;">Description</span><span style="color:#3e999f;">=</span><span>Updating arch linux repository database for </span><span style="color:#8959a8;">%I
</span><span style="color:#f07219;">Requires</span><span style="color:#3e999f;">=</span><span>docker</span><span style="color:#3e999f;">.</span><span>service
</span><span>
</span><span style="color:#8959a8;">[Service]
</span><span style="color:#f07219;">ExecStart</span><span style="color:#3e999f;">=/</span><span>usr</span><span style="color:#3e999f;">/</span><span>bin</span><span style="color:#3e999f;">/</span><span>docker run </span><span style="color:#3e999f;">-</span><span>v </span><span style="color:#3e999f;">/</span><span>srv</span><span style="color:#3e999f;">/</span><span>arch</span><span style="color:#3e999f;">-</span><span>repo</span><span style="color:#3e999f;">:/</span><span>repo </span><span style="color:#3e999f;">--</span><span>rm archlinux bash </span><span style="color:#3e999f;">-</span><span>c </span><span style="color:#839c00;">&quot;repo-add /repo/%i.db.tar.gz /repo/*pkg.tar.zst&quot;
</span><span>
</span><span style="color:#8959a8;">[Install]
</span><span style="color:#f07219;">WantedBy</span><span style="color:#3e999f;">=</span><span>multi</span><span style="color:#3e999f;">-</span><span>user</span><span style="color:#3e999f;">.</span><span>target
</span></code></pre>
<pre data-lang="ini" style="background-color:#f9f9f9;color:#111111;" class="language-ini "><code class="language-ini" data-lang="ini"><span style="color:#8e908c;"># Timer unit
</span><span style="color:#8e908c;"># /etc/systemd/system/update-arch-repo.timer
</span><span style="color:#8959a8;">[Unit]
</span><span style="color:#f07219;">Description</span><span style="color:#3e999f;">=</span><span>Schedule arch repo database update for </span><span style="color:#8959a8;">%I
</span><span>
</span><span style="color:#8959a8;">[Timer]
</span><span style="color:#8e908c;"># every 15 minutes
</span><span style="color:#f07219;">OnCalendar</span><span style="color:#3e999f;">=*:</span><span style="color:#f07219;">0</span><span style="color:#3e999f;">/</span><span style="color:#f07219;">15
</span><span>
</span><span style="color:#8959a8;">[Install]
</span><span style="color:#f07219;">WantedBy</span><span style="color:#3e999f;">=</span><span>timers</span><span style="color:#3e999f;">.</span><span>target
</span></code></pre>
<p>Activate timer:</p>
<pre data-lang="sh" style="background-color:#f9f9f9;color:#111111;" class="language-sh "><code class="language-sh" data-lang="sh"><span style="color:#c82728;">REPO_URL</span><span style="color:#3e999f;">=</span><span style="color:#839c00;">repo.sun.hexor.ru
</span><span style="color:#c82728;">systemctl</span><span style="color:#4271ae;"> enable update-arch-repo@${</span><span style="color:#c82728;">REPO_URL</span><span style="color:#4271ae;">}.timer
</span></code></pre>
<h2 id="reverse-proxy-for-https-access">Reverse proxy for HTTPS access</h2>
<p>I use NGINX</p>
<pre data-lang="js" style="background-color:#f9f9f9;color:#111111;" class="language-js "><code class="language-js" data-lang="js"><span style="color:#c82728;">server </span><span>{
</span><span> </span><span style="color:#c82728;">server_name repo</span><span>.</span><span style="color:#c82728;">sun</span><span>.</span><span style="color:#c82728;">hexor</span><span>.</span><span style="color:#c82728;">ru</span><span>;
</span><span> </span><span style="color:#c82728;">listen </span><span>[::]:</span><span style="color:#f07219;">443 </span><span style="color:#c82728;">ssl</span><span>;
</span><span> </span><span style="color:#c82728;">listen </span><span style="color:#f07219;">443 </span><span style="color:#c82728;">ssl</span><span>;
</span><span> </span><span style="color:#c82728;">include security</span><span>.</span><span style="color:#c82728;">conf</span><span>; # </span><span style="color:#c82728;">my security options
</span><span> </span><span style="color:#c82728;">include letsencrypt</span><span>.</span><span style="color:#c82728;">conf</span><span>; # </span><span style="color:#c82728;">my ssl config</span><span>.
</span><span> root </span><span style="color:#3e999f;">/</span><span style="color:#c82728;">srv</span><span style="color:#3e999f;">/</span><span style="color:#c82728;">arch</span><span style="color:#3e999f;">-</span><span style="color:#c82728;">repo</span><span>;
</span><span> </span><span style="color:#c82728;">location </span><span style="color:#3e999f;">/ </span><span>{
</span><span> </span><span style="color:#c82728;">autoindex on</span><span>;
</span><span> </span><span style="color:#c82728;">try_files $uri $uri</span><span style="color:#3e999f;">/ =</span><span style="color:#f07219;">404</span><span>;
</span><span> }
</span><span> </span><span style="color:#c82728;">access_log </span><span style="color:#3e999f;">/</span><span style="color:#8959a8;">var</span><span>/</span><span style="color:#c82728;">log</span><span>/nginx/logs/repo.sun.hexor.ru.access.log custom;
</span><span> </span><span style="color:#c82728;">error_log </span><span style="color:#3e999f;">/</span><span style="color:#8959a8;">var</span><span>/</span><span style="color:#c82728;">log</span><span>/nginx/logs/repo.sun.hexor.ru.error.log;
</span><span>}
</span></code></pre>
<h2 id="configure-repo-on-your-machines">Configure repo on your machines</h2>
<p>Add your repo to <code>/etc/pacman.conf</code>:</p>
<pre data-lang="ini" style="background-color:#f9f9f9;color:#111111;" class="language-ini "><code class="language-ini" data-lang="ini"><span style="color:#8959a8;">[repo.sun.hexor.ru]
</span><span style="color:#f07219;">Server </span><span style="color:#3e999f;">= </span><span>https://repo.sun.hexor.ru
</span></code></pre>
</section>
<div class="post-tags">
<nav class="nav tags">
<ul class="tags">
<li><a href=//btwiusearch.net/tags/linux/>linux</a></li>
<li><a href=//btwiusearch.net/tags/nginx/>nginx</a></li>
<li><a href=//btwiusearch.net/tags/selfhosting/>selfhosting</a></li>
</ul>
</nav>
</div>
</article>
</main>
<footer>
<div style="display:flex">
<a class="soc" href=https:&#x2F;&#x2F;github.com&#x2F;house-of-vanity title=GitHub>
<i data-feather=github></i>
</a>
<a class="soc" href=tg:@ultradesu title=Telegram>
<i data-feather=send></i>
</a>
<a class="soc" href=https:&#x2F;&#x2F;www.linkedin.com&#x2F;in&#x2F;alexandr-bogomyakov-732a8a73 title=LinkedIn>
<i data-feather=linkedin></i>
</a>
<a class="soc" href=mailto:ab@hexor.cy title=E-Mail>
<i data-feather=at-sign></i>
</a>
</div>
<div class="footer-info">ver. 2.6 |
2025 © ultradesu |Powered by <a href="https://github.com/getzola/zola">Zola</a> and <a
href="https://github.com/XXXMrG/archie-zola">Archie-Zola Theme</a>
<div style="display:flex">Git tag 9d7cb16 </div>
</div>
</footer>
<script>
feather.replace();
</script>
</div>
</body>
</html>

204
posts/htpasswd/index.html Normal file
View File

@@ -0,0 +1,204 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>
.htpasswd one-liner
</title>
<meta property="og:title" content=".htpasswd one-liner" />
<meta property="og:description" content="creating password hash for Basic auth" />
<meta name="description" content="creating password hash for Basic auth" />
<link rel="icon" type="image/png" href=&#x2F;icon&#x2F;favicon.png />
<!-- Global site tag (gtag.js) - Google Analytics -->
<script async src="https://www.googletagmanager.com/gtag/js?id=G-ZQB83ET6VX"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'G-ZQB83ET6VX');
</script>
<script src=//btwiusearch.net/js/feather.min.js></script>
<link href=//btwiusearch.net/css/fonts.css rel="stylesheet" />
<link rel="stylesheet" type="text/css" media="screen" href=//btwiusearch.net/css/main.css />
<link
rel="stylesheet"
id="darkModeStyle"
type="text/css"
href=//btwiusearch.net/css/dark.css
disabled
/>
</head>
<body>
<div class="content">
<header>
<div class="main" id="main_title">
<a href=&#x2F;&#x2F;btwiusearch.net>btwiusearch.net</a>
</div>
<nav>
<a href=&#x2F;>Home</a>
<a href=&#x2F;posts>All posts</a>
<a href=&#x2F;about>About</a>
<a href=&#x2F;tags>Tags</a>
<a href=&#x2F;arch_repo&#x2F;>Private Arch Linux repo</a>
|
<a href=&#x2F;>en</a>
| <a id="dark-mode-toggle" onclick="toggleTheme()" href=""></a>
<script src=//btwiusearch.net/js/themetoggle.js></script>
</nav>
</header>
<main>
<article>
<div class="title">
<h1 class="title">.htpasswd one-liner</h1>
<div class="meta">
Published by <a href="https:&#x2F;&#x2F;github.com&#x2F;house-of-vanity" target="_blank">@ultradesu</a>
on 2020-07-13
</div>
</div>
<section class="body">
<p>It's annoying when you need apache2-utils just for creating password hash for Basic auth. So here is Shell one-liner doing it using openssl.</p>
<pre data-lang="sh" style="background-color:#f9f9f9;color:#111111;" class="language-sh "><code class="language-sh" data-lang="sh"><span style="color:#c82728;">user</span><span style="color:#3e999f;">=</span><span style="color:#839c00;">ab
</span><span style="color:#c82728;">pass</span><span style="color:#3e999f;">=</span><span style="color:#839c00;">pwd
</span><span style="color:#4271ae;">printf </span><span style="color:#839c00;">&quot;${</span><span style="color:#c82728;">user</span><span style="color:#839c00;">}:$(</span><span style="color:#c82728;">openssl</span><span style="color:#4271ae;"> passwd</span><span style="color:#f07219;"> -apr1 </span><span style="color:#4271ae;">${</span><span style="color:#c82728;">pass</span><span style="color:#4271ae;">}</span><span style="color:#839c00;">)\n&quot;
</span></code></pre>
<hr />
</section>
<div class="post-tags">
<nav class="nav tags">
<ul class="tags">
<li><a href=//btwiusearch.net/tags/linux/>linux</a></li>
<li><a href=//btwiusearch.net/tags/tools/>tools</a></li>
<li><a href=//btwiusearch.net/tags/selfhosting/>selfhosting</a></li>
</ul>
</nav>
</div>
</article>
</main>
<footer>
<div style="display:flex">
<a class="soc" href=https:&#x2F;&#x2F;github.com&#x2F;house-of-vanity title=GitHub>
<i data-feather=github></i>
</a>
<a class="soc" href=tg:@ultradesu title=Telegram>
<i data-feather=send></i>
</a>
<a class="soc" href=https:&#x2F;&#x2F;www.linkedin.com&#x2F;in&#x2F;alexandr-bogomyakov-732a8a73 title=LinkedIn>
<i data-feather=linkedin></i>
</a>
<a class="soc" href=mailto:ab@hexor.cy title=E-Mail>
<i data-feather=at-sign></i>
</a>
</div>
<div class="footer-info">ver. 2.6 |
2025 © ultradesu |Powered by <a href="https://github.com/getzola/zola">Zola</a> and <a
href="https://github.com/XXXMrG/archie-zola">Archie-Zola Theme</a>
<div style="display:flex">Git tag 9d7cb16 </div>
</div>
</footer>
<script>
feather.replace();
</script>
</div>
</body>
</html>

223
posts/index.html Normal file
View File

@@ -0,0 +1,223 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>
btwiusearch.net
</title>
<meta property="og:title" content="btwiusearch.net" />
<meta property="og:description" content="My own small public place" />
<meta name="description" content="My own small public place" />
<link rel="icon" type="image/png" href=&#x2F;icon&#x2F;favicon.png />
<!-- Global site tag (gtag.js) - Google Analytics -->
<script async src="https://www.googletagmanager.com/gtag/js?id=G-ZQB83ET6VX"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'G-ZQB83ET6VX');
</script>
<script src=//btwiusearch.net/js/feather.min.js></script>
<link href=//btwiusearch.net/css/fonts.css rel="stylesheet" />
<link rel="stylesheet" type="text/css" media="screen" href=//btwiusearch.net/css/main.css />
<link
rel="stylesheet"
id="darkModeStyle"
type="text/css"
href=//btwiusearch.net/css/dark.css
disabled
/>
</head>
<body>
<div class="content">
<header>
<div class="main" id="main_title">
<a href=&#x2F;&#x2F;btwiusearch.net>btwiusearch.net</a>
</div>
<nav>
<a href=&#x2F;>Home</a>
<a href=&#x2F;posts>All posts</a>
<a href=&#x2F;about>About</a>
<a href=&#x2F;tags>Tags</a>
<a href=&#x2F;arch_repo&#x2F;>Private Arch Linux repo</a>
|
<a href=&#x2F;>en</a>
| <a id="dark-mode-toggle" onclick="toggleTheme()" href=""></a>
<script src=//btwiusearch.net/js/themetoggle.js></script>
</nav>
</header>
<h1 class="page-title">All articles</h1>
<ul class="posts">
<li class="post">
<a href="&#x2F;&#x2F;btwiusearch.net&#x2F;posts&#x2F;openwrt-shadowsocks&#x2F;">Shadowsocks on OpenWRT</a>
<span class="meta">2025-06-16</span>
</li>
<li class="post">
<a href="&#x2F;&#x2F;btwiusearch.net&#x2F;posts&#x2F;japan-visa&#x2F;">Multiple-Entry Visa to Japan</a>
<span class="meta">2025-05-15</span>
</li>
<li class="post">
<a href="&#x2F;&#x2F;btwiusearch.net&#x2F;posts&#x2F;wg-over-udp2raw&#x2F;">WireGuard over udp2raw</a>
<span class="meta">2024-10-25</span>
</li>
<li class="post">
<a href="&#x2F;&#x2F;btwiusearch.net&#x2F;posts&#x2F;run-arm64-vm-on-amd64&#x2F;">Run arm64 VM on amd64</a>
<span class="meta">2024-10-12</span>
</li>
<li class="post">
<a href="&#x2F;&#x2F;btwiusearch.net&#x2F;posts&#x2F;wg-xray&#x2F;">WireGuard over Xray VLESS Protocol</a>
<span class="meta">2024-10-04</span>
</li>
<li class="post">
<a href="&#x2F;&#x2F;btwiusearch.net&#x2F;posts&#x2F;stunnel-tls&#x2F;">Expose service via TLS stunnel</a>
<span class="meta">2023-12-18</span>
</li>
<li class="post">
<a href="&#x2F;&#x2F;btwiusearch.net&#x2F;posts&#x2F;private-vpn&#x2F;">Private WireGuard telegram bot</a>
<span class="meta">2023-08-25</span>
</li>
<li class="post">
<a href="&#x2F;&#x2F;btwiusearch.net&#x2F;posts&#x2F;torrent&#x2F;">qBittornt web via VPN</a>
<span class="meta">2023-08-25</span>
</li>
<li class="post">
<a href="&#x2F;&#x2F;btwiusearch.net&#x2F;posts&#x2F;arch-repo&#x2F;">Own Arch Linux Repository</a>
<span class="meta">2020-07-14</span>
</li>
<li class="post">
<a href="&#x2F;&#x2F;btwiusearch.net&#x2F;posts&#x2F;qemu&#x2F;">KVM&#x2F;QEMU self hosted hypervisor</a>
<span class="meta">2020-07-14</span>
</li>
<li class="post">
<a href="&#x2F;&#x2F;btwiusearch.net&#x2F;posts&#x2F;htpasswd&#x2F;">.htpasswd one-liner</a>
<span class="meta">2020-07-13</span>
</li>
</ul>
<footer>
<div style="display:flex">
<a class="soc" href=https:&#x2F;&#x2F;github.com&#x2F;house-of-vanity title=GitHub>
<i data-feather=github></i>
</a>
<a class="soc" href=tg:@ultradesu title=Telegram>
<i data-feather=send></i>
</a>
<a class="soc" href=https:&#x2F;&#x2F;www.linkedin.com&#x2F;in&#x2F;alexandr-bogomyakov-732a8a73 title=LinkedIn>
<i data-feather=linkedin></i>
</a>
<a class="soc" href=mailto:ab@hexor.cy title=E-Mail>
<i data-feather=at-sign></i>
</a>
</div>
<div class="footer-info">ver. 2.6 |
2025 © ultradesu |Powered by <a href="https://github.com/getzola/zola">Zola</a> and <a
href="https://github.com/XXXMrG/archie-zola">Archie-Zola Theme</a>
<div style="display:flex">Git tag 9d7cb16 </div>
</div>
</footer>
<script>
feather.replace();
</script>
</div>
</body>
</html>

275
posts/japan-visa/index.html Normal file
View File

@@ -0,0 +1,275 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>
Multiple-Entry Visa to Japan
</title>
<meta property="og:title" content="Multiple-Entry Visa to Japan" />
<meta property="og:description" content="How to Obtain a Multiple-Entry Visa to Japan" />
<meta name="description" content="How to Obtain a Multiple-Entry Visa to Japan" />
<link rel="icon" type="image/png" href=&#x2F;icon&#x2F;favicon.png />
<!-- Global site tag (gtag.js) - Google Analytics -->
<script async src="https://www.googletagmanager.com/gtag/js?id=G-ZQB83ET6VX"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'G-ZQB83ET6VX');
</script>
<script src=//btwiusearch.net/js/feather.min.js></script>
<link href=//btwiusearch.net/css/fonts.css rel="stylesheet" />
<link rel="stylesheet" type="text/css" media="screen" href=//btwiusearch.net/css/main.css />
<link
rel="stylesheet"
id="darkModeStyle"
type="text/css"
href=//btwiusearch.net/css/dark.css
disabled
/>
</head>
<body>
<div class="content">
<header>
<div class="main" id="main_title">
<a href=&#x2F;&#x2F;btwiusearch.net>btwiusearch.net</a>
</div>
<nav>
<a href=&#x2F;>Home</a>
<a href=&#x2F;posts>All posts</a>
<a href=&#x2F;about>About</a>
<a href=&#x2F;tags>Tags</a>
<a href=&#x2F;arch_repo&#x2F;>Private Arch Linux repo</a>
|
<a href=&#x2F;>en</a>
| <a id="dark-mode-toggle" onclick="toggleTheme()" href=""></a>
<script src=//btwiusearch.net/js/themetoggle.js></script>
</nav>
</header>
<main>
<article>
<div class="title">
<h1 class="title">Multiple-Entry Visa to Japan</h1>
<div class="meta">
Published by <a href="https:&#x2F;&#x2F;github.com&#x2F;house-of-vanity" target="_blank">@ultradesu</a>
on 2025-05-15
</div>
</div>
<section class="body">
<h2 id="multiple-entry-visa-overview">✈️ 🇯🇵 Multiple-Entry Visa Overview</h2>
<ul>
<li><strong>Processing Time</strong>: 57 business days</li>
<li><strong>Fee</strong>: Free of charge for Russian citizens</li>
<li><strong>Validity</strong>: Typically up to 3 years</li>
</ul>
<p>To be eligible for a multiple-entry visa to Japan:</p>
<ul>
<li>You must have visited Japan at least <strong>once in the past 3 years</strong></li>
<li>You must be able to demonstrate <strong>sufficient financial means</strong> to support travel</li>
</ul>
<h3 id="default-stay-duration-pro-tip">🗓️ Default Stay Duration &amp; Pro Tip</h3>
<p>Even with a <strong>multiple-entry visa</strong>, the default allowed stay is usually <strong>15 days per visit</strong>.<br />
However, if your <strong>first trip is longer than 15 days</strong>, immigration may automatically grant you a longer stay period:</p>
<ul>
<li>First trip over 15 days → future stays up to 30 days</li>
<li>First trip over 30 days → future stays may allow up to 90 days</li>
</ul>
<p>Just make sure your travel itinerary reflects the longer stay for the first visit.</p>
<blockquote>
<p><em>This guide is based on personal experience applying from Cyprus and Russia. The process is generally similar in other countries.</em></p>
</blockquote>
<hr />
<h2 id="required-documents">Required Documents</h2>
<p>Submit all documents in the following order. Embassies do <strong>not</strong> help rearrange papers during submission.</p>
<ol>
<li><strong>Valid Passport</strong></li>
<li><strong>Proof of Legal Stay</strong>
<ul>
<li>Cyprus: Cyprus Residence Permit</li>
<li>Russia: Internal (domestic) passport</li>
</ul>
</li>
<li><strong>Two Photos (35×45 mm)</strong></li>
<li><strong>Two Visa Application Forms</strong> (<a href="https://www.mofa.go.jp/files/000124525.pdf">form link</a>)</li>
<li><strong>Statement of Purpose</strong> (why you need a multiple-entry visa)</li>
<li><strong>Proof of Financial Capability</strong>
<ul>
<li>3 months of bank statements</li>
<li>Employment certificate with annual income</li>
<li>Savings or investment documents</li>
</ul>
</li>
<li><strong>Detailed Travel Itinerary</strong> (<a href="https://www.mofa.go.jp/files/000262548.pdf">template</a>)</li>
<li><strong>Round-Trip Flight Reservation</strong></li>
<li><strong>Hotel Booking Confirmation</strong></li>
<li><strong>Proof of Eligibility</strong>
<ul>
<li>Past visits to Japan (within 3 years)</li>
<li>Employment + financial stability</li>
</ul>
</li>
</ol>
<blockquote>
<p>You must meet at least one:<br />
① Recent short-term visit to Japan<br />
② Stable job and sufficient income</p>
</blockquote>
<hr />
<h2 id="document-examples">Document Examples</h2>
<ul>
<li><a href="https://docs.hexor.cy/share/DocN5bwWNWnOZynOQpMjuX0vPSPRHwj10e53ToKfnZkOxBHx7n">Visa Application Form (Example)</a></li>
<li><a href="https://docs.hexor.cy/share/yx9cpqVrvO63Eilr3PYZjYdzLFqZVEzfhm9XiSpiK27qOmTDd5">Statement of Purpose (Example)</a></li>
<li><a href="https://docs.hexor.cy/share/i5VyaWEipVSLkGxwzgxXKwXvuOaeAQ1fpejuGcuOVy1kT77FtN">Itinerary in Japan (Example)</a></li>
</ul>
<hr />
<h2 id="procedure">Procedure</h2>
<h3 id="1-prepare-documents">1. Prepare Documents</h3>
<p>Gather and fill out <strong>all</strong> required documents in advance. Appointments are often available within a few days, especially in Cyprus.</p>
<h3 id="2-book-appointment-by-email">2. Book Appointment by Email</h3>
<p>Send a request by email to the local consulate. You can also ask questions about your case or required documents.</p>
<hr />
<h2 id="contacts">Contacts</h2>
<h3 id="embassy-in-cyprus">Embassy in Cyprus</h3>
<p>🌐 <a href="https://www.cy.emb-japan.go.jp/files/visa.html">Visa Page</a><br />
📧 <a href="mailto:cy-ryouji@cy.mofa.go.jp">cy-ryouji@cy.mofa.go.jp</a>
📞 +357 22 394 800</p>
<h3 id="consulate-in-khabarovsk">Consulate in Khabarovsk</h3>
<h2 id="globe-with-meridians-visa-pagee-mail-ryojibu-kh-mofa-go-jptelephone-receiver-7-4212-41-30-48">🌐 <a href="https://www.khabarovsk.ru.emb-japan.go.jp/itpr_ru/visa.html">Visa Page</a><br />
📧 <a href="mailto:ryojibu@kh.mofa.go.jp?subject=%D0%B2%D0%BE%D0%BF%D1%80%D0%BE%D1%81%20%D0%BF%D0%BE%20%D0%B2%D0%B8%D0%B7%D0%B5">ryojibu@kh.mofa.go.jp</a><br />
📞 +7 (4212) 41-30-48</h2>
</section>
<div class="post-tags">
<nav class="nav tags">
<ul class="tags">
<li><a href=//btwiusearch.net/tags/travel/>travel</a></li>
</ul>
</nav>
</div>
</article>
</main>
<footer>
<div style="display:flex">
<a class="soc" href=https:&#x2F;&#x2F;github.com&#x2F;house-of-vanity title=GitHub>
<i data-feather=github></i>
</a>
<a class="soc" href=tg:@ultradesu title=Telegram>
<i data-feather=send></i>
</a>
<a class="soc" href=https:&#x2F;&#x2F;www.linkedin.com&#x2F;in&#x2F;alexandr-bogomyakov-732a8a73 title=LinkedIn>
<i data-feather=linkedin></i>
</a>
<a class="soc" href=mailto:ab@hexor.cy title=E-Mail>
<i data-feather=at-sign></i>
</a>
</div>
<div class="footer-info">ver. 2.6 |
2025 © ultradesu |Powered by <a href="https://github.com/getzola/zola">Zola</a> and <a
href="https://github.com/XXXMrG/archie-zola">Archie-Zola Theme</a>
<div style="display:flex">Git tag 9d7cb16 </div>
</div>
</footer>
<script>
feather.replace();
</script>
</div>
</body>
</html>

267
posts/openwrt-shadowsocks/index.html Normal file
View File

@@ -0,0 +1,267 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>
Shadowsocks on OpenWRT
</title>
<meta property="og:title" content="Shadowsocks on OpenWRT" />
<meta property="og:description" content="Setup shadowsocks on OpenWRT for all clients" />
<meta name="description" content="Setup shadowsocks on OpenWRT for all clients" />
<link rel="icon" type="image/png" href=&#x2F;icon&#x2F;favicon.png />
<!-- Global site tag (gtag.js) - Google Analytics -->
<script async src="https://www.googletagmanager.com/gtag/js?id=G-ZQB83ET6VX"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'G-ZQB83ET6VX');
</script>
<script src=//btwiusearch.net/js/feather.min.js></script>
<link href=//btwiusearch.net/css/fonts.css rel="stylesheet" />
<link rel="stylesheet" type="text/css" media="screen" href=//btwiusearch.net/css/main.css />
<link
rel="stylesheet"
id="darkModeStyle"
type="text/css"
href=//btwiusearch.net/css/dark.css
disabled
/>
</head>
<body>
<div class="content">
<header>
<div class="main" id="main_title">
<a href=&#x2F;&#x2F;btwiusearch.net>btwiusearch.net</a>
</div>
<nav>
<a href=&#x2F;>Home</a>
<a href=&#x2F;posts>All posts</a>
<a href=&#x2F;about>About</a>
<a href=&#x2F;tags>Tags</a>
<a href=&#x2F;arch_repo&#x2F;>Private Arch Linux repo</a>
|
<a href=&#x2F;>en</a>
| <a id="dark-mode-toggle" onclick="toggleTheme()" href=""></a>
<script src=//btwiusearch.net/js/themetoggle.js></script>
</nav>
</header>
<main>
<article>
<div class="title">
<h1 class="title">Shadowsocks on OpenWRT</h1>
<div class="meta">
Published by <a href="https:&#x2F;&#x2F;github.com&#x2F;house-of-vanity" target="_blank">@ultradesu</a>
on 2025-06-16
</div>
</div>
<section class="body">
<h1 id="shadowsocks-libev-openwrt-hardware-switch-on-gl-inet">Shadowsocks-libev + OpenWRT + Hardware Switch on GL.iNet</h1>
<h2 id="1-install-packages">1. Install packages</h2>
<pre data-lang="sh" style="background-color:#f9f9f9;color:#111111;" class="language-sh "><code class="language-sh" data-lang="sh"><span style="color:#c82728;">opkg</span><span style="color:#4271ae;"> update
</span><span style="color:#c82728;">opkg</span><span style="color:#4271ae;"> install \
</span><span style="color:#4271ae;"> luci-app-shadowsocks-libev \
</span><span style="color:#4271ae;"> shadowsocks-libev-ss-redir \
</span><span style="color:#4271ae;"> shadowsocks-libev-config
</span></code></pre>
<hr />
<h2 id="2-add-server-redir-instance">2. Add server + redir instance</h2>
<pre data-lang="sh" style="background-color:#f9f9f9;color:#111111;" class="language-sh "><code class="language-sh" data-lang="sh"><span style="color:#c82728;">SERVER_NAME</span><span style="color:#3e999f;">=</span><span style="color:#839c00;">&#39;Bulgaria&#39;
</span><span style="color:#c82728;">SERVER_ADDRESS</span><span style="color:#3e999f;">=</span><span style="color:#839c00;">&#39;1.1.1.1&#39;
</span><span style="color:#c82728;">SERVER_PORT</span><span style="color:#3e999f;">=</span><span style="color:#839c00;">38583
</span><span style="color:#c82728;">SERVER_PROTO</span><span style="color:#3e999f;">=</span><span style="color:#839c00;">&#39;chacha20-ietf-poly1305&#39;
</span><span style="color:#c82728;">SERVER_PASS</span><span style="color:#3e999f;">=</span><span style="color:#839c00;">&#39;YoUr_pASS&#39;
</span><span style="color:#c82728;">LOCAL_PORT</span><span style="color:#3e999f;">=</span><span style="color:#839c00;">12345
</span><span>
</span><span style="color:#c82728;">uci</span><span style="color:#4271ae;"> set shadowsocks-libev.$</span><span style="color:#c82728;">SERVER_NAME</span><span style="color:#4271ae;">=server
</span><span style="color:#c82728;">uci</span><span style="color:#4271ae;"> set shadowsocks-libev.$</span><span style="color:#c82728;">SERVER_NAME</span><span style="color:#4271ae;">.server=</span><span style="color:#839c00;">&quot;$</span><span style="color:#c82728;">SERVER_ADDRESS</span><span style="color:#839c00;">&quot;
</span><span style="color:#c82728;">uci</span><span style="color:#4271ae;"> set shadowsocks-libev.$</span><span style="color:#c82728;">SERVER_NAME</span><span style="color:#4271ae;">.server_port=</span><span style="color:#839c00;">&quot;$</span><span style="color:#c82728;">SERVER_PORT</span><span style="color:#839c00;">&quot;
</span><span style="color:#c82728;">uci</span><span style="color:#4271ae;"> set shadowsocks-libev.$</span><span style="color:#c82728;">SERVER_NAME</span><span style="color:#4271ae;">.method=</span><span style="color:#839c00;">&quot;$</span><span style="color:#c82728;">SERVER_PROTO</span><span style="color:#839c00;">&quot;
</span><span style="color:#c82728;">uci</span><span style="color:#4271ae;"> set shadowsocks-libev.$</span><span style="color:#c82728;">SERVER_NAME</span><span style="color:#4271ae;">.password=</span><span style="color:#839c00;">&quot;$</span><span style="color:#c82728;">SERVER_PASS</span><span style="color:#839c00;">&quot;
</span><span>
</span><span style="color:#c82728;">uci</span><span style="color:#4271ae;"> set shadowsocks-libev.VPN_redir=ss_redir
</span><span style="color:#c82728;">uci</span><span style="color:#4271ae;"> set shadowsocks-libev.VPN_redir.disabled=</span><span style="color:#839c00;">&#39;0&#39;
</span><span style="color:#c82728;">uci</span><span style="color:#4271ae;"> set shadowsocks-libev.VPN_redir.mode=</span><span style="color:#839c00;">&#39;tcp_and_udp&#39;
</span><span style="color:#c82728;">uci</span><span style="color:#4271ae;"> set shadowsocks-libev.VPN_redir.fast_open=</span><span style="color:#839c00;">&#39;1&#39;
</span><span style="color:#c82728;">uci</span><span style="color:#4271ae;"> set shadowsocks-libev.VPN_redir.no_delay=</span><span style="color:#839c00;">&#39;1&#39;
</span><span style="color:#c82728;">uci</span><span style="color:#4271ae;"> set shadowsocks-libev.VPN_redir.reuse_port=</span><span style="color:#839c00;">&#39;1&#39;
</span><span style="color:#c82728;">uci</span><span style="color:#4271ae;"> set shadowsocks-libev.VPN_redir.server=</span><span style="color:#839c00;">&quot;$</span><span style="color:#c82728;">SERVER_NAME</span><span style="color:#839c00;">&quot;
</span><span style="color:#c82728;">uci</span><span style="color:#4271ae;"> set shadowsocks-libev.VPN_redir.local_port=</span><span style="color:#839c00;">&quot;$</span><span style="color:#c82728;">LOCAL_PORT</span><span style="color:#839c00;">&quot;
</span></code></pre>
<hr />
<h2 id="3-enable-switch">3. Enable switch</h2>
<pre data-lang="sh" style="background-color:#f9f9f9;color:#111111;" class="language-sh "><code class="language-sh" data-lang="sh"><span style="color:#c82728;">uci</span><span style="color:#4271ae;"> set switch-button.@main</span><span style="color:#8959a8;">[</span><span style="color:#4271ae;">0</span><span style="color:#8959a8;">]</span><span style="color:#4271ae;">.func=</span><span style="color:#839c00;">&#39;shadowsocks&#39;
</span><span style="color:#c82728;">uci</span><span style="color:#4271ae;"> commit
</span></code></pre>
<p>Create <code>/etc/gl-switch.d/shadowsocks.sh</code>:</p>
<pre data-lang="sh" style="background-color:#f9f9f9;color:#111111;" class="language-sh "><code class="language-sh" data-lang="sh"><span style="color:#8e908c;">#!/bin/sh
</span><span style="color:#c82728;">action</span><span style="color:#3e999f;">=</span><span style="color:#839c00;">$</span><span style="color:#c82728;">1
</span><span style="color:#c82728;">port</span><span style="color:#3e999f;">=</span><span style="color:#839c00;">12345
</span><span style="color:#c82728;">chain</span><span style="color:#3e999f;">=</span><span style="color:#839c00;">SHADOWSOCKS
</span><span>
</span><span style="color:#8959a8;">if </span><span style="color:#4271ae;">[ </span><span style="color:#839c00;">&quot;$</span><span style="color:#c82728;">action</span><span style="color:#839c00;">&quot; </span><span style="color:#3e999f;">= </span><span style="color:#839c00;">&quot;on&quot; </span><span style="color:#4271ae;">]</span><span style="color:#3e999f;">; </span><span style="color:#8959a8;">then
</span><span> </span><span style="color:#8e908c;"># Start ss-redir service
</span><span> </span><span style="color:#c82728;">/etc/init.d/shadowsocks-libev</span><span style="color:#4271ae;"> start
</span><span>
</span><span> </span><span style="color:#8e908c;"># Add iptables rules
</span><span> </span><span style="color:#c82728;">iptables</span><span style="color:#f07219;"> -t</span><span style="color:#4271ae;"> nat</span><span style="color:#f07219;"> -N </span><span style="color:#4271ae;">$</span><span style="color:#c82728;">chain </span><span style="color:#f07219;">2</span><span style="color:#3e999f;">&gt;</span><span style="color:#4271ae;">/dev/null
</span><span> </span><span style="color:#c82728;">iptables</span><span style="color:#f07219;"> -t</span><span style="color:#4271ae;"> nat</span><span style="color:#f07219;"> -F </span><span style="color:#4271ae;">$</span><span style="color:#c82728;">chain
</span><span> </span><span style="color:#c82728;">iptables</span><span style="color:#f07219;"> -t</span><span style="color:#4271ae;"> nat</span><span style="color:#f07219;"> -A </span><span style="color:#4271ae;">$</span><span style="color:#c82728;">chain</span><span style="color:#f07219;"> -d</span><span style="color:#4271ae;"> 192.168.0.0/16</span><span style="color:#f07219;"> -j</span><span style="color:#4271ae;"> RETURN
</span><span> </span><span style="color:#c82728;">iptables</span><span style="color:#f07219;"> -t</span><span style="color:#4271ae;"> nat</span><span style="color:#f07219;"> -A </span><span style="color:#4271ae;">$</span><span style="color:#c82728;">chain</span><span style="color:#f07219;"> -p</span><span style="color:#4271ae;"> tcp</span><span style="color:#f07219;"> -j</span><span style="color:#4271ae;"> REDIRECT</span><span style="color:#f07219;"> --to-ports </span><span style="color:#4271ae;">$</span><span style="color:#c82728;">port
</span><span> </span><span style="color:#c82728;">iptables</span><span style="color:#f07219;"> -t</span><span style="color:#4271ae;"> nat</span><span style="color:#f07219;"> -A</span><span style="color:#4271ae;"> PREROUTING</span><span style="color:#f07219;"> -i</span><span style="color:#4271ae;"> br-lan</span><span style="color:#f07219;"> -p</span><span style="color:#4271ae;"> tcp</span><span style="color:#f07219;"> -j </span><span style="color:#4271ae;">$</span><span style="color:#c82728;">chain
</span><span>
</span><span> </span><span style="color:#8e908c;"># Drop existing connections
</span><span> </span><span style="color:#c82728;">conntrack</span><span style="color:#f07219;"> -F
</span><span style="color:#8959a8;">else
</span><span> </span><span style="color:#8e908c;"># Delete iptables rules
</span><span> </span><span style="color:#c82728;">iptables</span><span style="color:#f07219;"> -t</span><span style="color:#4271ae;"> nat</span><span style="color:#f07219;"> -D</span><span style="color:#4271ae;"> PREROUTING</span><span style="color:#f07219;"> -i</span><span style="color:#4271ae;"> br-lan</span><span style="color:#f07219;"> -p</span><span style="color:#4271ae;"> tcp</span><span style="color:#f07219;"> -j </span><span style="color:#4271ae;">$</span><span style="color:#c82728;">chain
</span><span> </span><span style="color:#c82728;">iptables</span><span style="color:#f07219;"> -t</span><span style="color:#4271ae;"> nat</span><span style="color:#f07219;"> -F </span><span style="color:#4271ae;">$</span><span style="color:#c82728;">chain
</span><span> </span><span style="color:#c82728;">iptables</span><span style="color:#f07219;"> -t</span><span style="color:#4271ae;"> nat</span><span style="color:#f07219;"> -X </span><span style="color:#4271ae;">$</span><span style="color:#c82728;">chain
</span><span>
</span><span> </span><span style="color:#8e908c;"># Stop ss-redir service
</span><span> </span><span style="color:#c82728;">/etc/init.d/shadowsocks-libev</span><span style="color:#4271ae;"> stop
</span><span style="color:#8959a8;">fi
</span></code></pre>
<pre data-lang="sh" style="background-color:#f9f9f9;color:#111111;" class="language-sh "><code class="language-sh" data-lang="sh"><span style="color:#c82728;">chmod</span><span style="color:#4271ae;"> +x /etc/gl-switch.d/shadowsocks.sh
</span></code></pre>
<p>Now you can enable Shadowsocks VPN using hardware switch on router. Also it's possible to start and stop VPN by running <code>/etc/gl-switch.d/shadowsocks.sh on/off</code></p>
</section>
<div class="post-tags">
<nav class="nav tags">
<ul class="tags">
<li><a href=//btwiusearch.net/tags/linux/>linux</a></li>
<li><a href=//btwiusearch.net/tags/networking/>networking</a></li>
<li><a href=//btwiusearch.net/tags/openwrt/>openwrt</a></li>
</ul>
</nav>
</div>
</article>
</main>
<footer>
<div style="display:flex">
<a class="soc" href=https:&#x2F;&#x2F;github.com&#x2F;house-of-vanity title=GitHub>
<i data-feather=github></i>
</a>
<a class="soc" href=tg:@ultradesu title=Telegram>
<i data-feather=send></i>
</a>
<a class="soc" href=https:&#x2F;&#x2F;www.linkedin.com&#x2F;in&#x2F;alexandr-bogomyakov-732a8a73 title=LinkedIn>
<i data-feather=linkedin></i>
</a>
<a class="soc" href=mailto:ab@hexor.cy title=E-Mail>
<i data-feather=at-sign></i>
</a>
</div>
<div class="footer-info">ver. 2.6 |
2025 © ultradesu |Powered by <a href="https://github.com/getzola/zola">Zola</a> and <a
href="https://github.com/XXXMrG/archie-zola">Archie-Zola Theme</a>
<div style="display:flex">Git tag 9d7cb16 </div>
</div>
</footer>
<script>
feather.replace();
</script>
</div>
</body>
</html>

259
posts/private-vpn/index.html Normal file
View File

@@ -0,0 +1,259 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>
Private WireGuard telegram bot
</title>
<meta property="og:title" content="Private WireGuard telegram bot" />
<meta property="og:description" content="Your own telegram bot for managing WireGuard peers" />
<meta name="description" content="Your own telegram bot for managing WireGuard peers" />
<link rel="icon" type="image/png" href=&#x2F;icon&#x2F;favicon.png />
<!-- Global site tag (gtag.js) - Google Analytics -->
<script async src="https://www.googletagmanager.com/gtag/js?id=G-ZQB83ET6VX"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'G-ZQB83ET6VX');
</script>
<script src=//btwiusearch.net/js/feather.min.js></script>
<link href=//btwiusearch.net/css/fonts.css rel="stylesheet" />
<link rel="stylesheet" type="text/css" media="screen" href=//btwiusearch.net/css/main.css />
<link
rel="stylesheet"
id="darkModeStyle"
type="text/css"
href=//btwiusearch.net/css/dark.css
disabled
/>
</head>
<body>
<div class="content">
<header>
<div class="main" id="main_title">
<a href=&#x2F;&#x2F;btwiusearch.net>btwiusearch.net</a>
</div>
<nav>
<a href=&#x2F;>Home</a>
<a href=&#x2F;posts>All posts</a>
<a href=&#x2F;about>About</a>
<a href=&#x2F;tags>Tags</a>
<a href=&#x2F;arch_repo&#x2F;>Private Arch Linux repo</a>
|
<a href=&#x2F;>en</a>
| <a id="dark-mode-toggle" onclick="toggleTheme()" href=""></a>
<script src=//btwiusearch.net/js/themetoggle.js></script>
</nav>
</header>
<main>
<article>
<div class="title">
<h1 class="title">Private WireGuard telegram bot</h1>
<div class="meta">
Published by <a href="https:&#x2F;&#x2F;github.com&#x2F;house-of-vanity" target="_blank">@ultradesu</a>
on 2023-08-25
</div>
</div>
<section class="body">
<h1 id="wireguard-peer-manager">Wireguard-Peer-Manager</h1>
<p><img src="https://user-images.githubusercontent.com/4666566/117325184-56f7f800-ae45-11eb-9003-b85aadbf5ff0.png" alt="image" /></p>
<p>That bot can add Wireguard peers to config, reload it and send client config back via Telegram. </p>
<p><mark><strong>FYI: That tool stores client private keys into server config as comments.</strong></mark></p>
<p>How to use:</p>
<pre data-lang="ini" style="background-color:#f9f9f9;color:#111111;" class="language-ini "><code class="language-ini" data-lang="ini"><span style="color:#8e908c;"># create initial wg config or use your own.
</span><span style="color:#8e908c;"># P.S. Keep in mind that WPM can&#39;t manage peers created manually
</span><span style="color:#8e908c;"># due to absence of client private key.
</span><span>
</span><span style="color:#f07219;">export CONFIG</span><span style="color:#3e999f;">=</span><span>$(cat </span><span style="color:#3e999f;">&lt;&lt;-</span><span style="color:#f07219;">END
</span><span style="color:#8959a8;">[Interface]
</span><span style="color:#f07219;">Address </span><span style="color:#3e999f;">= </span><span>10.150.200.1/24
</span><span style="color:#f07219;">ListenPort </span><span style="color:#3e999f;">= </span><span style="color:#f07219;">51820
</span><span style="color:#f07219;">PrivateKey </span><span style="color:#3e999f;">=</span><span> $(wg genkey)
</span><span style="color:#f07219;">PostUp </span><span style="color:#3e999f;">=</span><span> iptables </span><span style="color:#3e999f;">-</span><span style="color:#f07219;">A FORWARD </span><span style="color:#3e999f;">-</span><span>i </span><span style="color:#8959a8;">%i </span><span style="color:#3e999f;">-</span><span>o </span><span style="color:#8959a8;">%i </span><span style="color:#3e999f;">-</span><span>j </span><span style="color:#f07219;">ACCEPT
</span><span style="color:#f07219;">PostDown </span><span style="color:#3e999f;">=</span><span> iptables </span><span style="color:#3e999f;">-</span><span style="color:#f07219;">D FORWARD </span><span style="color:#3e999f;">-</span><span>i </span><span style="color:#8959a8;">%i </span><span style="color:#3e999f;">-</span><span>o </span><span style="color:#8959a8;">%i </span><span style="color:#3e999f;">-</span><span>j </span><span style="color:#f07219;">ACCEPT
</span><span style="color:#f07219;">SaveConfig </span><span style="color:#3e999f;">= </span><span style="color:#f07219;">false
</span><span style="color:#8959a8;">END
</span><span>)
</span><span>
</span><span style="color:#f07219;">sudo </span><span style="color:#3e999f;">-</span><span style="color:#f07219;">E</span><span> bash </span><span style="color:#3e999f;">-</span><span>c </span><span style="color:#839c00;">&#39;cat &gt; /etc/wireguard/private.conf &lt;&lt; EOF
</span><span style="color:#839c00;">${CONFIG}
</span><span style="color:#839c00;">EOF
</span><span style="color:#839c00;">&#39;
</span><span>
</span><span style="color:#f07219;">cd </span><span style="color:#3e999f;">/</span><span>etc</span><span style="color:#3e999f;">/</span><span>wiregurad
</span><span style="color:#f07219;">sudo </span><span>git clone https://github.com/house-of-vanity/Wireguard-Peer-Manager wpm
</span><span style="color:#f07219;">cd </span><span>wpm
</span><span>
</span><span style="color:#8e908c;"># install python and system requirements.
</span><span style="color:#f07219;">apt </span><span>install qrencode python3</span><span style="color:#3e999f;">-</span><span>pip
</span><span style="color:#f07219;">pip3 </span><span>install </span><span style="color:#3e999f;">-</span><span>r requirements</span><span style="color:#3e999f;">.</span><span>txt
</span><span>
</span><span style="color:#8e908c;"># Create config
</span><span style="color:#f07219;">cp </span><span>wpm_example</span><span style="color:#3e999f;">.</span><span>conf wpm</span><span style="color:#3e999f;">.</span><span>conf
</span><span>
</span><span style="color:#8e908c;"># CLI usage. Client configs saved into `clients/peer_name.{conf,-qr.png,-qr.txt}`
</span><span style="color:#f07219;">python3 </span><span>gen</span><span style="color:#3e999f;">.</span><span>py </span><span style="color:#3e999f;">--</span><span>peer my</span><span style="color:#3e999f;">-</span><span>pc </span><span style="color:#8e908c;"># add a new peer `my-pc`
</span><span style="color:#f07219;">python3 </span><span>gen</span><span style="color:#3e999f;">.</span><span>py </span><span style="color:#3e999f;">--</span><span>delete my</span><span style="color:#3e999f;">-</span><span>pc </span><span style="color:#8e908c;"># delete peer `my-pc`
</span><span style="color:#f07219;">python3 </span><span>gen</span><span style="color:#3e999f;">.</span><span>py </span><span style="color:#3e999f;">--</span><span>update </span><span style="color:#8e908c;"># just regenerate all configs in `clients/`
</span><span style="color:#f07219;">python3 </span><span>gen</span><span style="color:#3e999f;">.</span><span>py </span><span style="color:#3e999f;">--</span><span>json </span><span style="color:#8e908c;"># show WG status in JSON
</span><span>
</span><span style="color:#8e908c;"># Telegram bot usage
</span><span style="color:#f07219;">TG_TOKEN</span><span style="color:#3e999f;">=</span><span style="color:#f07219;">1292121488</span><span style="color:#3e999f;">:</span><span style="color:#f07219;">AAG</span><span style="color:#3e999f;">... </span><span style="color:#f07219;">TG_ADMIN</span><span style="color:#3e999f;">=&lt;</span><span>comma separated list of usernames</span><span style="color:#3e999f;">&gt;</span><span> python3 bot</span><span style="color:#3e999f;">.</span><span>py
</span><span>
</span></code></pre>
<h2 id="config">Config</h2>
<table><thead><tr><th>Key</th><th>Default</th><th>Description</th></tr></thead><tbody>
<tr><td>allowed_ips</td><td>0.0.0.0</td><td>allowed_ips for generated peer configs.</td></tr>
<tr><td>dns</td><td>8.8.8.8</td><td>DNS for peer configs</td></tr>
<tr><td>hostname</td><td>$(hostname -f):51820</td><td>server address for peer configs. May be an IP.</td></tr>
<tr><td>config</td><td>wg0</td><td>WireGuard config to work with.</td></tr>
</tbody></table>
<h2 id="telegram-interface">Telegram Interface</h2>
<p><img src="https://user-images.githubusercontent.com/4666566/117370133-cc31f000-ae7a-11eb-93fd-a390d2616da8.png" alt="drawing" width="450"/> <img src="https://user-images.githubusercontent.com/4666566/117377076-48323500-ae87-11eb-9602-a0cd3072ff53.png" alt="drawing" width="350"/></p>
</section>
<div class="post-tags">
<nav class="nav tags">
<ul class="tags">
<li><a href=//btwiusearch.net/tags/linux/>linux</a></li>
<li><a href=//btwiusearch.net/tags/torrent/>torrent</a></li>
<li><a href=//btwiusearch.net/tags/network/>network</a></li>
<li><a href=//btwiusearch.net/tags/selfhosting/>selfhosting</a></li>
<li><a href=//btwiusearch.net/tags/wireguard/>wireguard</a></li>
<li><a href=//btwiusearch.net/tags/vpn/>vpn</a></li>
</ul>
</nav>
</div>
</article>
</main>
<footer>
<div style="display:flex">
<a class="soc" href=https:&#x2F;&#x2F;github.com&#x2F;house-of-vanity title=GitHub>
<i data-feather=github></i>
</a>
<a class="soc" href=tg:@ultradesu title=Telegram>
<i data-feather=send></i>
</a>
<a class="soc" href=https:&#x2F;&#x2F;www.linkedin.com&#x2F;in&#x2F;alexandr-bogomyakov-732a8a73 title=LinkedIn>
<i data-feather=linkedin></i>
</a>
<a class="soc" href=mailto:ab@hexor.cy title=E-Mail>
<i data-feather=at-sign></i>
</a>
</div>
<div class="footer-info">ver. 2.6 |
2025 © ultradesu |Powered by <a href="https://github.com/getzola/zola">Zola</a> and <a
href="https://github.com/XXXMrG/archie-zola">Archie-Zola Theme</a>
<div style="display:flex">Git tag 9d7cb16 </div>
</div>
</footer>
<script>
feather.replace();
</script>
</div>
</body>
</html>

252
posts/qemu/index.html Normal file
View File

@@ -0,0 +1,252 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>
KVM&#x2F;QEMU self hosted hypervisor
</title>
<meta property="og:title" content="KVM&#x2F;QEMU self hosted hypervisor" />
<meta property="og:description" content="Installing home hypervisor with remote control" />
<meta name="description" content="Installing home hypervisor with remote control" />
<link rel="icon" type="image/png" href=&#x2F;icon&#x2F;favicon.png />
<!-- Global site tag (gtag.js) - Google Analytics -->
<script async src="https://www.googletagmanager.com/gtag/js?id=G-ZQB83ET6VX"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'G-ZQB83ET6VX');
</script>
<script src=//btwiusearch.net/js/feather.min.js></script>
<link href=//btwiusearch.net/css/fonts.css rel="stylesheet" />
<link rel="stylesheet" type="text/css" media="screen" href=//btwiusearch.net/css/main.css />
<link
rel="stylesheet"
id="darkModeStyle"
type="text/css"
href=//btwiusearch.net/css/dark.css
disabled
/>
</head>
<body>
<div class="content">
<header>
<div class="main" id="main_title">
<a href=&#x2F;&#x2F;btwiusearch.net>btwiusearch.net</a>
</div>
<nav>
<a href=&#x2F;>Home</a>
<a href=&#x2F;posts>All posts</a>
<a href=&#x2F;about>About</a>
<a href=&#x2F;tags>Tags</a>
<a href=&#x2F;arch_repo&#x2F;>Private Arch Linux repo</a>
|
<a href=&#x2F;>en</a>
| <a id="dark-mode-toggle" onclick="toggleTheme()" href=""></a>
<script src=//btwiusearch.net/js/themetoggle.js></script>
</nav>
</header>
<main>
<article>
<div class="title">
<h1 class="title">KVM&#x2F;QEMU self hosted hypervisor</h1>
<div class="meta">
Published by <a href="https:&#x2F;&#x2F;github.com&#x2F;house-of-vanity" target="_blank">@ultradesu</a>
on 2020-07-14
</div>
</div>
<section class="body">
<h2 id="requirements">Requirements</h2>
<ul>
<li>Ubuntu Linux server (tested on 18.04 and 20.04)</li>
<li>CPU with virtualisation enabled</li>
</ul>
<hr />
<h2 id="installing">Installing</h2>
<p>Installing VT staff</p>
<pre data-lang="sh" style="background-color:#f9f9f9;color:#111111;" class="language-sh "><code class="language-sh" data-lang="sh"><span style="color:#c82728;">sudo</span><span style="color:#4271ae;"> apt install qemu-kvm libvirt-clients libvirt-daemon-system bridge-utils
</span></code></pre>
<p>I'd like to assign IPs for my VMs in the same network as server.</p>
<p>Here is <code>netplan</code> config:</p>
<pre data-lang="yaml" style="background-color:#f9f9f9;color:#111111;" class="language-yaml "><code class="language-yaml" data-lang="yaml"><span style="color:#8e908c;"># /etc/netplan/00-installer-config.yaml
</span><span style="color:#c82728;">network</span><span>:
</span><span> </span><span style="color:#c82728;">ethernets</span><span>:
</span><span> </span><span style="color:#c82728;">enp2s0f0</span><span>:
</span><span> </span><span style="color:#c82728;">dhcp4</span><span>: </span><span style="color:#f07219;">false
</span><span> </span><span style="color:#c82728;">dhcp6</span><span>: </span><span style="color:#f07219;">false
</span><span> </span><span style="color:#c82728;">bridges</span><span>:
</span><span> </span><span style="color:#c82728;">br0</span><span>:
</span><span> </span><span style="color:#c82728;">interfaces</span><span>: [</span><span style="color:#839c00;">enp2s0f0</span><span>]
</span><span> </span><span style="color:#c82728;">dhcp4</span><span>: </span><span style="color:#f07219;">true
</span><span> </span><span style="color:#c82728;">dhcp6</span><span>: </span><span style="color:#f07219;">true
</span><span> </span><span style="color:#c82728;">version</span><span>: </span><span style="color:#f07219;">2
</span></code></pre>
<p>Generate and apply network config:</p>
<pre data-lang="sh" style="background-color:#f9f9f9;color:#111111;" class="language-sh "><code class="language-sh" data-lang="sh"><span style="color:#c82728;">sudo</span><span style="color:#4271ae;"> netplan generate
</span><span style="color:#c82728;">sudo</span><span style="color:#4271ae;"> netplan</span><span style="color:#f07219;"> --debug</span><span style="color:#4271ae;"> apply
</span><span>
</span><span style="color:#8e908c;"># Check bridge
</span><span style="color:#c82728;">sudo</span><span style="color:#4271ae;"> networkctl
</span><span style="color:#c82728;">IDX</span><span style="color:#4271ae;"> LINK TYPE OPERATIONAL SETUP
</span><span> </span><span style="color:#c82728;">1</span><span style="color:#4271ae;"> lo loopback carrier unmanaged
</span><span> </span><span style="color:#c82728;">2</span><span style="color:#4271ae;"> enp2s0f0 ether enslaved configured
</span><span> </span><span style="color:#c82728;">3</span><span style="color:#4271ae;"> br0 bridge routable configured
</span><span> </span><span style="color:#c82728;">4</span><span style="color:#4271ae;"> virbr0 bridge no-carrier unmanaged
</span><span> </span><span style="color:#c82728;">5</span><span style="color:#4271ae;"> virbr0-nic ether off unmanaged
</span><span>
</span><span style="color:#8e908c;"># Check DHCP lease on new bridge
</span><span style="color:#c82728;">sudo</span><span style="color:#4271ae;"> ip a
</span><span style="color:#c82728;">2:</span><span style="color:#4271ae;"> enp2s0f0: </span><span style="color:#3e999f;">&lt;</span><span style="color:#4271ae;">BROADCAST,MULTICAST,UP,LOWER_UP</span><span style="color:#3e999f;">&gt;</span><span style="color:#4271ae;"> mtu 1500 qdisc mq master br0 state UP group default qlen 1000
</span><span> </span><span style="color:#c82728;">link/ether</span><span style="color:#4271ae;"> xxx brd ff:ff:ff:ff:ff:ff
</span><span style="color:#c82728;">4:</span><span style="color:#4271ae;"> br0: </span><span style="color:#3e999f;">&lt;</span><span style="color:#4271ae;">BROADCAST,MULTICAST,UP,LOWER_UP</span><span style="color:#3e999f;">&gt;</span><span style="color:#4271ae;"> mtu 1500 qdisc noqueue state UP group default qlen 1000
</span><span> </span><span style="color:#c82728;">link/ether</span><span style="color:#4271ae;"> xxx brd ff:ff:ff:ff:ff:ff
</span><span> </span><span style="color:#c82728;">inet</span><span style="color:#4271ae;"> 192.168.88.28/24 brd 192.168.88.255 scope global dynamic br0
</span><span> </span><span style="color:#c82728;">valid_lft</span><span style="color:#4271ae;"> 535sec preferred_lft 535sec
</span></code></pre>
<hr />
<h2 id="managing-vms">Managing VMs</h2>
<p>Grant permissions to use virtmanager to your user on server:</p>
<pre data-lang="sh" style="background-color:#f9f9f9;color:#111111;" class="language-sh "><code class="language-sh" data-lang="sh"><span style="color:#c82728;">sudo</span><span style="color:#4271ae;"> adduser $</span><span style="color:#c82728;">USER</span><span style="color:#4271ae;"> libvirt-qemu
</span><span style="color:#c82728;">sudo</span><span style="color:#4271ae;"> adduser $</span><span style="color:#c82728;">USER</span><span style="color:#4271ae;"> libvirt
</span></code></pre>
<p>Use virt-manager GUI utility on client or virsh CLI tool for managing VMs and data pools.</p>
</section>
<div class="post-tags">
<nav class="nav tags">
<ul class="tags">
<li><a href=//btwiusearch.net/tags/linux/>linux</a></li>
<li><a href=//btwiusearch.net/tags/kvm/>kvm</a></li>
<li><a href=//btwiusearch.net/tags/selfhosting/>selfhosting</a></li>
</ul>
</nav>
</div>
</article>
</main>
<footer>
<div style="display:flex">
<a class="soc" href=https:&#x2F;&#x2F;github.com&#x2F;house-of-vanity title=GitHub>
<i data-feather=github></i>
</a>
<a class="soc" href=tg:@ultradesu title=Telegram>
<i data-feather=send></i>
</a>
<a class="soc" href=https:&#x2F;&#x2F;www.linkedin.com&#x2F;in&#x2F;alexandr-bogomyakov-732a8a73 title=LinkedIn>
<i data-feather=linkedin></i>
</a>
<a class="soc" href=mailto:ab@hexor.cy title=E-Mail>
<i data-feather=at-sign></i>
</a>
</div>
<div class="footer-info">ver. 2.6 |
2025 © ultradesu |Powered by <a href="https://github.com/getzola/zola">Zola</a> and <a
href="https://github.com/XXXMrG/archie-zola">Archie-Zola Theme</a>
<div style="display:flex">Git tag 9d7cb16 </div>
</div>
</footer>
<script>
feather.replace();
</script>
</div>
</body>
</html>

267
posts/run-arm64-vm-on-amd64/index.html Normal file
View File

@@ -0,0 +1,267 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>
Run arm64 VM on amd64
</title>
<meta property="og:title" content="Run arm64 VM on amd64" />
<meta property="og:description" content="Simple way to test arm64 workflow on amd64" />
<meta name="description" content="Simple way to test arm64 workflow on amd64" />
<link rel="icon" type="image/png" href=&#x2F;icon&#x2F;favicon.png />
<!-- Global site tag (gtag.js) - Google Analytics -->
<script async src="https://www.googletagmanager.com/gtag/js?id=G-ZQB83ET6VX"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'G-ZQB83ET6VX');
</script>
<script src=//btwiusearch.net/js/feather.min.js></script>
<link href=//btwiusearch.net/css/fonts.css rel="stylesheet" />
<link rel="stylesheet" type="text/css" media="screen" href=//btwiusearch.net/css/main.css />
<link
rel="stylesheet"
id="darkModeStyle"
type="text/css"
href=//btwiusearch.net/css/dark.css
disabled
/>
</head>
<body>
<div class="content">
<header>
<div class="main" id="main_title">
<a href=&#x2F;&#x2F;btwiusearch.net>btwiusearch.net</a>
</div>
<nav>
<a href=&#x2F;>Home</a>
<a href=&#x2F;posts>All posts</a>
<a href=&#x2F;about>About</a>
<a href=&#x2F;tags>Tags</a>
<a href=&#x2F;arch_repo&#x2F;>Private Arch Linux repo</a>
|
<a href=&#x2F;>en</a>
| <a id="dark-mode-toggle" onclick="toggleTheme()" href=""></a>
<script src=//btwiusearch.net/js/themetoggle.js></script>
</nav>
</header>
<main>
<article>
<div class="title">
<h1 class="title">Run arm64 VM on amd64</h1>
<div class="meta">
Published by <a href="https:&#x2F;&#x2F;github.com&#x2F;house-of-vanity" target="_blank">@ultradesu</a>
on 2024-10-12
</div>
</div>
<section class="body">
<h2 id="install-qemu">Install QEMU</h2>
<pre data-lang="sh" style="background-color:#f9f9f9;color:#111111;" class="language-sh "><code class="language-sh" data-lang="sh"><span style="color:#c82728;">sudo</span><span style="color:#4271ae;"> apt install qemu-system-arm
</span></code></pre>
<h2 id="create-necessary-support-files">Create necessary support files</h2>
<p>Next, create a VM-specific flash volume for storing NVRAM variables, which are necessary when booting EFI firmware:</p>
<pre data-lang="sh" style="background-color:#f9f9f9;color:#111111;" class="language-sh "><code class="language-sh" data-lang="sh"><span style="color:#c82728;">truncate</span><span style="color:#f07219;"> -s</span><span style="color:#4271ae;"> 64m varstore.img
</span><span style="color:#c82728;">truncate</span><span style="color:#f07219;"> -s</span><span style="color:#4271ae;"> 64m efi.img
</span><span style="color:#c82728;">dd</span><span style="color:#4271ae;"> if=/usr/share/qemu-efi-aarch64/QEMU_EFI.fd of=efi.img conv=notrunc
</span></code></pre>
<h2 id="fetch-the-ubuntu-cloud-image">Fetch the Ubuntu cloud image</h2>
<p>You need to fetch the ARM64 variant of the Ubuntu cloud image you would like to use in the virtual machine. You can go to the official <a href="https://cloud-images.ubuntu.com/">Ubuntu cloud image website</a>, select the Ubuntu release, and then download the variant whose filename ends in -arm64.img. For example, if you want to use the latest Jammy cloud image, you should download the file named jammy-server-cloudimg-arm64.img.</p>
<h2 id="run-qemu-natively-on-an-arm64-host">Run QEMU natively on an ARM64 host</h2>
<p>If you have access to an ARM64 host, you should be able to create and launch an ARM64 virtual machine there. Note that the command below assumes that you have already set up a network bridge to be used by the virtual machine.</p>
<pre data-lang="sh" style="background-color:#f9f9f9;color:#111111;" class="language-sh "><code class="language-sh" data-lang="sh"><span style="color:#c82728;">sudo</span><span style="color:#4271ae;"> qemu-system-aarch64 \
</span><span style="color:#f07219;"> -enable-kvm </span><span style="color:#4271ae;">\
</span><span style="color:#f07219;"> -m</span><span style="color:#4271ae;"> 1024 \
</span><span style="color:#f07219;"> -cpu</span><span style="color:#4271ae;"> host \
</span><span style="color:#f07219;"> -M</span><span style="color:#4271ae;"> virt \
</span><span style="color:#f07219;"> -nographic </span><span style="color:#4271ae;">\
</span><span style="color:#f07219;"> -drive</span><span style="color:#4271ae;"> if=pflash,format=raw,file=efi.img,readonly=on \
</span><span style="color:#f07219;"> -drive</span><span style="color:#4271ae;"> if=pflash,format=raw,file=varstore.img \
</span><span style="color:#f07219;"> -drive</span><span style="color:#4271ae;"> if=none,file=jammy-server-cloudimg-arm64.img,id=hd0 \
</span><span style="color:#f07219;"> -device</span><span style="color:#4271ae;"> virtio-blk-device,drive=hd0</span><span style="color:#f07219;"> -netdev</span><span style="color:#4271ae;"> type=tap,id=net0 \
</span><span style="color:#f07219;"> -device</span><span style="color:#4271ae;"> virtio-net-device,netdev=net0
</span></code></pre>
<h2 id="run-an-emulated-arm64-vm-on-x86">Run an emulated ARM64 VM on x86</h2>
<p>You can also emulate an ARM64 virtual machine on an x86 host. To do that:</p>
<pre data-lang="sh" style="background-color:#f9f9f9;color:#111111;" class="language-sh "><code class="language-sh" data-lang="sh"><span style="color:#c82728;">sudo</span><span style="color:#4271ae;"> qemu-system-aarch64 \
</span><span style="color:#f07219;"> -m</span><span style="color:#4271ae;"> 2048 \
</span><span style="color:#f07219;"> -cpu</span><span style="color:#4271ae;"> max \
</span><span style="color:#f07219;"> -M</span><span style="color:#4271ae;"> virt \
</span><span style="color:#f07219;"> -nographic </span><span style="color:#4271ae;">\
</span><span style="color:#f07219;"> -drive</span><span style="color:#4271ae;"> if=pflash,format=raw,file=efi.img,readonly=on \
</span><span style="color:#f07219;"> -drive</span><span style="color:#4271ae;"> if=pflash,format=raw,file=varstore.img \
</span><span style="color:#f07219;"> -drive</span><span style="color:#4271ae;"> if=none,file=jammy-server-cloudimg-arm64.img,id=hd0 \
</span><span style="color:#f07219;"> -device</span><span style="color:#4271ae;"> virtio-blk-device,drive=hd0 \
</span><span style="color:#f07219;"> -netdev</span><span style="color:#4271ae;"> type=tap,id=net0 \
</span><span style="color:#f07219;"> -device</span><span style="color:#4271ae;"> virtio-net-device,netdev=net0
</span></code></pre>
<h2 id="to-set-default-password-for-image">To set default password for image</h2>
<pre data-lang="sh" style="background-color:#f9f9f9;color:#111111;" class="language-sh "><code class="language-sh" data-lang="sh"><span style="color:#c82728;">sudo</span><span style="color:#4271ae;"> apt-get install cloud-image-utils
</span><span>
</span><span style="color:#c82728;">cat </span><span style="color:#3e999f;">&gt;</span><span style="color:#4271ae;">user-data </span><span style="color:#3e999f;">&lt;&lt;</span><span style="color:#8959a8;">EOF
</span><span style="color:#839c00;">#cloud-config
</span><span style="color:#839c00;">password: ubuntu
</span><span style="color:#839c00;">chpasswd: { expire: False }
</span><span style="color:#839c00;">ssh_pwauth: True
</span><span style="color:#8959a8;">EOF
</span><span>
</span><span style="color:#c82728;">cloud-localds</span><span style="color:#4271ae;"> user-data.img user-data
</span><span>
</span><span style="color:#8e908c;"># user-data.img MUST come after the rootfs.
</span><span style="color:#c82728;">sudo</span><span style="color:#4271ae;"> qemu-system-aarch64 \
</span><span style="color:#f07219;"> -m</span><span style="color:#4271ae;"> 2048 \
</span><span style="color:#f07219;"> -cpu</span><span style="color:#4271ae;"> max \
</span><span style="color:#f07219;"> -M</span><span style="color:#4271ae;"> virt \
</span><span style="color:#f07219;"> -nographic </span><span style="color:#4271ae;">\
</span><span style="color:#f07219;"> -drive</span><span style="color:#4271ae;"> if=pflash,format=raw,file=efi.img,readonly=on \
</span><span style="color:#f07219;"> -drive</span><span style="color:#4271ae;"> if=pflash,format=raw,file=varstore.img \
</span><span style="color:#f07219;"> -drive</span><span style="color:#4271ae;"> if=none,file=jammy-server-cloudimg-arm64.img,id=hd0 \
</span><span style="color:#f07219;"> -drive</span><span style="color:#4271ae;"> file=user-data.img,format=raw \
</span><span> </span><span style="color:#c82728;">-device</span><span style="color:#4271ae;"> virtio-blk-device,drive=hd0 \
</span><span style="color:#f07219;"> -netdev</span><span style="color:#4271ae;"> type=tap,id=net0 \
</span><span style="color:#f07219;"> -device</span><span style="color:#4271ae;"> virtio-net-device,netdev=net0
</span><span>
</span><span>
</span></code></pre>
</section>
<div class="post-tags">
<nav class="nav tags">
<ul class="tags">
<li><a href=//btwiusearch.net/tags/linux/>linux</a></li>
<li><a href=//btwiusearch.net/tags/virtualization/>virtualization</a></li>
<li><a href=//btwiusearch.net/tags/arm64/>arm64</a></li>
<li><a href=//btwiusearch.net/tags/qemu/>qemu</a></li>
</ul>
</nav>
</div>
</article>
</main>
<footer>
<div style="display:flex">
<a class="soc" href=https:&#x2F;&#x2F;github.com&#x2F;house-of-vanity title=GitHub>
<i data-feather=github></i>
</a>
<a class="soc" href=tg:@ultradesu title=Telegram>
<i data-feather=send></i>
</a>
<a class="soc" href=https:&#x2F;&#x2F;www.linkedin.com&#x2F;in&#x2F;alexandr-bogomyakov-732a8a73 title=LinkedIn>
<i data-feather=linkedin></i>
</a>
<a class="soc" href=mailto:ab@hexor.cy title=E-Mail>
<i data-feather=at-sign></i>
</a>
</div>
<div class="footer-info">ver. 2.6 |
2025 © ultradesu |Powered by <a href="https://github.com/getzola/zola">Zola</a> and <a
href="https://github.com/XXXMrG/archie-zola">Archie-Zola Theme</a>
<div style="display:flex">Git tag 9d7cb16 </div>
</div>
</footer>
<script>
feather.replace();
</script>
</div>
</body>
</html>

226
posts/stunnel-tls/index.html Normal file
View File

@@ -0,0 +1,226 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>
Expose service via TLS stunnel
</title>
<meta property="og:title" content="Expose service via TLS stunnel" />
<meta property="og:description" content="How to expose any TCP application securely via TLS tunnel" />
<meta name="description" content="How to expose any TCP application securely via TLS tunnel" />
<link rel="icon" type="image/png" href=&#x2F;icon&#x2F;favicon.png />
<!-- Global site tag (gtag.js) - Google Analytics -->
<script async src="https://www.googletagmanager.com/gtag/js?id=G-ZQB83ET6VX"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'G-ZQB83ET6VX');
</script>
<script src=//btwiusearch.net/js/feather.min.js></script>
<link href=//btwiusearch.net/css/fonts.css rel="stylesheet" />
<link rel="stylesheet" type="text/css" media="screen" href=//btwiusearch.net/css/main.css />
<link
rel="stylesheet"
id="darkModeStyle"
type="text/css"
href=//btwiusearch.net/css/dark.css
disabled
/>
</head>
<body>
<div class="content">
<header>
<div class="main" id="main_title">
<a href=&#x2F;&#x2F;btwiusearch.net>btwiusearch.net</a>
</div>
<nav>
<a href=&#x2F;>Home</a>
<a href=&#x2F;posts>All posts</a>
<a href=&#x2F;about>About</a>
<a href=&#x2F;tags>Tags</a>
<a href=&#x2F;arch_repo&#x2F;>Private Arch Linux repo</a>
|
<a href=&#x2F;>en</a>
| <a id="dark-mode-toggle" onclick="toggleTheme()" href=""></a>
<script src=//btwiusearch.net/js/themetoggle.js></script>
</nav>
</header>
<main>
<article>
<div class="title">
<h1 class="title">Expose service via TLS stunnel</h1>
<div class="meta">
Published by <a href="https:&#x2F;&#x2F;github.com&#x2F;house-of-vanity" target="_blank">@ultradesu</a>
on 2023-12-18
</div>
</div>
<section class="body">
<p>First of all, I encountered an issue with the Outline VPN server, which exposes Prometheus metrics on 127.0.0.1 with no option to change it. As a solution, I used stunnel4. Essentially, it works as a TLS proxy, listening on a configured port and forwarding traffic to another.</p>
<p>[Server1 (stunnel server)] &lt;==&gt; [Server2 (stunnel client)]</p>
<h2 id="server-side">Server side</h2>
<p>Install stunnel and create configs:</p>
<pre data-lang="shell" style="background-color:#f9f9f9;color:#111111;" class="language-shell "><code class="language-shell" data-lang="shell"><span>ab@cy:/etc/stunnel$ cat outline_prom.conf
</span><span>debug = 5
</span><span>output = /var/log/stunnel.log
</span><span>
</span><span>[outline_prom]
</span><span>accept = 0.0.0.0:9095
</span><span>connect = 127.0.0.1:9092
</span><span>PSKsecrets = /etc/stunnel/psk.txt
</span></code></pre>
<p><code>psk.txt</code> is a credentials file and looks like:</p>
<pre data-lang="shell" style="background-color:#f9f9f9;color:#111111;" class="language-shell "><code class="language-shell" data-lang="shell"><span># I used `openssl rand -hex 32` to generate secret
</span><span>ab@cy:/etc/stunnel$ cat psk.txt
</span><span>user:secret_string
</span></code></pre>
<h2 id="client-side">Client side</h2>
<p><code>psk.txt</code> the same and config looks like:</p>
<pre data-lang="shell" style="background-color:#f9f9f9;color:#111111;" class="language-shell "><code class="language-shell" data-lang="shell"><span>ab@home:/etc/stunnel$ cat /etc/stunnel/outline_prom.conf
</span><span>[outline_prom_cy]
</span><span>client = yes
</span><span>accept = 0.0.0.0:9095
</span><span>connect = cy.hexor.cy:9095
</span><span>PSKsecrets = /etc/stunnel/psk.txt
</span></code></pre>
<hr />
</section>
<div class="post-tags">
<nav class="nav tags">
<ul class="tags">
<li><a href=//btwiusearch.net/tags/linux/>linux</a></li>
<li><a href=//btwiusearch.net/tags/tools/>tools</a></li>
<li><a href=//btwiusearch.net/tags/selfhosting/>selfhosting</a></li>
</ul>
</nav>
</div>
</article>
</main>
<footer>
<div style="display:flex">
<a class="soc" href=https:&#x2F;&#x2F;github.com&#x2F;house-of-vanity title=GitHub>
<i data-feather=github></i>
</a>
<a class="soc" href=tg:@ultradesu title=Telegram>
<i data-feather=send></i>
</a>
<a class="soc" href=https:&#x2F;&#x2F;www.linkedin.com&#x2F;in&#x2F;alexandr-bogomyakov-732a8a73 title=LinkedIn>
<i data-feather=linkedin></i>
</a>
<a class="soc" href=mailto:ab@hexor.cy title=E-Mail>
<i data-feather=at-sign></i>
</a>
</div>
<div class="footer-info">ver. 2.6 |
2025 © ultradesu |Powered by <a href="https://github.com/getzola/zola">Zola</a> and <a
href="https://github.com/XXXMrG/archie-zola">Archie-Zola Theme</a>
<div style="display:flex">Git tag 9d7cb16 </div>
</div>
</footer>
<script>
feather.replace();
</script>
</div>
</body>
</html>

293
posts/torrent/index.html Normal file
View File

@@ -0,0 +1,293 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>
qBittornt web via VPN
</title>
<meta property="og:title" content="qBittornt web via VPN" />
<meta property="og:description" content="Installing qBittornt web and VPN only download" />
<meta name="description" content="Installing qBittornt web and VPN only download" />
<link rel="icon" type="image/png" href=&#x2F;icon&#x2F;favicon.png />
<!-- Global site tag (gtag.js) - Google Analytics -->
<script async src="https://www.googletagmanager.com/gtag/js?id=G-ZQB83ET6VX"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'G-ZQB83ET6VX');
</script>
<script src=//btwiusearch.net/js/feather.min.js></script>
<link href=//btwiusearch.net/css/fonts.css rel="stylesheet" />
<link rel="stylesheet" type="text/css" media="screen" href=//btwiusearch.net/css/main.css />
<link
rel="stylesheet"
id="darkModeStyle"
type="text/css"
href=//btwiusearch.net/css/dark.css
disabled
/>
</head>
<body>
<div class="content">
<header>
<div class="main" id="main_title">
<a href=&#x2F;&#x2F;btwiusearch.net>btwiusearch.net</a>
</div>
<nav>
<a href=&#x2F;>Home</a>
<a href=&#x2F;posts>All posts</a>
<a href=&#x2F;about>About</a>
<a href=&#x2F;tags>Tags</a>
<a href=&#x2F;arch_repo&#x2F;>Private Arch Linux repo</a>
|
<a href=&#x2F;>en</a>
| <a id="dark-mode-toggle" onclick="toggleTheme()" href=""></a>
<script src=//btwiusearch.net/js/themetoggle.js></script>
</nav>
</header>
<main>
<article>
<div class="title">
<h1 class="title">qBittornt web via VPN</h1>
<div class="meta">
Published by <a href="https:&#x2F;&#x2F;github.com&#x2F;house-of-vanity" target="_blank">@ultradesu</a>
on 2023-08-25
</div>
</div>
<section class="body">
<h2 id="requirements">Requirements</h2>
<ul>
<li>Ubuntu Linux server (tested on 18.04 and 20.04)</li>
<li>NGINX</li>
<li>Wireguard VPN config (easy to change to any other vpn)</li>
</ul>
<hr />
<h2 id="installing">Installing</h2>
<p>Install <code>qbittorrent-nox</code> for headless qBittorent package:</p>
<pre data-lang="sh" style="background-color:#f9f9f9;color:#111111;" class="language-sh "><code class="language-sh" data-lang="sh"><span style="color:#c82728;">sudo</span><span style="color:#4271ae;"> apt install</span><span style="color:#f07219;"> -y</span><span style="color:#4271ae;"> qbittorrent-nox
</span></code></pre>
<h2 id="configuring-vpn-network-namespace">Configuring VPN Network Namespace</h2>
<p>Create <code>/usr/bin/torrent_ns</code> script and make it exucutable. It configures Network Namespace for qBittorent.</p>
<pre data-lang="sh" style="background-color:#f9f9f9;color:#111111;" class="language-sh "><code class="language-sh" data-lang="sh"><span style="color:#c82728;">VPN_CFG_NAME</span><span style="color:#3e999f;">=</span><span style="color:#839c00;">torrent
</span><span style="color:#c82728;">VPN_COMMAND</span><span style="color:#3e999f;">=</span><span style="color:#839c00;">&quot;wg-quick up ${</span><span style="color:#c82728;">VPN_CFG_NAME</span><span style="color:#839c00;">}&quot;
</span><span style="color:#8959a8;">export </span><span style="color:#c82728;">SCRIPT</span><span style="color:#3e999f;">=</span><span style="color:#839c00;">$(</span><span style="color:#c82728;">cat </span><span style="color:#3e999f;">&lt;&lt;-</span><span style="color:#8959a8;">END
</span><span style="color:#839c00;">#!/bin/bash
</span><span style="color:#839c00;">ip netns del torrent
</span><span style="color:#839c00;">sleep 2
</span><span style="color:#839c00;">ip netns add torrent
</span><span style="color:#839c00;">ip link add veth0 type veth peer name veth1
</span><span style="color:#839c00;">ip link set veth1 netns torrent
</span><span style="color:#839c00;">ip address add 10.99.99.1/24 dev veth0
</span><span style="color:#839c00;">ip netns exec torrent ip address add 10.99.99.2/24 dev veth1
</span><span style="color:#839c00;">ip link set dev veth0 up
</span><span style="color:#839c00;">ip netns exec torrent ip link set dev veth1 up
</span><span style="color:#839c00;">ip netns exec torrent ip route add default via 10.99.99.1
</span><span style="color:#839c00;">mkdir -p /etc/netns/torrent
</span><span style="color:#839c00;">echo nameserver 8.8.8.8 &gt; /etc/netns/torrent/resolv.conf
</span><span style="color:#839c00;">sleep 3
</span><span style="color:#839c00;">ip netns exec torrent ${</span><span style="color:#c82728;">VPN_COMMAND</span><span style="color:#839c00;">}
</span><span style="color:#839c00;">sleep 3
</span><span style="color:#839c00;">ip netns exec torrent sudo -u ${</span><span style="color:#c82728;">USER</span><span style="color:#839c00;">} qbittorrent-nox
</span><span style="color:#8959a8;">END
</span><span style="color:#839c00;">)
</span><span>
</span><span style="color:#c82728;">sudo</span><span style="color:#f07219;"> -E</span><span style="color:#4271ae;"> bash</span><span style="color:#f07219;"> -c </span><span style="color:#839c00;">&#39;cat &gt; /usr/bin/torrent_ns &lt;&lt; EOF
</span><span style="color:#839c00;">${SCRIPT}
</span><span style="color:#839c00;">EOF
</span><span style="color:#839c00;">&#39;
</span><span>
</span><span style="color:#c82728;">sudo</span><span style="color:#4271ae;"> chmod +x /usr/bin/torrent_ns
</span></code></pre>
<h2 id="systemd-autostart">Systemd Autostart</h2>
<p>Systemd unit to enable autostart:</p>
<pre data-lang="sh" style="background-color:#f9f9f9;color:#111111;" class="language-sh "><code class="language-sh" data-lang="sh"><span style="color:#8959a8;">export </span><span style="color:#c82728;">SERVICE</span><span style="color:#3e999f;">=</span><span style="color:#839c00;">$(</span><span style="color:#c82728;">cat </span><span style="color:#3e999f;">&lt;&lt;-</span><span style="color:#8959a8;">END
</span><span style="color:#839c00;">[Unit]
</span><span style="color:#839c00;">Description=qBittorrent via vpn
</span><span style="color:#839c00;">After=network.target
</span><span style="color:#839c00;">StartLimitIntervalSec=0
</span><span style="color:#839c00;">
</span><span style="color:#839c00;">[Service]
</span><span style="color:#839c00;">Type=simple
</span><span style="color:#839c00;">Restart=always
</span><span style="color:#839c00;">RestartSec=1
</span><span style="color:#839c00;">User=root
</span><span style="color:#839c00;">ExecStart=/usr/bin/torrent_ns
</span><span style="color:#839c00;">ExecStop=/usr/bin/ip netns del torrent
</span><span style="color:#8959a8;">END
</span><span style="color:#839c00;">)
</span><span>
</span><span style="color:#c82728;">sudo</span><span style="color:#f07219;"> -E</span><span style="color:#4271ae;"> bash</span><span style="color:#f07219;"> -c </span><span style="color:#839c00;">&#39;cat &gt; /etc/systemd/system/qbittorrent.service &lt;&lt; EOF
</span><span style="color:#839c00;">${SERVICE}
</span><span style="color:#839c00;">EOF
</span><span style="color:#839c00;">&#39;
</span><span>
</span><span style="color:#c82728;">sudo</span><span style="color:#4271ae;"> systemctl enable</span><span style="color:#f07219;"> --now</span><span style="color:#4271ae;"> qbittorrent.service
</span></code></pre>
<h2 id="nginx-reverse-proxy">Nginx Reverse Proxy</h2>
<pre data-lang="js" style="background-color:#f9f9f9;color:#111111;" class="language-js "><code class="language-js" data-lang="js"><span># </span><span style="color:#3e999f;">/</span><span style="color:#c82728;">etc</span><span style="color:#3e999f;">/</span><span style="color:#c82728;">nginx</span><span style="color:#3e999f;">/</span><span style="color:#c82728;">sites</span><span style="color:#3e999f;">-</span><span style="color:#c82728;">enabled</span><span style="color:#3e999f;">/</span><span style="color:#c82728;">tr</span><span>.</span><span style="color:#c82728;">hexor</span><span>.</span><span style="color:#c82728;">cy</span><span>.</span><span style="color:#c82728;">conf
</span><span style="color:#c82728;">server </span><span>{
</span><span> </span><span style="color:#c82728;">listen </span><span style="color:#f07219;">443 </span><span style="color:#c82728;">ssl http2</span><span>;
</span><span> </span><span style="color:#c82728;">server_name tr</span><span>.</span><span style="color:#c82728;">hexor</span><span>.</span><span style="color:#c82728;">ru</span><span>;
</span><span> </span><span style="color:#c82728;">include ssl</span><span>.</span><span style="color:#c82728;">conf</span><span>; # </span><span style="color:#c82728;">my own ssl config
</span><span> </span><span style="color:#c82728;">location </span><span style="color:#3e999f;">/ </span><span>{
</span><span> </span><span style="color:#c82728;">proxy_pass </span><span>http:</span><span style="color:#8e908c;">//10.99.99.2:8080;
</span><span> </span><span style="color:#c82728;">proxy_set_header Host $host</span><span>;
</span><span> </span><span style="color:#c82728;">proxy_set_header X</span><span style="color:#3e999f;">-</span><span style="color:#c82728;">Real</span><span style="color:#3e999f;">-</span><span style="color:#c82728;">IP $remote_addr</span><span>;
</span><span> </span><span style="color:#c82728;">proxy_set_header X</span><span style="color:#3e999f;">-</span><span style="color:#c82728;">Forwarded</span><span style="color:#3e999f;">-</span><span style="color:#c82728;">For $proxy_add_x_forwarded_for</span><span>;
</span><span> </span><span style="color:#c82728;">proxy_set_header X</span><span style="color:#3e999f;">-</span><span style="color:#c82728;">Forwarded</span><span style="color:#3e999f;">-</span><span style="color:#c82728;">Proto $scheme</span><span>;
</span><span> </span><span style="color:#c82728;">proxy_hide_header Referer</span><span>;
</span><span> </span><span style="color:#c82728;">proxy_hide_header Origin</span><span>;
</span><span> </span><span style="color:#c82728;">proxy_set_header Referer </span><span style="color:#839c00;">&#39;&#39;</span><span>;
</span><span> </span><span style="color:#c82728;">proxy_set_header Origin </span><span style="color:#839c00;">&#39;&#39;</span><span>;
</span><span> }
</span><span>}
</span><span style="color:#c82728;">server </span><span>{
</span><span> </span><span style="color:#c82728;">listen </span><span style="color:#f07219;">80</span><span>;
</span><span> </span><span style="color:#c82728;">server_name tr</span><span>.</span><span style="color:#c82728;">hexor</span><span>.</span><span style="color:#c82728;">cy</span><span>;
</span><span> </span><span style="color:#c82728;">listen </span><span>[::]:</span><span style="color:#f07219;">80</span><span>;
</span><span> </span><span style="color:#8959a8;">return </span><span style="color:#f07219;">302 </span><span>https:</span><span style="color:#8e908c;">//$host$request_uri;
</span><span>}
</span></code></pre>
</section>
<div class="post-tags">
<nav class="nav tags">
<ul class="tags">
<li><a href=//btwiusearch.net/tags/linux/>linux</a></li>
<li><a href=//btwiusearch.net/tags/torrent/>torrent</a></li>
<li><a href=//btwiusearch.net/tags/network/>network</a></li>
<li><a href=//btwiusearch.net/tags/selfhosting/>selfhosting</a></li>
</ul>
</nav>
</div>
</article>
</main>
<footer>
<div style="display:flex">
<a class="soc" href=https:&#x2F;&#x2F;github.com&#x2F;house-of-vanity title=GitHub>
<i data-feather=github></i>
</a>
<a class="soc" href=tg:@ultradesu title=Telegram>
<i data-feather=send></i>
</a>
<a class="soc" href=https:&#x2F;&#x2F;www.linkedin.com&#x2F;in&#x2F;alexandr-bogomyakov-732a8a73 title=LinkedIn>
<i data-feather=linkedin></i>
</a>
<a class="soc" href=mailto:ab@hexor.cy title=E-Mail>
<i data-feather=at-sign></i>
</a>
</div>
<div class="footer-info">ver. 2.6 |
2025 © ultradesu |Powered by <a href="https://github.com/getzola/zola">Zola</a> and <a
href="https://github.com/XXXMrG/archie-zola">Archie-Zola Theme</a>
<div style="display:flex">Git tag 9d7cb16 </div>
</div>
</footer>
<script>
feather.replace();
</script>
</div>
</body>
</html>

345
posts/wg-over-udp2raw/index.html Normal file
View File

@@ -0,0 +1,345 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>
WireGuard over udp2raw
</title>
<meta property="og:title" content="WireGuard over udp2raw" />
<meta property="og:description" content="Running WireGuard over udp2raw" />
<meta name="description" content="Running WireGuard over udp2raw" />
<link rel="icon" type="image/png" href=&#x2F;icon&#x2F;favicon.png />
<!-- Global site tag (gtag.js) - Google Analytics -->
<script async src="https://www.googletagmanager.com/gtag/js?id=G-ZQB83ET6VX"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'G-ZQB83ET6VX');
</script>
<script src=//btwiusearch.net/js/feather.min.js></script>
<link href=//btwiusearch.net/css/fonts.css rel="stylesheet" />
<link rel="stylesheet" type="text/css" media="screen" href=//btwiusearch.net/css/main.css />
<link
rel="stylesheet"
id="darkModeStyle"
type="text/css"
href=//btwiusearch.net/css/dark.css
disabled
/>
</head>
<body>
<div class="content">
<header>
<div class="main" id="main_title">
<a href=&#x2F;&#x2F;btwiusearch.net>btwiusearch.net</a>
</div>
<nav>
<a href=&#x2F;>Home</a>
<a href=&#x2F;posts>All posts</a>
<a href=&#x2F;about>About</a>
<a href=&#x2F;tags>Tags</a>
<a href=&#x2F;arch_repo&#x2F;>Private Arch Linux repo</a>
|
<a href=&#x2F;>en</a>
| <a id="dark-mode-toggle" onclick="toggleTheme()" href=""></a>
<script src=//btwiusearch.net/js/themetoggle.js></script>
</nav>
</header>
<main>
<article>
<div class="title">
<h1 class="title">WireGuard over udp2raw</h1>
<div class="meta">
Published by <a href="https:&#x2F;&#x2F;github.com&#x2F;house-of-vanity" target="_blank">@ultradesu</a>
on 2024-10-25
</div>
</div>
<section class="body">
<h1 id="running-wireguard-over-udp2raw">Running WireGuard over udp2raw</h1>
<h2 id="introduction">Introduction</h2>
<p>In certain network environments, establishing a direct WireGuard connection may be challenging due to firewalls, NAT restrictions, or ISPs blocking UDP traffic. <strong>udp2raw</strong> provides a solution by encapsulating WireGuard's UDP traffic into encrypted packets that mimic TCP or ICMP protocols. This method helps bypass UDP blocking and can make your VPN connection appear as regular TCP or ICMP traffic. Method described is almost the same as <a href="/posts/stunnel-tls/">TLS tunnel using stunnel</a> but faster in my tests and works with UDP as well as with TCP.</p>
<h2 id="prerequisites">Prerequisites</h2>
<ul>
<li><strong>Server</strong>: A remote server with root access where WireGuard is installed and configured.</li>
<li><strong>Client</strong>: A local machine with root access where WireGuard is installed and configured.</li>
<li><strong>udp2raw</strong>: Downloaded on both the server and client from the <a href="https://github.com/wangyu-/udp2raw/releases">udp2raw releases page</a>.</li>
<li><strong>A shared secret key</strong>: A plain text string used by udp2raw for authentication (e.g., <code>SecReT-StrinG</code>).</li>
</ul>
<h2 id="how-it-works">How It Works</h2>
<pre style="background-color:#f9f9f9;color:#111111;"><code><span>[WireGuard Client]
</span><span> |
</span><span> | UDP traffic to 127.0.0.1:6666
</span><span> v
</span><span>+---------------------+
</span><span>| udp2raw Client |
</span><span>| Listening on: |
</span><span>| 127.0.0.1:6666 |
</span><span>| Connecting to: |
</span><span>| SERVER_IP:7777 |
</span><span>+---------------------+
</span><span> |
</span><span> | Encrypted UDP/TCP/ICMP packets to SERVER_IP:7777
</span><span> v
</span><span>~~~~~~~~~~~~~ Internet ~~~~~~~~~~~~~
</span><span> |
</span><span> v
</span><span>+---------------------+
</span><span>| udp2raw Server |
</span><span>| Listening on: |
</span><span>| 0.0.0.0:7777 |
</span><span>| Forwarding to: |
</span><span>| 127.0.0.1:51820 |
</span><span>+---------------------+
</span><span> |
</span><span> | UDP traffic to 127.0.0.1:51820
</span><span> v
</span><span>[WireGuard Server]
</span></code></pre>
<h3 id="data-flow">Data Flow</h3>
<ol>
<li><strong>WireGuard Client</strong> sends UDP packets to <code>127.0.0.1:6666</code>, which is the local udp2raw Client.</li>
<li><strong>udp2raw Client</strong> encapsulates these UDP packets into encrypted UDP/TCP/ICMP packets and sends them over the internet to <code>SERVER_IP:7777</code> (the udp2raw Server).</li>
<li><strong>udp2raw Server</strong> listens on <code>0.0.0.0:7777</code>, decrypts the incoming packets, and forwards them as UDP packets to <code>127.0.0.1:51820</code> (the WireGuard Server).</li>
<li><strong>WireGuard Server</strong> processes the packets and sends responses back through the same path in reverse.</li>
</ol>
<h2 id="steps">Steps</h2>
<h3 id="1-download-and-install-udp2raw">1. Download and Install udp2raw</h3>
<p>On both the <strong>server</strong> and <strong>client</strong>:</p>
<ol>
<li>
<p>Navigate to the <a href="https://github.com/wangyu-/udp2raw/releases">udp2raw releases page</a>.</p>
</li>
<li>
<p>Download the appropriate binary for your system (e.g., <code>udp2raw_amd64</code> for 64-bit Linux).</p>
</li>
<li>
<p>Make the binary executable and move it to a directory in your <code>$PATH</code>:</p>
<pre data-lang="bash" style="background-color:#f9f9f9;color:#111111;" class="language-bash "><code class="language-bash" data-lang="bash"><span style="color:#c82728;">chmod</span><span style="color:#4271ae;"> +x udp2raw_amd64
</span><span style="color:#c82728;">sudo</span><span style="color:#4271ae;"> mv udp2raw_amd64 /usr/local/bin/
</span></code></pre>
</li>
</ol>
<h3 id="2-configure-udp2raw-on-the-server">2. Configure udp2raw on the Server</h3>
<p>Create a systemd service to run udp2raw as a daemon.</p>
<h4 id="command-explanation">Command Explanation</h4>
<ul>
<li><code>-s</code>: Run in server mode.</li>
<li><code>-l 0.0.0.0:7777</code>: Listen on all interfaces on port <code>7777</code>.</li>
<li><code>-r 127.0.0.1:51820</code>: Forward packets to <code>127.0.0.1</code> on port <code>51820</code> (WireGuard listens here).</li>
<li><code>-k &lt;PLAIN_TEXT_SECRET&gt;</code>: Use the provided key for authentication.</li>
<li><code>--raw-mode udp</code>: Use UDP mode for raw sockets.</li>
<li><code>-a</code>: Auto-adjust TCP options.</li>
</ul>
<h4 id="create-systemd-service">Create Systemd Service</h4>
<p>Create a file <code>/etc/systemd/system/udp2raw.service</code> with the following content:</p>
<pre data-lang="ini" style="background-color:#f9f9f9;color:#111111;" class="language-ini "><code class="language-ini" data-lang="ini"><span style="color:#8959a8;">[Unit]
</span><span style="color:#f07219;">Description</span><span style="color:#3e999f;">=</span><span>udp2raw Server
</span><span style="color:#f07219;">After</span><span style="color:#3e999f;">=</span><span>network</span><span style="color:#3e999f;">.</span><span>target
</span><span>
</span><span style="color:#8959a8;">[Service]
</span><span style="color:#f07219;">ExecStart</span><span style="color:#3e999f;">=/</span><span>usr</span><span style="color:#3e999f;">/</span><span>local</span><span style="color:#3e999f;">/</span><span>bin</span><span style="color:#3e999f;">/</span><span>udp2raw_amd64 </span><span style="color:#3e999f;">-</span><span>s </span><span style="color:#3e999f;">-</span><span>l 0.0.0.0:7777 </span><span style="color:#3e999f;">-</span><span>r 127.0.0.1:51820 </span><span style="color:#3e999f;">-</span><span>k SecReT</span><span style="color:#3e999f;">-</span><span>StrinG </span><span style="color:#3e999f;">--</span><span>raw</span><span style="color:#3e999f;">-</span><span>mode udp </span><span style="color:#3e999f;">-</span><span>a
</span><span style="color:#f07219;">Restart</span><span style="color:#3e999f;">=</span><span>always
</span><span style="color:#f07219;">User</span><span style="color:#3e999f;">=</span><span>root
</span><span style="color:#f07219;">RestartSec</span><span style="color:#3e999f;">=</span><span style="color:#f07219;">3
</span><span>
</span><span style="color:#8959a8;">[Install]
</span><span style="color:#f07219;">WantedBy</span><span style="color:#3e999f;">=</span><span>multi</span><span style="color:#3e999f;">-</span><span>user</span><span style="color:#3e999f;">.</span><span>target
</span></code></pre>
<h4 id="start-the-service">Start the Service</h4>
<pre data-lang="bash" style="background-color:#f9f9f9;color:#111111;" class="language-bash "><code class="language-bash" data-lang="bash"><span style="color:#c82728;">sudo</span><span style="color:#4271ae;"> systemctl enable</span><span style="color:#f07219;"> --now</span><span style="color:#4271ae;"> udp2raw
</span></code></pre>
<h3 id="3-configure-udp2raw-on-the-client">3. Configure udp2raw on the Client</h3>
<h4 id="command-explanation-1">Command Explanation</h4>
<ul>
<li><code>-c</code>: Run in client mode.</li>
<li><code>-l 127.0.0.1:6666</code>: Listen on local address <code>127.0.0.1</code> on port <code>6666</code> (WireGuard will connect here).</li>
<li><code>-r SERVER_IP:7777</code>: Connect to the udp2raw server at <code>SERVER_IP</code> on port <code>7777</code>.</li>
<li><code>-k &lt;PLAIN_TEXT_SECRET&gt;</code>: Use the same key as the server for authentication.</li>
<li><code>--raw-mode udp</code>: Use UDP mode for raw sockets.</li>
<li><code>-a</code>: Auto-adjust TCP options.</li>
</ul>
<h4 id="create-systemd-service-1">Create Systemd Service</h4>
<p>Replace <code>SERVER_IP</code> with your server's IP address.</p>
<p>Create a file <code>/etc/systemd/system/udp2raw.service</code> with the following content:</p>
<pre data-lang="ini" style="background-color:#f9f9f9;color:#111111;" class="language-ini "><code class="language-ini" data-lang="ini"><span style="color:#8959a8;">[Unit]
</span><span style="color:#f07219;">Description</span><span style="color:#3e999f;">=</span><span>udp2raw Client
</span><span style="color:#f07219;">After</span><span style="color:#3e999f;">=</span><span>network</span><span style="color:#3e999f;">.</span><span>target
</span><span>
</span><span style="color:#8959a8;">[Service]
</span><span style="color:#f07219;">ExecStart</span><span style="color:#3e999f;">=/</span><span>usr</span><span style="color:#3e999f;">/</span><span>local</span><span style="color:#3e999f;">/</span><span>bin</span><span style="color:#3e999f;">/</span><span>udp2raw_amd64 </span><span style="color:#3e999f;">-</span><span>c </span><span style="color:#3e999f;">-</span><span>l 127.0.0.1:6666 </span><span style="color:#3e999f;">-</span><span>r </span><span style="color:#f07219;">SERVER_IP</span><span style="color:#3e999f;">:</span><span style="color:#f07219;">7777 </span><span style="color:#3e999f;">-</span><span>k SecReT</span><span style="color:#3e999f;">-</span><span>StrinG </span><span style="color:#3e999f;">--</span><span>raw</span><span style="color:#3e999f;">-</span><span>mode udp </span><span style="color:#3e999f;">-</span><span>a
</span><span style="color:#f07219;">Restart</span><span style="color:#3e999f;">=</span><span>always
</span><span style="color:#f07219;">User</span><span style="color:#3e999f;">=</span><span>root
</span><span style="color:#f07219;">RestartSec</span><span style="color:#3e999f;">=</span><span style="color:#f07219;">3
</span><span>
</span><span style="color:#8959a8;">[Install]
</span><span style="color:#f07219;">WantedBy</span><span style="color:#3e999f;">=</span><span>multi</span><span style="color:#3e999f;">-</span><span>user</span><span style="color:#3e999f;">.</span><span>target
</span></code></pre>
<h4 id="start-the-service-1">Start the Service</h4>
<pre data-lang="bash" style="background-color:#f9f9f9;color:#111111;" class="language-bash "><code class="language-bash" data-lang="bash"><span style="color:#c82728;">sudo</span><span style="color:#4271ae;"> systemctl enable</span><span style="color:#f07219;"> --now</span><span style="color:#4271ae;"> udp2raw
</span></code></pre>
<h3 id="4-configure-wireguard-to-use-udp2raw">4. Configure WireGuard to Use udp2raw</h3>
<p>On the <strong>client</strong>, modify your WireGuard configuration to connect to the local udp2raw port.</p>
<h4 id="example-wireguard-client-configuration">Example WireGuard Client Configuration</h4>
<pre data-lang="ini" style="background-color:#f9f9f9;color:#111111;" class="language-ini "><code class="language-ini" data-lang="ini"><span style="color:#8959a8;">[Interface]
</span><span style="color:#f07219;">PrivateKey </span><span style="color:#3e999f;">= &lt;</span><span>Client_Private_Key</span><span style="color:#3e999f;">&gt;
</span><span style="color:#f07219;">Address </span><span style="color:#3e999f;">= </span><span>10.0.0.2/32
</span><span style="color:#f07219;">DNS </span><span style="color:#3e999f;">= </span><span>8.8.8.8
</span><span>
</span><span style="color:#8959a8;">[Peer]
</span><span style="color:#f07219;">PublicKey </span><span style="color:#3e999f;">= &lt;</span><span>Server_Public_Key</span><span style="color:#3e999f;">&gt;
</span><span style="color:#f07219;">Endpoint </span><span style="color:#3e999f;">= </span><span>127.0.0.1:6666
</span><span style="color:#f07219;">AllowedIPs </span><span style="color:#3e999f;">= </span><span>0.0.0.0/0
</span><span style="color:#f07219;">PersistentKeepalive </span><span style="color:#3e999f;">= </span><span style="color:#f07219;">25
</span></code></pre>
<ul>
<li><strong>Endpoint</strong>: Set to <code>127.0.0.1:6666</code>, the local udp2raw client's listening address.</li>
<li><strong>AllowedIPs</strong>: Set to <code>0.0.0.0/0</code> to route all traffic through the VPN, or specify desired subnets.</li>
</ul>
<h2 id="conclusion">Conclusion</h2>
<p>By wrapping WireGuard traffic with udp2raw, you can bypass network restrictions that prevent standard UDP traffic. This setup encapsulates your VPN traffic in a way that appears as regular TCP, UDP or ICMP packets, enhancing connectivity in restrictive environments.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="https://github.com/wangyu-/udp2raw">udp2raw GitHub Repository</a></li>
<li><a href="https://www.wireguard.com/">WireGuard Official Website</a></li>
</ul>
</section>
<div class="post-tags">
<nav class="nav tags">
<ul class="tags">
<li><a href=//btwiusearch.net/tags/linux/>linux</a></li>
<li><a href=//btwiusearch.net/tags/vpn/>vpn</a></li>
<li><a href=//btwiusearch.net/tags/wireguard/>wireguard</a></li>
</ul>
</nav>
</div>
</article>
</main>
<footer>
<div style="display:flex">
<a class="soc" href=https:&#x2F;&#x2F;github.com&#x2F;house-of-vanity title=GitHub>
<i data-feather=github></i>
</a>
<a class="soc" href=tg:@ultradesu title=Telegram>
<i data-feather=send></i>
</a>
<a class="soc" href=https:&#x2F;&#x2F;www.linkedin.com&#x2F;in&#x2F;alexandr-bogomyakov-732a8a73 title=LinkedIn>
<i data-feather=linkedin></i>
</a>
<a class="soc" href=mailto:ab@hexor.cy title=E-Mail>
<i data-feather=at-sign></i>
</a>
</div>
<div class="footer-info">ver. 2.6 |
2025 © ultradesu |Powered by <a href="https://github.com/getzola/zola">Zola</a> and <a
href="https://github.com/XXXMrG/archie-zola">Archie-Zola Theme</a>
<div style="display:flex">Git tag 9d7cb16 </div>
</div>
</footer>
<script>
feather.replace();
</script>
</div>
</body>
</html>

386
posts/wg-xray/index.html Normal file
View File

@@ -0,0 +1,386 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>
WireGuard over Xray VLESS Protocol
</title>
<meta property="og:title" content="WireGuard over Xray VLESS Protocol" />
<meta property="og:description" content="How to Maintain the WireGuard Network in Censored Countries" />
<meta name="description" content="How to Maintain the WireGuard Network in Censored Countries" />
<link rel="icon" type="image/png" href=&#x2F;icon&#x2F;favicon.png />
<!-- Global site tag (gtag.js) - Google Analytics -->
<script async src="https://www.googletagmanager.com/gtag/js?id=G-ZQB83ET6VX"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'G-ZQB83ET6VX');
</script>
<script src=//btwiusearch.net/js/feather.min.js></script>
<link href=//btwiusearch.net/css/fonts.css rel="stylesheet" />
<link rel="stylesheet" type="text/css" media="screen" href=//btwiusearch.net/css/main.css />
<link
rel="stylesheet"
id="darkModeStyle"
type="text/css"
href=//btwiusearch.net/css/dark.css
disabled
/>
</head>
<body>
<div class="content">
<header>
<div class="main" id="main_title">
<a href=&#x2F;&#x2F;btwiusearch.net>btwiusearch.net</a>
</div>
<nav>
<a href=&#x2F;>Home</a>
<a href=&#x2F;posts>All posts</a>
<a href=&#x2F;about>About</a>
<a href=&#x2F;tags>Tags</a>
<a href=&#x2F;arch_repo&#x2F;>Private Arch Linux repo</a>
|
<a href=&#x2F;>en</a>
| <a id="dark-mode-toggle" onclick="toggleTheme()" href=""></a>
<script src=//btwiusearch.net/js/themetoggle.js></script>
</nav>
</header>
<main>
<article>
<div class="title">
<h1 class="title">WireGuard over Xray VLESS Protocol</h1>
<div class="meta">
Published by <a href="https:&#x2F;&#x2F;github.com&#x2F;house-of-vanity" target="_blank">@ultradesu</a>
on 2024-10-04
</div>
</div>
<section class="body">
<h1 id="setting-up-xray-with-wireguard-over-reality-protocol">Setting Up Xray with WireGuard over Reality Protocol</h1>
<p>In this guide, we'll walk through the steps to set up Xray-core to proxy WireGuard traffic using the Reality protocol over TCP. This configuration can help bypass network restrictions and enhance privacy.</p>
<h2 id="installing-xray-core">Installing Xray-core</h2>
<p>Install the latest beta version of Xray-core with root privileges:</p>
<pre data-lang="shell" style="background-color:#f9f9f9;color:#111111;" class="language-shell "><code class="language-shell" data-lang="shell"><span>sudo bash -c &quot;$(curl -L https://github.com/XTLS/Xray-install/raw/main/install-release.sh)&quot; @ install --beta -u root
</span></code></pre>
<h2 id="generating-configurations">Generating Configurations</h2>
<p>First, generate the necessary keys and IDs:</p>
<pre data-lang="sh" style="background-color:#f9f9f9;color:#111111;" class="language-sh "><code class="language-sh" data-lang="sh"><span style="color:#8e908c;"># Generate X25519 keys using Xray&#39;s built-in command
</span><span style="color:#c82728;">_x25519</span><span style="color:#3e999f;">=</span><span style="color:#839c00;">$(</span><span style="color:#c82728;">xray</span><span style="color:#4271ae;"> x25519</span><span style="color:#839c00;">)
</span><span style="color:#c82728;">PRIVATE_KEY</span><span style="color:#3e999f;">=</span><span style="color:#839c00;">$(</span><span style="color:#4271ae;">echo </span><span style="color:#839c00;">&quot;$</span><span style="color:#c82728;">_x25519</span><span style="color:#839c00;">&quot; </span><span style="color:#3e999f;">| </span><span style="color:#c82728;">awk</span><span style="color:#f07219;"> -F</span><span style="color:#839c00;">&#39;: &#39; &#39;/Private key/{print $2}&#39;)
</span><span style="color:#c82728;">PUBLIC_KEY</span><span style="color:#3e999f;">=</span><span style="color:#839c00;">$(</span><span style="color:#4271ae;">echo </span><span style="color:#839c00;">&quot;$</span><span style="color:#c82728;">_x25519</span><span style="color:#839c00;">&quot; </span><span style="color:#3e999f;">| </span><span style="color:#c82728;">awk</span><span style="color:#f07219;"> -F</span><span style="color:#839c00;">&#39;: &#39; &#39;/Public key/{print $2}&#39;)
</span><span>
</span><span style="color:#8e908c;"># Generate a unique UUID for the client
</span><span style="color:#c82728;">CLIENT_UUID</span><span style="color:#3e999f;">=</span><span style="color:#839c00;">$(</span><span style="color:#c82728;">uuidgen</span><span style="color:#839c00;">)
</span><span>
</span><span style="color:#8e908c;"># Generate a random short ID
</span><span style="color:#c82728;">SHORT_IDS</span><span style="color:#3e999f;">=</span><span style="color:#839c00;">$(</span><span style="color:#c82728;">openssl</span><span style="color:#4271ae;"> rand</span><span style="color:#f07219;"> -hex</span><span style="color:#4271ae;"> 8</span><span style="color:#839c00;">)
</span><span>
</span><span style="color:#8e908c;"># Define server address and port
</span><span style="color:#c82728;">SERVER_ADDRESS</span><span style="color:#3e999f;">=</span><span style="color:#839c00;">&quot;k8s.hexor.cy&quot;
</span><span style="color:#c82728;">PORT</span><span style="color:#3e999f;">=</span><span style="color:#839c00;">8443
</span></code></pre>
<h3 id="server-configuration">Server Configuration</h3>
<p>Create the server configuration file <code>server.json</code>:</p>
<pre data-lang="sh" style="background-color:#f9f9f9;color:#111111;" class="language-sh "><code class="language-sh" data-lang="sh"><span style="color:#8e908c;"># /usr/local/etc/xray/config.json
</span><span style="color:#c82728;">cat </span><span style="color:#3e999f;">&gt;</span><span style="color:#4271ae;"> server.json </span><span style="color:#3e999f;">&lt;&lt;</span><span style="color:#8959a8;">EOF
</span><span style="color:#839c00;">{
</span><span style="color:#839c00;"> &quot;log&quot;: {
</span><span style="color:#839c00;"> &quot;loglevel&quot;: &quot;warning&quot;
</span><span style="color:#839c00;"> },
</span><span style="color:#839c00;"> &quot;inbounds&quot;: [
</span><span style="color:#839c00;"> {
</span><span style="color:#839c00;"> &quot;listen&quot;: &quot;0.0.0.0&quot;,
</span><span style="color:#839c00;"> &quot;port&quot;: ${</span><span style="color:#c82728;">PORT</span><span style="color:#839c00;">},
</span><span style="color:#839c00;"> &quot;protocol&quot;: &quot;vless&quot;,
</span><span style="color:#839c00;"> &quot;settings&quot;: {
</span><span style="color:#839c00;"> &quot;clients&quot;: [
</span><span style="color:#839c00;"> {
</span><span style="color:#839c00;"> &quot;id&quot;: &quot;${</span><span style="color:#c82728;">CLIENT_UUID</span><span style="color:#839c00;">}&quot;,
</span><span style="color:#839c00;"> &quot;flow&quot;: &quot;&quot;
</span><span style="color:#839c00;"> }
</span><span style="color:#839c00;"> ],
</span><span style="color:#839c00;"> &quot;decryption&quot;: &quot;none&quot;
</span><span style="color:#839c00;"> },
</span><span style="color:#839c00;"> &quot;streamSettings&quot;: {
</span><span style="color:#839c00;"> &quot;network&quot;: &quot;tcp&quot;,
</span><span style="color:#839c00;"> &quot;security&quot;: &quot;reality&quot;,
</span><span style="color:#839c00;"> &quot;realitySettings&quot;: {
</span><span style="color:#839c00;"> &quot;show&quot;: false,
</span><span style="color:#839c00;"> &quot;dest&quot;: &quot;www.google.com:443&quot;,
</span><span style="color:#839c00;"> &quot;xver&quot;: 0,
</span><span style="color:#839c00;"> &quot;serverNames&quot;: [
</span><span style="color:#839c00;"> &quot;www.google.com&quot;
</span><span style="color:#839c00;"> ],
</span><span style="color:#839c00;"> &quot;privateKey&quot;: &quot;${</span><span style="color:#c82728;">PRIVATE_KEY</span><span style="color:#839c00;">}&quot;,
</span><span style="color:#839c00;"> &quot;shortIds&quot;: [
</span><span style="color:#839c00;"> &quot;${</span><span style="color:#c82728;">SHORT_IDS</span><span style="color:#839c00;">}&quot;
</span><span style="color:#839c00;"> ]
</span><span style="color:#839c00;"> }
</span><span style="color:#839c00;"> }
</span><span style="color:#839c00;"> }
</span><span style="color:#839c00;"> ],
</span><span style="color:#839c00;"> &quot;outbounds&quot;: [
</span><span style="color:#839c00;"> {
</span><span style="color:#839c00;"> &quot;protocol&quot;: &quot;freedom&quot;,
</span><span style="color:#839c00;"> &quot;tag&quot;: &quot;direct&quot;
</span><span style="color:#839c00;"> }
</span><span style="color:#839c00;"> ]
</span><span style="color:#839c00;">}
</span><span style="color:#8959a8;">EOF
</span></code></pre>
<p>This configuration sets up an inbound VLESS listener over TCP with Reality security, using the generated private key and short IDs.</p>
<h3 id="client-configuration">Client Configuration</h3>
<p>Create the client configuration file <code>client.json</code>:</p>
<pre data-lang="sh" style="background-color:#f9f9f9;color:#111111;" class="language-sh "><code class="language-sh" data-lang="sh"><span style="color:#8e908c;"># /usr/local/etc/xray/config.json
</span><span style="color:#c82728;">cat </span><span style="color:#3e999f;">&gt;</span><span style="color:#4271ae;"> client.json </span><span style="color:#3e999f;">&lt;&lt;</span><span style="color:#8959a8;">EOF
</span><span style="color:#839c00;">{
</span><span style="color:#839c00;"> &quot;log&quot;: {
</span><span style="color:#839c00;"> &quot;loglevel&quot;: &quot;warning&quot;
</span><span style="color:#839c00;"> },
</span><span style="color:#839c00;"> &quot;inbounds&quot;: [
</span><span style="color:#839c00;"> {
</span><span style="color:#839c00;"> &quot;tag&quot;: &quot;wireguard&quot;,
</span><span style="color:#839c00;"> &quot;port&quot;: 6666,
</span><span style="color:#839c00;"> &quot;protocol&quot;: &quot;dokodemo-door&quot;,
</span><span style="color:#839c00;"> &quot;settings&quot;: {
</span><span style="color:#839c00;"> &quot;address&quot;: &quot;127.0.0.1&quot;,
</span><span style="color:#839c00;"> &quot;port&quot;: 6666,
</span><span style="color:#839c00;"> &quot;network&quot;: &quot;udp&quot;
</span><span style="color:#839c00;"> }
</span><span style="color:#839c00;"> }
</span><span style="color:#839c00;"> ],
</span><span style="color:#839c00;"> &quot;outbounds&quot;: [
</span><span style="color:#839c00;"> {
</span><span style="color:#839c00;"> &quot;protocol&quot;: &quot;vless&quot;,
</span><span style="color:#839c00;"> &quot;settings&quot;: {
</span><span style="color:#839c00;"> &quot;vnext&quot;: [
</span><span style="color:#839c00;"> {
</span><span style="color:#839c00;"> &quot;address&quot;: &quot;${</span><span style="color:#c82728;">SERVER_ADDRESS</span><span style="color:#839c00;">}&quot;,
</span><span style="color:#839c00;"> &quot;port&quot;: ${</span><span style="color:#c82728;">PORT</span><span style="color:#839c00;">},
</span><span style="color:#839c00;"> &quot;users&quot;: [
</span><span style="color:#839c00;"> {
</span><span style="color:#839c00;"> &quot;id&quot;: &quot;${</span><span style="color:#c82728;">CLIENT_UUID</span><span style="color:#839c00;">}&quot;,
</span><span style="color:#839c00;"> &quot;encryption&quot;: &quot;none&quot;,
</span><span style="color:#839c00;"> &quot;flow&quot;: &quot;&quot;
</span><span style="color:#839c00;"> }
</span><span style="color:#839c00;"> ]
</span><span style="color:#839c00;"> }
</span><span style="color:#839c00;"> ]
</span><span style="color:#839c00;"> },
</span><span style="color:#839c00;"> &quot;streamSettings&quot;: {
</span><span style="color:#839c00;"> &quot;network&quot;: &quot;tcp&quot;,
</span><span style="color:#839c00;"> &quot;security&quot;: &quot;reality&quot;,
</span><span style="color:#839c00;"> &quot;realitySettings&quot;: {
</span><span style="color:#839c00;"> &quot;show&quot;: false,
</span><span style="color:#839c00;"> &quot;fingerprint&quot;: &quot;chrome&quot;,
</span><span style="color:#839c00;"> &quot;serverName&quot;: &quot;www.google.com&quot;,
</span><span style="color:#839c00;"> &quot;publicKey&quot;: &quot;${</span><span style="color:#c82728;">PUBLIC_KEY</span><span style="color:#839c00;">}&quot;,
</span><span style="color:#839c00;"> &quot;shortId&quot;: &quot;${</span><span style="color:#c82728;">SHORT_IDS</span><span style="color:#839c00;">}&quot;,
</span><span style="color:#839c00;"> &quot;spiderX&quot;: &quot;&quot;
</span><span style="color:#839c00;"> }
</span><span style="color:#839c00;"> },
</span><span style="color:#839c00;"> &quot;tag&quot;: &quot;proxy&quot;
</span><span style="color:#839c00;"> }
</span><span style="color:#839c00;"> ]
</span><span style="color:#839c00;">}
</span><span style="color:#8959a8;">EOF
</span></code></pre>
<p>This client configuration captures local UDP traffic (from WireGuard) and forwards it to the Xray server using the VLESS protocol with Reality security.</p>
<h2 id="example-wireguard-setup">Example WireGuard Setup</h2>
<h3 id="server-configuration-1">Server Configuration</h3>
<p>Set up WireGuard on the server:</p>
<pre data-lang="ini" style="background-color:#f9f9f9;color:#111111;" class="language-ini "><code class="language-ini" data-lang="ini"><span style="color:#8e908c;"># Server configuration: /etc/wireguard/homenet.conf
</span><span style="color:#8959a8;">[Interface]
</span><span style="color:#f07219;">Address </span><span style="color:#3e999f;">= </span><span>10.0.0.1/24
</span><span style="color:#f07219;">ListenPort </span><span style="color:#3e999f;">= </span><span style="color:#f07219;">6666
</span><span style="color:#f07219;">PrivateKey </span><span style="color:#3e999f;">= &lt;</span><span>server_private_key</span><span style="color:#3e999f;">&gt;
</span><span style="color:#f07219;">PostUp </span><span style="color:#3e999f;">=</span><span> iptables </span><span style="color:#3e999f;">-</span><span style="color:#f07219;">A FORWARD </span><span style="color:#3e999f;">-</span><span>i </span><span style="color:#8959a8;">%i </span><span style="color:#3e999f;">-</span><span>o </span><span style="color:#8959a8;">%i </span><span style="color:#3e999f;">-</span><span>j </span><span style="color:#f07219;">ACCEPT
</span><span style="color:#f07219;">PostDown </span><span style="color:#3e999f;">=</span><span> iptables </span><span style="color:#3e999f;">-</span><span style="color:#f07219;">D FORWARD </span><span style="color:#3e999f;">-</span><span>i </span><span style="color:#8959a8;">%i </span><span style="color:#3e999f;">-</span><span>o </span><span style="color:#8959a8;">%i </span><span style="color:#3e999f;">-</span><span>j </span><span style="color:#f07219;">ACCEPT
</span><span style="color:#f07219;">SaveConfig </span><span style="color:#3e999f;">= </span><span style="color:#f07219;">false
</span><span style="color:#f07219;">MTU </span><span style="color:#3e999f;">= </span><span style="color:#f07219;">1300
</span><span>
</span><span style="color:#8959a8;">[Peer]
</span><span style="color:#f07219;">PublicKey </span><span style="color:#3e999f;">= &lt;</span><span>peer_public_key</span><span style="color:#3e999f;">&gt;
</span><span style="color:#f07219;">AllowedIPs </span><span style="color:#3e999f;">= </span><span>10.0.0.2/32
</span><span style="color:#f07219;">Endpoint </span><span style="color:#3e999f;">= </span><span>127.0.0.1:6666 </span><span style="color:#8e908c;"># Local UDP port proxied by Xray
</span><span style="color:#f07219;">PersistentKeepalive </span><span style="color:#3e999f;">= </span><span style="color:#f07219;">10
</span></code></pre>
<h3 id="client-configuration-1">Client Configuration</h3>
<p>Set up WireGuard on the client:</p>
<pre data-lang="ini" style="background-color:#f9f9f9;color:#111111;" class="language-ini "><code class="language-ini" data-lang="ini"><span style="color:#8e908c;"># Client configuration: /etc/wireguard/wg0.conf
</span><span style="color:#8959a8;">[Interface]
</span><span style="color:#f07219;">Address </span><span style="color:#3e999f;">= </span><span>10.0.0.2/24
</span><span style="color:#f07219;">PrivateKey </span><span style="color:#3e999f;">= &lt;</span><span>client_private_key</span><span style="color:#3e999f;">&gt;
</span><span style="color:#f07219;">MTU </span><span style="color:#3e999f;">= </span><span style="color:#f07219;">1300
</span><span>
</span><span style="color:#8959a8;">[Peer]
</span><span style="color:#f07219;">PublicKey </span><span style="color:#3e999f;">= &lt;</span><span>server_public_key</span><span style="color:#3e999f;">&gt;
</span><span style="color:#f07219;">AllowedIPs </span><span style="color:#3e999f;">= </span><span>10.0.0.0/24
</span><span style="color:#f07219;">Endpoint </span><span style="color:#3e999f;">= </span><span>127.0.0.1:6666 </span><span style="color:#8e908c;"># Local UDP port proxied by Xray
</span><span style="color:#f07219;">PersistentKeepalive </span><span style="color:#3e999f;">= </span><span style="color:#f07219;">10
</span></code></pre>
<p>In this setup, WireGuard traffic is sent to a local port (<code>6666</code>), which is proxied by Xray over the Reality protocol to the server.</p>
<h2 id="routing-a-single-client-s-traffic-through-the-vpn-on-mikrotik">Routing a Single Client's Traffic through the VPN on Mikrotik</h2>
<p>To route a specific client's traffic through the VPN using a Mikrotik router, follow these steps:</p>
<ol>
<li>
<p><strong>Create a New Routing Table:</strong></p>
<pre data-lang="shell" style="background-color:#f9f9f9;color:#111111;" class="language-shell "><code class="language-shell" data-lang="shell"><span>/routing table add fib name=vpn
</span></code></pre>
<p>This command creates a new routing table named <code>vpn</code>, which will be used to direct traffic through the VPN interface.</p>
</li>
<li>
<p><strong>Mark Routing for the Specific Client:</strong></p>
<pre data-lang="shell" style="background-color:#f9f9f9;color:#111111;" class="language-shell "><code class="language-shell" data-lang="shell"><span>/ip firewall mangle add action=mark-routing chain=prerouting new-routing-mark=vpn passthrough=yes src-address=192.168.90.234
</span></code></pre>
<p>This firewall mangle rule marks all traffic originating from the client with IP address <code>192.168.90.234</code>. The <code>new-routing-mark=vpn</code> ensures that packets from this client use the <code>vpn</code> routing table.</p>
</li>
<li>
<p><strong>Add a Route in the VPN Routing Table:</strong></p>
<pre data-lang="shell" style="background-color:#f9f9f9;color:#111111;" class="language-shell "><code class="language-shell" data-lang="shell"><span>/ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=homenet routing-table=vpn
</span></code></pre>
<p>This adds a default route (<code>0.0.0.0/0</code>) to the <code>vpn</code> routing table, directing marked traffic to the <code>homenet</code> gateway (which should be the VPN interface).</p>
</li>
</ol>
</section>
<div class="post-tags">
<nav class="nav tags">
<ul class="tags">
<li><a href=//btwiusearch.net/tags/linux/>linux</a></li>
<li><a href=//btwiusearch.net/tags/wireguard/>wireguard</a></li>
<li><a href=//btwiusearch.net/tags/vpn/>vpn</a></li>
<li><a href=//btwiusearch.net/tags/vless/>vless</a></li>
</ul>
</nav>
</div>
</article>
</main>
<footer>
<div style="display:flex">
<a class="soc" href=https:&#x2F;&#x2F;github.com&#x2F;house-of-vanity title=GitHub>
<i data-feather=github></i>
</a>
<a class="soc" href=tg:@ultradesu title=Telegram>
<i data-feather=send></i>
</a>
<a class="soc" href=https:&#x2F;&#x2F;www.linkedin.com&#x2F;in&#x2F;alexandr-bogomyakov-732a8a73 title=LinkedIn>
<i data-feather=linkedin></i>
</a>
<a class="soc" href=mailto:ab@hexor.cy title=E-Mail>
<i data-feather=at-sign></i>
</a>
</div>
<div class="footer-info">ver. 2.6 |
2025 © ultradesu |Powered by <a href="https://github.com/getzola/zola">Zola</a> and <a
href="https://github.com/XXXMrG/archie-zola">Archie-Zola Theme</a>
<div style="display:flex">Git tag 9d7cb16 </div>
</div>
</footer>
<script>
feather.replace();
</script>
</div>
</body>
</html>