Install kernel headers for wireguard installation.

apt install linux-headers-$(uname -r)

Install jupyter lab widget extensions for interactive matplotlib plots

https://stackoverflow.com/a/55848505/3831382

Put the config below in .screenrc for tab view during screen sessions.

caption always "%{= kw}%-w%{= gW}%n %t%{-}%+w %-= hostname@username - %Y-%m-%d %C:%s"

Installing a dummy monitor on Ubuntu 18.04 LTS –needed for remote gui access through vnc.

http://www.bictor.com/2017/08/15/installing-a-dummy-monitor/

ubuntu 18.04 + pptpd + iptables windows rdp setup

# allow pptpd iptables -I INPUT -p tcp --dport 1723 -m state --state NEW -j ACCEPT iptables -I INPUT -p gre -j ACCEPT # allow internet access iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -s 10.0.0.0/24 -j TCPMSS --clamp-mss-to-pmtu # allow windows remote desktop iptables -t nat -A PREROUTING -d server.ip.goes.here -p tcp --dport 3389 -j DNAT --to-dest 10.0.0.2:3389 iptables -t nat -A POSTROUTING -d 10.0.0.2 -p tcp --dport 3389 -j SNAT --to-source 10.0.0.1

Turn off chrome dark theme while keeping osx mojave dark on

defaults write com.google.Chrome NSRequiresAquaSystemAppearance -bool YES

Allow ssh:

sudo iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT

Save iptables rules on CentOS 6/7:

sudo service iptables save

Run VS Code on the remote server

https://dev.to/babak/how-to-run-vs-code-on-the-server-3c7h

IKEv2 VPN Server on Ubuntu 18.04 with StrongSwan

1) Install

sudo apt update sudo apt install strongswan strongswan-pki

2) Create certificate authority

Create folder structure and set permissions:

mkdir -p ~/pki/{cacerts,certs,private} chmod 700 ~/pki

Generate the root 4096-bit RSA key:

ipsec pki --gen --type rsa --size 4096 --outform pem > ~/pki/private/ca-key.pem

Generate the certificate authority:

ipsec pki --self --ca --lifetime 3650 --in ~/pki/private/ca-key.pem --type rsa --dn "CN=VPN root CA" --outform pem > ~/pki/cacerts/ca-cert.pem

3) Create server certificates and keys

Create a private key for the server:

ipsec pki --gen --type rsa --size 4096 --outform pem > ~/pki/private/server-key.pem

Sign the VPN server's certificate with the CA we've created:

ipsec pki --pub --in ~/pki/private/server-key.pem --type rsa \ | ipsec pki --issue --lifetime 1825 \ --cacert ~/pki/cacerts/ca-cert.pem \ --cakey ~/pki/private/ca-key.pem \ --dn "CN=server_domain_or_IP" --san "server_domain_or_IP" \ --flag serverAuth --flag ikeIntermediate --outform pem \ > ~/pki/certs/server-cert.pem

Put everything in place.

sudo cp -r ~/pki/* /etc/ipsec.d/

4) Configure strongswan

Back the reference up

sudo mv /etc/ipsec.conf{,.original}

Go

sudo nano /etc/ipsec.conf

config setup charondebug="ike 2, knl 1, cfg 0" uniqueids=no conn ikev2-vpn auto=add compress=no type=tunnel keyexchange=ikev2 fragmentation=yes forceencaps=yes dpdaction=clear dpddelay=300s rekey=no left=%any [email protected] leftcert=server-cert.pem leftsendcert=always leftsubnet=0.0.0.0/0 right=%any rightid=%any rightauth=eap-mschapv2 rightsourceip=10.10.10.0/24 rightdns=8.8.8.8,8.8.4.4 rightsendcert=never eap_identity=%identity ike=aes256gcm16-prfsha256-ecp521,aes256-sha256-ecp384,aes256-sha256-modp1024

5) Configure VPN authentication

Tell where private key is located, and set your credentials. sudo nano /etc/ipsec.secrets

: RSA "server-key.pem" your_username : EAP "your_password"

6) Configure firewall and IP forwarding

Open ports:

sudo ufw allow OpenSSH sudo ufw enable sudo ufw allow 500,4500/udp

Open /etc/ufw/before.rules, and add before the **filter* line

*nat -A POSTROUTING -s 10.10.10.0/24 -o eth0 -m policy --pol ipsec --dir out -j ACCEPT -A POSTROUTING -s 10.10.10.0/24 -o eth0 -j MASQUERADE COMMIT *mangle -A FORWARD --match policy --pol ipsec --dir in -s 10.10.10.0/24 -o eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1361:1536 -j TCPMSS --set-mss 1360 COMMIT

and add after **filter* line

-A ufw-before-forward --match policy --pol ipsec --dir in --proto esp -s 10.10.10.0/24 -j ACCEPT -A ufw-before-forward --match policy --pol ipsec --dir out --proto esp -d 10.10.10.0/24 -j ACCEPT

Change each instance of eth0 in the above configuration to match the interface name you found with ip route. Save and exit the file.

Enable ip forwarding: sudo nano /etc/ufw/sysctl.conf

net/ipv4/ip_forward=1 net/ipv4/conf/all/accept_redirects=0 net/ipv4/conf/all/send_redirects=0 net/ipv4/ip_no_pmtu_disc=1

Restart everything:

sudo ufw disable sudo ufw enable sudo sysctl -p sudo systemctl restart strongswan

7) Windows client configuration

EAP authentication needs PowerShell configuration, run:

Add-VpnConnection ` -Name "VPN Name" ` -ServerAddress "vpn.example.net" ` -AuthenticationMethod "Eap" ` -EncryptionLevel "Maximum" ` -RememberCredential ` -TunnelType "Ikev2"

Forward server incoming port to one of PPTP clients with iptables

iptables -t nat -A PREROUTING -d server.network.ip.here -p tcp --dport 3389 -j DNAT --to-dest pptp.client.ip.here:3389

iptables -t nat -A POSTROUTING -d pptpclient.ip.goes.here -p tcp --dport 3389 -j SNAT --to-source server.pptp.ip.here

Resolving IIS FTP bug on Windows Server R2/7/10 Education/Pro

It’s a bug that is documented here.

Simply run following:

sc sidtype ftpsvc unrestricted

and then restart the ftp server:

net stop ftpsvc & net start ftpsvc

CentOS 7 Install Minimal Desktop Environment with GNOME

This assumes you start with a CentOS 7 Minimal setup.

run

yum groupinstall "X Window System" yum install gnome-classic-session gnome-terminal nautilus-open-terminal control-center liberation-mono-fonts unlink /etc/systemd/system/default.target ln -sf /lib/systemd/system/graphical.target /etc/systemd/system/default.target reboot

set power limit for amd gpus in linux

log into root, sudo won't work. e.g. 120000000 = 120 Watts.

echo 120000000 > /sys/class/drm/card0/device/hwmon/hwmon0/power1_cap

cleaning amdgpu and amdgpu-pro libraries from Ubuntu 18.04 bionic

If the amdgpu driver installations fail you may end up suffering in a hell of broken packages. Here’s a manual clean up in bash:

for amdgpupkg in $(dpkg --list | grep amdgpu | awk '{print $2}'); do echo $amdgpupkg; sudo dpkg --purge --force-all $amdgpupkg; done

and run again for pro packages:

for amdgpupkg in $(dpkg --list | grep amdgpu-pro | awk '{print $2}'); do echo $amdgpupkg; sudo dpkg --purge --force-all $amdgpupkg; done

then clean-up your apt tree:

sudo apt --fix-broken install

\/

Setup VNC Server on Ubuntu 18.04 with Xfce4

vino is Ubuntu's default vnc solution:

sudo apt-get install vino

vino settings are not exposed to xfce4, so you should install gsettings

sudo apt install libglib2.0-bin

Display all the preferences

gsettings list-recursively org.gnome.Vino

[x] Allow other users to control your desktop NOTE: Reverse Boolean

gsettings set org.gnome.Vino view-only false

[ ] You must confirm each access to this machine

gsettings set org.gnome.Vino prompt-enabled false

[x] Require the user to enter this password Step 1. Ask for password (NOTE: Only tested with bash and zsh)

echo -n "VNC Password: " && read -s password < /dev/tty && echo ""

Step 2. Set the preferences

gsettings set org.gnome.Vino authentication-methods "['vnc']" gsettings set org.gnome.Vino vnc-password "$(echo $password | base64)"

Step 3. Clear the $password variable

unset password

[ ] Automatically configure UPnP router to open and forward ports

gsettings set org.gnome.Vino use-upnp false

Show Notification Area Icon ( ) always // Always () client // Only when someone is connected (x) never // Never --if you use xfce.

gsettings set org.gnome.Vino icon-visibility never

Add desktop sharing to xfce autostart: sudo cp /usr/share/applications/vino-server.desktop /etc/xdg/autostart/vino-server.desktop

Verify that vino starts at boot: xfce4-session-settings

Test it: /usr/lib/vino/vino-server --sm-disable

ubuntu-18.04-qemu-setup

Very useful.

https://dennisnotes.com/note/20180614-ubuntu-18.04-qemu-setup/

Setup KVM Virtualization on Ubuntu Server 18.04 LTS

Install packages

sudo apt install qemu-kvm libvirt-clients libvirt-daemon-system bridge-utils virt-manager

Open /etc/netplan/50-cloud-init.yaml, and create a bridge:

network: version: 2 ethernets: enp30s0: dhcp4: no dhcp6: no bridges: br0: interfaces: [enp30s0] dhcp4: no addresses: [192.168.0.199/24] gateway4: 192.168.0.1 nameservers: addresses: [192.168.0.1]

Add your username to usergroups to be able to manage VMs.

sudo adduser wak libvirt sudo adduser wak libvirt-qemu

Apply settings.

sudo netplan apply

If it fails, see debug logs.

sudo netplan --debug apply

Verify your bridge is active. networkctl should give you

sudo networkctl status -a