Buy some old Intel 10Gbps network adapter, X520, X540 … from AliExpress https://aliexpress.com/, and install old Intel network adapter driver for Windows 10 and make it working in Windows 11. The example is install version 25.0 Intel network adapter driver, https://www.intel.com/content/www/us/en/download/18293/29648/intel-network-adapter-driver-for-windows-10.html, to get it to work in Windows 11:

• Intel network adapters supported Operating Systems, https://www.intel.com/content/www/us/en/support/articles/000025890/ethernet-products.html

• Buy dual ports 10Gbps network adapter

• Install the network adapter in PCIE slot directly to the CPU

• Enable SMB Multichannel

• Enable Jumbo Frames

Network adapter requires to support RSS (Receive Side Scaling).

• Open PowerShell as administrator in Windows 11, run and enable SMB Multichannel (should be enabled by default):

1
2
3
4
5
6

PS C:\> Set-SmbClientConfiguration -EnableMultiChannel $true

Confirm
Are you sure you want to perform this action?
Performing operation 'Modify' on Target 'SMB Client Configuration'.
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"):

Check network interfaces which show “RSS capable = True“:

1
2
3
4
5
6
7
8

PS C:\> Get-SmbClientNetworkInterface

Interface Index RSS Capable RDMA Capable Speed   IpAddresses                               Friendly Name
--------------- ----------- ------------ -----   -----------                               -------------
17              True        False        20 Gbps {}                                        X710-1-WFP Native MAC Layer LightWeight Filter-0000
8               False       False        10 Gbps {}                                        X710-1
13              False       False        10 Gbps {}                                        X710-2
26              True        False        20 Gbps {fe80::923a:90de:dedd:ef44, 192.168.0.98} NIC-Team

• Verify there are any active SMB connections:

1
2
3
4
5

PS C:\> Get-SmbConnection

ServerName ShareName UserName         Credential                               Dialect NumOpens
---------- --------- --------         ----------                               ------- --------
Synology   NAS Drive RIPTIDE\terrence MicrosoftAccount\terrence.miao@mail.net  3.1.1   2

• Copy a large file to a SMB device, e.g., Synology NAS which also has SMB Multichannel enabled, then verify the SMB Multichannel is working:

1
2
3
4
5
6
7

PS C:\> Get-SmbMultichannelConnection -IncludeNotSelected

Server Name Selected Client IP    Server IP       Client Interface Index Server Interface Index Client RSS Capable Client RDMA Capable
----------- -------- ---------    ---------       ---------------------- ---------------------- ------------------ -------------------
Synology    True     192.168.0.98 192.168.0.112   26                     5                      False              False
Synology    False    192.168.0.98 192.168.0.34    26                     4                      False              False
Synology    False    192.168.0.98 192.168.196.140 26                     7                      False              False

192.168.0.98 is Windows 11 network address, after Network Teaming; 192.168.0.112 and 192.168.0.34 are Synology NAS network addresses.

References

• HOW TO: Enable SMB Multichannel for > 125 MB between Synology and Win 10, https://www.reddit.com/r/synology/comments/rrb4r1/how_to_enable_smb_multichannel_for_125_mb_between/
• What is SMB3 Multichannel and how is it different from Link Aggregation?, https://kb.synology.com/en-global/DSM/tutorial/smb3_multichannel_link_aggregation
• SMB Multichannel available for testing!, https://community.synology.com/enu/forum/1/post/157265

Synology NAS DS920+ with two 1Gbps ethernet adapters. There is an affordable and easy upgrading its gigabytes network path to 2.5Gbps.

Login Synology NAS Admin UI and run Control Panel -> Network -> Network Interface

• Get a USB 3.0 Ethernet Adapter 2.5Gbps with Realtek RTL8156 / RTL8156B / RTL8156BG chipset, e.g., UGREEN 2.5Gbps USB-C Ethernet Adapter:

• Find out the architecture name of CPU in NAS. For example, Synology DS920+ is equipped with Intel Celeron J4125 CPU. The architecture name of this processor is Geminilake.

• Go to driver releases site https://github.com/bb-qq/r8152/releases and download the latest version e.g. r8152-geminilake-2.17.1-1_7.2.spk, Synology DSM 7.2 and above, use packages with the suffix _7.2.

• Login Synology Admin UI, then go to Package Center -> Manual Install and choose a driver package downloaded from above step.

• The installation will fail at the very first time.

• Then ssh into the NAS, and run the following command:

1

$ sudo install -m 4755 -o root -D /var/packages/r8152/target/r8152/spk_su /opt/sbin/spk_su

and also enable multiple identical USB devices, which SAME products have the SAME serial number:

1

$ sudo bash /var/packages/r8152/scripts/install-udev-rules

1
2
3
4

$ sudo bash /var/packages/r8152/scripts/install-udev-rules
Updating Hardware Database Index...
UDEV rules have been installed to /usr/lib/udev/rules.d
lrwxrwxrwx 1 root root 50 May 24 17:13 /usr/lib/udev/rules.d/51-usb-r8152-net.rules -> /var/packages/r8152/scripts/51-usb-r8152-net.rules

and continue / retry the installation .

• Reboot NAS.

• Login Synology Admin UI, Package Center -> Installed -> RTL8152/RTL8153 driver and check new installed Realtek network adapter driver is running:

• Control Panel -> Network -> Network Interface and check the new network interface LAN 3 and Lan 4 have been turned on, with MTU / jumbo frame enabled 9000:

Bind the USB network adapter and run iperf3 network performance test:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

$ iperf3 -c 192.168.0.244 -B 192.168.0.229
Connecting to host 192.168.0.244, port 5201
[  5] local 192.168.0.229 port 46171 connected to 192.168.0.244 port 5201
[ ID] Interval           Transfer     Bitrate         Retr  Cwnd
[  5]   0.00-1.00   sec   281 MBytes  2.36 Gbits/sec    0    450 KBytes
[  5]   1.00-2.00   sec   281 MBytes  2.35 Gbits/sec    0    450 KBytes
[  5]   2.00-3.00   sec   280 MBytes  2.35 Gbits/sec    0    450 KBytes
[  5]   3.00-4.00   sec   281 MBytes  2.35 Gbits/sec    0    450 KBytes
[  5]   4.00-5.00   sec   281 MBytes  2.35 Gbits/sec    0    450 KBytes
[  5]   5.00-6.00   sec   281 MBytes  2.35 Gbits/sec    0    450 KBytes
[  5]   6.00-7.00   sec   281 MBytes  2.35 Gbits/sec    0    450 KBytes
[  5]   7.00-8.00   sec   280 MBytes  2.35 Gbits/sec    0    450 KBytes
[  5]   8.00-9.00   sec   281 MBytes  2.36 Gbits/sec    0    450 KBytes
[  5]   9.00-10.00  sec   281 MBytes  2.36 Gbits/sec    0    670 KBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec  2.74 GBytes  2.35 Gbits/sec    0             sender
[  5]   0.00-10.05  sec  2.74 GBytes  2.34 Gbits/sec                  receiver

iperf Done.

References

• DSM driver for realtek RTL8152/RTL8153/RTL8156 based USB Ethernet adapters, https://github.com/bb-qq/r8152
• Hot plugging does not work, https://github.com/bb-qq/r8152/wiki/Troubleshooting#hot-plugging-does-not-work
• Multiple identical devices do not work, https://github.com/bb-qq/r8152/wiki/Troubleshooting#multiple-identical-devices-do-not-work

Intel Ethernet Converged Network Adapter X710, with two 10Gbps ports. This allows to team the two ports together for link aggregation.

• Install Optional Features Server Manager in Windows 11

• Open and run Windows Powershell as administrator, then run:

1

PS C:\> New-NetSwitchTeam -Name "NIC-Team" -TeamMembers "X710-1","X710-2"

A new network interface created, with combined speed 20Gbps.

To remove network team, run:

1

PS C:\> Remove-NetSwitchTeam -Name "NIC-Team"

OnePlus 5T, first announced in Nov 2017. 7 years later, has been upgraded to Android 10.0.1, still robust and fast.

NOTE: Before you take on this brave journey, make sure backup all important files on the phone at first!

• First, unlock the bootloader, https://www.lifewire.com/how-to-unlock-bootloader-android-phone-4689186

• Enable Developer Options in Settings -> About phone -> Build number

• In Settings -> System -> Developer options, enable Advanced reboot, OEM unlocking, USB Debugging

• Download and install Android SDK Platform Tools on Windows https://developer.android.com/tools/releases/platform-tools

• Run commands:

1
2
3
4
5

$ adb devices
List of devices attached
9b26c76 device

$ adb reboot bootloader

• Wait for phone to reboot till phone in the Bootloader mode, then run:

1

$ fastboot flashing unlock

• ON the phone will ask to confirm “UNLOCK THE BOOTLOADER”. After UNLOCK, your phone WILL BE RESET, like a factory hard reset. ALL APPS AND DATA ARE GONE. Android system will be reinstalled.

• Go to OnePlus Smartphone Software Update site and download the latest version of OnePlus 5T update on Windows, https://oneplus.net/in/support/softwareupdate

• Unzip OnePlus 5T update on Widnows

• On the phone Settings, search for USB Preferences, select USE USB FOR File transfer

• On Windows, in File Explorer, copy OnePlus5TOxygen_43_OTA_069_all_2010292144_76910d123e3940e5/boot.img file to ONEPLUS A5010 -> Internal shared storage -> Download directory on the phone

• On the phone, download and install latest version Magisk, https://github.com/topjohnwu/Magisk

• Run Magisk, select Magisk Install, https://topjohnwu.github.io/Magisk/install.html

• Select and patch boot.img file under /Download directory

• A patched file magisk_patched-27000_nplRf successfully generated. On Windows, in File Explorer, copy it to local directory

• On Windows, run:

1

$ fastboot flash boot magisk_patched-27000_nplRf.img

NOTE: Always patch boot image on the SAME device where you run Magisk.

• Reboot the phone, and install Root Checker to verify Root access, https://play.google.com/store/search?q=root%20checker&c=apps&hl=en&gl=US

Now OnePlus 5T has been officially ROOTED!

NOTE: NO need to install TWRP (Team Win Recovery Project), https://twrp.me, a customised recovery application for Android devices on OnePlus 5T.

Bondi Beach in Upscayl

Bondi Beach original

Bondi Beach upscayled

Young Girl in Upscayl

Young Girl original

Young Girl upscayled

References

• Upscayl - AI Image Upscaler, https://www.upscayl.org/

Want to run OpenSSH Server on Windows e.g. Windows 10. From Windows 10, it natively supports OpenSSH.

NOTE: The beta and nightly build of OpenSSH Server for Windows have a lot of runtime issues.

Check OpenSSH installation:

1
2
3
4
5
6
7

PS C:\ProgramData\ssh> Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH*'

Name  : OpenSSH.Client~~~~0.0.1.0
State : Installed

Name  : OpenSSH.Server~~~~0.0.1.0
State : NotPresent

Install the missing OpenSSH Server:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

PS C:\ProgramData\ssh> Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
>>

Path          :
Online        : True
RestartNeeded : False


PS C:\ProgramData\ssh> Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH*'

Name  : OpenSSH.Client~~~~0.0.1.0
State : Installed

Name  : OpenSSH.Server~~~~0.0.1.0
State : Installed

Check OpenSSH for Windows version, check Windows Operating System version:

1
2
3
4
5

PS C:\ProgramData\ssh> ((Get-Item (Get-Command sshd).Source).VersionInfo.FileVersion)
8.1.0.1

PS C:\ProgramData\ssh> ((Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows nt\CurrentVersion\" -Name ProductName).ProductName)
Windows 10 Enterprise

Check Windows Domain information:

1
2
3
4
5
6
7
8
9
10
11
12

PS C:\ProgramData\ssh> dsregcmd /status

+----------------------------------------------------------------------+
| Device State                                                         |
+----------------------------------------------------------------------+

             AzureAdJoined : YES
          EnterpriseJoined : NO
              DomainJoined : YES
                DomainName : CORP
               Device Name : WINDOWS.corp.paradise.local
...

Check OpenSSH Server for Windows run as a service:

Make sure OpenSSH SSH Server firewall inbound rule allows ALL profiles:

The default C:\ProgramData\ssh\sshd_config file doesn’t work for Windows Domain users authentication, and does’t support .ssh\authorized_keys public key authentication. Error lookup_principal_name: User principal name lokup failed for user ‘corp\darling’ in OpenSSH Server C:\ProgramData\ssh\logs\ssd log file. A work around solution is to comment out lines:

1
2

#Match Group administrators
#       AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys

A complete sshd_config example file:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88

# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented.  Uncommented options override the
# default value.

#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

#HostKey __PROGRAMDATA__/ssh/ssh_host_rsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_dsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_ecdsa_key
#HostKey __PROGRAMDATA__/ssh/ssh_host_ed25519_key

# Ciphers and keying
#RekeyLimit default none

# Logging
SyslogFacility LOCAL0
LogLevel DEBUG3

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#PubkeyAuthentication yes

# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile	.ssh/authorized_keys

#AuthorizedPrincipalsFile none

# For this to work you will also need host keys in %programData%/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# GSSAPI options
#GSSAPIAuthentication no

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#PermitTTY yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#PermitUserEnvironment no
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# override default of no subsystems
Subsystem	sftp	sftp-server.exe

# Example of overriding settings on a per-user basis
#Match User anoncvs
#	AllowTcpForwarding no
#	PermitTTY no
#	ForceCommand cvs server

#Match Group administrators
#       AuthorizedKeysFile __PROGRAMDATA__/ssh/administrators_authorized_keys

Now run ssh client and log on SSH Server:

1
2
3
4
5

$ sshpass -f ~/.ssh/windows.passwd ssh -l darling windows.local
Microsoft Windows [Version 10.0.19044.2965]
(c) Microsoft Corporation. All rights reserved.

corp\darling@WINDOWS C:\Users\darling>

References

• The Ultimate Guide to Installing OpenSSH on Windows, https://petri.com/the-ultimate-guide-to-installing-openssh-on-windows
• Installing SFTP/SSH Server on Windows using OpenSSH, https://winscp.net/eng/docs/guide_windows_openssh_server

Host windows.local has VPN connection which is granted with git repository.

• Setup Socks/Socks5 proxy

1
2
3

$ ssh-copy-id -i id_rsa.pub darling@windows.local

$ ssh -D 3128 -q -C -N -f darling@windows.local

• -q: quiet mode, don’t output anything locally
• -C: compress data in the tunnel, save bandwidth
• -N: do not execute remote commands, useful for just forwarding ports
• -f: keep it running in the background

If PasswordAuthentication is enforced, and pubilc key authentication in SSH Server is not supported, try:

1

$ sshpass -f ~/.ssh/windows.passwd ssh -D 3128 -q -C -N -f darling@windows.local

• Configure git with Sock/Socks5 proxy

1
2
3
4
5
6
7
8
9

$ git config http.proxy 'socks5://localhost:3128'

$ cat .git/config
[user]
	name = Terrence Miao
	email = terrence.miao@paradise.net
	signingkey = EBCEB936
[http]
	proxy = socks5://localhost:3128

Then can access git repository via proxy both on command line and in UI client.

NOTE: Some SSH Server doesn’t allow public key authentication. Then sshpass is a friend here for you.

Install sshpass in MacOS:

1

$ brew install esolitos/ipa/sshpass

Test sshpass:

1

$ ssh -oProxyCommand="sshpass -f ~/.ssh/windows.passwd ssh -W %h:%p jumphost" -l darling jumphost-npe.paradise.net

Setup .ssh/config file:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59

## Keeping SSH Sessions Alive
Host *
 ServerAliveInterval 15

Host jumphost.mac
    Hostname mac.local
    IdentityFile ~/.ssh/id_rsa
    User darling

Host jumphost.windows
    Hostname windows.local
    IdentityFile ~/.ssh/id_rsa
    User darling

Host jumphost-npe
    Hostname jumphost-npe.paradise.net
    User darling
    IdentityFile ~/.ssh/id_rsa
    ProxyCommand sshpass -f ~/.ssh/windows.passwd ssh -W %h:%p jumphost.windows
    IdentitiesOnly yes
    StrictHostKeyChecking no
    UserKnownHostsFile=/dev/null
    ServerAliveInterval 60
    ServerAliveCountMax 5

## DEVELOPMENT hosts in AWS
Host ip-10-212-*.ap-southeast-2.compute.internal
    ProxyCommand ssh -W %h:%p jumphost-npe
    IdentityFile ~/.ssh/dev-stack.pem

## PTEST hosts in AWS
Host ip-10-213-*.ap-southeast-2.compute.internal
    ProxyCommand ssh -W %h:%p jumphost-npe
    IdentityFile ~/.ssh/test-stack.pem

## STEST hosts in AWS
Host ip-10-214-*.ap-southeast-2.compute.internal
    ProxyCommand ssh -W %h:%p jumphost-npe
    IdentityFile ~/.ssh/test-stack.pem

Host jumphost-prod
    HostName jumphost-prod.paradise.net
    User darling
    IdentityFile ~/.ssh/id_rsa.prod
    ProxyCommand sshpass -f ~/.ssh/windows.passwd ssh -W %h:%p jumphost.windows
    IdentitiesOnly yes
    StrictHostKeyChecking no
    UserKnownHostsFile=/dev/null
    ServerAliveInterval 60
    ServerAliveCountMax 5

## PROD hosts in AWS
Host ip-10-208-*.ap-southeast-2.compute.internal
    ProxyCommand ssh -W %h:%p jumphost-prod
    IdentityFile ~/.ssh/prod-ddc-stack.pem

## SSH over Session Manager
host i-* mi-*
    ProxyCommand sh -c "aws ssm start-session --target %h --document-name AWS-StartSSHSession --parameters 'portNumber=%p'"

Benchmark head to head - Mac vs. iPad. vs. Android