Monday, December 18, 2017

免费获取一年 Avira Phantom VPN 支持Windows、macOS、iOS、Android系统

Avira Phantom VPN是小红伞公司开发的VPN应用, 你可以安全地进行网络浏览,所有的数据都会经过 Avira 的服务器进行加密。多地区服务器加速,让你体验优化后的网络,支持多种系统,在不同设备上也可以愉快地上网冲浪了。

获取地址:http://ift.tt/2oD9CXh


输入邮箱获取,点击邮箱收到的链接注册账号即可下载应用安装使用

(注意,由于Avira Phantom VPN服务域名被dns污染,可以设置电脑或手机wifi里的dns地址为202.141.178.13、202.141.162.123解决,

由于Avira Phantom VPN服务有部分地区ip被封锁,可以多试几个国家的服务器连接)



via iGFW http://ift.tt/2yULoYh

Wednesday, December 13, 2017

VPNSecure——终身VPN只需24美元

StackSocial是一家知名的折扣网站,目前其网站做促销,VPNSecure 终身订阅原价39.99美元,使用优惠码后只需要24美元。

注册地址:http://ift.tt/2AtVcOx

注册后打开http://ift.tt/2Cev4o4 Code?点击这个按钮输入优惠码GREEN40价格会变成24美元。

 

VPNSecure:http://ift.tt/OiXaEW

VPNSecure是国外一家知名的vpn网站,本站在六七年前就介绍过,有台湾、韩国、日本、香港、新加坡、越南、美国、英国等地的VPN服务器可用,

支持PPTP、L2TP、OpenVPN、SSH、HTTP Proxy & Smart DNS等连接方式。



via iGFW http://ift.tt/2Ca5ekZ

Windows 10 加入 OpenSSH 客户端

微软早在 2015 年就宣布 Windows 将原生支持 SSH。SSH 是 Linux 上流行的远程访问和管理工具,Windows 此前没有相比拟的类似简单工具。现在 OpenSSH 客户端终于引入到 Windows 10 中。OpenSSH 客户端和服务器都是 Beta 版本,用户首先需要在“管理可选功能”里选择“加入一项功能”,然后向下滚动列表到 “OpenSSH Client (Beta) 和 OpenSSH Server (Beta) ”。安装之后,你就可以在命令行里输入 SSH 来使用 OpenSSH 客户端。

来源:http://ift.tt/2AQhU0f



via iGFW http://ift.tt/2Cfa0h2

Monday, December 11, 2017

Ivacy VPN——终身VPN只需18美元

StackSocial网站做促销,Ivacy VPN 终身订阅原价29美元,使用优惠码后只需要18美元。

注册地址:http://ift.tt/2AtVcOx

注册后打开http://ift.tt/2ygOUM1

Ivacy VPN官网:https://www.ivacy.com/

Ivacy VPN是国外一家知名的vpn网站,有香港、台湾、日本、韩国、新加坡、马来西亚、美国、英国等地的VPN服务器可用,

支持PPTP、L2TP、OpenVPN、SSTP、IKEv2等VPN连接方式。

StackSocial是一家知名的折扣网站,据悉购买后StackSocial提供的是5年的Ivacy VPN订阅,5年后再找StackSocial要5年订阅依次循环。

 

 



via iGFW http://ift.tt/2ygw6N1

Tuesday, December 5, 2017

Sunday, December 3, 2017

Shadowsocks安卓版客户端(v4.3.0)

  1. Retire the NAT mode.
  2. Add transparent proxy mode. (Firewall rules should be set manually)
  3. Add local SOCKS5 proxy mode. (Typically work with Orbot and similar app as a front-end proxy)
  4. Minor changes to the user interface.

Downloads

原文:http://ift.tt/2AmuPXz




via 细节的力量 http://ift.tt/2ATRaik

Tor Browser 7.5a8 is released

Tor Browser 7.5a8 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

This release updates Firefox to version 52.5.0esr and Tor to version version 0.3.2.4-alpha. The HTTPS Everywhere and NoScript extensions we ship have also been updated.

This release also includes a new Tor Launcher with an improved progress bar and configuration UI.

On Windows, users with a 64bit CPU can now download a 64bit version of Tor Browser. Users of the 32bit version won’t automatically be updated to the 64bit version yet, so a manual installation needs to be done. Due to bug 24197 the sandbox is not yet enabled in the 64bit version. We plan to fix that in the next release.

The full changelog since Tor Browser 7.5a7 (7.5a6 for Windows) is:

  • All Platforms
    • Update Firefox to 52.5.0esr
    • Update Tor to 0.3.2.4-alpha
    • Update Torbutton to 1.9.8.3
      • Bug 23997: Add link to Tor Browser manual for de, nl, tr, vi
      • Bug 23949: Fix donation banner display
      • Update locales with translated banner
      • Translations update
    • Update Tor Launcher to 0.2.14.1
      • Bug 23262: Implement integrated progress bar
      • Bug 23261: implement configuration portion of new Tor Launcher UI
      • Translations update
    • Update HTTPS-Everywhere to 2017.10.30
    • Update NoScript to 5.1.5
      • Bug 23968: NoScript icon jumps to the right after update
    • Update sandboxed-tor-browser to 0.0.15
  • Windows
    • Bug 20636+10026: Create 64bit Tor Browser for Windows
    • Bug 24052: Block file:// redirects early

原文:http://ift.tt/2zGNKyb




via 细节的力量 http://ift.tt/2zKw817

New stable Tor releases, with security fixes: 0.3.1.9, 0.3.0.13, 0.2.9.14, 0.2.8.17, 0.2.5.16

There are new stable releases today, fixing the following security issues.  For more information about the issues, follow the links from from http://ift.tt/2diuhJZ

TROVE-2017-009: Replay-cache ineffective for v2 onion services
TROVE-2017-010: Remote DoS attack against directory authorities
TROVE-2017-011: An attacker can make Tor ask for a password
TROVE-2017-012: Relays can pick themselves in a circuit path
TROVE-2017-013: Use-after-free in onion service v2

You can download the source for 0.3.1.9 from the usual place on the website. For the older release series, see http://ift.tt/10uSJfY. Binary packages should be available soon. All users should update to one of these releases, or to 0.3.2.6-alpha, also released today.

Below is the changelog for 0.3.1.9.  For the other releases, see the tor-announceme email.

Tor 0.3.1.9 backports important security and stability fixes from the 0.3.2 development series. All Tor users should upgrade to this release, or to another of the releases coming out today.

Changes In Version 0.3.1.9 – 2017-12-01:

  • Major bugfixes (security, backport from 0.3.2.6-alpha):
    • Fix a denial of service bug where an attacker could use a malformed directory object to cause a Tor instance to pause while OpenSSL would try to read a passphrase from the terminal. (Tor instances run without a terminal, which is the case for most Tor packages, are not impacted.) Fixes bug 24246; bugfix on every version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821. Found by OSS-Fuzz as testcase 6360145429790720.
    • Fix a denial of service issue where an attacker could crash a directory authority using a malformed router descriptor. Fixes bug 24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010 and CVE-2017-8820.
    • When checking for replays in the INTRODUCE1 cell data for a (legacy) onion service, correctly detect replays in the RSA- encrypted part of the cell. We were previously checking for replays on the entire cell, but those can be circumvented due to the malleability of Tor’s legacy hybrid encryption. This fix helps prevent a traffic confirmation attack. Fixes bug 24244; bugfix on 0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009 and CVE-2017-8819.
  • Major bugfixes (security, onion service v2, backport from 0.3.2.6-alpha):
    • Fix a use-after-free error that could crash v2 Tor onion services when they failed to open circuits while expiring introduction points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is also tracked as TROVE-2017-013 and CVE-2017-8823.
  • Major bugfixes (security, relay, backport from 0.3.2.6-alpha):
    • When running as a relay, make sure that we never build a path through ourselves, even in the case where we have somehow lost the version of our descriptor appearing in the consensus. Fixes part of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked as TROVE-2017-012 and CVE-2017-8822.
    • When running as a relay, make sure that we never choose ourselves as a guard. Fixes part of bug 21534; bugfix on 0.3.0.1-alpha. This issue is also tracked as TROVE-2017-012 and CVE-2017-8822.
  • Major bugfixes (exit relays, DNS, backport from 0.3.2.4-alpha):
    • Fix an issue causing DNS to fail on high-bandwidth exit nodes, making them nearly unusable. Fixes bugs 21394 and 18580; bugfix on 0.1.2.2-alpha, which introduced eventdns. Thanks to Dhalgren for identifying and finding a workaround to this bug and to Moritz, Arthur Edelstein, and Roger for helping to track it down and analyze it.
  • Minor features (bridge):
    • Bridges now include notice in their descriptors that they are bridges, and notice of their distribution status, based on their publication settings. Implements ticket 18329. For more fine- grained control of how a bridge is distributed, upgrade to 0.3.2.x or later.
  • Minor features (directory authority, backport from 0.3.2.6-alpha):
    • Add an IPv6 address for the “bastet” directory authority. Closes ticket 24394.
  • Minor features (geoip):
    • Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2 Country database.
  • Minor bugfix (relay address resolution, backport from 0.3.2.1-alpha):
    • Avoid unnecessary calls to directory_fetches_from_authorities() on relays, to prevent spurious address resolutions and descriptor rebuilds. This is a mitigation for bug 21789. Fixes bug 23470; bugfix on in 0.2.8.1-alpha.
  • Minor bugfixes (compilation, backport from 0.3.2.1-alpha):
    • Fix unused variable warnings in donna’s Curve25519 SSE2 code. Fixes bug 22895; bugfix on 0.2.7.2-alpha.
  • Minor bugfixes (logging, relay shutdown, annoyance, backport from 0.3.2.2-alpha):
    • When a circuit is marked for close, do not attempt to package any cells for channels on that circuit. Previously, we would detect this condition lower in the call stack, when we noticed that the circuit had no attached channel, and log an annoying message. Fixes bug 8185; bugfix on 0.2.5.4-alpha.
  • Minor bugfixes (onion service, backport from 0.3.2.5-alpha):
    • Rename the consensus parameter “hsdir-interval” to “hsdir_interval” so it matches dir-spec.txt. Fixes bug 24262; bugfix on 0.3.1.1-alpha.
  • Minor bugfixes (relay, crash, backport from 0.3.2.4-alpha):
    • Avoid a crash when transitioning from client mode to bridge mode. Previously, we would launch the worker threads whenever our “public server” mode changed, but not when our “server” mode changed. Fixes bug 23693; bugfix on 0.2.6.3-alpha.

原文:http://ift.tt/2AM3jps




via 细节的力量 http://ift.tt/2npx1e9

Tor 0.3.2.6-alpha is released, with security updates

This version of Tor is the latest in the 0.3.2 alpha series. It includes fixes for several important security issues. All Tor users should upgrade to this release, or to one of the other releases coming out today. (The next announcement will be about the stable releases.)

You can download the source from the usual place on the website. Binary packages should be available soon.

These releases fix the following security bugs. For more information
on each one, see the links from
http://ift.tt/2diuhJZ

TROVE-2017-009: Replay-cache ineffective for v2 onion services
TROVE-2017-010: Remote DoS attack against directory authorities
TROVE-2017-011: An attacker can make Tor ask for a password
TROVE-2017-012: Relays can pick themselves in a circuit path
TROVE-2017-013: Use-after-free in onion service v2

Changes In Version 0.3.2.6-Alpha – 2017-12-01

  • Major bugfixes (security):
    • Fix a denial of service bug where an attacker could use a malformed directory object to cause a Tor instance to pause while OpenSSL would try to read a passphrase from the terminal. (Tor instances run without a terminal, which is the case for most Tor packages, are not impacted.) Fixes bug 24246; bugfix on every version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821. Found by OSS-Fuzz as testcase 6360145429790720.
    • Fix a denial of service issue where an attacker could crash a directory authority using a malformed router descriptor. Fixes bug 24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010 and CVE-2017-8820.
    • When checking for replays in the INTRODUCE1 cell data for a (legacy) onion service, correctly detect replays in the RSA- encrypted part of the cell. We were previously checking for replays on the entire cell, but those can be circumvented due to the malleability of Tor’s legacy hybrid encryption. This fix helps prevent a traffic confirmation attack. Fixes bug 24244; bugfix on 0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009 and CVE-2017-8819.
  • Major bugfixes (security, onion service v2):
    • Fix a use-after-free error that could crash v2 Tor onion services when they failed to open circuits while expiring introduction points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is also tracked as TROVE-2017-013 and CVE-2017-8823.
  • Major bugfixes (security, relay):
    • When running as a relay, make sure that we never build a path through ourselves, even in the case where we have somehow lost the version of our descriptor appearing in the consensus. Fixes part of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked as TROVE-2017-012 and CVE-2017-8822.
    • When running as a relay, make sure that we never choose ourselves as a guard. Fixes part of bug 21534; bugfix on 0.3.0.1-alpha. This issue is also tracked as TROVE-2017-012 and CVE-2017-8822.
  • Minor feature (relay statistics):
    • Change relay bandwidth reporting stats interval from 4 hours to 24 hours in order to reduce the efficiency of guard discovery attacks. Fixes ticket 23856.
  • Minor features (directory authority):
    • Add an IPv6 address for the “bastet” directory authority. Closes ticket 24394.
  • Minor bugfixes (client):
    • By default, do not enable storage of client-side DNS values. These values were unused by default previously, but they should not have been cached at all. Fixes bug 24050; bugfix on 0.2.6.3-alpha.

原文:http://ift.tt/2zSZSND




via 细节的力量 http://ift.tt/2zNlfMh

Wednesday, November 29, 2017

一些乱七八糟的网址

http://ift.tt/2zberYs 无限制一键全自动 dd 安装 Windows
http://ift.tt/2vr2CQh Debian(Ubuntu)网络安装/重装一键脚本
http://ift.tt/2AkU6Bq Optimized LEMP Web Server
https://ssl.ni-co.moe 免费ssl证书
http://ift.tt/2Ahn4UP 一键搭建适用于Ubuntu/CentOS的IKEV2/L2TP的VPN
http://ift.tt/2xVgfs1 OpenVZ架构VPS安装BBR的三种方法【UML/LKL(91yun)/LKL(Rinetd)】
http://ift.tt/2AgVvLe OpenVZ架构VPS安装Google BBR
http://ift.tt/2AkU7oY 如何在A.BIG.T app 中使用kcptun
http://ift.tt/2AhB2pF debian下安装Kcptun加速SS服务
http://ift.tt/2fSrhFb A PAC for freedom and more.
http://ift.tt/2yznl4X Dragonite 是一个基于 UDP 的可靠传输协议,能针对高丢包与不稳定的网络极大提高传输速度
http://ift.tt/1MfVeDK Online UUID Generator
http://ift.tt/2h7KGR5 一个tcp_bbr增强版
http://ift.tt/2Akjozv 一键安装配置 V2ray,快速部署科学上网工具~
http://ift.tt/2Afj2we IPSec VPN 架设教程
http://ift.tt/1QuH3C1 一个使用Ubuntu Server 17.10的IKEv2一键脚本
http://ift.tt/2tWTzpj kytan: High Performance Peer-to-Peer VPN
http://ift.tt/2gV2orb 双边网络加速工具
http://ift.tt/2yV6ypE 一个逗比写的各种逗比脚本~
http://ift.tt/1XZPl4E An updated list of public BitTorrent trackers
http://ift.tt/2AhB40L 部署gost到Heroku
http://ift.tt/XGQNcR GSnova: Private Proxy Solution.
http://ift.tt/2Ahn3QL bbr、kcp脚本
http://ift.tt/2AkUaBa 来自Loc大佬Yankee魔改的BBR的Debian一键安装包
http://ift.tt/2uNV8TM WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography



via iGFW http://ift.tt/2Ak9nm2

转载代理服务器内核参数优化三则

代理服务器内核参数优化三则

http://ift.tt/1lSvmFf

    $ vi /etc/sysctl.conf
# 系统所有进程一共可以打开的文件数量, 每个套接字也占用一个文件描述字
fs.file-max = 1491124
# 系统同时保持TIME_WAIT套接字的最大数目,http 短链接会产生很多 TIME_WAIT 套接字。
net.ipv4.tcp_max_tw_buckets = 7000
# 关闭 tcp 来源跟踪
net.ipv4.conf.default.accept_source_route = 0
# 缩短套接字处于 TIME_WAIT 的时间, 60s -> 30s
net.ipv4.tcp_fin_timeout = 30
# 启用 TIME_WAIT 复用,使得结束 TIEM_WAIT 状态的套接字的端口可以立刻被其他套接字使用。
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
# 关闭 tcp timestamp, 和 tw_reuse/tw_recycle 同时使用
# tw_recycle 一般不建议使用,RFC1323里面,TCP_TW_RECYCLE和TCP的timestamp选项(timestamp系统默认开启)同时生效的时候,在NAT场景下会导致服务器无法响应连接,这个也是可以复现的。
net.ipv4.tcp_timestamps = 0
# 打开内核的 SYN Cookie 功能,可以防止部分 DOS 攻击。
net.ipv4.tcp_syncookies = 1
# 减小 tcp keepalive 探测次数,可以即时释放长链接
net.ipv4.tcp_keepalive_probes = 3
# 缩短 tcp keepalive 探测间隔时间,同上
net.ipv4.tcp_keepalive_intvl = 15
# 增大内核 backlog 参数,使得系统能够保持更多的尚未完成 TCP 三次握手的套接字。
net.ipv4.tcp_max_syn_backlog = 8388608
# 同上
net.core.netdev_max_backlog = 8388608
# 同上
net.core.somaxconn = 8388608
# 默认参数
net.ipv4.tcp_keepalive_time = 7200
# 关闭对更大的滑动窗口(如长肥管道)支持,节省系统计算资源
net.ipv4.tcp_window_scaling = 0
# 关闭内核对误码大约拥塞的环境(如wifi/3g)的TCP优化,有线线路不需要 tcp_sack
net.ipv4.tcp_sack = 0
# 增大应用程序可用端口范围。
net.ipv4.ip_local_port_range = 1024 65000
# Increase TCP buffer sizes
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
net.ipv4.tcp_congestion_control = cubic
 
 
$vi /etc/security/limits.conf
# 增大应用程序的最大打开文件数目限制
*       hard    nofile          65535
*       soft    nofile          65535
 
$ vi /etc/nginx/nginx.conf
# This number should be, at maximum, the number of CPU cores on your system. 
worker_processes 8;
 
# Number of file descriptors used for Nginx. This is set in the OS with 'ulimit -n 200000'
# or using /etc/security/limits.conf
worker_rlimit_nofile 200000;
 
# only log critical errors
error_log /var/log/nginx/error.log crit
 
# Determines how many clients will be served by each worker process.
# (Max clients = worker_connections * worker_processes)
# "Max clients" is also limited by the number of socket connections available on the system (~64k)
worker_connections 4000;
 
# essential for linux, optmized to serve many clients with each thread
use epoll;
 
# Accept as many connections as possible, after nginx gets notification about a new connection.
# May flood worker_connections, if that option is set too low.
multi_accept on;
 
# Caches information about open FDs, freqently accessed files.
# Changing this setting, in my environment, brought performance up from 560k req/sec, to 904k req/sec.
# I recommend using some varient of these options, though not the specific values listed below.
open_file_cache max=200000 inactive=20s; 
open_file_cache_valid 30s; 
open_file_cache_min_uses 2;
open_file_cache_errors on;
 
# Buffer log writes to speed up IO, or disable them altogether
#access_log /var/log/nginx/access.log main buffer=16k;
access_log off;
 
# Sendfile copies data between one FD and other from within the kernel. 
# More efficient than read() + write(), since the requires transferring data to and from the user space.
sendfile on; 
 
# Tcp_nopush causes nginx to attempt to send its HTTP response head in one packet, 
# instead of using partial frames. This is useful for prepending headers before calling sendfile, 
# or for throughput optimization.
tcp_nopush on;
 
# don't buffer data-sends (disable Nagle algorithm). Good for sending frequent small bursts of data in real time.
tcp_nodelay on; 
 
# Timeout for keep-alive connections. Server will close connections after this time.
keepalive_timeout 30;
 
# Number of requests a client can make over the keep-alive connection. This is set high for testing.
keepalive_requests 100000;
 
# allow the server to close the connection after a client stops responding. Frees up socket-associated memory.
reset_timedout_connection on;
 
# send the client a "request timed out" if the body is not loaded by this time. Default 60.
client_body_timeout 10;
 
# If the client stops reading data, free up the stale client connection after this much time. Default 60.
send_timeout 2;
 
# Compression. Reduces the amount of data that needs to be transferred over the network
gzip on;
gzip_min_length 10240;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;
gzip_disable "MSIE [1-6]\.";

http://ift.tt/1jEIn47

    net.ipv4.tcp_syncookies = 1
# 表示开启 SYN Cookies。当出现 SYN 等待队列溢出时,启用 cookies 来处理,可防范少量 SYN 攻击,默认为 0,表示关闭;
net.ipv4.tcp_tw_reuse = 1
# 表示开启重用。允许将 TIME-WAIT sockets 重新用于新的 TCP 连接,默认为 0,表示关闭;
net.ipv4.tcp_tw_recycle = 1
# 表示开启 TCP 连接中 TIME-WAIT sockets 的快速回收,默认为 0,表示关闭;
net.ipv4.tcp_fin_timeout = 30
# 修改系統默认的 TIMEOUT 时间。
net.ipv4.tcp_keepalive_time = 1200
# 表示当 keepalive 起用的时候,TCP 发送 keepalive 消息的频度。缺省是 2 小时,改为 20 分钟。
net.ipv4.ip_local_port_range = 10000 65000 # 表示用于向外连接的端口范围。缺省情况下很小:32768 到 61000,改为 10000 到 65000。(注意:这里不要将最低值设的太低,否则可能会占用掉正常的端口!)
net.ipv4.tcp_max_syn_backlog = 8192
# 表示 SYN 队列的长度,默认为 1024,加大队列长度为 8192,可以容纳更多等待连接的网络连接数。
net.ipv4.tcp_max_tw_buckets = 5000
# 表示系统同时保持 TIME_WAIT 的最大数量,如果超过这个数字,TIME_WAIT 将立刻被清除并打印警告信息。
# increase TCP max buffer size settable using setsockopt()
net.core.rmem_max = 67108864 
net.core.wmem_max = 67108864 
# increase Linux autotuning TCP buffer limit
net.ipv4.tcp_rmem = 4096 87380 67108864
net.ipv4.tcp_wmem = 4096 65536 67108864
# increase the length of the processor input queue
net.core.netdev_max_backlog = 250000
# recommended for hosts with jumbo frames enabled
net.ipv4.tcp_mtu_probing=1

http://ift.tt/1lSvnZN

    net.core.wmem_max = 12582912
net.core.rmem_max = 12582912
net.ipv4.tcp_rmem = 10240 87380 12582912
net.ipv4.tcp_wmem = 10240 87380 12582912
net.ipv4.ip_local_port_range = 18000    65535
net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_max_syn_backlog = 3240000
net.core.somaxconn = 3240000
net.ipv4.tcp_max_tw_buckets = 1440000
net.ipv4.tcp_congestion_control = cubic
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 15
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_tw_recycle = 1
 来源:http://ift.tt/1lfjJ7k


via iGFW http://ift.tt/2AoKMPm

Tuesday, November 28, 2017

电信用户如何选择VPS搭建ss、vpn等科学上网实现中国梦

价格太高的就不提了,说说月付10刀以下的电信比较友好的VPS选择:

一、CN2线路

CN2网络是电信的精品网络,CN2线路路由跟踪IP会经过59.x.x.x的路由节点,常用的CN2 VPS商家:

搬瓦工洛杉矶:年付18美元(使用优惠码BWH1ZBPVK),512M内存,10G硬盘,每月167G流量(购买后后台切换到CN2机房),1G端口KVM,另外还有个年付28刀(优惠码BWH1ZBPVK)的长期有货,每月500G流量

Dediserve维也纳:月付5欧元,1G内存25G硬盘500M端口KVM,购买时机房的位置为一定要选Vienna, AT

阿里云国际新加坡:月付4.5美元(30M端口)年付54美元(200M端口)1G内存40G硬盘每月1T流量KVM

阿里云国际香港:月付9美元,1G内存40G硬盘每月1T流量KVM

二、电信直连

G-Core伯力:月付5欧元,512M内存,20G硬盘,200M端口KVM每月1T流量,购买时机房的位置为一定要选Khabarovsk

GCP台湾:谷歌云平台免费赠送300美元有效期1年,开台湾KVM的512M内存,10G硬盘的VPS,核算下来一月可以用80G流量(GCP是按照流量收费的)

三、冷门线路

有些冷门机房国内速度还是不错的,不过他们找到了也都是不发出来的,怕人多了,玩坏了,所以我也是不知道的,哈哈哈

电信用户使用这些VPS一般速度都比较快了,最多安装个bbrss就可以愉快地科学上网实现中国梦了!



via iGFW http://ift.tt/2AfHDRJ

自由门7.62版(11月28日)

自由门7.62版增强突破封锁能力。欢迎大家继续反馈。

如果不能使用,请上传反馈信息。谢谢。

专业版:
http://ift.tt/2k6lxe3
http://ift.tt/2ByFX3F

原文:http://ift.tt/2kayofd




via 细节的力量 http://ift.tt/2kayqDR

安卓版: 无界一点通4.1正式版(2017年11月23日)

无界一点通4.1b升级为正式版。

http://ift.tt/2Ae5SiN

sha256: 1987b974667d482fc519313771b49bac5e850393d3f365dfc1d6a7c688c5920c
md5: 9195fc772e76eb31a0e08f1f4c3a5c75

谢谢。

**********
无界一点通4.1做了以下改进:

1. 加速电视/广播启动速度;
2. 修复新唐人某些网页白屏问题;
3. 增加明慧广播;
4. 解决新平台下载许可问题;
5.增强安全性和连通能力。

**********
无界一点通”是安卓版的翻墙软件, 让您看到没有被过滤的真实讯息。适用于安卓手机/安卓机顶盒等安卓平台。

安装”无界一点通”测试版:

1。需要首先对手机进行设置: 按“菜单”键 –> settings(设置)–> Applications(应用程序), 钩选”Unknown sources”(未知源)。
注: 有的版本是: 按“菜单”键 –> settings(设置)–> security (安全) 里面, 钩选”Unknown sources”(未知源)。

2。将下载的um.apk文件拷贝到手机SD卡(或内置SD卡)上。如果下载的为压缩文件, 无须解压, 直接将文件扩展名 .zip 更改为 .apk 。
在安卓手机上点击um.apk文件便可安装。如与已经安装的无界一点通旧版有冲突,请先卸载旧版, 再安装新版。

3。详细说明见网址: 《网址》http://ift.tt/1QfyeJ8 《网址》

4。 注意事项:
建议使用无界一点通自带的浏览器。如果在VPN模式下使用其他浏览器(而不是无界一点通自带的浏览器),
a. 建议使用原装的国外的浏览器,如谷歌的Chrome或火狐等。手机自带浏览器或国内的浏览器可能对敏感网站有监控或封锁。
b.请使用其浏览器的“隐私模式”, 或退出无界一点通之后,请将浏览器的历史记录清除,否则在没有VPN的情况下无意中点击了这些历史记录,会有安全隐患。

原文:http://ift.tt/2Ae5TTT




via 细节的力量 http://ift.tt/2Ae5VuZ

Wednesday, November 22, 2017

垃圾机房的便宜VPS翻墙速度有救了

比如你买了个年付几刀的openvz类的VPS,机房线路不好速度很慢,那么就可以考虑使用V2RaymKCP模式加速。

安装V2Ray可以使用V2ray.Fun 一键管理脚本(项目):

wget -N --no-check-certificate http://ift.tt/2wzx8Va && bash install.sh

安装,然后输入v2ray命令,选择“更改配置”,选择“更改传输方式”,选择“普通mKCP”,
更改后下载配置文件即可在Windows上使用V2RayN导入配置使用,
在mac上可以使用V2RayX
在iOS系统上推荐使用Kitsunebi,这个APP支持mKCP而且效果还不错,可以在http://ift.tt/2A5A51o
在安卓系统上推荐使用V2RayNG
v2ray比较消耗vps内存,内存太小可能会内存耗尽而崩溃,需要重启v2ray,以上软件都支持二维码扫描v2ray设置现在已经比较方便了。



via iGFW http://ift.tt/2A4vxbK

Sunday, November 19, 2017

XX-Net V3.8.1

What is new:

  • LAN proxy setting move to system menu.
    support X-Tunnel
  • check LAN proxy before save.
  • Improve X-Tunnel performance

新特性:

  • 前置代理,移动到系统菜单中,以支持X-tunnel
  • 保存前置代理前,检查代理有效性
  • 提升X-Tunnel性能

Downloads

原文:http://ift.tt/2AUZcDA




via 细节的力量 http://ift.tt/2AVqvxv

Saturday, November 18, 2017

安卓版: 无界一点通4.1b测试版(2017年11月17日)

http://ift.tt/2jAGCNJ

sha256: 1987b974667d482fc519313771b49bac5e850393d3f365dfc1d6a7c688c5920c
md5: 9195fc772e76eb31a0e08f1f4c3a5c75

谢谢。

**********
无界一点通4.1a测试版, 做了以下改进:

1. 加速电视/广播启动速度;
2. 修复新唐人某些网页白屏问题;
3. 增加明慧广播;
4. 解决新平台下载许可问题;
5.增强安全性和连通能力。

**********
无界一点通”是安卓版的翻墙软件, 让您看到没有被过滤的真实讯息。适用于安卓手机/安卓机顶盒等安卓平台。

安装”无界一点通”测试版:

1。需要首先对手机进行设置: 按“菜单”键 –> settings(设置)–> Applications(应用程序), 钩选”Unknown sources”(未知源)。
注: 有的版本是: 按“菜单”键 –> settings(设置)–> security (安全) 里面, 钩选”Unknown sources”(未知源)。

2。将下载的um.apk文件拷贝到手机SD卡(或内置SD卡)上。如果下载的为压缩文件, 无须解压, 直接将文件扩展名 .zip 更改为 .apk 。
在安卓手机上点击um.apk文件便可安装。如与已经安装的无界一点通旧版有冲突,请先卸载旧版, 再安装新版。

3。详细说明见网址: 《网址》http://ift.tt/1QfyeJ8 《网址》

4。 注: 如果在VPN模式下使用其他浏览器(而不是无界一点通自带的浏览器),请使用其浏览器的“隐私模式”, 或退出无界一点通之后,请将浏览器的历史记录清除,否则在没有VPN的情况下无意中点击了这些历史记录,会有安全隐患。

原文:http://ift.tt/2jDtmb7




via 细节的力量 http://ift.tt/2jAAWDk

Wednesday, November 15, 2017

Tor Browser 7.0.10 is released

Tor Browser 7.0.10 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

This release updates Firefox to version 52.5.0esr and Tor to version version 0.3.1.8, the second stable release in the 0.3.1 series. In addition to that we updated the HTTPS Everywhere and NoScript extensions we ship. For Windows users we backported patches from the alpha series that update the msvcr100.dll runtime library we include and which should make Tor Browser more robust against crashes due to misbehvaing third party software.

The full changelog since Tor Browser 7.0.9 (7.0.8 for Windows) is:

  • All Platforms
    • Update Firefox to 52.5.0esr
    • Update Tor to 0.3.1.8
    • Update Torbutton to 1.9.7.10
      • Bug 23997: Add link to Tor Browser manual for de, nl, tr, vi
      • Translations update
    • Update HTTPS-Everywhere to 2017.10.30
      • Bug 24178: Use make.sh for building HTTPS-Everywhere
    • Update NoScript to 5.1.5
      • Bug 23968: NoScript icon jumps to the right after update
  • Windows
    • Bug 23582: Enable the Windows DLL blocklist for mingw-w64 builds
    • Bug 23396: Update the msvcr100.dll we ship
    • Bug 24052: Block file:// redirects early

原文:http://ift.tt/2iVjbdH




via 细节的力量 http://ift.tt/2zKeHR8

Tor 0.3.2.4-alpha is released, with several stability fixes by nickm

Tor 0.3.2.4-alpha is the fourth alpha release in the 0.3.2.x series. It fixes several stability and reliability bugs, especially including a major reliability issue that has been plaguing fast exit relays in recent months.

You can download the source from the usual place on the website. Binary packages should be available soon, with an alpha Tor Browser likely in the next week or so.

Remember: This is an alpha release, and it’s likely to have more bugs than usual. We hope that people will try it out to find and report bugs, though.

Changes In Version 0.3.2.4-Alpha – 2017-11-08

  • Major bugfixes (exit relays, DNS):
    • Fix an issue causing DNS to fail on high-bandwidth exit nodes, making them nearly unusable. Fixes bugs 21394 and 18580; bugfix on 0.1.2.2-alpha, which introduced eventdns. Thanks to Dhalgren for identifying and finding a workaround to this bug and to Moritz, Arthur Edelstein, and Roger for helping to track it down and analyze it.
  • Major bugfixes (scheduler, channel):
    • Stop processing scheduled channels if they closed while flushing cells. This can happen if the write on the connection fails leading to the channel being closed while in the scheduler loop. Fixes bug 23751; bugfix on 0.3.2.1-alpha.
  • Minor features (logging, scheduler):
    • Introduce a SCHED_BUG() function to log extra information about the scheduler state if we ever catch a bug in the scheduler. Closes ticket 23753.
  • Minor features (removed deprecations):
    • The ClientDNSRejectInternalAddresses flag can once again be set in non-testing Tor networks, so long as they do not use the default directory authorities. This change also removes the deprecation of this flag from 0.2.9.2-alpha. Closes ticket 21031.
  • Minor features (testing):
    • Our fuzzing tests now test the encrypted portions of v3 onion service descriptors. Implements more of 21509.
  • Minor bugfixes (directory client):
    • On failure to download directory information, delay retry attempts by a random amount based on the “decorrelated jitter” algorithm. Our previous delay algorithm tended to produce extra-long delays too easily. Fixes bug 23816; bugfix on 0.2.9.1-alpha.
  • Minor bugfixes (IPv6, v3 single onion services):
    • Remove buggy code for IPv6-only v3 single onion services, and reject attempts to configure them. This release supports IPv4, dual-stack, and IPv6-only v3 onion services; and IPv4 and dual- stack v3 single onion services. Fixes bug 23820; bugfix on 0.3.2.1-alpha.
  • Minor bugfixes (logging, relay):
    • Give only a protocol warning when the ed25519 key is not consistent between the descriptor and microdescriptor of a relay. This can happen, for instance, if the relay has been flagged NoEdConsensus. Fixes bug 24025; bugfix on 0.3.2.1-alpha.
  • Minor bugfixes (manpage, onion service):
    • Document that the HiddenServiceNumIntroductionPoints option is 0-10 for v2 services and 0-20 for v3 services. Fixes bug 24115; bugfix on 0.3.2.1-alpha.
  • Minor bugfixes (memory leaks):
    • Fix a minor memory leak at exit in the KIST scheduler. This bug should have no user-visible impact. Fixes bug 23774; bugfix on 0.3.2.1-alpha.
    • Fix a memory leak when decrypting a badly formatted v3 onion service descriptor. Fixes bug 24150; bugfix on 0.3.2.1-alpha. Found by OSS-Fuzz; this is OSS-Fuzz issue 3994.
  • Minor bugfixes (onion services):
    • Cache some needed onion service client information instead of constantly computing it over and over again. Fixes bug 23623; bugfix on 0.3.2.1-alpha.
    • Properly retry HSv3 descriptor fetches when missing required directory information. Fixes bug 23762; bugfix on 0.3.2.1-alpha.
  • Minor bugfixes (path selection):
    • When selecting relays by bandwidth, avoid a rounding error that could sometimes cause load to be imbalanced incorrectly. Previously, we would always round upwards; now, we round towards the nearest integer. This had the biggest effect when a relay’s weight adjustments should have given it weight 0, but it got weight 1 instead. Fixes bug 23318; bugfix on 0.2.4.3-alpha.
    • When calculating the fraction of nodes that have descriptors, and all nodes in the network have zero bandwidths, count the number of nodes instead. Fixes bug 23318; bugfix on 0.2.4.10-alpha.
    • Actually log the total bandwidth in compute_weighted_bandwidths(). Fixes bug 24170; bugfix on 0.2.4.3-alpha.
  • Minor bugfixes (relay, crash):
    • Avoid a crash when transitioning from client mode to bridge mode. Previously, we would launch the worker threads whenever our “public server” mode changed, but not when our “server” mode changed. Fixes bug 23693; bugfix on 0.2.6.3-alpha.
  • Minor bugfixes (testing):
    • Fix a spurious fuzzing-only use of an uninitialized value. Found by Brian Carpenter. Fixes bug 24082; bugfix on 0.3.0.3-alpha.
    • Test that IPv6-only clients can use microdescriptors when running “make test-network-all”. Requires chutney master 61c28b9 or later. Closes ticket 24109.

原文:http://ift.tt/2hgGfDB




via 细节的力量 http://ift.tt/2hsOPix

Tuesday, November 14, 2017

无界浏览17.04正式版 (2017年11月12日)

17.03发现了一些问题,请更新到17.04。

执行版:
http://ift.tt/2zFqpuw
SHA512: 9301e32dd888ed465c7d4c33fbe37ff5a2cf7b75b945fabd74e49c86d5bbd0ba9f3f230c801744778217696548250a5394b3768c7e3b22e86a354f30389493a9

压缩版:
http://ift.tt/2iRWreR
SHA512: 85926536dee8b31255e06484b7d2bb647490f0dea823e2d236f97eaa6ffdb3f21a458add967f1a4c02e1677c5cd5347f5d13c642764e4eb4e28a94d46e91a96c

原文:http://ift.tt/2AIfznC




via 细节的力量 http://ift.tt/2AHFETB

Friday, November 10, 2017

无界浏览测17.03正式版 (2017年11月11日)

谢谢大家测试并反馈,17.03c 升级为17.03正式版。

执行版:
http://ift.tt/2hrSReR
SHA512: 7cc4e5eda688e9de1cc7e553fa9382e9b2f55c5d18f7fb5bcb017152e5a64489e9445e84cee7a46e701be2dfe5d4b7665bc24ecedfd05aef8a376eb8e9ecb178

压缩版:
http://ift.tt/2ji469S
SHA512: 6064788ae6058bb1e77263083f39bd0d434fca32bf0465a1c417a7fdebf40052a446445a0b42d068219d468a29d110cbeba986467b58ee40e1aae0abafe4c594

原文:http://ift.tt/2yMyWP2




via 细节的力量 http://ift.tt/2hr0l1q

无界安卓手机1.0.8正式版 (2017年11月11日)

更新内容:
修复了打不开某些https网页的问题(请测试)。

http://ift.tt/2mcjHsC
SHA512: 124e2c6263707919c8b14e744ecfbe54a758b63698d8b3fd3f0e1bb5cbad2f82eb4633e2fd1a73ea8944fd24c086db4330a05c8bf9d11bd1e9121e6bf82c3fc5

安装:将下载的apk文件拷贝到手机上, 在手机上点击此文件便可安装。如出现“禁止安装”警告,点“设置”,钩选“未知源”,继续安装。

功能与使用:

1. 只支持安卓4.1以上。
2. 只支持整机VPN模式, 不支持代理模式。
3. 开启后,轻触或滑动开关,显示“正在连接 …”,同时时上面会出现一个小钥匙和闪动的无界图标,表示正在连接。
4. 连接成功后无界图标停止闪动,显示“连接成功“。此时您可以使用任何浏览器或app,都在无界加密保护下。
5. 使用时,只要无界图标和小钥匙都在,就在在无界加密保护下。
6. 如果要停止使用,轻触或滑动开关即可。关闭后,无界图标和小钥匙会消失,这时手机直接联网,不在无界加密保护下。
7. 如果问题,可重启手机再运行无界。

注意事项:
1. 建议使用浏览器的“隐私模式”浏览敏感网站,这样不会留下历史纪录。
2. 如果浏览器不支持“隐私模式”,请手动清除所有历史纪录,或使用清除所有历史纪录的工具。
3. 为安全起见,建议关闭所有浏览器和其他app,再关闭无界,以免直连敏感网站。也可以直接重启手机, 这样最安全。

请大家测试并反馈, 谢谢

原文:http://ift.tt/2yMrfIO




via 细节的力量 http://ift.tt/2jirYKK

无界Linux VPN 17.03正式版 (2017年11月11日)

谢谢大家测试并反馈,17.03c 升级为17.03正式版。

http://ift.tt/2hrgR1y
SHA512: 8e1c06b3f2631fc602e33bd77432fdd342d7840e671f1de45cc7940ab2fbe6d8dab9de76f3c09271c9e64dfe722c7b85eb316e393893716541c74084ee6b450c

使用方法:
下载后在下载的文件夹右键打开一个终端,在终端执行:chmod +x u1703,然后执行:./u1703, 终端出现以下信息:
LISTENING 127.0.0.1:9666 (监听 127.0.0.1:9666 )
0.650 Connecting … (正在连接)
1.569 Connecting … (正在连接)
2.178 CONNECTED (连接成功)
需要手动设置浏览器代理。

./u1703 -help 显示使用方法:
Usage of ./u1703:
-ConnMode string
Connect mode, 0: Auto, 1: T, 2: U, 3: P
-L string
listen address (default “127.0.0.1:9666”)
-M string
“vpn”: turn on VPN mode
-P string
http or sock proxy, example: 1.2.3.4:8080 or socks://1.2.4.4:1080 or socks5://1.2.3.4:1080 or socks=1.2.3.4:1080
-S string
“safe”: turn on VPN safe mode, when exit, do not restore routing until reboot

./u1703 -ConnMode 1 (1:“T模式” , 2 :“U模式” 3:“P模式”)

如需要监听 0.0.0.0,在终端执行: ./u1703 -L :9666
如需要通过代理, 执行: ./u1703 -P 1.2.3.4:8080 或 ./u1703 -P socks://1.2.3.4:1080

运行VPN模式,需要root或sudo, 执行:sudo ./u1703 -M vpn, 输入密码, 终端出现以下信息 (顺序可能不同):
LISTENING 130.0.0.1:9666 (监听 127.0.0.1:9666 )
VPN MODE (VPN模式)
0.650 Connecting … (正在连接)
1.569 Connecting … (正在连接)
2.178 CONNECTED (连接成功)

如需要在VPN下分享:sudo ./u1703 -M vpn -L :9666
LISTENING 0.0.0.0:9666 (监听 0.0.0.0:9666 )
VPN MODE (VPN模式)
0.650 Connecting … (正在连接)
1.569 Connecting … (正在连接)
2.178 CONNECTED (连接成功)

在VPN模式下不需要设置代理,整机都通过无界加密翻墙,不会出现直连。我们还是建议设置代理以避免退出无界后直连,这样更安全。建议使用浏览器的“隐私模式”,这样不会留下历史纪录。退出无界前,最好关闭所有浏览器,以免退出后直连敏感网站。

VPN 安全模式:
为了确保安全,新增了VPN 安全模式: sudo ./u1703 -M vpn -S safe
终端出现以下信息 (顺序可能不同):
LISTENING 127.0.0.1:9666 (监听 127.0.0.1:9666 )
VPN SAFE MODE (VPN 安全模式)
0.650 Connecting … (正在连接)
1.569 Connecting … (正在连接)
2.178 CONNECTED (连接成功)

一旦运行了 VPN 安全模式,电脑一直处于网络隔离状态,即使关闭了无界,也无法联网。这样消除了所有泄露IP的隐患,以确保安全。不过还是建议设置无界代理,进一步增加安全性,即使恢复到非网络隔离状态也不会泄露IP。也建议使用浏览器的“隐私模式”,最好使用定制版的浏览器,以避免留下历史纪录。

需要重新启动电脑才能恢复到非网络隔离状态

原文:http://ift.tt/2AxXJDK




via 细节的力量 http://ift.tt/2jiiOxG

无界火狐扩展17.03正式版 (2017年11月11日)

谢谢大家测试并反馈,17.03c 升级为17.03正式版。

http://ift.tt/2hpO5OR
SHA512: 12df40fe39f0142758aa1461f1a62e141133bb5def0031c20df1016d270c948f0049b6b74d4353b90f1e91199b38bfc19fdde4cc564acbc07cf5bb405c9d7487

请将旧版卸载再安装新版以免有冲突。

自带破网功能,无需运行其他破网软件,支持Windows, Mac, Linux, 32/64 (不需要再运行wine).

安装: 可以用火狐直接下载安装,点击“允许”。如火狐禁止下载,可用其他浏览器下载后用鼠标拉到火狐浏览器,点击“安装”。

使用:点击火狐右上角的无界图标,点击开关即可开启或关闭。 连接成功后,无界图标变成彩色。

原文:http://ift.tt/2zxuHWy




via 细节的力量 http://ift.tt/2jiiNd6

Thursday, November 9, 2017

无界火狐扩展17.03c测试版 (2017年11月9日)

更新内容:
修复了打不开所有https类的网页的问题(请再测试)

http://ift.tt/2hjMir1
SHA512: 12df40fe39f0142758aa1461f1a62e141133bb5def0031c20df1016d270c948f0049b6b74d4353b90f1e91199b38bfc19fdde4cc564acbc07cf5bb405c9d7487

请将旧版卸载再安装新版以免有冲突。

自带破网功能,无需运行其他破网软件,支持Windows, Mac, Linux, 32/64 (不需要再运行wine).

安装: 可以用火狐直接下载安装,点击“允许”。如火狐禁止下载,可用其他浏览器下载后用鼠标拉到火狐浏览器,点击“安装”。

使用:点击火狐右上角的无界图标,点击开关即可开启或关闭。 连接成功后,无界图标变成彩色。

原文:http://ift.tt/2zxuHWy




via 细节的力量 http://ift.tt/2zv6Cjo

无界Linux VPN 测试版 17.03c (2017年11月9日)

更新内容:
修复了打不开所有https类的网页的问题(请再测试)。

请大家测试并反馈:
http://ift.tt/2ymeRuO
SHA512: 8e1c06b3f2631fc602e33bd77432fdd342d7840e671f1de45cc7940ab2fbe6d8dab9de76f3c09271c9e64dfe722c7b85eb316e393893716541c74084ee6b450c

使用方法:
下载后在下载的文件夹右键打开一个终端,在终端执行:chmod +x u1703c,然后执行:./u1703c, 终端出现以下信息:
LISTENING 127.0.0.1:9666 (监听 127.0.0.1:9666 )
0.650 Connecting … (正在连接)
1.569 Connecting … (正在连接)
2.178 CONNECTED (连接成功)
需要手动设置浏览器代理。

./u1703c -help 显示使用方法:
Usage of ./u1703c:
-ConnMode string
Connect mode, 0: Auto, 1: T, 2: U, 3: P
-L string
listen address (default “127.0.0.1:9666”)
-M string
“vpn”: turn on VPN mode
-P string
http or sock proxy, example: 1.2.3.4:8080 or 管理员警告:禁止外部链接1.2.3.4:8080 or socks://1.2.4.4:1080 or socks5://1.2.3.4:1080 or socks=1.2.3.4:1080
-S string
“safe”: turn on VPN safe mode, when exit, do not restore routing until reboot

./u1703c -ConnMode 1 (1:“T模式” , 2 :“U模式” 3:“P模式”)

如需要监听 0.0.0.0,在终端执行: ./u1703c -L :9666
如需要通过代理, 执行: ./u1703c -P 1.2.3.4:8080 或 ./u1703c -P socks://1.2.3.4:1080

运行VPN模式,需要root或sudo, 执行:sudo ./u1703c -M vpn, 输入密码, 终端出现以下信息 (顺序可能不同):
LISTENING 127.0.0.1:9666 (监听 127.0.0.1:9666 )
VPN MODE (VPN模式)
0.650 Connecting … (正在连接)
1.569 Connecting … (正在连接)
2.178 CONNECTED (连接成功)

如需要在VPN下分享:sudo ./u1703c -M vpn -L :9666
LISTENING 0.0.0.0:9666 (监听 0.0.0.0:9666 )
VPN MODE (VPN模式)
0.650 Connecting … (正在连接)
1.569 Connecting … (正在连接)
2.178 CONNECTED (连接成功)

在VPN模式下不需要设置代理,整机都通过无界加密翻墙,不会出现直连。我们还是建议设置代理以避免退出无界后直连,这样更安全。建议使用浏览器的“隐私模式”,这样不会留下历史纪录。退出无界前,最好关闭所有浏览器,以免退出后直连敏感网站。

VPN 安全模式:
为了确保安全,新增了VPN 安全模式: sudo ./u1703c -M vpn -S safe
终端出现以下信息 (顺序可能不同):
LISTENING 127.0.0.1:9666 (监听 127.0.0.1:9666 )
VPN SAFE MODE (VPN 安全模式)
0.650 Connecting … (正在连接)
1.569 Connecting … (正在连接)
2.178 CONNECTED (连接成功)

一旦运行了 VPN 安全模式,电脑一直处于网络隔离状态,即使关闭了无界,也无法联网。这样消除了所有泄露IP的隐患,以确保安全。不过还是建议设置无界代理,进一步增加安全性,即使恢复到非网络隔离状态也不会泄露IP。也建议使用浏览器的“隐私模式”,最好使用定制版的浏览器,以避免留下历史纪录。

需要重新启动电脑才能恢复到非网络隔离状态

原文:http://ift.tt/2AxXJDK




via 细节的力量 http://ift.tt/2AwA9Y9

无界安卓手机测试版 1.0.8a (2017年11月9日)

更新内容:
修复了打不开某些https网页的问题(请测试)。

http://ift.tt/2mcjHsC
SHA256: 486f2bb7b912497357e0a8a4b7db866f7c6e693d0892d2eda4606b0b47526d8b6d83ce168083c65599d06539d32c62dd12c0dc01221c834ae23b8c870ee1fa77

安装:将下载的apk文件拷贝到手机上, 在手机上点击此文件便可安装。如出现“禁止安装”警告,点“设置”,钩选“未知源”,继续安装。

功能与使用:

1. 只支持安卓4.1以上。
2. 只支持整机VPN模式, 不支持代理模式。
3. 开启后,轻触或滑动开关,显示“正在连接 …”,同时时上面会出现一个小钥匙和闪动的无界图标,表示正在连接。
4. 连接成功后无界图标停止闪动,显示“连接成功“。此时您可以使用任何浏览器或app,都在无界加密保护下。
5. 使用时,只要无界图标和小钥匙都在,就在在无界加密保护下。
6. 如果要停止使用,轻触或滑动开关即可。关闭后,无界图标和小钥匙会消失,这时手机直接联网,不在无界加密保护下。
7. 如果问题,可重启手机再运行无界。

注意事项:
1. 建议使用浏览器的“隐私模式”浏览敏感网站,这样不会留下历史纪录。
2. 如果浏览器不支持“隐私模式”,请手动清除所有历史纪录,或使用清除所有历史纪录的工具。
3. 为安全起见,建议关闭所有浏览器和其他app,再关闭无界,以免直连敏感网站。也可以直接重启手机, 这样最安全。

请大家测试并反馈, 谢谢

原文:http://ift.tt/2yMrfIO




via 细节的力量 http://ift.tt/2yMsVC9

无界浏览测试版17.03c (2017年11月9日)

1. 修复了打不开所有https类的网页的问题(请测试)
2. 解决了某些杀毒软件误报的问题。

执行版:
http://ift.tt/2yMsTdv
SHA512: 7cc4e5eda688e9de1cc7e553fa9382e9b2f55c5d18f7fb5bcb017152e5a64489e9445e84cee7a46e701be2dfe5d4b7665bc24ecedfd05aef8a376eb8e9ecb178

压缩版:
http://ift.tt/2mb4Sa3
SHA512: 65ae8c3c6e4874543f4f357b6ab5e41903092dd7391956ba823109c699c4ae7a57613e6d72a4e9529bae418025fe2b9450784a91d1e7fce813a169035793b2fd

原文:http://ift.tt/2yMyWP2




via 细节的力量 http://ift.tt/2yMN76N

Monday, November 6, 2017

Tor Browser 7.5a7 is released

Note: Tor Browser 7.5a7 is a security bugfix release in the alpha channel for macOS and Linux users only. Users of the alpha channel on Windows are not affected and stay on Tor Browser 7.5a6.

Tor Browser 7.5a7 is now available for our macOS and Linux users from the Tor Browser Project pageand also from our distribution directory.

This release features an important security update to Tor Browser for macOS and Linux users. Due to a Firefox bug in handling file:// URLs it is possible on both systems that users leak their IP address. Once an affected user navigates to a specially crafted URL the operating system may directly connect to the remote host, bypassing Tor Browser. Tails users and users of our sandboxed-tor-browser are unaffected, though.

The bug got reported to us on Thursday, October 26, by Filippo Cavallarin. We created a workaround with the help of Mozilla engineers on the next day which, alas, fixed the leak only partially. We developed an additional fix on Tuesday, October 31, plugging all known holes. We are not aware of this vulnerability being exploited in the wild. Thanks to everyone who helped during this process!

Known issues: The fix we deployed is just a workaround stopping the leak. As a result of that navigating file:// URLs in the browser might not work as expected anymore. In particular entering file:// URLs in the URL bar and clicking on resulting links is broken. Opening those in a new tab or new window does not work either. A workaround for those issues is dragging the link into the URL bar or on a tab instead. We track this follow-up regression in bug 24136.

Here is the full changelog since 7.5a6:

  • OS X
    • Bug 24052: Streamline handling of file:// resources
  • Linux
    • Bug 24052: Streamline handling of file:// resources

原文:http://ift.tt/2xZlxif




via 细节的力量 http://ift.tt/2Af0CZh

Tor Browser 7.0.9 is released

Note: Tor Browser 7.0.9 is a security bugfix release for macOS and Linux users only. Users on Windows are not affected and stay on Tor Browser 7.0.8.

Tor Browser 7.0.9 is now available for our macOS and Linux users from the Tor Browser Project page and also from our distribution directory.

This release features an important security update to Tor Browser for macOS and Linux users. Due to a Firefox bug in handling file:// URLs it is possible on both systems that users leak their IP address (note: as of Nov. 4, 2017, this link is non-public while Mozilla works on a fix for Firefox). Once an affected user navigates to a specially crafted URL the operating system may directly connect to the remote host, bypassing Tor Browser. Tails users and users of our sandboxed-tor-browser are unaffected, though.

The bug got reported to us on Thursday, October 26, by Filippo Cavallarin. We created a workaround with the help of Mozilla engineers on the next day which, alas, fixed the leak only partially. We developed an additional fix on Tuesday, October 31, plugging all known holes. We are not aware of this vulnerability being exploited in the wild. Thanks to everyone who helped during this process!

We are currently preparing updated macOS and Linux bundles for our alpha series which will be tentatively available on Monday, November 6. Meanwhile macOS and Linux users on that series are strongly encouraged to use the stable bundles or one of the above mentioned tools that are not affected by the underlying problem.
Update: Tor Browser 7.5a7 has now been released.

Known issues: The fix we deployed is just a workaround stopping the leak. As a result of that navigating file:// URLs in the browser might not work as expected anymore. In particular entering file:// URLs in the URL bar and clicking on resulting links is broken. Opening those in a new tab or new window does not work either. A workaround for those issues is dragging the link into the URL bar or on a tab instead. We track this follow-up regression in bug 24136.

Here is the full changelog since 7.0.8:

  • OS X
    • Bug 24052: Streamline handling of file:// resources
  • Linux
    • Bug 24052: Streamline handling of file:// resources

原文:http://ift.tt/2iryCKz




via 细节的力量 http://ift.tt/2AeXaxB

Tor 0.3.2.3-alpha is released, with small bugfixes

Tor 0.3.2.3-alpha is the third release in the 0.3.2 series. It fixes numerous small bugs in earlier versions of 0.3.2.x, and adds a new directory authority, Bastet.

You can download the source from the usual place on the website. Binary packages should be available soon, with an alpha Tor Browser likely some time in November.

Remember: This is an alpha release, and it’s likely to have more bugs than usual. We hope that people will try it out to find and report bugs, though.

Changes In Version 0.3.2.3-Alpha – 2017-10-27

  • Directory authority changes:
    • Add “Bastet” as a ninth directory authority to the default list. Closes ticket 23910.
    • The directory authority “Longclaw” has changed its IP address. Closes ticket 23592.
  • Minor features (bridge):
    • Bridge relays can now set the BridgeDistribution config option to add a “bridge-distribution-request” line to their bridge descriptor, which tells BridgeDB how they’d like their bridge address to be given out. (Note that as of Oct 2017, BridgeDB does not yet implement this feature.) As a side benefit, this feature provides a way to distinguish bridge descriptors from non-bridge descriptors. Implements tickets 18329.
  • Minor features (client, entry guards):
    • Improve log messages when missing descriptors for primary guards. Resolves ticket 23670.
  • Minor features (geoip):
    • Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2 Country database.
  • Minor bugfixes (bridge):
    • Overwrite the bridge address earlier in the process of retrieving its descriptor, to make sure we reach it on the configured address. Fixes bug 20532; bugfix on 0.2.0.10-alpha.
  • Minor bugfixes (documentation):
    • Document better how to read gcov, and what our gcov postprocessing scripts do. Fixes bug 23739; bugfix on 0.2.9.1-alpha.
  • Minor bugfixes (entry guards):
    • Tor now updates its guard state when it reads a consensus regardless of whether it’s missing descriptors. That makes tor use its primary guards to fetch descriptors in some edge cases where it would previously have used fallback directories. Fixes bug 23862; bugfix on 0.3.0.1-alpha.
  • Minor bugfixes (onion service client):
    • When handling multiple SOCKS request for the same .onion address, only fetch the service descriptor once.
    • When a descriptor fetch fails with a non-recoverable error, close all pending SOCKS requests for that .onion. Fixes bug 23653; bugfix on 0.3.2.1-alpha.
  • Minor bugfixes (onion service):
    • Always regenerate missing onion service public key files. Prior to this, if the public key was deleted from disk, it wouldn’t get recreated. Fixes bug 23748; bugfix on 0.3.2.2-alpha. Patch from “cathugger”.
    • Make sure that we have a usable ed25519 key when the intro point relay supports ed25519 link authentication. Fixes bug 24002; bugfix on 0.3.2.1-alpha.
  • Minor bugfixes (onion service, v2):
    • When reloading configured onion services, copy all information from the old service object. Previously, some data was omitted, causing delays in descriptor upload, and other bugs. Fixes bug 23790; bugfix on 0.2.1.9-alpha.
  • Minor bugfixes (memory safety, defensive programming):
    • Clear the target address when node_get_prim_orport() returns early. Fixes bug 23874; bugfix on 0.2.8.2-alpha.
  • Minor bugfixes (relay):
    • Avoid a BUG warning when receiving a dubious CREATE cell while an option transition is in progress. Fixes bug 23952; bugfix on 0.3.2.1-alpha.
  • Minor bugfixes (testing):
    • Adjust the GitLab CI configuration to more closely match that of Travis CI. Fixes bug 23757; bugfix on 0.3.2.2-alpha.
    • Prevent scripts/test/coverage from attempting to move gcov output to the root directory. Fixes bug 23741; bugfix on 0.2.5.1-alpha.
    • When running unit tests as root, skip a test that would fail because it expects a permissions error. This affects some continuous integration setups. Fixes bug 23758; bugfix on 0.3.2.2-alpha.
    • Stop unconditionally mirroring the tor repository in GitLab CI. This prevented developers from enabling GitLab CI on master. Fixes bug 23755; bugfix on 0.3.2.2-alpha.
    • Fix the onion service v3 descriptor decoding fuzzing to use the latest decoding API correctly. Fixes bug 21509; bugfix on 0.3.2.1-alpha.
  • Minor bugfixes (warnings):
    • When we get an HTTP request on a SOCKS port, tell the user about the new HTTPTunnelPort option. Previously, we would give a “Tor is not an HTTP Proxy” message, which stopped being true when HTTPTunnelPort was introduced. Fixes bug 23678; bugfix on 0.3.2.1-alpha.

原文:http://ift.tt/2iF82kS




via 细节的力量 http://ift.tt/2AgEwp0