vpn-split 21.0.13 → 21.0.16

package/lib-prod/vpn-split.backend.ts

@@ -0,0 +1,1039 @@
+//#region imports
+import { execSync } from 'child_process';
+import * as crypto from 'crypto';
+// TODO I am using TCP ugrade not UDP!
+import * as dgram from 'dgram'; // <-- For UDP sockets
+import * as http from 'http';
+import { URL } from 'url';
+
+import axios from 'axios';
+import * as express from 'express';
+import * as httpProxy from 'http-proxy';
+import { Log, Level } from 'ng2-logger/lib-prod';
+import { config, Utils__NS__binary__NS__base64toBlob, Utils__NS__binary__NS__base64toBuffer, Utils__NS__binary__NS__base64toDbBinaryFormat, Utils__NS__binary__NS__blobToArrayBuffer, Utils__NS__binary__NS__blobToBase64, Utils__NS__binary__NS__blobToBuffer, Utils__NS__binary__NS__blobToFile, Utils__NS__binary__NS__blobToJson, Utils__NS__binary__NS__blobToText, Utils__NS__binary__NS__bufferToBase64, Utils__NS__binary__NS__bufferToBlob, Utils__NS__binary__NS__bufferToText, Utils__NS__binary__NS__dbBinaryFormatToBase64, Utils__NS__binary__NS__dbBinaryFormatToText, Utils__NS__binary__NS__fileToBlob, Utils__NS__binary__NS__fileToText, Utils__NS__binary__NS__getBlobFrom, Utils__NS__binary__NS__jsonToBlob, Utils__NS__binary__NS__textToBlob, Utils__NS__binary__NS__textToBuffer, Utils__NS__binary__NS__textToDbBinaryFormat, Utils__NS__binary__NS__textToFile, Utils__NS__camelize, Utils__NS__css__NS__numValue, Utils__NS__DbBinaryFormat, Utils__NS__DbBinaryFormatEnum, Utils__NS__DbBinaryFormatForBackend, Utils__NS__DbBinaryFormatForBrowser, Utils__NS__escapeStringForRegEx, Utils__NS__fullDate, Utils__NS__fullDateTime, Utils__NS__getFreePort, Utils__NS__removeChalkSpecialChars, Utils__NS__requireUncached, Utils__NS__sortKeys, Utils__NS__uniqArray, Utils__NS__wait, Utils__NS__waitMilliseconds } from 'tnp-core/lib-prod';
+import { path, fse, https, isElevated, crossPlatformPath, os, ___NS__add, ___NS__after, ___NS__ary, ___NS__assign, ___NS__assignIn, ___NS__assignInWith, ___NS__assignWith, ___NS__at, ___NS__attempt, ___NS__before, ___NS__bind, ___NS__bindAll, ___NS__bindKey, ___NS__camelCase, ___NS__capitalize, ___NS__castArray, ___NS__ceil, ___NS__chain, ___NS__chunk, ___NS__clamp, ___NS__clone, ___NS__cloneDeep, ___NS__cloneDeepWith, ___NS__cloneWith, ___NS__compact, ___NS__concat, ___NS__cond, ___NS__conforms, ___NS__conformsTo, ___NS__constant, ___NS__countBy, ___NS__create, ___NS__curry, ___NS__curryRight, ___NS__debounce, ___NS__deburr, ___NS__defaults, ___NS__defaultsDeep, ___NS__defaultTo, ___NS__defer, ___NS__delay, ___NS__difference, ___NS__differenceBy, ___NS__differenceWith, ___NS__divide, ___NS__drop, ___NS__dropRight, ___NS__dropRightWhile, ___NS__dropWhile, ___NS__each, ___NS__eachRight, ___NS__endsWith, ___NS__entries, ___NS__entriesIn, ___NS__eq, ___NS__escape, ___NS__escapeRegExp, ___NS__every, ___NS__extend, ___NS__extendWith, ___NS__fill, ___NS__filter, ___NS__find, ___NS__findIndex, ___NS__findKey, ___NS__findLast, ___NS__findLastIndex, ___NS__findLastKey, ___NS__first, ___NS__flatMap, ___NS__flatMapDeep, ___NS__flatMapDepth, ___NS__flatten, ___NS__flattenDeep, ___NS__flattenDepth, ___NS__flip, ___NS__floor, ___NS__flow, ___NS__flowRight, ___NS__forEach, ___NS__forEachRight, ___NS__forIn, ___NS__forInRight, ___NS__forOwn, ___NS__forOwnRight, ___NS__fromPairs, ___NS__functions, ___NS__functionsIn, ___NS__get, ___NS__groupBy, ___NS__gt, ___NS__gte, ___NS__has, ___NS__hasIn, ___NS__head, ___NS__identity, ___NS__includes, ___NS__indexOf, ___NS__initial, ___NS__inRange, ___NS__intersection, ___NS__intersectionBy, ___NS__intersectionWith, ___NS__invert, ___NS__invertBy, ___NS__invoke, ___NS__invokeMap, ___NS__isArguments, ___NS__isArray, ___NS__isArrayBuffer, ___NS__isArrayLike, ___NS__isArrayLikeObject, ___NS__isBoolean, ___NS__isBuffer, ___NS__isDate, ___NS__isElement, ___NS__isEmpty, ___NS__isEqual, ___NS__isEqualWith, ___NS__isError, ___NS__isFinite, ___NS__isFunction, ___NS__isInteger, ___NS__isLength, ___NS__isMap, ___NS__isMatch, ___NS__isMatchWith, ___NS__isNaN, ___NS__isNative, ___NS__isNil, ___NS__isNull, ___NS__isNumber, ___NS__isObject, ___NS__isObjectLike, ___NS__isPlainObject, ___NS__isRegExp, ___NS__isSafeInteger, ___NS__isSet, ___NS__isString, ___NS__isSymbol, ___NS__isTypedArray, ___NS__isUndefined, ___NS__isWeakMap, ___NS__isWeakSet, ___NS__iteratee, ___NS__join, ___NS__kebabCase, ___NS__keyBy, ___NS__keys, ___NS__keysIn, ___NS__last, ___NS__lastIndexOf, ___NS__lowerCase, ___NS__lowerFirst, ___NS__lt, ___NS__lte, ___NS__map, ___NS__mapKeys, ___NS__mapValues, ___NS__matches, ___NS__matchesProperty, ___NS__max, ___NS__maxBy, ___NS__mean, ___NS__meanBy, ___NS__memoize, ___NS__merge, ___NS__mergeWith, ___NS__method, ___NS__methodOf, ___NS__min, ___NS__minBy, ___NS__mixin, ___NS__multiply, ___NS__negate, ___NS__noop, ___NS__now, ___NS__nth, ___NS__nthArg, ___NS__omit, ___NS__omitBy, ___NS__once, ___NS__orderBy, ___NS__over, ___NS__overArgs, ___NS__overEvery, ___NS__overSome, ___NS__pad, ___NS__padEnd, ___NS__padStart, ___NS__parseInt, ___NS__partial, ___NS__partialRight, ___NS__partition, ___NS__pick, ___NS__pickBy, ___NS__property, ___NS__propertyOf, ___NS__pull, ___NS__pullAll, ___NS__pullAllBy, ___NS__pullAllWith, ___NS__pullAt, ___NS__random, ___NS__range, ___NS__rangeRight, ___NS__rearg, ___NS__reduce, ___NS__reduceRight, ___NS__reject, ___NS__remove, ___NS__repeat, ___NS__replace, ___NS__rest, ___NS__result, ___NS__reverse, ___NS__round, ___NS__sample, ___NS__sampleSize, ___NS__set, ___NS__setWith, ___NS__shuffle, ___NS__size, ___NS__slice, ___NS__snakeCase, ___NS__some, ___NS__sortBy, ___NS__sortedIndex, ___NS__sortedIndexBy, ___NS__sortedIndexOf, ___NS__sortedLastIndex, ___NS__sortedLastIndexBy, ___NS__sortedLastIndexOf, ___NS__sortedUniq, ___NS__sortedUniqBy, ___NS__split, ___NS__spread, ___NS__startCase, ___NS__startsWith, ___NS__stubArray, ___NS__stubFalse, ___NS__stubObject, ___NS__stubString, ___NS__stubTrue, ___NS__subtract, ___NS__sum, ___NS__sumBy, ___NS__tail, ___NS__take, ___NS__takeRight, ___NS__takeRightWhile, ___NS__takeWhile, ___NS__tap, ___NS__template, ___NS__templateSettings, ___NS__throttle, ___NS__thru, ___NS__times, ___NS__toArray, ___NS__toFinite, ___NS__toInteger, ___NS__toLength, ___NS__toLower, ___NS__toNumber, ___NS__toPairs, ___NS__toPairsIn, ___NS__toPath, ___NS__toPlainObject, ___NS__toSafeInteger, ___NS__toString, ___NS__toUpper, ___NS__transform, ___NS__trim, ___NS__trimEnd, ___NS__trimStart, ___NS__truncate, ___NS__unary, ___NS__unescape, ___NS__union, ___NS__unionBy, ___NS__unionWith, ___NS__uniq, ___NS__uniqBy, ___NS__uniqueId, ___NS__uniqWith, ___NS__unset, ___NS__unzip, ___NS__unzipWith, ___NS__update, ___NS__updateWith, ___NS__upperCase, ___NS__upperFirst, ___NS__values, ___NS__valuesIn, ___NS__without, ___NS__words, ___NS__wrap, ___NS__xor, ___NS__xorBy, ___NS__xorWith, ___NS__zip, ___NS__zipObject, ___NS__zipObjectDeep, ___NS__zipWith, UtilsNetwork__NS__checkIfServerOnline, UtilsNetwork__NS__checkIfServerPings, UtilsNetwork__NS__checkPing, UtilsNetwork__NS__etcHostHasProperLocalhostIp4Entry, UtilsNetwork__NS__etcHostHasProperLocalhostIp6Entry, UtilsNetwork__NS__getCurrentPublicIpAddress, UtilsNetwork__NS__getEtcHostEntriesByDomain, UtilsNetwork__NS__getEtcHostEntryByComment, UtilsNetwork__NS__getEtcHostEntryByIp, UtilsNetwork__NS__getEtcHostsPath, UtilsNetwork__NS__getFirstIpV4LocalActiveIpAddress, UtilsNetwork__NS__getLocalIpAddresses, UtilsNetwork__NS__isValidDomain, UtilsNetwork__NS__isValidIp, UtilsNetwork__NS__LocalIpInfo, UtilsNetwork__NS__PingResult, UtilsNetwork__NS__removeEtcHost, UtilsNetwork__NS__setEtcHost, UtilsNetwork__NS__SIMULATE_DOMAIN_TAG, UtilsNetwork__NS__simulateDomain, UtilsNetwork__NS__urlParse, UtilsOs__NS__commandExistsAsync, UtilsOs__NS__commandExistsSync, UtilsOs__NS__detectEditor, UtilsOs__NS__Editor, UtilsOs__NS__EDITOR_PROCESSES, UtilsOs__NS__EditorArr, UtilsOs__NS__EditorProcess, UtilsOs__NS__getEditorSettingsJsonPath, UtilsOs__NS__getRealHomeDir, UtilsOs__NS__isBrowser, UtilsOs__NS__isDockerAvailable, UtilsOs__NS__isElectron, UtilsOs__NS__isNode, UtilsOs__NS__isNodeVersionOk, UtilsOs__NS__isPortInUse, UtilsOs__NS__isRunningInBrowser, UtilsOs__NS__isRunningInCliMode, UtilsOs__NS__isRunningInDocker, UtilsOs__NS__isRunningInElectron, UtilsOs__NS__isRunningInLinuxGraphicsCapableEnvironment, UtilsOs__NS__isRunningInMochaTest, UtilsOs__NS__isRunningInNode, UtilsOs__NS__isRunningInOsWithGraphicsCapableEnvironment, UtilsOs__NS__isRunningInSSRMode, UtilsOs__NS__isRunningInVscodeExtension, UtilsOs__NS__isRunningInWebSQL, UtilsOs__NS__isRunningInWindows, UtilsOs__NS__isRunningInWindowsCmd, UtilsOs__NS__isRunningInWindowsPowerShell, UtilsOs__NS__isRunningInWsl, UtilsOs__NS__isRunningNodeDebugger, UtilsOs__NS__isSSRMode, UtilsOs__NS__isVscodeExtension, UtilsOs__NS__isWebSQL, UtilsOs__NS__killAllEditor, UtilsOs__NS__openFolderInFileExplorer, UtilsOs__NS__openFolderInVSCode, UtilsOs__NS__pipxNestedPackageExists, UtilsOs__NS__pipxPackageExists, UtilsOs__NS__pythonModuleExists, UtilsOs__NS__UnknownEditor } from 'tnp-core/lib-prod';
+import { CoreModels__NS__BaseProjectType, CoreModels__NS__BaseProjectTypeArr, CoreModels__NS__CfontAlign, CoreModels__NS__CfontStyle, CoreModels__NS__ClassNameStaticProperty, CoreModels__NS__ContentType, CoreModels__NS__ContentTypeKeys, CoreModels__NS__CoreLibCategory, CoreModels__NS__CutableFileExt, CoreModels__NS__DatabaseType, CoreModels__NS__EnvironmentName, CoreModels__NS__EnvironmentNameTaon, CoreModels__NS__ExecuteOptions, CoreModels__NS__FileEvent, CoreModels__NS__FileExtension, CoreModels__NS__FrameworkVersion, CoreModels__NS__GlobalDependencies, CoreModels__NS__HttpMethod, CoreModels__NS__ImageFileExtension, CoreModels__NS__ImageFileExtensionArr, CoreModels__NS__InstalationType, CoreModels__NS__InstalationTypeArr, CoreModels__NS__LibType, CoreModels__NS__localhostDomain, CoreModels__NS__localhostIp127, CoreModels__NS__ManifestIcon, CoreModels__NS__MediaType, CoreModels__NS__MediaTypeAllArr, CoreModels__NS__MimeType, CoreModels__NS__mimeTypes, CoreModels__NS__MimeTypesObj, CoreModels__NS__NewFactoryType, CoreModels__NS__NpmInstallOptions, CoreModels__NS__NpmSpecialVersions, CoreModels__NS__OrignalClassKey, CoreModels__NS__OutFolder, CoreModels__NS__Package, CoreModels__NS__ParamType, CoreModels__NS__parentLocation, CoreModels__NS__pathToChildren, CoreModels__NS__Position, CoreModels__NS__PreReleaseVersionTag, CoreModels__NS__PROGRESS_DATA_TYPE, CoreModels__NS__PUSHTYPE, CoreModels__NS__PwaManifest, CoreModels__NS__ReleaseVersionType, CoreModels__NS__ReleaseVersionTypeEnum, CoreModels__NS__RunOptions, CoreModels__NS__Size, CoreModels__NS__SPECIAL_APP_READY_MESSAGE, CoreModels__NS__SPECIAL_WORKER_READY_MESSAGE, CoreModels__NS__tagForTaskName, CoreModels__NS__TaonHttpErrorCustomProp, CoreModels__NS__TsUsage, CoreModels__NS__UIFramework, CoreModels__NS__UploadedBackendFile, CoreModels__NS__VSCodeSettings } from 'tnp-core/lib-prod';
+import { Helpers__NS___fixCommand, Helpers__NS__bigMaxBuffer, Helpers__NS__checkProcess, Helpers__NS__cleanExit, Helpers__NS__clearConsole, Helpers__NS__command, Helpers__NS__commandOutputAsString, Helpers__NS__commandOutputAsStringAsync, Helpers__NS__compilationWrapper, Helpers__NS__contain, Helpers__NS__createFolder, Helpers__NS__createSymLink, Helpers__NS__error, Helpers__NS__execute, Helpers__NS__exists, Helpers__NS__filesFrom, Helpers__NS__foldersFrom, Helpers__NS__getFilesFrom, Helpers__NS__getFoldersFrom, Helpers__NS__getIsBrowser, Helpers__NS__getIsElectron, Helpers__NS__getIsNode, Helpers__NS__getIsRunningInGitBash, Helpers__NS__getIsSupportedTaonTerminal, Helpers__NS__getIsVerboseMode, Helpers__NS__getIsWebSQL, Helpers__NS__getIsWsl, Helpers__NS__getStdio, Helpers__NS__hideNodeWarnings, Helpers__NS__info, Helpers__NS__isBlob, Helpers__NS__isBuffer, Helpers__NS__isClass, Helpers__NS__isExistedSymlink, Helpers__NS__isFile, Helpers__NS__isFolder, Helpers__NS__isRunningInDocker, Helpers__NS__isRunningInLinuxGraphicsCapableEnvironment, Helpers__NS__isSymlinkFileExitedOrUnexisted, Helpers__NS__isSymlinkThatMatchesUrl, Helpers__NS__isUnexistedLink, Helpers__NS__killOnPort, Helpers__NS__killProcess, Helpers__NS__killProcessByPort, Helpers__NS__linksToFolderFrom, Helpers__NS__linksToFoldersFrom, Helpers__NS__log, Helpers__NS__logError, Helpers__NS__logInfo, Helpers__NS__logProc, Helpers__NS__logSuccess, Helpers__NS__logWarn, Helpers__NS__mediaTypeFromSrc, Helpers__NS__mkdirp, Helpers__NS__modifyLineByLine, Helpers__NS__msgCacheClear, Helpers__NS__openFolderInFileExplorer, Helpers__NS__parse, Helpers__NS__pathContainLink, Helpers__NS__questionYesNo, Helpers__NS__readFile, Helpers__NS__readJson, Helpers__NS__readJson5, Helpers__NS__readJsonC, Helpers__NS__relative, Helpers__NS__remove, Helpers__NS__removeEmptyLineFromString, Helpers__NS__removeFileIfExists, Helpers__NS__removeFolderIfExists, Helpers__NS__removeIfExists, Helpers__NS__removeSlashAtBegin, Helpers__NS__removeSlashAtEnd, Helpers__NS__removeSymlinks, Helpers__NS__renderError, Helpers__NS__replaceLinesInFile, Helpers__NS__run, Helpers__NS__runAsyncIn, Helpers__NS__runSyncIn, Helpers__NS__runSyncOrAsync, Helpers__NS__sleep, Helpers__NS__stopApplication, Helpers__NS__stringify, Helpers__NS__success, Helpers__NS__taskDone, Helpers__NS__taskStarted, Helpers__NS__throwError, Helpers__NS__timeout, Helpers__NS__tryCatchError, Helpers__NS__tryReadFile, Helpers__NS__tryRemoveDir, Helpers__NS__values, Helpers__NS__wait, Helpers__NS__warn, Helpers__NS__writeFile, Helpers__NS__writeJson, Helpers__NS__writeJson5, Helpers__NS__writeJsonC, HelpersTaon__NS__actionWrapper, HelpersTaon__NS__applyMixins, HelpersTaon__NS__arrays__NS__arrayMoveElementAfterB, HelpersTaon__NS__arrays__NS__arrayMoveElementBefore, HelpersTaon__NS__arrays__NS__from, HelpersTaon__NS__arrays__NS__fuzzy, HelpersTaon__NS__arrays__NS__moveObjectAfter, HelpersTaon__NS__arrays__NS__moveObjectBefore, HelpersTaon__NS__arrays__NS__second, HelpersTaon__NS__arrays__NS__sortKeys, HelpersTaon__NS__arrays__NS__uniqArray, HelpersTaon__NS__autocompleteAsk, HelpersTaon__NS__bundleCodeIntoSingleFile, HelpersTaon__NS__changeCwd, HelpersTaon__NS__changeCwdWrapper, HelpersTaon__NS__checkEnvironment, HelpersTaon__NS__checkIfNameAllowedForTaonProj, HelpersTaon__NS__checksum, HelpersTaon__NS__cliTool__NS__cleanCommand, HelpersTaon__NS__cliTool__NS__fixUnexpectedCommandCharacters, HelpersTaon__NS__cliTool__NS__getPramsFromArgs, HelpersTaon__NS__cliTool__NS__globalArgumentsParserTnp, HelpersTaon__NS__cliTool__NS__match, HelpersTaon__NS__cliTool__NS__removeArg, HelpersTaon__NS__cliTool__NS__removeArgsFromCommand, HelpersTaon__NS__cliTool__NS__resolveItemFromArgsBegin, HelpersTaon__NS__cliTool__NS__resolveItemsFromArgsBegin, HelpersTaon__NS__CLIWRAP, HelpersTaon__NS__consoleGui__NS__multiselect, HelpersTaon__NS__consoleGui__NS__pressAnyKey, HelpersTaon__NS__consoleGui__NS__question__NS__yesNo, HelpersTaon__NS__consoleGui__NS__select, HelpersTaon__NS__consoleGui__NS__wait, HelpersTaon__NS__copy, HelpersTaon__NS__copyFile, HelpersTaon__NS__copyFolderOsNative, HelpersTaon__NS__filterDontCopy, HelpersTaon__NS__filterOnlyCopy, HelpersTaon__NS__findChildren, HelpersTaon__NS__findChildrenNavi, HelpersTaon__NS__fixWebpackEnv, HelpersTaon__NS__formatPath, HelpersTaon__NS__generatedFileWrap, HelpersTaon__NS__getLinesFromFiles, HelpersTaon__NS__getMethodName, HelpersTaon__NS__getMostRecentFileName, HelpersTaon__NS__getMostRecentFilesNames, HelpersTaon__NS__getRecrusiveFilesFrom, HelpersTaon__NS__getStringFrom, HelpersTaon__NS__getTempFolder, HelpersTaon__NS__getValueFromJSON, HelpersTaon__NS__getValueFromJSONC, HelpersTaon__NS__getWorkingDirOfProcess, HelpersTaon__NS__git__NS___pull, HelpersTaon__NS__git__NS__allOrigins, HelpersTaon__NS__git__NS__backupBranch, HelpersTaon__NS__git__NS__changeRemoteFromHttpsToSSh, HelpersTaon__NS__git__NS__changeRemoveFromSshToHttps, HelpersTaon__NS__git__NS__changesSummary, HelpersTaon__NS__git__NS__checkIfthereAreSomeUncommitedChange, HelpersTaon__NS__git__NS__checkout, HelpersTaon__NS__git__NS__checkoutDefaultBranch, HelpersTaon__NS__git__NS__checkoutFromTo, HelpersTaon__NS__git__NS__checkTagExists, HelpersTaon__NS__git__NS__cleanRepoFromAnyFilesExceptDotGitFolder, HelpersTaon__NS__git__NS__clone, HelpersTaon__NS__git__NS__commit, HelpersTaon__NS__git__NS__countCommits, HelpersTaon__NS__git__NS__currentBranchName, HelpersTaon__NS__git__NS__defaultRepoBranch, HelpersTaon__NS__git__NS__fetch, HelpersTaon__NS__git__NS__findGitRoot, HelpersTaon__NS__git__NS__getACTION_MSG_RESET_GIT_HARD_COMMIT, HelpersTaon__NS__git__NS__getAllTags, HelpersTaon__NS__git__NS__getBranchesNames, HelpersTaon__NS__git__NS__getChangedFiles, HelpersTaon__NS__git__NS__getChangedFilesInCommitByHash, HelpersTaon__NS__git__NS__getChangedFilesInCommitByIndex, HelpersTaon__NS__git__NS__getCommitHashByIndex, HelpersTaon__NS__git__NS__getCommitMessageByHash, HelpersTaon__NS__git__NS__getCommitMessageByIndex, HelpersTaon__NS__git__NS__getListOfCurrentGitChanges, HelpersTaon__NS__git__NS__getOriginURL, HelpersTaon__NS__git__NS__getRemoteProvider, HelpersTaon__NS__git__NS__getUserInfo, HelpersTaon__NS__git__NS__hasAnyCommits, HelpersTaon__NS__git__NS__isGitRoot, HelpersTaon__NS__git__NS__isInMergeProcess, HelpersTaon__NS__git__NS__isInsideGitRepo, HelpersTaon__NS__git__NS__isValidRepoUrl, HelpersTaon__NS__git__NS__lastCommitDate, HelpersTaon__NS__git__NS__lastCommitHash, HelpersTaon__NS__git__NS__lastCommitMessage, HelpersTaon__NS__git__NS__lastTagHash, HelpersTaon__NS__git__NS__lastTagNameForMajorVersion, HelpersTaon__NS__git__NS__lastTagVersionName, HelpersTaon__NS__git__NS__meltActionCommits, HelpersTaon__NS__git__NS__originHttpToSsh, HelpersTaon__NS__git__NS__originSshToHttp, HelpersTaon__NS__git__NS__penultimateCommitHash, HelpersTaon__NS__git__NS__penultimateCommitMessage, HelpersTaon__NS__git__NS__pullCurrentBranch, HelpersTaon__NS__git__NS__pushCurrentBranch, HelpersTaon__NS__git__NS__rebase, HelpersTaon__NS__git__NS__removeTag, HelpersTaon__NS__git__NS__resetFiles, HelpersTaon__NS__git__NS__resetHard, HelpersTaon__NS__git__NS__resetSoftHEAD, HelpersTaon__NS__git__NS__restoreLastVersion, HelpersTaon__NS__git__NS__revertFileChanges, HelpersTaon__NS__git__NS__setUserInfos, HelpersTaon__NS__git__NS__stageAllAndCommit, HelpersTaon__NS__git__NS__stageAllFiles, HelpersTaon__NS__git__NS__stagedFiles, HelpersTaon__NS__git__NS__stageFile, HelpersTaon__NS__git__NS__stash, HelpersTaon__NS__git__NS__stashApply, HelpersTaon__NS__git__NS__tagAndPushToGitRepo, HelpersTaon__NS__git__NS__thereAreSomeUncommitedChangeExcept, HelpersTaon__NS__git__NS__uncommitedFiles, HelpersTaon__NS__git__NS__unstageAllFiles, HelpersTaon__NS__goToDir, HelpersTaon__NS__HelpersNumber, HelpersTaon__NS__input, HelpersTaon__NS__isElevated, HelpersTaon__NS__isPlainFileOrFolder, HelpersTaon__NS__killAllNode, HelpersTaon__NS__killAllNodeExceptCurrentProcess, HelpersTaon__NS__list, HelpersTaon__NS__mesureExectionInMs, HelpersTaon__NS__mesureExectionInMsSync, HelpersTaon__NS__move, HelpersTaon__NS__multipleChoicesAsk, HelpersTaon__NS__osIsMacOs, HelpersTaon__NS__outputToVScode, HelpersTaon__NS__pathFromLink, HelpersTaon__NS__paths__NS__create, HelpersTaon__NS__paths__NS__PREFIX, HelpersTaon__NS__paths__NS__removeExt, HelpersTaon__NS__paths__NS__removeExtension, HelpersTaon__NS__paths__NS__removeRootFolder, HelpersTaon__NS__prepareWatchCommand, HelpersTaon__NS__pressKeyAndContinue, HelpersTaon__NS__pressKeyOrWait, HelpersTaon__NS__randomInteger, HelpersTaon__NS__readValueFromJson, HelpersTaon__NS__readValueFromJsonC, HelpersTaon__NS__removeExcept, HelpersTaon__NS__renameFiles, HelpersTaon__NS__renameFolder, HelpersTaon__NS__requireJs, HelpersTaon__NS__requireUncached, HelpersTaon__NS__resolve, HelpersTaon__NS__restartApplicationItself, HelpersTaon__NS__selectChoicesAsk, HelpersTaon__NS__setValueToJSON, HelpersTaon__NS__setValueToJSONC, HelpersTaon__NS__size, HelpersTaon__NS__slash, HelpersTaon__NS__strings__NS__interpolateString, HelpersTaon__NS__strings__NS__numValue, HelpersTaon__NS__strings__NS__plural, HelpersTaon__NS__strings__NS__removeDoubleOrMoreEmptyLines, HelpersTaon__NS__strings__NS__singular, HelpersTaon__NS__strings__NS__splitIfNeed, HelpersTaon__NS__terminalLine, HelpersTaon__NS__tryCopyFrom, HelpersTaon__NS__tryRecreateDir, HelpersTaon__NS__uniqArray, HelpersTaon__NS__waitForCondition, HelpersTaon__NS__waitForMessegeInStdout, HelpersTaon__NS__workerCalculateArray } from 'tnp-helpers/lib-prod';
+
+import { Hostile } from './hostile.backend';
+import { EtcHosts, HostForServer, OptHostForServer } from './models';
+
+const HOST_FILE_PATH = UtilsNetwork__NS__getEtcHostsPath();
+
+const log = Log.create('vpn-split', Level.INFO);
+//#endregion
+
+//#region consts
+
+const GENERATED = '#GENERATED_BY_CLI#';
+
+const EOL = process.platform === 'win32' ? '\r\n' : '\n';
+
+const SERVERS_PATH = '/$$$$servers$$$$';
+
+const HOST_FILE_PATHUSER = crossPlatformPath([
+  UtilsOs__NS__getRealHomeDir(),
+  'hosts-file__vpn-split',
+]);
+
+const from = HostForServer.From;
+const DefaultEtcHosts = {
+  'localhost alias': from({
+    ipOrDomain: '127.0.0.1',
+    aliases: 'localhost' as any,
+    isDefault: true,
+  } as OptHostForServer),
+  broadcasthost: from({
+    ipOrDomain: '255.255.255.255',
+    aliases: 'broadcasthost' as any,
+    isDefault: true,
+  } as OptHostForServer),
+  'localhost alias ipv6': from({
+    ipOrDomain: '::1',
+    aliases: 'localhost' as any,
+    isDefault: true,
+  } as OptHostForServer),
+} as EtcHosts;
+//#endregion
+
+export class VpnSplit {
+  //#region getters
+  get hostsArr() {
+    const hosts = this.hosts;
+    return ___NS__keys(hosts).map(hostName => {
+      const v = hosts[hostName] as HostForServer;
+      v.name = hostName;
+      return v;
+    });
+  }
+
+  get hostsArrWithoutDefault() {
+    return this.hostsArr.filter(f => !f.isDefault);
+  }
+
+  private get serveKeyName() {
+    return 'tmp-' + config.file.server_key;
+  }
+
+  private get serveKeyPath() {
+    return path.join(this.cwd, this.serveKeyName);
+  }
+
+  private get serveCertName() {
+    return 'tmp-' + config.file.server_cert;
+  }
+
+  private get serveCertPath() {
+    return path.join(this.cwd, this.serveCertName);
+  }
+
+  private get serveCertChainName() {
+    return 'tmp-' + config.file.server_chain_cert;
+  }
+
+  private get serveCertChainPath() {
+    return path.join(this.cwd, this.serveCertChainName);
+  }
+  //#endregion
+
+  //#region fields
+  private readonly __hostile: Hostile;
+  //#endregion
+
+  //#region singleton
+  private static _instances = {};
+
+  private constructor(
+    private portsToPass: number[],
+    private hosts: EtcHosts,
+    private cwd: string,
+  ) {
+    this.__hostile = new Hostile();
+  }
+
+  public static async Instance({
+    ports = [80, 443, 4443, 22, 2222, 8180, 8080, 4407, 7999, 9443],
+    additionalDefaultHosts = {},
+    cwd = process.cwd(),
+    allowNotSudo = false,
+  }: {
+    ports?: number[];
+    additionalDefaultHosts?: EtcHosts;
+    cwd?: string;
+    allowNotSudo?: boolean;
+  } = {}) {
+    if (!(await isElevated()) && !allowNotSudo) {
+      Helpers__NS__error(
+        `[vpn-split] Please run this program as sudo (or admin on windows)`,
+        false,
+        true,
+      );
+    }
+
+    if (!VpnSplit._instances[cwd]) {
+      VpnSplit._instances[cwd] = new VpnSplit(
+        ports,
+        ___NS__merge(DefaultEtcHosts, additionalDefaultHosts),
+        cwd,
+      );
+    }
+    return VpnSplit._instances[cwd] as VpnSplit;
+  }
+  //#endregion
+
+  //#region start server
+  async startServer(saveHostInUserFolder = false) {
+    this.createCertificateIfNotExists();
+
+    const hostsForCert = this.hosts;
+
+    // const domainsForCert: string[] = Utils__NS__uniqArray(
+    //   Object.keys(hostsForCert).reduce((prev, curr) => {
+    //     const host = hostsForCert[curr] as HostForServer;
+    //     host.aliases.forEach(alias => {
+    //       if (!host.isDefault) {
+    //         prev.push(alias);
+    //       }
+    //     });
+    //     return prev;
+    //   }, [] as string[]),
+    // );
+
+    // this.ensureMkcertCertificate(domainsForCert);
+
+    //#region modify /etc/host to direct traffic appropriately
+    saveHosts(hostsForCert, { saveHostInUserFolder });
+    //#endregion
+
+    // Start TCP/HTTPS passthrough
+    for (const portToPassthrough of this.portsToPass) {
+      await this.serverPassthrough(portToPassthrough);
+    }
+
+    // Start UDP passthrough
+    for (const portToPassthrough of this.portsToPass) {
+      await this.serverUdpPassthrough(portToPassthrough);
+    }
+
+    Helpers__NS__info(`Activated (server).`);
+  }
+  //#endregion
+
+  //#region apply hosts
+  public applyHosts(hosts: EtcHosts) {
+    // console.log(hosts);
+    saveHosts(hosts);
+  }
+
+  public applyHostsLocal(hosts: EtcHosts) {
+    // console.log(hosts);
+    saveHostsLocal(hosts);
+  }
+  //#endregion
+
+  //#region start client
+  public async startClient(
+    vpnServerTargets: URL[] | URL,
+    options: {
+      saveHostInUserFolder?: boolean;
+      useHost?: EtcHosts;
+    },
+  ) {
+    options = options || {};
+    const { saveHostInUserFolder } = options;
+    if (!Array.isArray(vpnServerTargets)) {
+      vpnServerTargets = [vpnServerTargets];
+    }
+    for (const vpnServerTarget of vpnServerTargets) {
+      await this.preventBadTargetForClient(vpnServerTarget);
+    }
+
+    this.createCertificateIfNotExists();
+
+    // Get remote host definitions from remote server
+    const hosts: Array<{
+      ip: string;
+      alias: string;
+      originHostname?: string;
+    }> = [];
+
+    for (const vpnServerTarget of vpnServerTargets) {
+      const newHosts = await this.getRemoteHosts(vpnServerTarget);
+      for (const host of newHosts) {
+        // Mark the original VPN server domain
+        host.originHostname = vpnServerTarget.hostname;
+        hosts.push(host);
+      }
+    }
+
+    // Merge with original, redirecting all non-default entries to 127.0.0.1
+    const originalHosts = this.hostsArr;
+    const combinedHostsObj = ___NS__values(
+      [
+        ...originalHosts,
+        ...hosts.map(h =>
+          HostForServer.From(
+            {
+              aliases: h.alias as any,
+              ipOrDomain: h.ip,
+              originHostname: h.originHostname,
+            },
+            `external host ${h.alias} ${h.ip}`,
+          ),
+        ),
+      ]
+        .map(c => {
+          let copy = c.clone();
+          if (!copy.isDefault) {
+            copy.ip = `127.0.0.1`;
+          }
+          return copy;
+        })
+        .reduce((prev, curr) => {
+          return ___NS__merge(prev, {
+            [curr.aliases.join(' ')]: curr,
+          });
+        }, {}),
+    ) as HostForServer[];
+
+    const hostsForCert = options.useHost ? options.useHost : combinedHostsObj;
+
+    // const domainsForCert: string[] = Utils__NS__uniqArray(
+    //   Object.keys(hostsForCert).reduce((prev, curr) => {
+    //     const host = hostsForCert[curr] as HostForServer;
+    //     host.aliases.forEach(alias => {
+    //       if (!host.isDefault) {
+    //         prev.push(alias);
+    //       }
+    //     });
+    //     return prev;
+    //   }, [] as string[]),
+    // );
+
+    // this.ensureMkcertCertificate(domainsForCert);
+
+    saveHosts(hostsForCert, {
+      saveHostInUserFolder,
+    });
+
+    // Start TCP/HTTPS passthrough
+    for (const portToPassthrough of this.portsToPass) {
+      await this.clientPassthrough(
+        portToPassthrough,
+        vpnServerTargets,
+        combinedHostsObj,
+      );
+    }
+
+    // Start UDP passthrough
+    for (const portToPassthrough of this.portsToPass) {
+      await this.clientUdpPassthrough(
+        portToPassthrough,
+        vpnServerTargets,
+        combinedHostsObj,
+      );
+    }
+
+    Helpers__NS__info(`Client activated`);
+  }
+  //#endregion
+
+  //#region private methods / get remote hosts
+  private async getRemoteHosts(vpnServerTarget: URL) {
+    try {
+      const url = `http://${vpnServerTarget.hostname}${SERVERS_PATH}`;
+      const response = await axios({ url, method: 'GET' });
+      return response.data as {
+        ip: string;
+        alias: string;
+        originHostname?: string;
+      }[];
+    } catch (err) {
+      Helpers__NS__error(
+        `Remote server: ${vpnServerTarget.hostname} may be inactive...`,
+        true,
+        true,
+      );
+      return [];
+    }
+  }
+  //#endregion
+
+  //#region private methods / create certificate
+  private createCertificateIfNotExists() {
+    if (
+      !Helpers__NS__exists(this.serveKeyPath) ||
+      !Helpers__NS__exists(this.serveCertPath)
+    ) {
+      Helpers__NS__info(
+        `[vpn-split] Generating new self-signed certificate for localhost...`,
+      );
+      const commandGen = UtilsOs__NS__isRunningInWindowsPowerShell()
+        ? `powershell -Command "& 'C:\\Program Files\\Git\\usr\\bin\\openssl.exe' req -nodes -new -x509 -keyout ${this.serveKeyName} -out ${this.serveCertName}"`
+        : `openssl req -nodes -new -x509 -keyout ${this.serveKeyName} -out ${this.serveCertName}`;
+      Helpers__NS__run(commandGen, { cwd: this.cwd, output: true }).sync();
+    }
+  }
+  //#endregion
+
+  //#region private methods / TCP & HTTPS passthrough
+  private getTarget({
+    req,
+    res,
+    port,
+    hostname,
+  }: {
+    req: express.Request;
+    res: express.Response;
+    port: number;
+    hostname: string;
+  }): string {
+    return `${req.protocol}://${hostname}:${port}`;
+  }
+
+  private getProxyConfig({
+    req,
+    res,
+    port,
+    hostname,
+    isHttps,
+  }: {
+    req: express.Request;
+    res: express.Response;
+    port: number;
+    hostname?: string;
+    isHttps: boolean;
+  }): httpProxy.ServerOptions {
+    const serverPassthrough = !!hostname;
+    const target = this.getTarget({
+      req,
+      res,
+      port,
+      hostname: serverPassthrough ? hostname : req.hostname,
+    });
+    // console.log({
+    //   target,
+    //   port,
+    //   hostname,
+    //   reqHostname: req.hostname,
+    //   serverPassthrough,
+    // });
+    return isHttps
+      ? {
+          target,
+          ssl: {
+            key: fse.readFileSync(this.serveKeyPath),
+            cert: fse.readFileSync(this.serveCertPath),
+          },
+          // agent: new https.Agent({
+          //   secureOptions: crypto.constants.SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION,
+          // }),
+          // changeOrigin: true,
+          secure: true,
+        }
+      : ({ target } as httpProxy.ServerOptions);
+  }
+
+  private getNotFoundMsg(
+    req: express.Request,
+    res: express.Response,
+    port: number,
+    type: 'client' | 'server',
+  ): string {
+    return `[vpn-split] You are requesting a URL that is not in proxy reach [${type}]
+Protocol: ${req.protocol}
+Hostname: ${req.hostname}
+OriginalUrl: ${req.originalUrl}
+Req.method: ${req.method}
+Port: ${port}
+SERVERS_PATH: ${SERVERS_PATH}`;
+  }
+
+  private getMaybeChangeOriginTrueMsg(
+    req: express.Request,
+    res: express.Response,
+    port: number,
+    type: 'client' | 'server',
+  ): string {
+    return `[vpn-split] Possibly need changeOrigin: true in your proxy config
+Protocol: ${req.protocol}
+Hostname: ${req.hostname}
+OriginalUrl: ${req.originalUrl}
+Req.method: ${req.method}
+Port: ${port}`;
+  }
+
+  private filterHeaders(
+    req: http.IncomingMessage & express.Request,
+    res: http.ServerResponse & express.Response,
+  ): void {
+    // If you have any headers to remove, do it here:
+    const headersToRemove = [
+      // 'Strict-Transport-Security',
+      // 'Content-Security-Policy',
+      // ...
+    ];
+    headersToRemove.forEach(headerName => {
+      delete req.headers[headerName];
+      res.setHeader(headerName, '');
+    });
+  }
+
+  private isHttpsPort(port: number): boolean {
+    // Decide your logic for “is HTTPS” here
+    return [443, 4443, 9443].includes(port);
+  }
+
+  //#region server passthrough (TCP/HTTPS)
+  private async serverPassthrough(portToPassthrough: number): Promise<void> {
+    const isHttps = this.isHttpsPort(portToPassthrough);
+    process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
+    const app = express();
+    const proxy = httpProxy.createProxyServer({});
+
+    const localIp = await UtilsNetwork__NS__getLocalIpAddresses();
+    const currentLocalIps = [
+      CoreModels__NS__localhostDomain,
+      CoreModels__NS__localhostIp127,
+      ...localIp.map(a => a.address),
+    ];
+
+    app.use(
+      (
+        req: http.IncomingMessage & express.Request,
+        res: http.ServerResponse & express.Response,
+        next,
+      ) => {
+        this.filterHeaders(req, res);
+
+        if (currentLocalIps.includes(req.hostname)) {
+          if (req.method === 'GET' && req.originalUrl === SERVERS_PATH) {
+            res.send(
+              JSON.stringify(
+                this.hostsArrWithoutDefault.map(h => ({
+                  ip: h.ip,
+                  alias: HelpersTaon__NS__arrays__NS__from(h.aliases).join(' '),
+                })),
+              ),
+            );
+          } else {
+            const msg = this.getNotFoundMsg(
+              req,
+              res,
+              portToPassthrough,
+              'server',
+            );
+            log.d(msg);
+            res.send(msg);
+          }
+          next();
+        } else {
+          proxy.web(
+            req,
+            res,
+            this.getProxyConfig({ req, res, port: portToPassthrough, isHttps }),
+            next,
+          );
+        }
+      },
+    );
+
+    const server = isHttps
+      ? https.createServer(
+          {
+            key: fse.readFileSync(this.serveKeyPath),
+            cert: fse.readFileSync(this.serveCertPath),
+          },
+          app,
+        )
+      : http.createServer(app);
+
+    await Helpers__NS__killProcessByPort(portToPassthrough, { silent: true });
+    await new Promise<void>((resolve, reject) => {
+      server.listen(portToPassthrough, () => {
+        console.log(
+          `TCP/HTTPS server listening on port ${portToPassthrough} (secure=${isHttps})`,
+        );
+        resolve();
+      });
+    });
+  }
+  //#endregion
+
+  //#region client passthrough (TCP/HTTPS)
+  private async clientPassthrough(
+    portToPassthrough: number,
+    vpnServerTargets: URL[],
+    hostsArr: HostForServer[],
+  ) {
+    // Map from an alias => the “real” origin hostname (the server domain)
+    const aliasToOriginHostname: { [alias: string]: string | undefined } = {};
+    for (const h of hostsArr) {
+      for (const alias of h.aliases) {
+        aliasToOriginHostname[alias] = h.originHostname;
+      }
+    }
+    // Remove defaults from the map so we don't cause collisions
+    delete aliasToOriginHostname['localhost'];
+    delete aliasToOriginHostname['broadcasthost'];
+
+    // Build a dictionary from originHostname => URL (for quick lookup)
+    const originToUrlMap: { [origin: string]: URL } = {};
+    for (const url of vpnServerTargets) {
+      originToUrlMap[url.hostname] = url;
+    }
+
+    const isHttps = this.isHttpsPort(portToPassthrough);
+    process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
+    const app = express();
+    const proxy = httpProxy.createProxyServer({});
+
+    app.use(
+      (
+        req: http.IncomingMessage & express.Request,
+        res: http.ServerResponse & express.Response,
+        next,
+      ) => {
+        this.filterHeaders(req, res);
+
+        // Identify the real origin server based on alias
+        const originHostname = aliasToOriginHostname[req.hostname];
+        if (!originHostname) {
+          // Not one of our known aliases
+          const msg = this.getMaybeChangeOriginTrueMsg(
+            req,
+            res,
+            portToPassthrough,
+            'client',
+          );
+          res.send(msg);
+          next();
+          return;
+        }
+
+        // Proxy onward to the real server domain at the same port
+        const targetUrlObj = originToUrlMap[originHostname];
+        if (!targetUrlObj) {
+          const notFoundMsg = this.getNotFoundMsg(
+            req,
+            res,
+            portToPassthrough,
+            'client',
+          );
+          res.send(notFoundMsg);
+          next();
+          return;
+        }
+
+        // Forward
+        proxy.web(
+          req,
+          res,
+          this.getProxyConfig({
+            req,
+            res,
+            port: portToPassthrough,
+            isHttps,
+            hostname: targetUrlObj.hostname,
+          }),
+          next,
+        );
+      },
+    );
+
+    const server = isHttps
+      ? https.createServer(
+          {
+            key: fse.readFileSync(this.serveKeyPath),
+            cert: fse.readFileSync(this.serveCertPath),
+          },
+          app,
+        )
+      : http.createServer(app);
+
+    await Helpers__NS__killProcessByPort(portToPassthrough, { silent: true });
+    await new Promise<void>((resolve, reject) => {
+      server.listen(portToPassthrough, () => {
+        log.i(
+          `TCP/HTTPS client listening on port ${portToPassthrough} (secure=${isHttps})`,
+        );
+        resolve();
+      });
+    });
+  }
+  //#endregion
+
+  //#region UDP passthrough
+  /**
+   * Start a UDP socket for “server” mode on a given port.
+   * This example forwards inbound messages right back to the sender,
+   * or you can forward them to an external IP:port if desired.
+   */
+  private async serverUdpPassthrough(port: number): Promise<void> {
+    return;
+    // Example of a simple “echo-style” server or forwarder
+    const socket = dgram.createSocket('udp4');
+
+    // (Optionally) kill existing processes on that port – though for UDP
+    // we might not have a direct “listener process.” Adjust as needed.
+    // await Helpers__NS__killProcessByPort(port, { silent: true }).catch(() => {});
+
+    socket.on('message', (msg, rinfo) => {
+      // rinfo contains { address, port } of the sender
+      // In a typical “server” scenario, you might:
+      // 1. Inspect msg
+      // 2. Possibly forward to some real backend if needed
+      // 3. Or just echo it back
+
+      // For a real forward, do something like:
+      // const backendHost = 'some-other-host-or-ip';
+      // const backendPort = 9999;
+      // socket.send(msg, 0, msg.length, backendPort, backendHost);
+
+      // For a basic echo server:
+      socket.send(msg, 0, msg.length, rinfo.port, rinfo.address, err => {
+        if (err) {
+          log.er(`UDP server send error: ${err}`);
+        }
+      });
+    });
+
+    socket.on('listening', () => {
+      const address = socket.address();
+      log.i(`UDP server listening at ${address.address}:${address.port}`);
+    });
+
+    socket.bind(port);
+  }
+
+  /**
+   * Start a UDP socket for “client” mode on a given port.
+   * This example also just does a trivial pass-through or echo,
+   * but you can adapt to forward to a remote server.
+   */
+  private async clientUdpPassthrough(
+    port: number,
+    vpnServerTargets: URL[],
+    hostsArr: HostForServer[],
+  ): Promise<void> {
+    return;
+    // console.log(`Client UDP passthrough, port ${port}` );
+    // In client mode, we typically intercept local UDP traffic on “port”
+    // and forward it to the remote server. Then we forward the remote
+    // server's response back to the local client.
+
+    const socket = dgram.createSocket('udp4');
+    // await Helpers__NS__killProcessByPort(port, { silent: true }).catch(() => {});
+
+    // For simplicity, pick the first server from the array
+    // Or add your own logic to choose among multiple.
+    const primaryTarget = vpnServerTargets[0];
+    const targetHost = primaryTarget.hostname;
+    // Choose the same port or a custom port
+    const targetPort = port;
+
+    // A map to remember who originally sent us a packet,
+    // so we can route the response back properly.
+    // Key could be “targetHost:targetPort => { address, port }”
+    // or “clientAddress:clientPort” => { remoteAddress, remotePort }.
+    // Adapt to your scenario.
+    const clientMap = new Map<string, dgram.RemoteInfo>();
+
+    socket.on('message', (msg, rinfo) => {
+      //
+      // If the message is from a local client, forward to server.
+      // If the message is from the server, forward back to the correct client.
+      //
+
+      // Check if it’s from local or remote by address. This is simplistic:
+      const isFromLocal = !___NS__includes(
+        hostsArr.map(h => h.ipOrDomain),
+        rinfo.address,
+      );
+
+      if (isFromLocal) {
+        // Received from local => forward to “server” (the VPN server)
+        // Keep track of who we got this from (the local client)
+        const key = `local-${rinfo.address}:${rinfo.port}`;
+        clientMap.set(key, rinfo);
+
+        // Forward to remote
+        socket.send(msg, 0, msg.length, targetPort, targetHost, err => {
+          if (err) {
+            log.er(`UDP client forward error: ${err}`);
+          }
+        });
+      } else {
+        // Probably from remote => forward back to whichever local client sent it
+        // In a more advanced scenario, parse the payload or maintain a bigger table
+        // with NAT-like sessions.
+        //
+        // For now, we guess it’s from the “VPN server”
+        // We'll just route it back to the single local client that we stored
+        // or do multiple if we had a better NAT map.
+
+        // If you have multi-target or multi-client logic, adapt here.
+        // For example, search clientMap by something in the msg or a NAT key.
+        clientMap.forEach((localRinfo, key) => {
+          socket.send(
+            msg,
+            0,
+            msg.length,
+            localRinfo.port,
+            localRinfo.address,
+            err => {
+              if (err) {
+                log.er(`UDP client re-send error: ${err}`);
+              }
+            },
+          );
+        });
+      }
+    });
+
+    socket.on('listening', () => {
+      const address = socket.address();
+      log.i(
+        `UDP client listening at ${address.address}:${address.port}, forwarding to ${targetHost}:${targetPort}`,
+      );
+    });
+
+    socket.bind(port);
+  }
+  //#endregion
+
+  //#region private methods / get port from request
+  private getPortFromRequest(req: express.Request): number {
+    const host = req.headers.host;
+    const protocol = req.protocol;
+    if (host) {
+      const hostParts = host.split(':');
+      if (hostParts.length === 2) {
+        return Number(hostParts[1]);
+      } else {
+        return protocol === 'https' ? 443 : 80;
+      }
+    }
+    return 80;
+  }
+  //#endregion
+
+  // Put this method in your VpnSplit class (or outside as a static helper)
+  private ensureMkcertCertificate(domains: string[]) {
+    //#region @backendFunc
+
+    // console.log('Domains for cert:', domains);
+    // Helpers__NS__error(``,false,true);
+
+    if (!UtilsOs__NS__commandExistsSync('mkcert')) {
+      Helpers__NS__error('[vpn-split] mkcert is not installed.', false, true);
+    }
+
+    const certPath = this.serveCertPath; // e.g. .../tmp-server_cert
+    const keyPath = this.serveKeyPath; // e.g. .../tmp-server_key
+
+    const allNames = [
+      'localhost',
+      '127.0.0.1',
+      // '::1',
+      // optional: common local networks so the cert also works for raw IP access
+      // '10.0.0.0/8',
+      // '172.16.0.0/12',
+      // '192.168.0.0/16',
+      ...domains, // <-- your 120+ domains here
+    ];
+
+    // Helper: run mkcert and capture output
+    const runMkcert = (args: string) => {
+      try {
+        return execSync(`mkcert ${args}`, { stdio: 'pipe' }).toString().trim();
+      } catch (err: any) {
+        const stderr = err.stderr?.toString() || '';
+        if (stderr.includes('command not found')) {
+          Helpers__NS__error(
+            '[vpn-split] mkcert is not installed. Install it first: https://github.com/FiloSottile/mkcert',
+            false,
+            true,
+          );
+        }
+        throw err;
+      }
+    };
+
+    // 1. Check if the root CA is already installed
+    let caInstalled = false;
+    try {
+      const output = runMkcert('-CAROOT');
+      // If -CAROOT succeeds and the root files exist → CA is installed
+      const rootDir = crossPlatformPath(output.trim());
+      if (
+        rootDir &&
+        fse.pathExistsSync(crossPlatformPath([rootDir, 'rootCA.pem']))
+      ) {
+        Helpers__NS__info('[vpn-split] mkcert local CA is already installed');
+        caInstalled = true;
+      } else {
+        Helpers__NS__info('[vpn-split] mkcert local CA is NOT installed');
+      }
+    } catch {
+      Helpers__NS__info('[vpn-split] mkcert error checking local CA installation');
+    }
+
+    // 2. Install the local CA if needed (requires sudo once)
+    if (!caInstalled) {
+      Helpers__NS__info(
+        '[vpn-split] Installing mkcert local CA (requires sudo once)...',
+      );
+      try {
+        execSync('mkcert -install', { stdio: 'inherit' });
+        Helpers__NS__info('[vpn-split] Local CA installed and trusted system-wide');
+      } catch (err) {
+        Helpers__NS__error(
+          '[vpn-split] Failed to run "mkcert -install". Run it manually with sudo.',
+          false,
+          true,
+        );
+      }
+    }
+
+    const isWindows = process.platform === 'win32';
+
+    // const maxArgLength = isWindows ? 2000 : 8000; // Conservative limits
+    let tempCertFiles: string[] = [];
+    let tempKeyFiles: string[] = [];
+
+    if (allNames.length <= 20 || !isWindows) {
+      // Small list or non-Windows: one shot
+      const namesArg = allNames.map(d => `"${d}"`).join(' ');
+      const mkcertCmd = `-key-file "${keyPath}" -cert-file "${certPath}" ${namesArg}`;
+      fse.ensureDirSync(path.dirname(certPath));
+      runMkcert(mkcertCmd);
+    } else {
+      // Big list on Windows: Batch into chunks of ~20 domains
+      const chunkSize = 20;
+      fse.ensureDirSync(path.dirname(certPath));
+
+      for (let i = 0; i < allNames.length; i += chunkSize) {
+        const chunk = allNames.slice(i, i + chunkSize);
+        const tempCert = `${certPath}.${i}.pem`;
+        const tempKey = `${keyPath}.${i}.pem`;
+        const namesArg = chunk.map(d => `"${d}"`).join(' ');
+        const mkcertCmd = `-key-file "${tempKey}" -cert-file "${tempCert}" ${namesArg}`;
+
+        Helpers__NS__info(
+          `[vpn-split] Generating batch ${Math.floor(i / chunkSize) + 1}/${Math.ceil(allNames.length / chunkSize)}...`,
+        );
+        runMkcert(mkcertCmd);
+
+        tempCertFiles.push(tempCert);
+        tempKeyFiles.push(tempKey);
+      }
+
+      // 3. Merge all temp certs into one (cert chain + leaves) and pick first key
+      Helpers__NS__info('[vpn-split] Merging batches into final cert...');
+      const firstKey = tempKeyFiles[0];
+      fse.copySync(firstKey, keyPath); // Use the first key (all are identical)
+
+      // Concat all certs (mkcert output is already PEM-formatted)
+      const mergedCertContent = tempCertFiles
+        .map(f => fse.readFileSync(f, 'utf8'))
+        .join('\n'); // PEM certs stack nicely
+      fse.writeFileSync(certPath, mergedCertContent);
+
+      // Clean up temps
+      tempCertFiles.forEach(f => fse.removeSync(f));
+      tempKeyFiles.slice(1).forEach(f => fse.removeSync(f)); // Keep first key as backup if needed
+
+      Helpers__NS__info('[vpn-split] Merged cert ready!');
+    }
+
+    // Verify
+    if (!fse.existsSync(certPath) || !fse.existsSync(keyPath)) {
+      Helpers__NS__error('[vpn-split] Files missing after generation!', false, true);
+    } else {
+      Helpers__NS__info(
+        `[vpn-split] Trusted cert ready: ${allNames.length} hostnames covered`,
+      );
+    }
+    //#endregion
+  }
+
+  //#region private methods / prevent bad target for client
+  private async preventBadTargetForClient(vpnServerTarget: URL) {
+    if (!vpnServerTarget) {
+      const currentLocalIp =
+        await UtilsNetwork__NS__getFirstIpV4LocalActiveIpAddress();
+      Helpers__NS__error(
+        `[vpn-server] Please provide a correct target server.\n` +
+          `Example:\n` +
+          `vpn-server ${currentLocalIp}\n\n` +
+          `Your local IP is: ${currentLocalIp}`,
+        false,
+        true,
+      );
+    }
+  }
+  //#endregion
+}
+
+//#region helper / gen msg
+const genMsg =
+  `
+################################################
+## This file is generated #####################
+################################################
+`.trim() + EOL;
+//#endregion
+
+//#region helpers / save hosts
+function saveHosts(
+  hosts: EtcHosts | HostForServer[],
+  options?: {
+    saveHostInUserFolder?: boolean;
+  },
+) {
+  const { saveHostInUserFolder } = options || {};
+  if (___NS__isArray(hosts)) {
+    hosts = hosts.reduce((prev, curr) => {
+      return ___NS__merge(prev, {
+        [curr.name]: curr,
+      });
+    }, {} as EtcHosts);
+  }
+  const toSave = parseHost(hosts, !!saveHostInUserFolder);
+  if (saveHostInUserFolder) {
+    Helpers__NS__writeFile(HOST_FILE_PATHUSER, toSave);
+  } else {
+    Helpers__NS__writeFile(HOST_FILE_PATH, toSave);
+  }
+}
+
+function saveHostsLocal(
+  hosts: EtcHosts | HostForServer[],
+  options?: {
+    saveHostInUserFolder?: boolean;
+  },
+) {
+  const { saveHostInUserFolder } = options || {};
+  if (___NS__isArray(hosts)) {
+    hosts = hosts.reduce((prev, curr) => {
+      return ___NS__merge(prev, {
+        [curr.name]: curr,
+      });
+    }, {} as EtcHosts);
+  }
+  const toSave = parseHost(hosts, !!saveHostInUserFolder, true);
+  if (saveHostInUserFolder) {
+    Helpers__NS__writeFile(HOST_FILE_PATHUSER, toSave);
+  } else {
+    Helpers__NS__writeFile(HOST_FILE_PATH, toSave);
+  }
+}
+//#endregion
+
+//#region helpers / parse hosts
+function parseHost(
+  hosts: EtcHosts,
+  saveHostInUserFolder: boolean,
+  useLocal = false,
+) {
+  // hosts = ___NS__merge(hosts, DefaultEtcHosts);
+  hosts = {
+    ...DefaultEtcHosts,
+    ...hosts,
+  };
+  ___NS__keys(hosts).forEach(hostName => {
+    const v = hosts[hostName] as HostForServer;
+    v.name = hostName;
+  });
+  return (
+    genMsg +
+    EOL +
+    ___NS__keys(hosts)
+      .map(hostName => {
+        const v = hosts[hostName] as HostForServer;
+
+        if (v.skipUpdateOfServerEtcHosts) {
+          console.warn(
+            `[vpn-split] Skip saving host: ${v.name} (${v.ipOrDomain})`,
+          );
+          return `# SKIPPING HOST ${v.ipOrDomain} ${v.aliases.join(' ')} ${GENERATED}`; // Skip saving this host
+        }
+        const aliasesStr = (v.aliases as string[]).join(' ');
+        if (saveHostInUserFolder) {
+          // For a user-specific hosts file:
+          return useLocal
+            ? `127.0.0.1 ${aliasesStr}`
+            : `${v.disabled ? '#' : ''}${v.ipOrDomain} ${aliasesStr}`;
+        }
+        return useLocal
+          ? `127.0.0.1 ${aliasesStr}`
+          : `${v.disabled ? '#' : ''}${v.ipOrDomain} ${aliasesStr} # ${v.name} ${GENERATED}`;
+      })
+      .join(EOL) +
+    EOL +
+    EOL +
+    genMsg
+  );
+}
+//#endregion