Configuring a Ubuntu 14.04 real server for an LVS/Tun cluster

To setup an LVS/Tun mode LVS cluster, we must configure, on the real servers, an IP tunneling network interface with the cluster Virtual IP on it, and in the meantime handle the following two issues:

  • Disable source validation (rp_filter) on the IP tunneling interface.
  • Inhibit ARP responses for VIP on the LAN interface in case the real server is in the same broadcast domain as is the load balancer.

In the following tutorial, we’ll configure Ubuntu 14.04 as a real server for an LVS/Tun cluster.
Continue reading Configuring a Ubuntu 14.04 real server for an LVS/Tun cluster

Configuring IPsec IKEv2 in OpenWrt 15.05

The interoperability of IPsec implementations on various platforms has been becoming better and better over the last few years. For example, Windows 7 and newer releases fully support the IKEv2 (RFC 4306) and MOBIKE (RFC 4555) standards, and iOS started to support configuration of IKEv2 in the GUI since version 9.0.

In this tutorial, we’ll install strongSwan 5.3.3 in openwrt 15.05, configure it to provide IKEv2 service with public key authentication of the server and username/password based authentication of the clients using EAP-MSCHAP v2, and finally setup the VPN clients in Windows, Android and iOS so they can connect to it. Much of the complexity of IKEv2 configuration lies in the creation of SSL certificates.


First of all, install necessary strongSwan packages in openwrt 15.05:

root@OpenWrt:~# opkg update
root@OpenWrt:~# opkg install strongswan-minimal strongswan-mod-eap-mschapv2 strongswan-mod-eap-identity strongswan-mod-constraints strongswan-mod-md5 strongswan-mod-pem strongswan-mod-pkcs1 strongswan-mod-revocation

Continue reading Configuring IPsec IKEv2 in OpenWrt 15.05


PGP(Pretty Good Privay)是一套用于数据加密、解密和数据签名生成、验证的软件。它由一系列散列、数据压缩、对称密钥加密和公钥加密算法组成。每种功能提供几种算法可供选择。



GnuPG(Gnu Privacy Guard)是以GPL许可协议发行的,免费、开源、完整的PGP替代软件,遵从OpenPGP标准(RFC 4880)。
Continue reading GnuPG——每个人都可以使用的高强度加密软件

A Dummie’s Guide to Flashing Factory Firmware on Nexus 7 [2013]

This guide aims to teach people with basic computer skills to flash factory firmware image on Nexus 7 [2013] using Windows 7/10. It should apply to other modern stock Android devices.

Note: To prevent unauthorized access, unlocking the bootloader will delete all personal data on the device. Therefore, you must backup important data first before proceeding with the following procedure.
Continue reading A Dummie’s Guide to Flashing Factory Firmware on Nexus 7 [2013]

Keeping track of svn repositories using git

  • Clone an svn repository with entire history.
  • git svn clone --prefix=origin/ svn://

    Note: This can be very time-consuming on a large svn repository, esp. when the network connectivity is poor.

  • Clone an svn repository with recent history only.
  • git svn clone --prefix=origin/ -r 28015:HEAD svn://

  • When cloning fails on a large repository, keep fetching until it’s done.
  • cd DD-WRT
    while ! git svn fetch; do sleep 10; done

  • Fetch unfetched commits from the svn repository and rebase current work against it.
  • git svn rebase

  • Checkout an older svn revision.
  • git checkout `git svn find-rev r28015`

  • Return to the latest revision.
  • git checkout master

  • Remove untracked files in the current directory.
  • git clean -n
    git clean -f



  • 环境变量WGETRC指向的文件。
  • 如果设置了环境变量HOME,则配置文件为%HOME%\.wgetrc。
  • wget.exe所在目录的.wgetrc。
  • wget.exe所在目录的wget.ini。

Continue reading 给Windows中执行的wget设置证书包文件

Removing alternative Ubuntu flavors completely

When Ubuntu users want to try other Ubuntu flavors, e.g. Xubuntu and Lubuntu, they usually just install their meta packages:

$ sudo apt-get install xubuntu-desktop


$ sudo apt-get install lubuntu-desktop

apt-get can install their dependencies automatically. However, when users want to remove the alternative Ubuntu flavors completely, they are out of luck, because inter-dependencies among many packages can be rather complex, and apt tools simply does not automatically remove the dependencies of meta packages.
Continue reading Removing alternative Ubuntu flavors completely