Solution: export LANG=en_US.UTF-8
https://wiki.debian.org/OpenVPN
#!/bin/bash
cd /etc/openvpn/easy-rsa/keys
cp client-template.conf "$1".ovpn
echo "<ca>" >> "$1".ovpn
cat ca.crt | grep -A 100 "BEGIN CERTIFICATE" | grep -B 100 "END CERTIFICATE" >> "$1".ovpn
echo "</ca>" >> "$1".ovpn
echo "<cert>" >> "$1".ovpn
cat "$1".crt | grep -A 100 "BEGIN CERTIFICATE" | grep -B 100 "END CERTIFICATE" >> "$1".ovpn
echo "</cert>" >> "$1".ovpn
echo "<key>" >> "$1".ovpn
cat "$1".key | grep -A 100 "BEGIN PRIVATE KEY" | grep -B 100 "END PRIVATE KEY" >> "$1".ovpn
echo "</key>" >> "$1".ovpn
- Make sure
/proc/sys/net/ipv4/ip_forward
is set to1
- Make sure the
push "redirect-gateway def1 bypass-dhcp"
option is set in/etc/openvpn/server.conf
- Use the following iptables rules:
# Generated by iptables-save v1.4.14 on Fri Nov 20 00:26:06 2015
*nat
:PREROUTING ACCEPT [18:1124]
:POSTROUTING ACCEPT [10:717]
:OUTPUT ACCEPT [10:717]
-A PREROUTING -d <server IP>/32 -p udp -m udp --dport 53 -j REDIRECT --to-ports 11194
-A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source <server IP>
-A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source <server IP>
-A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE
COMMIT
# Completed on Fri Nov 20 00:26:06 2015
Check /var/lib/fail2ban/fail2ban.sqlite
:
select count(1) from bans;
select ip, datetime(dateofban, 'unixepoch', 'localtime') from bans order by 2;
Check /var/log/fail2ban.log
.
If there are a ton of IPs in the ban table, fail2ban may be taking a while to ban/unban each one individually on startup/shutdown (this was a bug in an old version of fail2ban).
- Edit
~/.config/konsolerc
:
[General]
BrowserApplication=firefox
- Run
certbot certificates
to get a list of certificate names - Run
certbot certonly --cert-name <cert-name> -d <list-of-domains>
to register a new certificate which may exclude some previously included domains
- Firefox ships with its own emoji font built in
- Download an emoji font (such as Noto Color Emoji) and place in
~/.fonts
- Run
fc-cache -vf
- Go to the game's controller settings (I did this through big picture mode; not sure what the menu is in desktop mode)
- Set "Steam Input" to "Forced Off"
- Check if the Xorg binary has the suid flag set (on gentoo:
equery uses x11-base/xorg-server
)
mkdir /mnt/hostlvm
mount --bind /run/lvm /mnt/hostlvm
arch-chroot /mnt
ln -s /hostlvm /run/lvm