Windows 10 Fast Startup HiberbootEnabled

Having trouble with hanging services. Reboot helps every time?

Flash disk drives are fast enough, so we don’t need hiberboot any more

Disable it via registry.
Create a file named HiberbootEnabled.reg and paste the following content.


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Power]
"HiberbootEnabled"=dword:00000000

Or even disable hibernation entirely if unused via cmd
You will also save some disk space :-)


powercfg.exe /hibernate off

Have fun!

linux sdcard recovery fsck.vfat logical sector size is zero

install packages

apt install gddrescue testdisk rsync kpartx dosfstools

gddrescue create an image of sdcard

ddrescue /dev/sdX rescueimage.img logfile

testdisk repair broken vfat

testdisk rescueimage.img

kpartx access disk image’s partition

kpartx -a -v rescueimage.img

fsck vfat

fsck.vfat /dev/mapper/loop1p1

mount

mount /dev/mapper/loop1p1 /mnt

Have fun!

autossh systemd service

client side

apt install autossh

vim /etc/systemd/system/autossh-tunnel.service

[Unit]
Description=AutoSSH tunnel service
After=network.target

[Service]
Restart=always
RuntimeMaxSec=86400
Environment="AUTOSSH_GATETIME=0"
ExecStart=/usr/bin/autossh -M 0 -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -NR 2221:localhost:22 sshtunnel@sub.domain.tld -p 222

[Install]
WantedBy=multi-user.target

server side

2nd ssh server instance config

vim /etc/ssh/sshd222_config

Port 222
PermitRootLogin no
PasswordAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
PrintMotd no
Banner none
PidFile /var/run/sshd222.pid

create user

useradd -d /home/sshtunnel -s /bin/false -m -u sshtunnel

ssh keys limit tunneling only

mkdir /home/sshtunnel/.ssh

vim /home/sshtunnel/.ssh/authorized_keys

no-pty,no-X11-forwarding,permitopen="localhost:2221",command="/bin/echo do-not-send-commands" ssh-rsa VeryLongsShkeyBlaBlaBlaBla root@hostname

systemd

vim /etc/systemd/system/ssh222.service

[Unit]
Description=OpenBSD Secure Shell server
Documentation=man:sshd(8) man:sshd_config(5)
After=network.target auditd.service
ConditionPathExists=!/etc/ssh/sshd_not_to_be_run

[Service]
EnvironmentFile=-/etc/default/ssh
ExecStartPre=/usr/sbin/sshd -t -f /etc/ssh/sshd222_config
ExecStart=/usr/sbin/sshd -D $SSHD_OPTS -f /etc/ssh/sshd222_config
ExecReload=/usr/sbin/sshd -t -f /etc/ssh/sshd222_config
ExecReload=/bin/kill -HUP $MAINPID
KillMode=process
Restart=on-failure
RestartPreventExitStatus=255
Type=notify
RuntimeDirectory=sshd
RuntimeDirectoryMode=0755

[Install]
WantedBy=multi-user.target
Alias=sshd.service
systemctl enable ssh222
systemctl start ssh222

create custom debian buster live

download your favourite iso

http://cdimage.debian.org/cdimage/unofficial/non-free/cd-including-firmware/

wget http://cdimage.debian.org/cdimage/unofficial/non-free/cd-including-firmware/10.2.0-live+nonfree/amd64/iso-hybrid/debian-live-10.2.0-amd64-standard+nonfree.iso

mount iso

mount -o loop debian-live-10.2.0-amd64-standard+nonfree.iso /mnt/

copy to local workdir

mkdir -p debian-live-custom/workdir

cp -av /mnt/live/filesystem.squashfs debian-live-custom/

unpack squashfs

cd debian-live-custom/workdir

unsquashfs ../filesystem.squashfs

mount binds

mount --bind /dev squashfs-root/dev

mount --bind /sys squashfs-root/sys

mount --bind /proc squashfs-root/proc

chroot

chroot squashfs-root

export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

install packages

nano /etc/apt/sources.list

echo "nameserver 8.8.8.8" > /etc/resolv.conf

apt update

dpkg-reconfigure locales

apt install --no-install-recommends vim screen rsync bwm-ng iotop iftop mdadm gddrescue memtester stress openssh-server netrw tcpdump console-data quota ntfs-3g chntpw smbclient testdisk cryptsetup

systemctl disable mdadm

dpkg-reconfigure keyboard-configuration

dpkg-reconfigure console-setup

apt-get clean

sed config files

sed -i /etc/ssh/sshd_config -e s/#PermitRootLogin\ prohibit-password/PermitRootLogin\ yes/

sed -i /etc/ssh/sshd_config -e s/#PasswordAuthentication\ yes/PasswordAuthentication\ yes/

sed -i /etc/vim/vimrc -e s/\"syntax\ on/syntax\ on/

sed -i /root/.bashrc -e s/\#\ export\ LS_OPTIONS=\'--color=auto\'/export\ LS_OPTIONS=\'--color=auto\'/

sed -i /root/.bashrc -e s/\#\ eval\ \"\`dircolors\`\"/eval\ \"\`dircolors\`\"/

sed -i /root/.bashrc -e s/\#\ alias\ ls=\'ls\ \$LS_OPTIONS\'/alias\ ls=\'ls\ \$LS_OPTIONS\'/

sed -i /root/.bashrc -e s/\#\ alias\ ll=\'ls\ \$LS_OPTIONS\ -l\'/alias\ ll=\'ls\ \$LS_OPTIONS\ -l\'/

sed -i /root/.bashrc -e s/\#\ alias\ l=\'ls\ \$LS_OPTIONS\ -lA\'/alias\ l=\'ls\ \$LS_OPTIONS\ -lA\'/

set root password

passwd

exit

umount squashfs-root/dev
umount squashfs-root/sys
umount squashfs-root/proc

create squashfs

mksquashfs squashfs-root/ filesystem.squashfs -comp xz

prepare live iso

copy to local workdir

mkdir debian-live-iso-custom

cp -av /mnt/* debian-live-iso-custom/

cp -av /mnt/.disk debian-live-iso-custom/

cd debian-live-iso-custom

edit disk info corresponding to xorriso -V option

vim .disk/info

Debian 10.1 amd64 custom nonfree

copy custom squashfs

cp ../filesystem.squashfs live/filesystem.squashfs

create iso

xorriso -as mkisofs -V 'Debian 10.1 amd64 custom nonfree' -o ../debian-live-10.1-custom-amd64-nonfree.iso -J -J -joliet-long -cache-inodes -isohybrid-mbr /usr/lib/syslinux/bios/isohdpfx.bin -b isolinux/isolinux.bin -c isolinux/boot.cat -boot-load-size 4 -boot-info-table -no-emul-boot -eltorito-alt-boot -e boot/grub/efi.img -no-emul-boot -isohybrid-gpt-basdat -isohybrid-apm-hfsplus .

ipv4 ipv6 mtu mss size

In this case we have an gre tunnel inside an ikev2 tunnel inside an pppoe tunnel :-)


Get ipv4 mss with Linux host


Size 1339 error

ping -4 -n -c 2 -M do -s 1339 www.google.com
PING www.google.com (xxx.xxx.xxx.xxx) 1339(1367) bytes of data.
ping: local error: Message too long, mtu=1366
ping: local error: Message too long, mtu=1366

--- www.google.com ping statistics ---
2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 1027ms

Size 1338 good

ping -4 -n -c 2 -M do -s 1338 www.google.com
PING www.google.com (xxx.xxx.xxx.xxx) 1338(1366) bytes of data.
76 bytes from xxx.xxx.xxx.xxx: icmp_seq=1 ttl=52 (truncated)
76 bytes from xxx.xxx.xxx.xxx: icmp_seq=2 ttl=52 (truncated)

--- www.google.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 31.926/31.966/32.006/0.040 ms

How to calculate ipv4 mss

ICMPv4 header size ([IPv4 + ICMP] [20 +8]) = 28
MTU ([Size + ICMPv4] [1338 + 28]) = 1366
IPv4TCP header size ([IPv4 + TCP] [20 +20]) = 40
TCP-MSS ([MTU – IPv4TCP] [1366 – 40]) = 1326


Mikrotik ipv4 tcp-mss clamping example

/ip firewall mangle
add action=change-mss chain=forward new-mss=1326 passthrough=yes protocol=tcp src-address=xxx.xxx.xxx.xxx tcp-flags=syn tcp-mss=1327-65535
add action=change-mss chain=forward dst-address=xxx.xxx.xxx.xxx new-mss=1326 passthrough=yes protocol=tcp tcp-flags=syn tcp-mss=1327-65535


Get ipv6 mss with Linux host


Size 1319 error

ping -6 -n -c 2 -M do -s 1319 www.google.com

PING www.google.com(xxx:xxx:xxx:xxx::xxx) 1319 data bytes

--- www.google.com ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1004ms

Size 1318 good

ping -6 -n -c 2 -M do -s 1318 www.google.com
PING www.google.com(xxx:xxx:xxx:xxx::xxx) 1318 data bytes
76 bytes from xxx:xxx:xxx:xxx::xxx: icmp_seq=1 ttl=52 (truncated)
76 bytes from xxx:xxx:xxx:xxx::xxx: icmp_seq=2 ttl=52 (truncated)

--- www.google.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 31.501/31.733/31.966/0.292 ms

How to calculate ipv6 mss

ICMPv6 header size ([IPv6 + ICMP] [40 +8]) = 48
MTU ([Size + ICMPv6] [1318 + 48]) = 1366
IPv6TCP header size ([IPv6 + TCP] [40 +20]) = 60
TCP-MSS ([MTU – IPv6TCP] [1366 – 60]) = 1306


Mikrotik ipv6 tcp-mss clamping example

/ipv6 firewall mangle
add action=change-mss chain=forward new-mss=1306 passthrough=yes protocol=tcp src-address=xxx:xxx:xxx:xxx::xxx/120 tcp-flags=syn tcp-mss=1307-65535
add action=change-mss chain=forward dst-address=xxx:xxx:xxx:xxx::xxx/120 new-mss=1306 passthrough=yes protocol=tcp tcp-flags=syn tcp-mss=1307-65535

Have fun!