Skip to content

Instantly share code, notes, and snippets.

View esteevens's full-sized avatar

esteevens

1 follower · 5 following
View GitHub Profile
@esteevens
esteevens / update-java-cacerts.sh
Created July 29, 2022 09:09 — forked from profiprog/update-java-cacerts.sh
Automatically download and install server SSL certificate to java keystore (keytool)
#!/bin/bash
fail() { echo -e "\033[1;31mError:\033[0m" "$@" >&2; exit 1; }
warn() { echo -e "\033[1;33mWarning:\033[0m" "$@"; }
info() { echo -e "\033[1;32mInfo:\033[0m" "$@"; }
printHelp() { cat << EOF
Usage: $0 <hostname>
-keystore <file> [-storepass <password>]
[-keytool <path>]
[-quiet] [-test|-testonly]
@esteevens
esteevens / vpn-openconnect-connect-to-cisco-anyconnect.md
Created November 20, 2020 08:48 — forked from stefancocora/vpn-openconnect-connect-to-cisco-anyconnect.md
Split tunneling with openconnect - A guide on how to use openconnect to establish a vpn connection to an enterprise cisco anyconnect vpn endpoint with client side routing.

Introduction

The purpose of this short howto is to show you how to:

  • use openconnect [1] to connect to an enterprise cisco anyconnect endpoint
  • whilst minimizing the amount of traffic that your route through the vpn connection

Usually VPN administrators will puth the default route to the users, so that all user traffic is routed through the vpn connection. This is to address the various security concerns around compromised user computers bridging external internet traffic into the secure VPN network.

While the VPN administrator can push routes to the clients, the client can ignore these default routes and establish client side routing so that only the required A.B.C.D/E network is routed through the VPN. All other traffic will still use the clients default route and default outbound internet connection.