### Start Shadowsocks-libev Server Source: https://www.e2encrypted.com/howtos/install-shadowsocks-libev-with-simple-obfs Command to initiate the Shadowsocks-libev server service using its init script, bringing the proxy online. ```bash sudo /etc/init.d/shadowsocks-libev start ``` -------------------------------- ### Start OpenVPN Client with a Configuration File Source: https://www.e2encrypted.com/howtos/set-up-openvpn-comprehensive-guide-with-detailed-instructions This command initiates the OpenVPN client on Linux and macOS systems, instructing it to use a specified configuration file. Replace '/path/to/config.ovpn' with the actual path to your OpenVPN configuration file. This command requires superuser privileges. ```bash sudo openvpn --config /path/to/config.ovpn ``` -------------------------------- ### Install StrongSwan IPsec VPN Software on Linux Source: https://www.e2encrypted.com/howtos/set-up-ipsec-vpn-step-by-step-guide This command sequence updates the package list and then installs the StrongSwan IPsec VPN software along with the EAP-MSCHAPv2 plugin, which is required for certain authentication methods. ```Shell sudo apt-get update sudo apt-get install strongswan strongswan-plugin-eap-mschapv2 ``` -------------------------------- ### Start StrongSwan IPsec VPN Service Source: https://www.e2encrypted.com/howtos/set-up-ipsec-vpn-step-by-step-guide This command initiates the StrongSwan IPsec VPN service, making the configured VPN connections active and ready to accept client connections. ```Shell sudo ipsec start ``` -------------------------------- ### Shadowsocks-libev Server Configuration Example Source: https://www.e2encrypted.com/howtos/install-shadowsocks-libev-with-simple-obfs Provides a sample JSON configuration file for the Shadowsocks-libev server, detailing parameters such as server address, port, local port, password, timeout, encryption method, workers, and plugin options. ```json { "server":"0.0.0.0", "server_port":9521, "local_port":1080, "password":"dUS9Sw5QMiMQ", "timeout":300, "method":"chacha20-ietf-poly1305", "workers":8, "plugin":"obfs-server", "plugin_opts": "obfs=tls;obfs-host=www.yahoo.com", "fast_open":true, "reuse_port":true } ``` -------------------------------- ### Execute UUP Dump macOS Download Script Source: https://www.e2encrypted.com/posts/uup-dump-on-macos-guide-and-troubleshooting This snippet shows the command to run the `uup_download_macos.sh` script, which automates the process of downloading Windows installation files and converting them into an ISO image on macOS. The output demonstrates the various stages, including converter downloads, file transfers, and ISO creation. ```sh sh ./uup_download_macos.sh Downloading converters... [NOTICE] CUID#7 - Redirecting to https://raw.githubusercontent.com/uup-dump/converter/.../convert.sh ... Download complete: files/convert.sh ... Download complete: files/convert_ve_plugin ... Download complete: /Users/.../aria2_script.9201.txt ... Download complete: UUPs/Microsoft-Windows-Client-Desktop-Required-Package.ESD ... CAB -> ESD: Microsoft-Windows-LanguageFeatures-Speech-en-us-Package-arm64 ... Creating ISO image... ... Total translation table size: 2048 Total rockridge attributes bytes: 0 Total directory bytes: 0 Path table size(bytes): 10 Max brk space used 0 2194437 extents written (4286 MB) Done. ``` -------------------------------- ### Install Certbot on Debian using Snap Source: https://www.e2encrypted.com/howtos/how-to-get-wildcard-tls-certificate-from-letsencrypt Installs the Certbot client on a Debian system using Snap, a universal packaging system, and creates a symbolic link for easy access. This setup is necessary before proceeding with certificate generation. ```Shell sudo snap install --classic certbot sudo ln -s /snap/bin/certbot /usr/bin/certbot ``` -------------------------------- ### Network Path Verification Tools Source: https://www.e2encrypted.com/howtos/set-up-openvpn-comprehensive-guide-with-detailed-instructions Command-line utilities for tracing network paths and performing continuous diagnostics to ensure proper VPN connectivity and data routing. ```Shell traceroute ``` ```Shell mtr ``` -------------------------------- ### Nostr NIP-73 Examples: Referencing Podcasts by GUID Source: https://www.e2encrypted.com/nostr/nips/73 These examples illustrate how to reference different types of podcast identifiers (RSS Feed GUID, RSS Item GUID, RSS Publisher GUID) using 'i' tags in Nostr events. Each 'i' tag includes a specific 'podcast:' prefix followed by the respective GUID, enabling precise linking to podcast content. ```JSON ["i", "podcast:guid:c90e609a-df1e-596a-bd5e-57bcc8aad6cc"] ``` ```JSON ["i", "podcast:item:guid:d98d189b-dc7b-45b1-8720-d4b98690f31f"] ``` ```JSON ["i", "podcast:publisher:guid:18bcbf10-6701-4ffb-b255-bc057390d738"] ``` -------------------------------- ### Shadowsocks-libev Command Line Options Reference Source: https://www.e2encrypted.com/howtos/install-shadowsocks-libev-with-simple-obfs Detailed documentation for the command-line arguments available for shadowsocks-libev components. Each option's purpose, accepted values, default settings, and specific applicability to different modes (e.g., server, local, manager) are described. ```APIDOC shadowsocks-libev Command Line Options: -s : Description: Set the server’s hostname or IP. -l : Description: Set the local port number. Constraints: Not available in server nor manager mode. -k , --password : Description: Set the password. The server and the client should use the same password. --key : Description: Set the key directly. The key should be encoded with URL-safe Base64. Constraints: Not available in manager mode. -m : Description: Set the cipher. Accepted Values: aes-128-gcm, aes-192-gcm, aes-256-gcm, rc4-md5, aes-128-cfb, aes-192-cfb, aes-256-cfb, aes-128-ctr, aes-192-ctr, aes-256-ctr, bf-cfb, camellia-128-cfb, camellia-192-cfb, camellia-256-cfb, chacha20-ietf-poly1305, salsa20, chacha20, chacha20-ietf. Default: chacha20-ietf-poly1305. Note: If built with PolarSSL or custom OpenSSL libraries, some of these ciphers may not work. -a : Description: Run as a specific user. -f : Description: Start shadowsocks as a daemon with specific pid file. -t : Description: Set the socket timeout in seconds. Default: 60. -c : Description: Use a configuration file. -n : Description: Specify max number of open files. Constraints: Not available in manager mode. Only available on Linux. -i : Description: Send traffic through specific network interface. Example: If you configure shadowsocks-libev to listen on 0.0.0.0:8388 and bind to eth1, traffic will go out through eth1. Constraints: Not available in redir mode. -b : Description: Specify local address to bind. Constraints: Not available in server nor manager mode. -u: Description: Enable UDP relay. Note: TPROXY is required in redir mode. May need root permission. -U: Description: Enable UDP relay and disable TCP relay. Constraints: Not available in local mode. -L : Description: Specify destination server address and port for local port forwarding. Constraints: Only available in tunnel mode. -d : Description: Setup name servers for internal DNS resolver (libc-ares). Default: Fetched from /etc/resolv.conf. Constraints: Only available in server and manager mode. --fast-open: Description: Enable TCP fast open. Constraints: Not available in redir nor tunnel mode, with Linux kernel > 3.7.0. --reuse-port: Description: Enable port reuse. Constraints: Only available with Linux kernel > 3.9.0. --no-delay: Description: Enable TCP_NODELAY. --acl : Description: Enable ACL (Access Control List) and specify config file. Constraints: Not available in redir nor tunnel mode. --manager-address : Description: Specify UNIX domain socket address. Constraints: Only available in server and manager mode. --executable : Description: Specify the executable path of ss-server. Constraints: Only available in manager mode. -v: Description: Enable verbose mode. -h|--help: Description: Print help message. ``` -------------------------------- ### Install Missing 'cabextract' Dependency Source: https://www.e2encrypted.com/posts/uup-dump-on-macos-guide-and-troubleshooting This command resolves the 'cabextract does not seem to be installed' error. It uses Homebrew to install the `cabextract` utility, which is essential for UUP Dump to process cabinet files. ```sh brew install cabextract ``` -------------------------------- ### Install acme.sh Client Source: https://www.e2encrypted.com/howtos/how-to-get-tls-certificate-from-google This command downloads and executes the acme.sh installation script, automatically installing the ACME client. It requires an email address for registration and notifications. ```Bash curl https://get.acme.sh | sh -s email= ``` -------------------------------- ### Sample OpenVPN Client Configuration File (config.ovpn) Source: https://www.e2encrypted.com/howtos/set-up-openvpn-comprehensive-guide-with-detailed-instructions This is a sample OpenVPN client configuration file demonstrating common settings for connecting to a VPN server. It specifies the client mode, TUN device, UDP protocol, remote server address and port, and various authentication and optimization options. Users must replace 'VPN_SERVER_ADDRESS' and ensure correct paths for certificate and key files. ```OpenVPN Config client dev tun proto udp remote VPN_SERVER_ADDRESS 1194 resolv-retry infinite nobind persist-key persist-tun ca ca.crt cert client.crt key client.key tls-client tls-auth ta.key 1 comp-lzo verb 3 ``` -------------------------------- ### Install Missing 'wimlib' Dependency Source: https://www.e2encrypted.com/posts/uup-dump-on-macos-guide-and-troubleshooting This command addresses the 'wimlib-imagex does not seem to be installed' error. It uses Homebrew to install the `wimlib` library, which is crucial for handling Windows Imaging Format files during the UUP Dump process. ```sh brew install wimlib ``` -------------------------------- ### Install Certbot Cloudflare DNS Plugin Source: https://www.e2encrypted.com/howtos/how-to-get-wildcard-tls-certificate-from-letsencrypt This command installs the `certbot-dns-cloudflare` plugin using `pip3`. This plugin is essential for Certbot to automate the DNS-01 challenge with Cloudflare, as it is not installed by default. ```bash pip3 install certbot-dns-cloudflare ``` -------------------------------- ### Install OpenVPN Client on Debian-based Linux Source: https://www.e2encrypted.com/howtos/set-up-openvpn-comprehensive-guide-with-detailed-instructions This command installs the OpenVPN client package on Debian-based Linux distributions (e.g., Ubuntu, Mint) using the 'apt-get' package manager. It requires superuser privileges. ```bash sudo apt-get install openvpn ``` -------------------------------- ### Verify OpenVPN Service Status Source: https://www.e2encrypted.com/howtos/set-up-openvpn-comprehensive-guide-with-detailed-instructions Commands to check the running status of the OpenVPN service on both Linux and Windows operating systems. ```Shell (Linux) systemctl status openvpn ``` ```Shell (Windows) sc query openvpn ``` -------------------------------- ### Configure iptables for Shadowsocks-redir Traffic Redirection Source: https://www.e2encrypted.com/howtos/install-shadowsocks-libev-with-simple-obfs This example provides a comprehensive set of iptables rules required to redirect TCP and UDP traffic through ss-redir. It includes creating custom chains, ignoring specific IP addresses (server, LANs, reserved networks), and applying REDIRECT for TCP and TPROXY for UDP, followed by the command to start ss-redir. ```bash # Create new chain iptables -t nat -N SHADOWSOCKS iptables -t mangle -N SHADOWSOCKS # Ignore your shadowsocks server's addresses # It's very IMPORTANT, just be careful. iptables -t nat -A SHADOWSOCKS -d 123.123.123.123 -j RETURN # Ignore LANs and any other addresses you'd like to bypass the proxy # See Wikipedia and RFC5735 for full list of reserved networks. # See ashi009/bestroutetb for a highly optimized CHN route list. iptables -t nat -A SHADOWSOCKS -d 0.0.0.0/8 -j RETURN iptables -t nat -A SHADOWSOCKS -d 10.0.0.0/8 -j RETURN iptables -t nat -A SHADOWSOCKS -d 127.0.0.0/8 -j RETURN iptables -t nat -A SHADOWSOCKS -d 169.254.0.0/16 -j RETURN iptables -t nat -A SHADOWSOCKS -d 172.16.0.0/12 -j RETURN iptables -t nat -A SHADOWSOCKS -d 192.168.0.0/16 -j RETURN iptables -t nat -A SHADOWSOCKS -d 224.0.0.0/4 -j RETURN iptables -t nat -A SHADOWSOCKS -d 240.0.0.0/4 -j RETURN # Anything else should be redirected to shadowsocks's local port iptables -t nat -A SHADOWSOCKS -p tcp -j REDIRECT --to-ports 12345 # Add any UDP rules ip rule add fwmark 0x01/0x01 table 100 ip route add local 0.0.0.0/0 dev lo table 100 iptables -t mangle -A SHADOWSOCKS -p udp --dport 53 -j TPROXY --on-port 12345 --tproxy-mark 0x01/0x01 # Apply the rules iptables -t nat -A PREROUTING -p tcp -j SHADOWSOCKS iptables -t mangle -A PREROUTING -j SHADOWSOCKS # Start the shadowsocks-redir ss-redir -u -c /etc/config/shadowsocks.json -f /var/run/shadowsocks.pid ``` -------------------------------- ### Shadowsocks-libev Command Line Synopsis Source: https://www.e2encrypted.com/howtos/install-shadowsocks-libev-with-simple-obfs Provides the general syntax for running shadowsocks-libev components (ss-local, ss-redir, ss-server, ss-tunnel, ss-manager) with common command-line options. This outlines the typical structure for invoking the various tools. ```Shell NAME shadowsocks-libev - a lightweight and secure socks5 proxy SYNOPSIS ss-local|ss-redir|ss-server|ss-tunnel|ss-manager [-s ] [-p ] [-l ] [-k ] [-m ] [-f ] [-t ] [-c ] ``` -------------------------------- ### Install Certbot on macOS with Homebrew Source: https://www.e2encrypted.com/howtos/how-to-get-wildcard-tls-certificate-from-letsencrypt Installs the Certbot client on a macOS system using the Homebrew package manager. This command is a prerequisite for generating and managing Let's Encrypt certificates. ```Shell brew install certbot ``` -------------------------------- ### Compile and Install Simple-obfs from Source on Debian/Raspberry Pi Source: https://www.e2encrypted.com/howtos/install-shadowsocks-libev-with-simple-obfs This snippet details the process of compiling and installing simple-obfs from its source code on Debian-based systems like Raspberry Pi. It includes installing necessary build dependencies, cloning the Git repository, updating submodules, and then configuring, compiling, and installing the software, showing the typical output of the build process. ```bash $ sudo apt-get install --no-install-recommends build-essential autoconf libtool libssl-dev libpcre3-dev libev-dev asciidoc xmlto automake $ git clone –-depth=1 --shallow-submodules https://github.com/shadowsocks/simple-obfs.git $ cd simple-obfs $ git submodule update --init --recursive $ ./autogen.sh $ ./configure && make $ sudo make install /bin/mkdir -p '/usr/local/bin' /bin/bash ../libtool --mode=install /usr/bin/install -c obfs-local obfs-server '/usr/local/bin' /bin/mkdir -p '/usr/local/share/doc/simple-obfs' /usr/bin/install -c -m 644 obfs-local.html obfs-server.html '/usr/local/share/doc/simple-obfs' /bin/mkdir -p '/usr/local/share/man/man1' /usr/bin/install -c -m 644 obfs-local.1 obfs-server.1 '/usr/local/share/man/man1' ``` -------------------------------- ### Install 'cdrtools' to Fix 'genisoimage' Error Source: https://www.e2encrypted.com/posts/uup-dump-on-macos-guide-and-troubleshooting This command provides the solution for the 'No available formula with the name genisoimage' error, which often indicates that `genisoimage` or `mkisofs` is missing. Installing `cdrtools` via Homebrew provides the necessary utilities for ISO image creation. ```sh brew install cdrtools ``` -------------------------------- ### Connect OpenVPN Profile on Windows via Command Line Source: https://www.e2encrypted.com/howtos/set-up-openvpn-comprehensive-guide-with-detailed-instructions This command line snippet demonstrates how to programmatically connect to an OpenVPN profile on Windows. It uses the `openvpn-gui.exe` with the `--command connect` argument, specifying the path to the `.ovpn` configuration file. This is useful for scripting automated VPN connections. ```cmd "C:\Program Files\OpenVPN\bin\openvpn-gui.exe" --command connect yourconfigfile.ovpn ``` -------------------------------- ### Example PEM Encoded CA Certificate Source: https://www.e2encrypted.com/certs/e72ef1dffcb20928cf5dd4d56737b151cb864f01 This is an example of a CA certificate encoded in PEM format, typically starting with '-----BEGIN CERTIFICATE-----' and ending with '-----END CERTIFICATE-----'. The content is base64 encoded. ```Text -----BEGIN CERTIFICATE----- MIIDczCCAlugAwIBAgILAK7PALrEzzL4Q7IwDQYJKoZIhvcNAQELBQAwVjELMAkG A1UEBhMCVVMxEzARBgNVBAsTCmVtU2lnbiBQS0kxFDASBgNVBAoTC2VNdWRocmEg SW5jMRwwGgYDVQQDExNlbVNpZ24gUm9vdCBDQSAtIEMxMB4XDTE4MDIxODE4MzAw MFoXDTQzMDIxODE4MzAwMFowVjELMAkGA1UEBhMCVVMxEzARBgNVBAsTCmVtU2ln biBQS0kxFDASBgNVBAoTC2VNdWRocmEgSW5jMRwwGgYDVQQDExNlbVNpZ24gUm9v dCBDQSAtIEMxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz+upufGZ BczYKCFK83M0UYRWEPWgTywS4/oTmifQz/l5GnRfHXk5/Fv4cI7gklL35CX5VIPZ HdPIWoU/Xse2B+4+wM6ar6xWQio5JXDWv7V7Nq2s9nPczdcdioOl+yuQFTdrHCZH 3DspVpNqs8FqOp099cGXOFgFixwR4+S0uF2FHYP+eF8LRWgYSKVGczQ7/g/IdrvH GPMF0Ybzhe3nudkyrVWIzqa2kbBPrH4VI5b2P/AgNBbeCsbEBEV5f6f9vtKppa+c xSMq9zwhbL2vj07FOrLzNBL834AaSaTUqZX3noleoomslMuoaJuvimUnzYnu3Yy1 aylwQ6BpC+S5DwIDAQABo0IwQDAdBgNVHQ4EFgQU/qHgcB4qAzlSWkK+XJGFehiq TbUwDgYDUpDqw8NQBmIMMMAVSKeo WXzhriKi4gp6D/piq1JM4fHfyr6DDUI= -----END CERTIFICATE----- ``` -------------------------------- ### Example of Decoded X.509 Certificate Details Source: https://www.e2encrypted.com/certs/ce71315dc098611f608c6cdeccedc35d18d08548 An example output showing the detailed structure and contents of an X.509 certificate after being decoded by `openssl x509`. This includes version, serial number, signature algorithm, issuer, validity period, subject, public key info, and X509v3 extensions. ```Certificate Certificate: Data: Version: 3 (0x2) Serial Number: 76:53:fe:b0:af:4b:75:90:a2:1a:e4:a2:d5:f2:76:b5 Signature Algorithm: ecdsa-with-SHA384 Issuer: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Document Signing Root E45 Validity Not Before: Mar 18 00:00:00 2020 GMT Not After : Mar 18 00:00:00 2045 GMT Subject: C=BE, O=GlobalSign nv-sa, CN=GlobalSign Document Signing Root E45 Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Public-Key: (384 bit) pub: 04:86:e5:43:d0:bb:00:65:5e:d6:4a:0a:63:85:9e: 45:0f:86:23:32:50:55:49:63:6a:9c:ce:f7:af:f4: 7e:20:f9:80:32:5b:6e:b0:ef:f2:c7:a4:2c:fb:6a: 59:90:06:76:b7:17:8c:0e:75:44:3a:80:7c:c8:dc: 02:3d:f2:ce:a1:9e:b3:4b:72:cb:c6:8c:fd:c2:c9: aa:8c:ae:33:5c:ea:79:4b:dc:69:c8:56:a4:3c:28: 41:70:74:8e:6a:1a:48 ASN1 OID: secp384r1 NIST CURVE: P-384 X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign X509v3 Basic Constraints: critical CA:TRUE X509v3 Subject Key Identifier: 61:99:02:B4:10:FF:10:3C:DB:7A:DA:6C:3A:70:24:03:60:F1:E7:8E Signature Algorithm: ecdsa-with-SHA384 30:66:02:31:00:8f:f5:c9:3f:b1:4e:f3:f7:d1:9d:b4:ba:0f: 3d:0a:97:27:10:93:f2:50:7c:22:89:da:8c:d4:ca:a9:63:24: 26:2a:8b:63:82:63:54:c7:34:f0:d1:9e:7a:18:0b:a7:ea:02: 31:00:b1:35:8f:4a:f2:fb:26:06:c1:d3:0d:8f:62:d1:b0:c4: a0:5d:e9:93:d6:61:c4:e1:a1:b9:5c:a8:f5:f1:67:5e:a2:29: 37:c2:4b:c6:67:72:fe:8c:90:f9:24:80:77:b7 ``` -------------------------------- ### Map Command Line Options to JSON Configuration Source: https://www.e2encrypted.com/howtos/install-shadowsocks-libev-with-simple-obfs This snippet illustrates how various command-line options correspond to their equivalent parameters within a JSON configuration file. It covers server settings, port numbers, authentication, encryption methods, and other operational parameters, providing a clear guide for configuring the e2encrypted client or server. ```APIDOC Configuration Mapping: Command Line Option -> JSON Configuration Field -s some.server.net -> "server": "some.server.net" -s some.server.net -p 1234 (client) -> "server": "some.server.net:1234" -p 1234 -> "server_port": "1234" -b 0.0.0.0 -> "local_address": "0.0.0.0" -l 4321 -> "local_port": "4321" -k "PasSworD" -> "password": "PasSworD" -m "aes-256-cfb" -> "method": "aes-256-cfb" -t 60 -> "timeout": 60 -a nobody -> "user": "nobody" --acl "/path/to/acl" -> "acl": "/path/to/acl" --fast-open -> "fast_open": true --reuse-port -> "reuse_port": true --no-delay -> "no_delay": true --plugin "obfs-server" -> "plugin": "obfs-server" --plugin-opts "obfs=http" -> "plugin_opts": "obfs=http" -6 -> "ipv6_first": true -n "/etc/nofile" -> "nofile": "/etc/nofile" -d "8.8.8.8" -> "nameserver": "8.8.8.8" ``` -------------------------------- ### Example Tag with Optional URL Hint for Podcast Source: https://www.e2encrypted.com/nostr/nips/73 Demonstrates an 'i' tag for a podcast item, including its GUID and an associated Fountain.fm URL hint. ```JSON ["i", "podcast:item:guid:d98d189b-dc7b-45b1-8720-d4b98690f31f", "https://fountain.fm/episode/z1y9TMQRuqXl2awyrQxg"] ``` -------------------------------- ### Install Shadowsocks-libev via Snap Source: https://www.e2encrypted.com/howtos/install-shadowsocks-libev-with-simple-obfs This snippet provides an alternative, simpler method to install the latest shadowsocks-libev binaries using the Snap package manager. This approach is suitable for various Linux distributions that support Snap, offering a self-contained installation. ```bash sudo snap install shadowsocks-libev ```