by ·STM32F4-Discovery开发板初次使用已关闭评论

关键字:mdk、stm32f4、discovery
时间:2018年4月

目录

1、说明
2、下载MDK并安装
3、下载STM32F4-Discovery的例子程序
4、MDK连接开发板设置

说明

STM32F4-Discovery开发板可以直接通过USB接口进行调试。

第一步,下载安装包MDK525.EXE

官网地址:https://www.keil.com/download/product/
安装方法与普通软件安装相同。

第二步,下载STM32F4-Discovery的例子程序

1、启动Keil,然后工具栏点击Pack Installer
2、Pack Installer会自动更新,中途会不停询问是否安装xxx包,建议所有都选是。
3、更新完毕,重新打开Pack Installer,在左侧Device标签下找到”/All Devices/STMMicroelectronics/STM32F407/STM32F407VG”,并选中
4、右侧Packs标签,找到Device Specific/Keil::STM32F4xx_DFP,点击install
5、右侧Examples标签,找到CMSIS-RTOS Blinky(STM32F4-Discovery),点击copy,选择工程拷贝的地址。
6、进入IDE,工程名Blinky。

第三步,MDK连接开发板设置

1、开发板需要安装驱动程序才能正常使用,官网地址:http://www.st.com/en/development-tools/stsw-link009.html
2、解压驱动程序,打开Windows设备管理器,找到ST-LINK,更新驱动
3、打开MDK->打开Blinky工程->MDK工具栏->Options for Target->Debug标签->Use:ST-Link Debugger右侧的Settings->Debug标签->Debug Adapter Uint:ST-LINK/V2

第四步,编译与烧录

1、点击工具栏Build按钮
2、点击工具栏Download按钮
3、稍等片刻,开发板的4个LED开始依次闪烁。

by ·使用strongswan搭建IKEv2协议免证书VPN已关闭评论

时间:2018年4月
关键字:ikev2、strongswan、vpn、免证书、ca

前言

这里说的免证书是指客户端不用导入证书,只使用用户名密码进行登录。
对于IKEv2来说,服务器端和客户端都需要配置证书,但服务器端可以采用CA签发的证书,这样客户端就可以自动完成证书的验证,就像https一样。
本文仅对建立VPN链接进行了描述,通过VPN访问Internet需要进行iptables设置,请自行查找资料。

第一步,申请CA签发的证书

详细参考:https://blog.fish2bird.com/?p=780
这里使用域名vpn.fish2bird.com,这个域名需要和后续提到的配置文件中的leftid对应。

第二步,安装strangswan

操作系统Debian 9,除了安装strongswan,还需要安装libcharon-extra-plugins。

root@debian:~# apt-get install strongswan libcharon-extra-plugins

第三步,修改配置文件

root@debian:~# vim /etc/ipsec.conf
...
conn %default
	left=%any
	leftsubnet=0.0.0.0/0
	right=%any
	rightsourceip=10.0.0.0/24
	dpdaction=clear
	fragmentation=yes

conn ikev2-eap
	keyexchange=ikev2
	ike=aes256-sha256-modp1024,3des-sha1-modp1024,aes256-sha1-modp1024!
	esp=aes256-sha256,3des-sha1,aes256-sha1!
	rekey=no
	leftauth=pubkey                           # 服务器端使用公钥方式验证
	leftcert=/etc/letsencrypt/live/vpn.fish2bird.com/cert.pem  # 证书文件
	leftsendcert=always
	leftid=vpn.fish2bird.com                  # 需要和申请CA签发证书中的域名一致
	rightauth=eap-mschapv2                    # 客户端使用eap方式验证
	rightsendcert=never
	eap_identity=%any
	auto=add
...
root@debian:~# ipsec restart

第四步,修改账号密码配置文件

root@debian:~# vim /etc/ipsec.secrets
...
: RSA /etc/letsencrypt/live/vpn.fish2bird.com/privkey.pem  # 与证书对应的私钥文件

# 用户名 : 验证方式 "密码明文"
user1 : EAP "1234abcd"
...
root@debian:~# ipsec restart

客户端设置

iOS/macOS系统

VPN Type:IKEv2
Server Address:vpn.fish2bird.com
Remote ID:vpn.fish2bird.com
Local ID:
Authentication Settings:
Username/Certicate/None
Username:user1
Password:1234abcd

使用NAT访问外网

root@debian:~# iptables -t NAT -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE
root@debian:~# echo 1 > /proc/sys/net/ipv4/ip_forward
root@debian:~# vim /etc/strongswan.d/charon.conf
charon {
...
    #dns1 = 
     dns1 = 114.114.114.114
...
:wq
root@debian:~# ipsec restart

常见问题

常用调试命令

root@debian:~# ipsec listall
root@debian:~# ipsec status
root@debian:~# ipsec statusall

打开调试信息

root@localhost:~# vim /etc/strongswan.d/charon-logging.conf
charon {

    # Section to define file loggers, see LOGGER CONFIGURATION in
    # strongswan.conf(5).
    filelog {

        # <filename> is the full path to the log file.
        # <filename> {
	/var/log/charon.log {

            # Loglevel for a specific subsystem.
            #  = 

            # If this option is enabled log entries are appended to the existing
            # file.
            # append = yes

            # Default loglevel.
            # default = 1
            default = 1

            # Enabling this option disables block buffering and enables line
            # buffering.
            # flush_line = no
            flush_line = yes

            # Prefix each log entry with the connection name and a unique
            # numerical identifier for each IKE_SA.
            # ike_name = no
            ike_name = yes

            # Adds the milliseconds within the current second after the
            # timestamp (separated by a dot, so time_format should end with %S
            # or %T).
            # time_add_ms = no

            # Prefix each log entry with a timestamp. The option accepts a
            # format string as passed to strftime(3).
            # time_format =

        # }
	}

    }

    # Section to define syslog loggers, see LOGGER CONFIGURATION in
    # strongswan.conf(5).
    syslog {

        # Identifier for use with openlog(3).
        # identifier =

        #  is one of the supported syslog facilities, see LOGGER
        # CONFIGURATION in strongswan.conf(5).
        #  {

            # Loglevel for a specific subsystem.
            #  = 

            # Default loglevel.
            # default = 1

            # Prefix each log entry with the connection name and a unique
            # numerical identifier for each IKE_SA.
            # ike_name = no

        # }
    }
}

by ·debian下搭建免费https已关闭评论

时间:2018年4月
关键字:debian、https、nginx、免费

准备

域名www.fish2bird.com

第一步,修改域名解析

修改域名www.fish2bird.com解析到你要配置https的服务器的IP。

第二步,安装Nginx

root@debian:~# apt-get install nginx

第三步,安装certbot

certbot是一个自动申请https证书的工具。

root@debian:~# apt-get install certbot

第四步,申请证书

需要输入你域名,这里使用的域名是www.fish2bird.com。同时需要输入你的http服务器的根路径,这里是/var/www/html。

root@debian:~# certbot certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?
-------------------------------------------------------------------------------
1: Place files in webroot directory (webroot)
2: Spin up a temporary webserver (standalone)
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 1
Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c'
to cancel):www.fish2bird.com
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.fish2bird.com

Select the webroot for www.fish2bird.com:
-------------------------------------------------------------------------------
1: Enter a new webroot
-------------------------------------------------------------------------------
Press 1 [enter] to confirm the selection (press 'c' to cancel): 1
Input the webroot for vpn.fish2bird.com: (Enter 'c' to cancel):/var/www/html
Waiting for verification...
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0000_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0000_csr-certbot.pem

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/www.fish2bird.com/fullchain.pem. Your cert
   will expire on 2018-07-04. To obtain a new or tweaked version of
   this certificate in the future, simply run certbot again. To
   non-interactively renew *all* of your certificates, run "certbot
   renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

root@debian:~#

生成好的证书文件位于/etc/letsencrypt/live/www.fish2bird.com/

第五步,配置nginx

需要打开443端口,并配置证书路径。
生成好的证书和私钥位于/etc/letsencrypt/live/www.fish2bird.com/。

root@debian:~# vim /etc/nginx/sites-enabled/default
...
# Default server configuration
#
server {
	listen 80 default_server;
	listen [::]:80 default_server;

	# SSL configuration
	#
	# listen 443 ssl default_server;
	listen 443 ssl default_server;
	# listen [::]:443 ssl default_server;
	listen [::]:443 ssl default_server;

	ssl_certificate		/etc/letsencrypt/live/www.fish2bird.com/cert.pem;
	ssl_certificate_key	/etc/letsencrypt/live/www.fish2bird.com/privkey.pem;
	#
	# Note: You should disable gzip for SSL traffic.
	# See: https://bugs.debian.org/773332
	#
	# Read up on ssl_ciphers to ensure a secure configuration.
	# See: https://bugs.debian.org/765782
	#
	# Self signed certs generated by the ssl-cert package
	# Don't use them in a production server!
	#
	# include snippets/snakeoil.conf;

	root /var/www/html;

	# Add index.php to the list if you are using PHP
	index index.html index.htm index.nginx-debian.html;
...
root@debian:~# service nginx restart

第六步,浏览器验证

浏览器输入:https://www.fish2bird.com/