Enable WeakCrypto on Win10 L2TP

修改以下KEY值为“1”

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters

AllowL2TPWeakCrypto

AllowPPTPWeakCrypto

ProhibitIPSec

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent

AssumeUDPEncapsulationContextOnSendRule

Posted in L2TP | Tagged | Leave a comment

小米路由器AX3600官方固件开启SSH方法

1. 下载固件

AX3600

2. 登录管理页面

http://192.168.31.1/cgi-bin/luci/;stok=<STOK>/web/home#router

3. 打开 SSH (替换Token)

http://192.168.31.1/cgi-bin/luci/;stok=<STOK>/api/misystem/set_config_iotdev?bssid=Xiaomi&user_id=longdike&ssid=-h%3B%20nvram%20set%20ssh_en%3D1%3B%20nvram%20commit%3B%20sed%20-i%20's%2Fchannel%3D.*%2Fchannel%3D%5C%22debug%5C%22%2Fg'%20%2Fetc%2Finit.d%2Fdropbear%3B%20%2Fetc%2Finit.d%2Fdropbear%20start%3B

4. 更新root帐号密码为admin

http://192.168.31.1/cgi-bin/luci/;stok=<STOK>/api/misystem/set_config_iotdev?bssid=Xiaomi&user_id=longdike&ssid=-h%3B%20echo%20-e%20'admin%5Cnadmin'%20%7C%20passwd%20root%3B

5. 禁用路由器固件更新,否则自动更新后会失效

开启SSH原理

function setConfigIotDev()
    local XQFunction = require("xiaoqiang.common.XQFunction")
    local LuciUtil = require("luci.util")
    local result = {
        ["code"] = 0
    }
    local ssid = LuciHttp.formvalue("ssid")  ----参数直接代入,未过滤
    local bssid = LuciHttp.formvalue("bssid")----参数直接代入,未过滤
    local uid = LuciHttp.formvalue("user_id")----参数直接代入,未过滤
    XQLog.log(debug_level, "ssid = "..ssid)
    XQLog.log(debug_level, "bssid = "..bssid)
    XQLog.log(debug_level, "uid = "..uid)
    if XQFunction.isStrNil(ssid)
        or XQFunction.isStrNil(bssid)
        or XQFunction.isStrNil(uid) then
        result.code = 1523
    end
    if result.code ~= 0 then
        result["msg"] = XQErrorUtil.getErrorMessage(result.code)
    else
        XQFunction.forkExec("connect -s "..ssid.." -b "..bssid.. " -u "..uid)----参数直接代入,未过滤
    end
    LuciHttp.write_json(result)
end
Posted in Xiaomi | Tagged | Leave a comment

Add USB drive as the datastore of ESXi 7

1. Connect to ESXi host with SSH

2. Stop the USB arbitrator service. This service is used to passthrough USB device from an ESX/ESXi host to a virtual machine. (When disabling it, you can no longer passthrough USB devices to VMs)

~# /etc/init.d/usbarbitrator stop

3. Use this command to permanently disable the USB arbitrator service after reboot (optional)

~# /etc/init.d/usbarbitrator stop

4. Plug in the USB device to your ESXi host. While connecting the USB device you can either watch /var/log/vmkernel.log to identify the device name or identify it within /dev/disks.
Devices are either named mpx.vmhbaXX or with an naa.X number.

~# ls /dev/disks/

5. Write a GPT label to the device (Assuming that the Device ID is naa.5000000000000001)

~# partedUtil mklabel /dev/disks/naa.5000000000000001 gpt

6. To create a partition you need to know the start sector, end sector, which depends on the device size and the GUID.
The start sector is always 2048
The GUID for VMFS is AA31E02A400F11DB9590000C2911D1B8
The end sector can be calculated with the following formula (Use the numbers from getptbl): 

~# partedUtil getptbl /dev/disks/naa.5000000000000001 gpt 15566 255 63 25006968015566 * 255 * 63 - 1 = 250067789

You can also calculate the end sector with the following command:

~# eval expr $(partedUtil getptbl /dev/disks/naa.5000000000000001 | tail -1 | awk '{print $1 " \\* " $2 " \\* " $3}') - 1 250067789

7. Create the VMFS partition (Replace with your end sector)

~# partedUtil setptbl /dev/disks/naa.5000000000000001 gpt "1 2048 250067789 AA31E02A400F11DB9590000C2911D1B8 0"

8. Format the partition with VMFS5 or VMFS6 

~ # vmkfstools -C vmfs5 -S USB-Datastore /dev/disks/naa.5000000000000001:1
~# vmkfstools -C vmfs6 -S USB-Datastore /dev/disks/naa.5000000000000001:1

The USB-Datastore should now appear in your datastores view.

Posted in ESXI | Leave a comment

群晖 Web Station + WordPress 固定链接 [DSM6]

  • 登录SSH
sudo -i
  • 查看Web Station配置最后一行UUID
tail /etc/nginx/app.d/server.webstation-vhost.conf
  • 新建 WordPress 配置
vi /usr/local/etc/nginx/conf.d/U-U-I-D-D/user.conf.wordpress-permalink
location /{
    try_files $uri $uri/ /index.php?$args;
}
  • 重启生效
synoservicecfg --restart nginx
Posted in Synology | Leave a comment

USING RADIUS SERVER ON UBUNTU 16.04 FOR WIFI AUTHENTICATION

INSTALL FREERADIUS

First, let’s install the RADIUS server, FreeRADIUS. On the server that is going to host it do:

sudo apt-get install freeradius make

There are many different ways that FreeRADIUS can be configured, and honestly I don’t understand most of them. Here’s what I found that worked for me.

Turn off the proxy feature on the server (unless you know you need it) by editing /etc/freeradius/radiusd.conf and changing the following line:

proxy_requests = no

You may also want to look over the logging features in that configuration file to set what gets logged and where. I use “auth=yes” in the log{} block so that I log every time someone connects to the wifi. It also tells me which access point they connected to.

Continue reading

Posted in Radius | Leave a comment