How to add TAP adapter interface in Windows

This article was useful to add interface into Windows OS quickly. Also this differentiation between TAP and TUN.

Acronyms explanation:

TAP = Terminating Access Point

TUN = Terminating Unbroadcasting Node

VPN = Virtual Private Network

How to insert non-breaking hyphen

Here is non-breaking hyphen: ‑. You can copy & paste it freely where you want (it is open-source).

It was forked from this one (credit them for the original work).

OpenConnect as Cisco AnyConnect VPN client better alternative

Cisco AnyConnect VPN client is sometimes too restrictive (e.g. disconnecting internet on client side, when split tunnelling is not configured on server side, or running under privileged user - root or SYSTEM), and there comes OpenConnect giving more freedom to the user.

OpenConnect is truly multi-platform and partially also OpenConnect-GUI bundling OpenConnect for Windows and macOS. This GUI wrapper gives to using OpenConnect very similar way and feeling, as GUI of Cisco AnyConnect VPN client.

In Windows, after VPN connection established, if "split tunnelling" is not allowed on (Cisco) VPN server (concentrator), this can be bypassed on client side by increasing metric of TAP interface (to be higher than metric of physical network interface), and configuration of routes (slices) to be routed to VPN, but not anything other. This can be done e.g. via administrative shell (cmd.exe):

route add <IPsubnet> mask <mask> <IPdefaultGW-VPN> IF <IFnumber>
netsh interface ip set interface <IFnumber> metric=5

Routes, interfaces, default gateways, etc., can be displayed this way:

route print

Above commands may be chained (e.g. within the BAT file) this way (see https://stackoverflow.com/questions/8055371/how-do-i-run-two-commands-in-one-line-in-windows-cmd for details):

cmd /k "route print & route-add-command & netsh-interface-command & route print"

For macOS, this GUI wrapper is experimental, so OpenConnect can be installed also directly, not as part of GUI bundle (with sample usage with vpn-slice, to do client-side "split tunnelling" - allowing internet usage bypassing VPN):

(sudo) brew install openconnect
(sudo) brew install vpn-slice
(sudo) openconnect https://<address> -s 'vpn-slice <IPsubnet>/<mask>'

Similar setup should be possible also in Linux.

More info:

• routing table modification in Windows
• vpn-slice (currently lacking Windows OS support)
• using netstat and route on Oracle Solaris

SCP via hop nodes

 There are various ways, how to SCP through intermediary nodes, e.g. ProxyCommand (using netcat = nc), ProxyJump (scp -J), pipes, tunnels, ...

There is a new project hopscp, doing it without any of them, but prospectively may incorporate them in the future too, to make its possiblities wider.

By default, in its initial version, it is implementing this multi-hop SCP by sequential secure copying through whole chain, from source to target. Current maximum is:

[source_end] -> [source_hop] -> [local_host] -> [target_hop] -> [target_end]

For more information, download hopscp, read its heading synopsis, or run it to see its output in command-line.

Software license: The Unlicense.

HTTP(s) checks with httpstat.us & curl

Useful site for HTTP(S) testing: https://httpstat.us/

Example 1:

curl --connect-timeout 5 -m 10 https://httpstat.us/200?sleep=7000 > test.curl

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current

                                 Dload  Upload   Total   Spent    Left  Speed

100     6    0     6    0     0      0      0 --:--:--  0:00:07 --:--:--     1

echo $?

0

Example 2:

curl --connect-timeout 5 -m 10 https://httpstat.us/200?sleep=10000 > test.curl

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current

                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:--  0:00:10 --:--:--     0

curl: (28) Operation timed out after 10001 milliseconds with 0 out of -1 bytes received

echo $?

28

Notes about timeouts in curl:

https://unix.stackexchange.com/questions/94604/does-curl-have-a-timeout/94612

Managing log rotation in Linux

 Add new file to rotation:

• copy one of /etc/logrotate.d/* configuration files to working (e.g. home) directory, name it e.g. new-file
• vim new-file
• change path to point to new (existing) file to be rotated
• change other parameters, if needed
• sudo mv new-file /etc/logrotate.d/
• sudo chown root:root /etc/logrotate.d/new-file

Dry run:

logrotate -d /etc/logrotate.d/new-file

Forced rotation:

sudo logrotate -vf /etc/logrotate.d/new-file

More info:

man logrotate
https://www.tecmint.com/install-logrotate-to-manage-log-rotation-in-linux/

Bash tips I

Inputs to functions:

https://tldp.org/HOWTO/Bash-Prog-Intro-HOWTO-8.html

Outputs from functions:

https://www.linuxjournal.com/content/return-values-bash-functions

Check for empty variable:

https://www.cyberciti.biz/faq/unix-linux-bash-script-check-if-variable-is-empty/

Keyboard shortcuts:

http://teohm.com/blog/shortcuts-to-move-faster-in-bash-command-line/