This article is simplified and slightly modified from the reference for a general purpose IKEv2 VPN proxy running on a fresh installed Ubuntu 16.04.
letsencrypt to obtain a certificate for your domain (e.g. vpn.example.com)
Note: During my configuration process, the certificates must be pointed directly from the ipsec configuration files instead of a link, or you may get a “Permission Denied” error.
2. Install strongSwan and MS-CHAPv2 plugin for username / password authentication
sudo apt install strongswan strongswan-plugin-eap-mschapv2
3. Configure ipsec
This is a basic configuration that allows username / password authentication and multiple connections for each user.
WoSign and StartCom CA will get distrusted soon.
I have switched to GeoTrust and Comodo.
Google Security Blog:
Update from Apple:
A list of WoSign issues from Mozilla:
Article from former StartCom employee:
WoSign’s secret purchase of StartCom; WoSign threatened legal actions over the disclosure
Why I stopped using StartSSL (Hint: it involves a Chinese company)
Just a quick note
In grub CLI:
# Set root device
# Load kernel and initrd
linux /vmlinuz root=/dev/sda2
A simple Python script for automated conversion.
It is possible that the mysterious "File not found" errors will occur on complex nginx configurations, php-fpm workers only write a "Primary script unknown" message to stderr, thus the information for debugging is limited.
Recently I found a powerful tool strace which can trace I/O operations of any process, with this tool, we will be able to figure out the path php-fpm workers actually tried to read.
Simply use strace -p pid to attach a php-fpm worker, then start requesting on client side.
Use VPN to avoid network censorship / logging and stay secure on open wifi networks.
Following is a configuration and troubleshooting process on an AWS EC2 instance.
I. Initial configuration
apt-get install pptpd
After the multi-hour outage of the entire Linode Fremont data center on May 30, it’s time to make my services stronger.
The main idea is to establish an architecture with one EC2 instance, multiple RDS instances across multiple availability zones, create snapshots of EBS volumes and store them in S3, all services can be restored in minutes if incidents happen.