@sskaje

Network VPN

Azure Site-to-Site VPN with Dynamic Client IP

Post author By sskaje
Post date August 26, 2019
No Comments on Azure Site-to-Site VPN with Dynamic Client IP

By @sskaje
Link: https://sskaje.me/2019/08/azure-site-to-site-vpn-with-dynamic-client-ip/

以前自己用 strongswan 等软件配 IPSec site-to-site 的时候，可以直接指定客户端的 IP 是 0.0.0.0，Azure 的 site-to-site IPSec VPN 必须要指定客户端 IP。

PowerShell 爱好者可以参考 https://www.hayesjupe.com/using-azure-rm-site-to-site-vpn-with-a-dynamic-ip/ 这篇文章。

我还是习惯用 Linux，于是使用 Azure CLI 来解决这个问题。

在 VPN 的 Virtual Network 里放置一台 Linux 虚拟机。按照上述连接里的说明安装软件。接下来开始操作。

1 登录

SSH 登录虚拟机后，执行命令，并按照输出，用浏览器登录 Azure 账号，完成认证。

$ az login
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code XXXXXXX to authenticate.

1 2	$ az login To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code XXXXXXX to authenticate.

如果是中国区 Azure，先需要设置服务器

$ az cloud set -n AzureChinaCloud
Switched active cloud to 'AzureChinaCloud'.
Use 'az login' to log in to this cloud.
Use 'az account set' to set the active subscription.

$ az cloud set -n AzureChinaCloud

Switched active cloud to 'AzureChinaCloud'.

Use 'az login' to log in to this cloud.

Use 'az account set' to set the active subscription.

如果需要切换回海外版本

$ az cloud set -n AzureCloud

1	$ az cloud set -n AzureCloud

2 添加更新服务

参考 DDNS 的玩法，让客户端定期更新IP。服务端可以简单地将数据记录到数据库、文件、或者任何地方，配置一个 cron 来执行更新检测和 Gateway IP 更新。

3 更新 Gateway IP

# 更新 IP
$ az network local-gateway update -g RGNAME -n GWNAME --gateway-ip-address IP.ADD.RE.SS
# 查看 Gateway
$ az network local-gateway list -g RGNAME

# 更新 IP

$ az network local-gateway update -g RGNAME -n GWNAME --gateway-ip-address IP.ADD.RE.SS

# 查看 Gateway

$ az network local-gateway list -g RGNAME

这里会有个问题，如果源 IP 和新 IP 相同，update 可能会出一个莫名其妙的404 错误。

Operation failed with status: 'Not Found'. Details: 404 Client Error: Not Found for url: https://management.chinacloudapi.cn/subscriptions/SUBSCRIPTION_ID/providers/Microsoft.Network/locations/chinanorth/operations/OPERATION_ID?api-version=2019-04-01

1	Operation failed with status: 'Not Found'. Details: 404 Client Error: Not Found for url: https://management.chinacloudapi.cn/subscriptions/SUBSCRIPTION_ID/providers/Microsoft.Network/locations/chinanorth/operations/OPERATION_ID?api-version=2019-04-01

看了眼 –verbose –debug 的输出，这个 update 命令先发送了一条命令到服务端，然后轮询等待任务更新。可能这个任务服务端直接判定不需要执行，所以返回的 operation id 无效。

Azure Site-to-Site VPN with Dynamic Client IP by @sskaje: https://sskaje.me/2019/08/azure-site-to-site-vpn-with-dynamic-client-ip/

Tags azure, site to site, vpn

未分类

MacPorts xcodebuild error

Post author By sskaje
Post date August 8, 2019
No Comments on MacPorts xcodebuild error

By @sskaje
Link: https://sskaje.me/2019/08/macports-xcodebuild-error/

Error messages:

Warning: xcodebuild exists but failed to execute

Warning: All compilers are either blacklisted or unavailable; defaulting to first fallback option

Warning: Xcode does not appear to be installed; most ports will likely fail to build.

Solution:

sudo xcode-select -switch /Applications/Xcode.app

1	sudo xcode-select -switch /Applications/Xcode.app

MacPorts xcodebuild error by @sskaje: https://sskaje.me/2019/08/macports-xcodebuild-error/

杂七杂八笔记

Unity Package Manager 协议分析

Post author By sskaje
Post date August 7, 2019
No Comments on Unity Package Manager 协议分析

By @sskaje
Link: https://sskaje.me/2019/08/unity-package-manager-%e5%8d%8f%e8%ae%ae%e5%88%86%e6%9e%90/

Unity Package Manager 的 Windows 版不认系统的证书设置，直接配置代理走 Charles Proxy 没法抓到请求的包。懒得去搭反向代理，直接使用 Charles Proxy 的 Map Remote 功能，在 manifest.json 里随便设置一个地址，用 Charles Proxy 修改请求到 https://packages.unity.com 上，就可以抓包了。

请求逻辑是这样的：

1 请求 /com.unity.package-manager.metadata ，官方地址 https://packages.unity.com/com.unity.package-manager.metadata

2 根据 1 的响应里的searchablePackages，拼接 https://packages.unity.com/{PACKAGE} 获取包信息，例如 https://packages.unity.com/com.unity.xiaomi

3 从 2 的响应里读取包下载地址，从 dist.tarball 里获取下载地址。例如 https://download.packages.unity.com/com.unity.xiaomi/-/com.unity.xiaomi-1.0.3.tgz

根据这个协议，自己写个服务端，甚至用nginx搭建一个，还是比较简单的。此外 nexus 是个好选择，不用处理 3 里域名的问题，具体看 https://sskaje.me/2019/08/sonatype-nexus-3-as-unity-package-mirror/

Unity Package Manager 协议分析 by @sskaje: https://sskaje.me/2019/08/unity-package-manager-%e5%8d%8f%e8%ae%ae%e5%88%86%e6%9e%90/

Tags charles proxy, nexus, unity, unity package manager, upm

杂七杂八笔记

Sonatype Nexus 3 as Unity Package Mirror

Post author By sskaje
Post date August 7, 2019
No Comments on Sonatype Nexus 3 as Unity Package Mirror

By @sskaje
Link: https://sskaje.me/2019/08/sonatype-nexus-3-as-unity-package-mirror/

Unity Package Manager 使用了 npm 的协议，配置起来比较简单。安装好nexus 3之后，直接创建一个 npm 的 proxy，Remote Storage 设置成 https://packages.unity.com 就行。国内服务器有条件设置一个代理也好，毕竟unity 的服务器被墙的概率挺高的。

然而，有几个坑。

1 Unity Package Manager 启动的时候会发无数个 HEAD 请求，而 nexus 3 并不支持HEAD，直接返回了404，于是 UPM 里一片红色的报警，但是不影响安装。

2 UPM 不支持加密认证，所以要想使用本地的镜像仓库，或者用 nexus 来管理自己的包，只能开启匿名访问。而公司场景的 nexus，最好从比 http 更底层的方式控制访问，例如各层加来源 IP 控制。官方说 2020.1 才会加认证的支持 https://forum.unity.com/threads/setup-for-scoped-registries-private-registries.573934/ 。

3 墙的问题太严重。

Sonatype Nexus 3 as Unity Package Mirror by @sskaje: https://sskaje.me/2019/08/sonatype-nexus-3-as-unity-package-mirror/

Tags nexus, unity, unity package manager, unity3d, upm

Network OS X 笔记

MacOS VPN Auto Add Routes

Post author By sskaje
Post date April 25, 2019
No Comments on MacOS VPN Auto Add Routes

By @sskaje
Link: https://sskaje.me/2019/04/macos-vpn-auto-add-routes/

I tested on macOS 10.14, L2TP VPN.

I connect to my office VPN to work remotely, but I don’t want to send all traffic to VPN interface. Usually, I open a Terminal.app and execute commands after VPN connected:

$ sudo su
# route add -net 192.168.2.0/24 192.168.100.1

1 2	$ sudo su # route add -net 192.168.2.0/24 192.168.100.1

192.168.2.0/24 is address block used in my office, 192.168.100.1 is VPN gateway address.

It’s really inconvenient. But I have a new solution: networksetup.

Usage: networksetup -setadditionalroutes <networkservice> [ <dest> <mask> <gateway> ]*
Set additional IPv4 routes associated with <networkservice>
by specifying one or more [ <dest> <mask> <gateway> ] tuples.
Remove additional routes by specifying no arguments.
If <gateway> is “”, the route is direct to the interface

First, find your service name.

$ networksetup -listallnetworkservices

1	$ networksetup -listallnetworkservices

Find your VPN connection name, in my case ‘My Office’.

# networksetup -setadditionalroutes 'My Office' 192.168.2.0 255.255.255.0 ""

1	# networksetup -setadditionalroutes 'My Office' 192.168.2.0 255.255.255.0 ""

If you have multiple route entries to add,

networksetup -setadditionalroutes 'My Office' 172.16.0.0 255.255.240.0 "" 192.168.2.0 255.255.255.0 ""

1	networksetup -setadditionalroutes 'My Office' 172.16.0.0 255.255.240.0 "" 192.168.2.0 255.255.255.0 ""

L2TP is a Point-to-Point VPN, the gateway address is not that important, that’s why I use “” instead of 192.168.100.1.

MacOS VPN Auto Add Routes by @sskaje: https://sskaje.me/2019/04/macos-vpn-auto-add-routes/