My Site

Asus Merlin Policy Based Routing

By My Site
Link: https://sskaje.me/2019/02/asus-merlin-policy-based-routing/

之前写过一个版本，基于380.x的，一开始好用，最近过来发现不好使了。索性把家里路由升级到384.9，重新配置。

拓扑结构基本不变，增加了需求让两边家里能互通，所以把NAT关了。

这回直接简化，搞了个github的repo，https://github.com/sskaje/merlin-pbr，把jffs的配置脚本放进去了，依旧是 dnsmasq + ipset，但是openvpn-event脚本也可以手工维护路由列表，自动走openvpn的网卡。

Asus Merlin Policy Based Routing by My Site: https://sskaje.me/2019/02/asus-merlin-policy-based-routing/

北京联通IPv6 DNS

By My Site
Link: https://sskaje.me/2018/12/beijing-china-unicom-ipv6-dns/

2408:8000:1010:1::8
2408:8000:1010:2::8

1 2	2408:8000:1010:1::8 2408:8000:1010:2::8

之前google搜的时候，看到有人说一个好像是 dnslab.net 的，千万别用！！！

北京联通IPv6 DNS by My Site: https://sskaje.me/2018/12/beijing-china-unicom-ipv6-dns/

北京联通EdgeRouter开启IPv6

By My Site
Link: https://sskaje.me/2018/12/china-unicom-beijing-edgerouter-enable-ipv6-pppoe/

看到说北京联通的pppoe也开始启用ipv6了，在EdgeRouter Lite上开了一下设置。

联通给了个 /56 的prefix。

我的eth1接了上行，pppoe拨号，eth0是lan。

set interfaces ethernet eth1 pppoe 0 ipv6 address autoconf
set interfaces ethernet eth1 pppoe 0 ipv6 enable
set interfaces ethernet eth1 pppoe 0 ipv6 dup-addr-detect-transmits 1 

set interfaces ethernet eth1 pppoe 0 dhcpv6-pd pd 0 interface eth0 service slaac
set interfaces ethernet eth1 pppoe 0 dhcpv6-pd pd 0 prefix-length /56

set interfaces ethernet eth1 pppoe 0 ipv6 address autoconf

set interfaces ethernet eth1 pppoe 0 ipv6 enable

set interfaces ethernet eth1 pppoe 0 ipv6 dup-addr-detect-transmits 1

set interfaces ethernet eth1 pppoe 0 dhcpv6-pd pd 0 interface eth0 service slaac

set interfaces ethernet eth1 pppoe 0 dhcpv6-pd pd 0 prefix-length /56

lan

interface {
  ethernet eth0 {
    ipv6 {
      router-advert {
          cur-hop-limit 64
          link-mtu 0
          managed-flag false
          max-interval 600
          other-config-flag false
          prefix ::/64 {
              autonomous-flag true
              on-link-flag true
              valid-lifetime 2592000
          }
          reachable-time 0
          retrans-timer 0
          send-advert false
      }
    }
  }
}

interface {

ethernet eth0 {

ipv6 {

router-advert {

cur-hop-limit 64

link-mtu 0

managed-flag false

max-interval 600

other-config-flag false

prefix ::/64 {

autonomous-flag true

on-link-flag true

valid-lifetime 2592000

}

reachable-time 0

retrans-timer 0

send-advert false

}

记住配置防火墙

北京联通EdgeRouter开启IPv6 by My Site: https://sskaje.me/2018/12/china-unicom-beijing-edgerouter-enable-ipv6-pppoe/

Recover RSA Private Key from N E D

By My Site
Link: https://sskaje.me/2018/11/recover-rsa-private-key-from-n-e-d/

N: Public Modulus
E: Public Exponent
D: Private Exponent

from cryptography.hazmat.primitives.asymmetric import rsa, padding
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import serialization

n = xxxxxx
e = 65537
d = yyyyyy

(p, q) = rsa.rsa_recover_prime_factors(n, e, d)

dmp1 = d % (p - 1)
dmq1 = d % (q - 1)
iqmp = q ^ (-1) % p

print("p=" + str(p))
print("q=" + str(q))
print("dmp1=" + str(dmp1))
print("dmq1=" + str(dmq1))
print("iqmp=" + str(iqmp))

print("pq=" + str(p * q))

private_numbers = rsa.RSAPrivateNumbers(
    p=p,
    q=q,
    d=d,
    dmp1=dmp1,
    dmq1=dmq1,
    iqmp=iqmp,
    public_numbers=rsa.RSAPublicNumbers(
        e=e,
        n=n,
    )
)

pk = private_numbers.private_key(backend=default_backend())

pem = pk.private_bytes(
    encoding=serialization.Encoding.PEM,
    format=serialization.PrivateFormat.TraditionalOpenSSL,
    encryption_algorithm=serialization.NoEncryption()
)

print(str(pem, "utf-8"))

from cryptography.hazmat.primitives.asymmetric import rsa, padding

from cryptography.hazmat.primitives import hashes

from cryptography.hazmat.backends import default_backend

from cryptography.hazmat.primitives import serialization

n = xxxxxx

e = 65537

d = yyyyyy

(p, q) = rsa.rsa_recover_prime_factors(n, e, d)

dmp1 = d % (p - 1)

dmq1 = d % (q - 1)

iqmp = q ^ (-1) % p

print("p=" + str(p))

print("q=" + str(q))

print("dmp1=" + str(dmp1))

print("dmq1=" + str(dmq1))

print("iqmp=" + str(iqmp))

print("pq=" + str(p * q))

private_numbers = rsa.RSAPrivateNumbers(

p=p,

q=q,

d=d,

dmp1=dmp1,

dmq1=dmq1,

iqmp=iqmp,

public_numbers=rsa.RSAPublicNumbers(

e=e,

n=n,

)

pk = private_numbers.private_key(backend=default_backend())

pem = pk.private_bytes(

encoding=serialization.Encoding.PEM,

format=serialization.PrivateFormat.TraditionalOpenSSL,

encryption_algorithm=serialization.NoEncryption()

)

print(str(pem, "utf-8"))

Recover RSA Private Key from N E D by My Site: https://sskaje.me/2018/11/recover-rsa-private-key-from-n-e-d/

EdgeRouter X 安装KMS服务

By My Site
Link: https://sskaje.me/2018/10/install-kms-on-edgerouter/

注意：以下内容仅供已购买 Microsoft Office Volume Licensing 的机构的网络管理员参考。个人用户请购买零售版或Office 365订阅。
由于非法使用KMS服务带来的法律风险请自担。

我看到很多地方都有人给了各种教程，安装KMS服务。但是，总违背了我的一个原则，不执行未知来源的可执行文件。

而且，可能大多数人都不知道用root跑这些程序意味着什么，尤其是在路由器上。

所以我找了一个python的版本，github地址在 https://github.com/SystemRage/py-kms 。

由于ERX的存储空间限制，大部分操作都没法直接在路由上执行。所以接下来的笔记分两部分，第一部分在本地电脑上，第二部分在路由器上。

环境

路由器 Ubnt EdgeRouter X，IP 192.168.1.1，SSH端口 2345
EdgeRouter X, 固件 1.10.5

假设网络里没有配置domain，临时设置成 beijing.local

Continue reading “EdgeRouter X 安装KMS服务” »

EdgeRouter X 安装KMS服务 by My Site: https://sskaje.me/2018/10/install-kms-on-edgerouter/