SNIProxy 绑定设备后连接超时

edgerouter lite

我之前是tun模式的openvpn site-to-site,网络拓扑很简单,local tun <-> remote tun,简单配个ip就行,edgerouter上直接使用interface-route 跳转到local tun就行了。

后来换用了softether,tap模式,于是需要自己配置IP和路由表。我简单地把firewall modify的地址组切到新的设备上,但是之前的 google dns 和 sniproxy 都保留在openvpn侧。但是最近openvpn被查的厉害,ssh也是被盯上了,所以不得不切换设备到 softether 的 tap 上。

测试,发现连接超时。测试使用的域名是 download.oracle.com,解析的ip是 106.187.61.57。

路由上tcpdump

看到的请求却是:

所以。。。加路由吧。

因为公司是固定IP,所以之前配的是 system gateway-address。
这个时候直接配静态路由会报错:

先删后加

注意一下,delete执行完后需要先commit,否则还会报错。

验证一下

如果执行命令前会纠结是否生效,简单 route add 测试一下即可。无比保证vpn的metric比默认网关的大。

另,interface-route + route 的混合模式没测试。

SNIProxy 绑定设备后连接超时 by @sskaje: https://sskaje.me/2017/02/sniproxy-bind-device-connection-timeout/

EdgeRouter PPTP/L2TP Firewall Modify

AUTO_VPN 是我的规则名称
/config/scripts/post-config.d/auto_vpn_fw_modify 需要加执行权限

EdgeRouter PPTP/L2TP Firewall Modify by @sskaje: https://sskaje.me/2017/02/edgerouter-pptpl2tp-firewall-modify/

Nginx Reverse Proxy DO NOT PASS Authorization

I set up nginx asking for basic auth for some IP blocks, here is the post: Nginx 特定 IP 需要认证.

But for some products, they read Authorization header to identify client as users. If so, these two different auth would be mixed and the backend application works bad.

To solve this, add this line to proxy:

Nginx Reverse Proxy DO NOT PASS Authorization by @sskaje: https://sskaje.me/2017/01/nginx-reverse-proxy-pass-authorization/

Running Atlassian Confluence/Bamboo/Bitbucket behind Nginx with SSL

It’s easy to set up a reverse proxy forwarding requests to Atlassian’s products.

If you look up posts on Atlassian’s official confluence, you’ll get something correct but confusing.

Here is my nginx configuration, for all products except Confluence:

I have haproxy in front of Nginx, if you don’t, let nginx listens to 0.0.0.0:443 and 0.0.0.0:80.

And, for built-in tomcat, make sure you have following lines in server.xml:

So bitbucket’s server.xml looks like

All other fields are all default values.

For Confluences, there’s something really stupid: ‘synchrony’.
According to official confluence, add lines below to nginx:

Other wise you’ll get function corrupted.

Running Atlassian Confluence/Bamboo/Bitbucket behind Nginx with SSL by @sskaje: https://sskaje.me/2017/01/running-atlassian-confluencebamboobitbucket-nginx-ssl/