Zevera may NOT be a good choice

For downloading from multiple file hosts, I tried Zevera for a short while.

It’s failed to deal with the URL including encoded characters. For others, it acts quite slow (1~10KB/sec) to my home. I know each software and website has its limitation and I don’t plan to blame Zevera at the beginning.

I googled to try to get a refund after my test. Why I have to google for that? Coz there is no link on their page for refunding and the link provided from the support forum is wrong. Here is the policy I got: http://api.zevera.com/RefundPolicy.aspx.

If you are not satisfied with your premium account you can request a refund in the first 5 days if you haven’t downloaded more than 8 GB or more than 10 different files.

At the moment I emailed them, it’s just 2 hours passed from my payment, and no more than 5 files nor 500MB data is downloaded. Since the day I write this, after 7 days, no response, no refund, nothing.

After 3 days, I mail them to get a support about refund and provide a link that cannot be downloaded. The sad thing is after the mail sent, the host of that link died. One day later, the response of that email is the link is dead and “Your refund request cannot be approved at this time.” Yes, you get it, as they said “if you are not satisfied” is not a reason acceptable at all. I replied the mail with another link with encoded characters in URL, no response again.

If you find there is something wrong and prove to them, they will just ignore you. If you want a refund with your problem, they will not accept that.

How many people in the same boat? I don’t know. Because talking about refund in official forum is not allowed. “REFUND REQUEST – All topics with refund request will be deleted!” as they said.

Increase WSUS downloading speed

The downloading of updates in Windows Server Update Services (WSUS) is based on Background Intelligent Transfer Service (BITS). BITS is designed to download big files using idle bandwidth only. If you need to speed up the downloading process, you may change it to use a foreground mode.

 

To do that, you need a SQL Management Studio to connect the database used by WSUS. The database name is SUSDB. You can run this command in that database specified:

update susdb.dbo.tbConfigurationC set BitsDownloadPriorityForeground=1

For reversion, run it again with replacing the 1 to 0.

 

极路由绑定迅雷远程下载的另类方法

极路由可以通过安装云插件,成为一个迅雷远程下载的客户端。

但在绑定的过程中,由于极路由当前的设计思路,偶尔会出现无法正常绑定的情况。表现为在管理界面中显示出空白页,甚至直接显示出极路由公司首页。这些都导致无法将此路由绑定到迅雷。

如果碰到此类问题,可以通过这种方法绕开系统默认的绑定机制:

  1. 在内网的任何一台电脑上访问http://4006024680.com:9000/getsysinfo。如果你已经知道路由器的IP(默认为192.168.199.1),而且你的DNS未设置为默认,也可以直接使用路由器的IP地址代替4006024680.com的部分。浏览器会返回一行文字,其中一个引号中包括了6位英文和数字的组合。将其复制下,不包括引号。
  2. 访问迅雷远程下载网站http://yuancheng.xunlei.com。左侧上方找到添加按钮,输入复制的文字即可完成绑定。
  3. 之后就可以直接使用迅雷客户端或者迅雷的远程下载网站来分配任务了。并不需要在路由器中再进行绑定的操作。

Mixed Windows Authentication in IIS 8.5 (ASP.Net)

Update:

Actually, this not works. It looks OK because of the cache of client. There is no way to do this as I know.


Original:

 

I got a case recently to build a site in IIS 8.5:

  • When the visitor is logged on to the desktop with domain account, use this account for this website.
  • When the visitor is not using domain account, do not pop up a login window asking for domain account, redirecting to a version for anonymous instead.

I thought it’s simple in IIS setting but I was wrong. The anonymous cannot work parallelly with Windows authentication.

After some digging in Google, I started my test:

  1. Deploy the site by using anonymous authentication.
  2. Select the login page for detecting domain user and change that page to Windows authentication instead of anonymous model.
  3. Add a custom page for this page on error 401. Model is set to “Execute a URL on this site”.

It works good but…

When the login page opened, it should contain a Url as parameter for returning back to the original page. So I have to deal it in the customized 401 page. I turned that page to an ashx with the command context.Response.Redirect. The URL for returning can be cut from context.Request.RawUrl.

After that, it went wrong. Form the same server which has the IIS installed, it still works well. But when I try this page on another computer, it will always redirect to the anonymous version page no matter it’s from the desktop logged with domain account or not. I’m sure that the site is added as Intranet zone and automatically logon is set in this zone.

Checked by network monitor, the browser will not get the 401 response in this scenario. As the ashx file request, only the 302 code is returned. That’s the reason why the browser won’t be notified to logon with the current user.

The solution is: if you want to use ashx with redirect function as a customized 401 page still, do not use context.Response.Redirect. Instead, try to do that with an HTML function with the 401 code in HTTP response.

context.Response.Status = "401 Unauthorized";
context.Response.StatusCode = 401;
context.Response.ContentType = "text/html";
context.Response.Write(@"<html>
<head>
<title>Redirecting</title>
<meta http-equiv=""refresh"" content=""0; url=" + redirectUrl + @""" />
");

It works like a charm.

I guess (yes, guess) when the browser get a 401 response first time, it will retry to the previous submitting/navigation with the domain account for login. If it’s failed again, it will pop up a login window after the html page is displayed. So as I required in HTML code, after it navigate to another page, the browser has no chance to display the login window. That’s the deal.

All I’m sure is it really works well. Hope it useful to you.

Testing ZeroShell in enterprise

Hi.

ZeroShell 3 is launched recently, including many new features. I was a fan of this router software for several years and it works like a charm in my Net5501. Now I’m trying to introduce it to the company which I work for.

I deploy this software twice in my company. One is for a virtualization desktops, powered by QoS. This is quite necessary for a network which contains more than 100 clients for internet accessing.

Another one is for all mobiles and pads, powered by Captive Portal. But this function doesn’t work like predicted. Mobiles which joined this network by AP will not pop up a login page automatically. In some restaurants and hotels, after a device joined a network, a web page will be pop up automatically for login, but this function is still missing in this release of ZeroShell.

One more defect is about DHCP server. User defined options are not supported yet.

 

Install SoftEther VPN Server on CentOS

This is a guide for installing SoftEther VPN Server on CentOS. SoftEther VPN is a good choice for accessing your local network from a computer outside. It works much faster than other VPN services but you need a client tool for all advanced features.

Preparing

The server requirement:

  • Hardware:
    • A not so bad CPU. Intel Atom CPU is good enough.
    • 256MB RAM, 512MB will be better.
    • 2GB free disk space after OS installed.
  • CentOS
  • A Windows client for running configuration tool.

For who want to choose Ubuntu as server side: The recommended Linux for SoftEther is RHEL, Fedora and CentOS. I’ve tried to install SoftEther VPN Server on Ubuntu Server 14. Some technique problem about firewall (iptables) may occur.

For the people in China: A working VPN is required for installing SoftEther server. Some friends said the server will be blocked by GFW while installing oversea. But working with a configured SoftEther VPN Server is allowed.

For the people who need to install on Windows Azure: This server cannot support protocols other than TCP and UDP. PPTP (not supported by SoftEther either) and L2TP cannot be supported due to protocol GRE support is lacked. SSTP and SoftEther client software are supported well. And don’t forget to open the port 443 on the management webpage.

We will create a VPN server using a subnet 192.168.250.0/24. If this is not acceptable, you need to change all related IP addresses below.

The network interface name should be eth0. If not, you need to change related device name below.

CentOS environment adjusting

We need some tools to build and install SoftEther VPN Server.

First, please make sure all components are up to date.

yum update -y

Tools for building executable files are required:

yum groupinstall "Development Tools" -y

Some services for VPN clients should be installed:

yum install dhcp dnsmasq -y

Data forwarding should be enabled by set net.ipv4.ip_forward to 1 in /etc/sysctl.conf.

in file: /etc/sysctl.conf

net.ipv4.ip_forward = 1

Edit dhcpd configuration file to start dhcpd only for VPN clients. In CentOS 7, this step can be skipped.

in file: /etc/sysconfig/dhcpd

DHCPDARGS=tap_vpn

Don’t worry. The tap_vpn will be created by following steps soon.

Adjust dhcpd configuration file like this:

in file: /etc/dhcp/dhcpd.conf

option domain-name "myvpndomain.com";
option domain-name-servers 192.168.250.1, 8.8.8.8;

default-lease-time 600;
max-lease-time 7200;

subnet 192.168.250.0 netmask 255.255.255.0 {
range 192.168.250.10 192.168.250.100;
option routers 192.168.250.1;
}

This dhcpd.conf should be edited carefully. Make sure all semicolons and quotes are written in the right position. The domain-name should be changed into your name specified. If you don’t want to change the default gateway for VPN clients, delete the option routers line. You may want to check the conf file provided by user sigma in the comment area of this article.

For CentOS 7 user: this document is prepared with iptables which is replaced by firewalld in CentOS 7 by default. You can follow this article to make the iptables back. Main commands are listed here.

yum install -y iptables-services
systemctl mask firewalld
systemctl enable iptables
systemctl stop firewalld
systemctl start iptables

If required, add these commands to the end of /etc/sysconfig/iptables to open the ports for SoftEther. You need to change the port numbers below. Each line is for one port. Lines of port 53 are for DNS. You can remove all lines with REJECT and DROP if you want to make it easier.

in file: /etc/sysconfig/iptables

-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT

SoftEther VPN Server installing

First, you need to get the address for the right release. Navigate to SoftEther Download Center by your client computer, select the SoftEther VPN Server and your CPU type to get the URL of the latest release.

Download the file into your server by using wget or some other tool you like.

! For example only. You should choose the right CPU version. !

wget http://www.softether-download.com/files/softether/v4.10-9473-beta-2014.07.12-tree/Linux/SoftEther_VPN_Server/64bit_-_Intel_x64_or_AMD64/softether-vpnserver-v4.10-9473-beta-2014.07.12-linux-x64-64bit.tar.gz

Decompress the downloaded file by using tar.

! For example only. File name should be changed. !

tar zxvf softether-vpnserver-v4.10-9473-beta-2014.07.12-linux-x64-64bit.tar.gz

A folder named vpnserver will be created after decompressing. Let’s make the executable files and change the permissions.

cd vpnserver/
make
cd ..
mv vpnserver /usr/local
cd /usr/local/vpnserver/
chmod 600 *
chmod 700 vpnserver
chmod 700 vpncmd

By making process in current version, you need to answer 1 three times.

Check the NIC name of this server by typing ifconfig. It the name is not eth0, correct it in script below.

Create a script file named vpnserver for handling server instance start and stop.

new file: /etc/init.d/vpnserver

#!/bin/sh
# chkconfig: 2345 99 01
# description: SoftEther VPN Server
DAEMON=/usr/local/vpnserver/vpnserver
LOCK=/var/lock/subsys/vpnserver
test -x $DAEMON || exit 0
case "$1" in
start)
$DAEMON start
touch $LOCK
sleep 3
ifconfig tap_vpn 192.168.250.1
iptables -t nat -A POSTROUTING -s 192.168.250.0/24 -o eth0 -j MASQUERADE
service dhcpd restart
service dnsmasq restart
;;
stop)
iptables -t nat -D POSTROUTING -s 192.168.250.0/24 -o eth0 -j MASQUERADE
$DAEMON stop
rm $LOCK
;;
restart)
iptables -t nat -D POSTROUTING -s 192.168.250.0/24 -o eth0 -j MASQUERADE
$DAEMON stop
sleep 3
$DAEMON start
sleep 3
ifconfig tap_vpn 192.168.250.1
iptables -t nat -A POSTROUTING -s 192.168.250.0/24 -o eth0 -j MASQUERADE
service dhcpd restart
service dnsmasq restart
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
esac
exit 0

Make sure the folder for lock is created.

mkdir /var/lock/subsys

Grant the permission of the file created.

chmod 755 /etc/init.d/vpnserver

Set vpnserver to auto start. There are two hyphens before “add”.

chkconfig --add vpnserver

Start the vpnserver.

service vpnserver start

Some errors will occur related to tap_vpn and dhcp. Don’t worry about that.

Now we set a password for remote management.

cd /usr/local/vpnserver
./vpncmd
... press 1 and press enter ...
... press 2 enters to get the prompt "VPN Server>" ...
ServerPasswordSet
exit

Let’s turn to Windows now. Don’t close the shell or reboot the server.

SoftEther VPN Remote Managing

Install SoftEther VPN Server Manager for Windows from SoftEther Download Center.

Create a new server by entering the remote server IP address.

After connected, delete the hub named DEFAULT and create a new one. Check “No Enumerate to Anonymous Users” to protect and hide your server.

Create at least one user account for the Hub created.

Click “Local Bridge Setting” button below. Select the Hub you’ve created, “Bridge with New Tap Device” and type the New Tap Device Name “vpn” (lowercase, without quotes) to create the “tap_vpn” we’ve mentioned twice above. Never use SecureNAT for this hub because it’s not compatible with bridge and sucks currently.

Now you need to go back to the server shell to reboot the whole system.

SoftEther VPN Client Optimizing

To make the VPN connection fast and stable, you may want to change some advanced settings in client side.

  • Number of TCP Connections: Set to 8 or above for broadband.
  • Set Connection Lifetime for Each TCP Connection: Check and set to 300.
  • Use Half-Duplex Mode: Check if you can.
  • Disable UDP Acceleration: Check.

Future Upgrading

When you need to update the server side, you need to:

Stop the service.

service vpnserver stop

Download the latest version of SoftEther VPN Server and build it.

wget brabrabrabra
tar zxvf brabrabrabra
cd vpnserver
make
chmod 600 *
chmod 700 vpnserver
chmod 700 vpncmd
cp -r * /usr/local/vpnserver/

And start the service again.

service vpnserver start