This document outlines the steps to set up and configure Squid on a VPS, and then use SSH tunneling to create either a SOCKS5 proxy or an HTTP proxy accessible from your local machine, including your LAN.

1.Install squid on vps

1.1 Install squid

To install Squid on your Virtual Private Server (VPS), use one of the following commands based on your Linux distribution:

For centos/rhel:

sudo yum install squid

or

For debian/ubuntu:

apt-get install squid

After installation, start the Squid service:

service squid start

 

1.2 SSH Parameter Explanation for Port Forwarding on your laptop

• Local Port Forwarding (-L): This tunnels an HTTP/HTTPS port.

-L [LOCAL_BIND_ADDRESS:]LOCAL_PORT:REMOTE_HOST:REMOTE_PORT

 

• Dynamic Port Forwarding (-D): This creates a dynamic application-level port forwarding, typically for SOCKS proxies.

-D [LOCAL_BIND_ADDRESS:]LOCAL_PORT

 

• -N: Do not execute a remote command (useful for just forwarding ports).
• -f: Go to background after authentication.

 

 

2.Use SOCKS5 proxy

This section describes how to establish a SOCKS5 proxy using SSH dynamic port forwarding.

2.1 SOCKS5 Proxy Accessible Only on Localhost

By default, the SOCKS5 proxy created listens only on your loopback interface (127.0.0.1) on your laptop.

powershell -command “ssh -NfD 3128 username@VPS_HOST”

 

This command sets up a SOCKS5 proxy on your local machine, listening on port 3128.

Result: You can connect to 127.0.0.1:3128 from your laptop, but not to your LAN IP (e.g., 192.168.1.106:3128).

Table 1.Connection status  from local or LAN of your laptop

Command	status
Telnet hostname 3128	NOT connected
Telnet 127.0.0.1 3128	connected

 

2.2 SOCKS5 Proxy Accessible on All Network Interfaces (including LAN)

To allow other devices on your LAN to connect to the SOCKS proxy, specify 0.0.0.0 as the bind address.

powershell -command “ssh -NfD 0.0.0.0:3128 username@VPS_HOST”

• -D 0.0.0.0:3128: This specifies dynamic application-level port forwarding.
  0.0.0.0 tells SSH to bind the SOCKS proxy to all available network interfaces on your laptop, and 3128 is the local port it will listen on.

Result: SSH will listen for connections on all available network interfaces on your laptop, including your LAN IP (e.g.,  192.168.1.106).

Table 2.Connection status  from local or LAN of your laptop

Command	status
Telnet hostname 3128	connected
Telnet 127.0.0.1 3128	connected

 

 

3.Use HTTP proxy

This section details how to establish an HTTP proxy using SSH local port forwarding.

3.1 HTTP Proxy Accessible Only on Localhost

This setup forwards a local port on your laptop to the Squid proxy running on your VPS’s localhost.

powershell -command “ssh -NfL 1080:localhost:3128 username@VPS_HOST”

• -L 1080:localhost:3128: This local port forwarding ensures that any traffic coming to your laptop’s port 1080 will be forwarded through the SSH tunnel to localhost:3128 on your VPS.
• Caution: The remote VPS can use localhost or 127.0.0.1 to connect to itself.

Result: You can connect to 127.0.0.1:1080 from your laptop, but not to your LAN IP (e.g., 127.0.0.1:1080). All traffic from 127.0.0.1:1080 will go through the SSH tunnel to localhost:3128 by your Squid proxy on the VPS.

Table 3.Connection status  from local or LAN of your laptop

Command	status
Telnet hostname 1080	NOT connected
Telnet 127.0.0.1 1080	connected

 

 

3.2HTTP Proxy Accessible on All Network Interfaces (including LAN)

To make the HTTP proxy accessible to other devices on your LAN, you need to bind the local port to 0.0.0.0.

powershell -command “ssh -NfL 0.0.0.0:1080:127.0.0.1:3128 usename@VPS_HOST”

• -L 0.0.0.0:1080:127.0.0.1:3128: This specifies a local port forwarding to tunnel an HTTP/HTTPS port.
  • 0.0.0.0: This is the bind address on your local laptop, making the HTTP proxy accessible from all interfaces, including your LAN IP (e.g., 192.168.1.106).
  • 1080: This is the local port on your laptop that you will connect to. You can choose any unused port (e.g., 1080, 8118, etc.).
  • 127.0.0.1: This is the destination address on the VPS, telling SSH to connect to the Squid proxy running on the VPS’s localhost.
  • 3128: This is the port Squid is listening on on the VPS.

Result: Any traffic coming to your laptop’s port 1080 will be forwarded through the SSH tunnel to 127.0.0.1:3128 on your VPS. You can now connect to your 1080 port using your LAN IP.

Table 4.Connection status  from local or LAN of your laptop

Command	status
Telnet hostname 1080	connected
Telnet 127.0.0.1 1080	connected

[unfinished]

Prerequisites: Assuming you have a VPS at USA node. You have completed installed Cisco Ipsec[1] and squid on VPS. In this passage,I will say http proxy and socks5 proxy, [3] is the success method, and so does the [4].In some cases, [4] requires user and password in the form of “usr:pwd”, but it is not always required in many cases, it may only use IP and port as http proxy.You can use socks5 proxy[2] as well.

1.Basic framework

Remote environment:VPS OS is centos7.

Local environment:

In my cases, my laptop is Windows 11/10 with certificate to dial up ipsec. I use hyper-v to create a virtual machine(VM for short in the following) ubuntu 18.04. The VM ubuntu has docker installed.

1.1 install cisco ipsec

Reference [1] to install cisco ipsec, and your terminal device can be macos, windows, ios, or android.

1.2 squid related

sudo yum install squid

service squid start

1.2.1 scoks5 proxy in client

In your client is Windows, you could use the following command to connect to VPS. The VPS_HOST is the domain of VPS or ip.

powershell -command “ssh -NfD 0.0.0.0:3128 user@VPS_HOST”

This made a socks5 proxy on LAN.

• ssh: The SSH client command.
• -N: Do not execute a remote command. This is useful for just forwarding ports.
• -f: Go to background after authentication.
• -D 0.0.0.0:3128: Specifies a dynamic application-level port forwarding. 0.0.0.0 tells SSH to bind the SOCKS proxy to all available network interfaces, and 3128 is the local port it will listen on.
• user@VPS_HOST: Your SSH username and the hostname/IP of your VPS.

1.2.2 http proxy in client

You could use the following command to setup http proxy in your Windows client.

powershell -command “ssh -NfL 0.0.0.0:8080:127.0.0.1:3128 user@VPS_HOST”

• ssh: The SSH client command.
• -N: Do not execute a remote command.
• -f: Go to background after authentication.
• -L 0.0.0.0:8080:127.0.0.1:3128: Specifies a local port forward.
  • 0.0.0.0: The bind address on your local laptop. This means the HTTP proxy will be accessible from all interfaces on your laptop (including your LAN IP 192.168.1.106). If you only want it accessible from your laptop, use 127.0.0.1 instead.
  • 8080: The local port on your laptop that you will connect to. You can choose any unused port here (e.g., 8080, 8118, etc.).
  • 127.0.0.1: The destination address on the VPS. This tells SSH to connect to the Squid proxy running on the VPS’s localhost.
  • 3128: The port Squid is listening on on the VPS.
• user@VPS_HOST: Your SSH username and the hostname/IP of your VPS.

1.3 clash for http proxy

Just allow local lan on your 7890 port, in your “clash for windows” app.

2. Trying pull image directly

Running the command:

docker pull hello-world

You’ll probably get the error message like this:

Get https://registry-1.docker.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)

At that situation, you may not access the url directly, try this:

curl https://registry-1.docker.io/v2/

You should get:

curl: (28) Failed to connect to registry-1.docker.io port 443 after 21062 ms: Couldn’t connect to server

The reason is that your internet can not connect to registry-1.docker.io.

3.Trying pull image through global proxy(cisco ipsec)

3.1 dial up Cisco ipsec in Windows. You should aceess google.com at that time. Try curl https://registry-1.docker.io/v2/ in your Windows and VM ubuntu again. If it is succeed, then you could run

docker pull hello-world

It may the easiest way to use.

4.Trying pull image through http proxy

Using docker info to check the proxy information.There should be no proxy at this time.

docker info

4.1 through your clash port 7890

Enable “Allow LAN” in “your clash for windows”‘s “general” Tab. Now you can connect lan ip with port 7890.

sudo mkdir -p /etc/systemd/system/docker.service.d

sudo nano /etc/systemd/system/docker.service.d/http-proxy.conf

And enter the following content:

[Service]

Environment=http_proxy=http://YOUR_LAN_IP:7890/

Environment=no_proxy=localhost,127.0.0.1

Environment=https_proxy=http://YOUR_LAN_IP:7890/

After that, execute the 2 command:

systemctl daemon-reload

systemctl restart docker

4.2 through your squid

In the cmd.exe of your windows, using chapter1.2.2 command to set up http proxy on port 8080

sudo mkdir -p /etc/systemd/system/docker.service.d

sudo nano /etc/systemd/system/docker.service.d/http-proxy.conf

And enter the following content:

[Service]

Environment=http_proxy=http://YOUR_LAN_IP:8080/

Environment=no_proxy=localhost,127.0.0.1

Environment=https_proxy=http://YOUR_LAN_IP:8080/

After that, execute the 2 command:

systemctl daemon-reload

systemctl restart docker

 

4.3 using bash command

If you are tired with command , you could copy the following bash command to run it, like [4] does. Set http proxy’s ip , port, domain name of your own. If you have not user and password of the proxy, the ActivePorxyVar is just like this: “ActiveProxyVar=IP:PORT”.

5.Trying pull image through socks5 proxy

In the cmd.exe of your windows, using chapter1.2.1 command to set up socks5 proxy on port 3128

sudo mkdir -p /etc/systemd/system/docker.service.d

sudo nano /etc/systemd/system/docker.service.d/socks5-proxy.conf

And enter the following content:

[Service]

Environment=http_proxy=socks://YOUR_LAN_IP:3128/

Environment=no_proxy=localhost,127.0.0.1

Environment=https_proxy=socks://YOUR_LAN_IP:3128/

After that, execute the 2 command:

systemctl daemon-reload

systemctl restart docker

 

6.compare sock5 proxy versus http proxy

Sock5 proxy is faster than http proxy.

7.the same situation

If you use *.yml and execute the command, you may also engage the same problem. Reference step 2 to 6 to fix the problem. The command you may use once the *.yml is completed is:

docker-compose up -d

Reference:

1. https://github.com/hwdsl2/setup-ipsec-vpn

2. https://www.cnblogs.com/mq0036/p/17184494.html

3.https://stackoverflow.com/questions/51571686/ubuntu-18-04-error-response-from-daemon-get-https-registry-1-docker-io-v2/51648635#51648635

4.https://stackoverflow.com/questions/48056365/error-get-https-registry-1-docker-io-v2-net-http-request-canceled-while-b/77130871#77130871

1.Ovf file is exported from vmware workstation 15

So we get 3 files:
(1)Ubuntu_64_bit-disk1.vmdk;
(2)Ubuntu 64 bit.mf;
(3)Ubuntu 64 bit.ovf;

2.Using qemu-img to convert ovf files to vhdx

qemu-img.exe convert D:\ubovf\Ubuntu_64_bit-disk1.vmdk -O vhdx -o subformat=dynamic D:\test_dir\dest.vhdx

3.Create a new virtual machine in hyper-v

Create a new virtual machine, attaching existing vhdx hard disk files, and select generation 1 only. The source vmdk virtual machine should be legacy bios machine, so generation 2 can not be started.
Then start and connect to the VM.

Reference:

1. https://cloudbase.it/qemu-img-windows/
2. https://learn.microsoft.com/en-us/windows-server/virtualization/hyper-v/plan/should-i-create-a-generation-1-or-2-virtual-machine-in-hyper-v

I am a beginner with using realvnc. I have a headless PC which runs remote application and steam. The vncviewer is always black screen when I use realvnc instead of mstsc. Now, if I plugged monitor to the display card, the vncviewer could display content while it was connected.
1.I noticed that, if I un-checked the directX relatived opinion and un-plugged monitor, the vncviewer could show some content such as Microsoft 365 copilot and notepad, but some of the window are displayed as black screen such as CPU fans which may be using directX technology.
2. How to use vncviewer in vmware workstation?
I use virtual machine with bridgged host network or NAT, enable the vnc in the opinion and give a port which is not used. Connect to the HOST name or ip address rather than the virtual machine’s network name or ip address, I can connect the virtual machine with vncviewer.
Reference:
1.https://help.realvnc.com/hc/en-us/articles/360004012211-Display-issues-when-connecting-to-RealVNC-Server-running-on-Windows

I update the vmware workstation from 12 to 15, but there is a problem I got when I try to start the virtual machine from snapshot. It says:
“Could not get vmci driver version: The handle is invalid.

You have an incorrect version of driver ‘vmci.sys’. Try reinstalling VMware Workstation.

Module ‘DevicePowerOn’ power on failed.

Failed to start the virtual machine.”

Solution 1: find xxx.vmx to edit this line:
vmci0.present = “TRUE”
Modify it to
vmci0.present = “FALSE”
or delete this line.
It is temporary workaround that should only be used to get the VM to boot in a pinch.

Solution 2: update the vmci driver.
Open device manager, the driver of vmci may be incorrect.
If you are connect to internet, just update it. You can get vmci.sys driver installed automatically.
The driver is stored in
C:\Program Files\Common Files\VMware\Drivers\vmci\device\Win8\vmci.sys
You should installed it from there manually if you do not have internet connection.

Finally, check if it is conflict with hyper-v componet in Windows.

Summary: Updating the vmci.sys driver via Device Manager is the fundamentally correct and recommended approach.

Reference:

https://www.cnblogs.com/Jasper-changing/p/12035933.html

https://www.youtube.com/watch?v=aZk3B31Utzo

I have use the intel core i7-9750H Engine Sample CPU since 2020.The following is my expirence.
Bad case 1, No hyper-v got:
1.enable intel vt-d in uefi settings;
2.install Hyper-V all toolkit, that is 4 components. They are:
In the Hyper-V Management Tools:
Hyper-V GUI management Tools;
Hyper-V module for Windows PowerShell;
In the Hyper-V Platform:
Hyper-V Hypervisor;
Hyper-V Services;

Once all the operation of installation and settings are done, I am probably get BSOD after reboot.
Solution:
1. Using system recovery if you have backup before the Hyper-V installation.
2.You can disabled the intel vt-d settings in the UEFI if solution 1 the system restore failed of backup not found.
Another Solution of virtualization: using Vmware workstation 16 instead of hyper-V.

Bad case 2,no 3.5 mm headphone got:
The 3.5mm headphone jack failure.
Solution: None.

Besides of the 2 bad case, it is all ok completely.
Platform: windows10 1903 64bit, thinkpad p53 with T1000, intel core-i7 9750h(ES)

You may receive PermissionError: [WinError 5] Access is denied: ‘C:\\Windows\\to_your_path’ while you use shutil.rmtree python code in windows environment.
shutil.rmtree is utility with a function that can remove directory in windows even if it contains files or subdirectories.
But what happens when you encounter WinError 5?
It may be while you use explorer.exe to enter the directory you want to delete and go back to the parent folder in some cases.So, it may be explorer.exe occupy the directory handles while you use explorer to check it and go back and run the python script.
Solution: Just close the explorer window which contains the history of the directory you want to remove.

If I have a python script in linux, touch run.sh:
#!/bin/bash
python3 script_name.py

chmod +x run.sh

A strange update from US region, if you install it from CN at first, like the picture shows.
Solution:Remove telegram first, and get it from US regions of app store.

1.Run cmd.exe with admin privilege
2. run the following command in cmd. It will display a new dialog.
explorer shell:::{05d7b0f4-2121-4eff-bf6b-ed3f69b894d9}
3.Operation on the dialog.

Reference:https://www.cnblogs.com/lalaza/p/17235965.html