On Fri, 11 Sep 2020 21:48:45 -0400,
Ashley Dixon wrote:
>
> [1 ]
> On Fri, Sep 11, 2020 at 09:42:25PM -0400, John Covici wrote:
> > So, I then tried to do emerge @module-rebuild and got strange results. I
> > get
> > when emerging wireguard endlessly repeat
ust the the (3) systems on this transient net.
>
>
> So, my research suggest that WireGuard might be best because most of
> what I'm moving around is a wide variety of image types, as well as
> video and 3D/4D files and binaries for odd-ball embedded devices, of a
> wide variet
t;> (1) The corporate windows workstation/server. (always stationary).
>> (4) Total, often just the the (3) systems on this transient net.
>>
>>
>> So, my research suggest that WireGuard might be best because most of
>> what I'm moving around is a wide var
with me most about 70% of the time, but
often they will be in different locations hundreds of miles apart.
(1) The corporate windows workstation/server. (always stationary).
(4) Total, often just the the (3) systems on this transient net.
So, my research suggest that WireGuard might be best
On 06/04/2021 20:07, Sid Spry wrote:
If you control everything you can use wireguard or OpenVPN.
https://lwn.net/Articles/850098/
Salutory reading ...
Cheers,
Wol
lly friendly for mobile.)
Although IKE operates in userspace, the IPSec stack is in kernelspace
and its performance superior to userspace VPN technologies.
My understanding is that IKE was just used to boot strap and maintain
the in kernl IPSec. Thus IKE could easily run in user space.
App
own
> software you can install however Gentoo doesn't have it in the tree, or
> a overlay that I know of.
As I understand it, Surfshark offers OpenVPN and WireGuard binaries for those
who don't compile their own software, or for those who can't configure their
OpenVPN/WireG
egular basis by MS to improve its security - the
recent global Wannacry attack being a case in point. I would think SMB is the
most attacked protocol on a daily basis and trying to configure a SMB server
from scratch, when an ftp server is already available would not be the wisest
investment of ti
On Fri, Sep 11, 2020 at 09:42:25PM -0400, John Covici wrote:
> So, I then tried to do emerge @module-rebuild and got strange results. I get
> when emerging wireguard endlessly repeated lines like the following:
> # Do not try to update included dependency files
> and when I try to em
rrect. Like a lot of VPN providers, Surfshark has their own
>> software you can install however Gentoo doesn't have it in the tree, or
>> a overlay that I know of.
> As I understand it, Surfshark offers OpenVPN and WireGuard binaries for those
> who don't compi
results. I get when emerging
wireguard endlessly repeated lines like the following:
# Do not try to update included dependency files
and when I try to emerge sys-zfs/zfs-kmod it hangs on checking on
whether modules can be rebuilt.
I thought it might be some kind of permission question, but
On Fri, 11 Sep 2020 21:48:45 -0400,
Ashley Dixon wrote:
>
> [1 ]
> On Fri, Sep 11, 2020 at 09:42:25PM -0400, John Covici wrote:
> > So, I then tried to do emerge @module-rebuild and got strange results. I
> > get
> > when emerging wireguard endlessly repeat
;> the internet without some sort of firewall in place to restrict access
>> to specific clients - and that probably wouldn't work for your scenario.
>
> At least it's a possibility. I don't even know if they have static IPs,
> though.
>
>> But you could offer
ough that.
I haven't been able yet to figure out what implications creating a VPN
has. I understand it's supposed to connect networks through a secured
tunnel, but what kind of access to the LAN does someone get who connects
via VPN? Besides, VPN is extremely complicated and difficult
[
ok ]
* Applying 242-socket-util-flush-accept.patch ... [
ok ]
* Applying 242-wireguard-listenport.patch ... [
ok ]
* Applying 242-file-max.patch ... [
ok ]
* App
have been
>> audited by independent people to ensure they have no logs even if asked.
> Surfshark gets good reviews and it offers the wireguard protocol with the
> ChaCha20 cipher for better encryption and performance. However, the
> Netherlands is part of the EU and 14 eyes, s
Hi all!
I'm using app-admin/pass. There is an android app (password store) and if
you have a vps server, you can sync it remotely using git. Or maybe with a
wireguard vpn?
The android app is maybe not as good as lastpass, but for me it's enough
and free :)
And I think the price
penSWAN was forked into LibreSWAN and FreeSWAN is now called StrongSWAN.
Anyway, part of the IKEv2 standard is to offer support for mobile and
multihomed users (MOBIKE).
Although IKE operates in userspace, the IPSec stack is in kernelspace and its
performance superior to userspace VPN technologie
,
wireguard, be that actual maintainer on gentoo?
Gentoo spawns CoreOS(smarty pants CTO) and long time gentooer. CoreOS
purchase by Redhat, to give them a future and IBM purchasing Redhat,
just to get legal rights to the gentoo heritage?
Greg X, is one of THE chief gentoo kernel devs, and still
de US jurisdiction. I also read they have been
>>> audited by independent people to ensure they have no logs even if asked.
>> Surfshark gets good reviews and it offers the wireguard protocol with the
>> ChaCha20 cipher for better encryption and performance. However, the
nitate connections to. (I'm happily using a $5/month Linode VPS to do
> this.)
>
> There may be ways to make this work without having the Host initiate
> outbound connections, but I'm not sure what they would be.
>
> As for which VPN, a number of people like OpenVPN
ernet with.
Your MX record(s) resolve to the IP address of the VPS. You can change
local IPs or ISPs or even country as often as you like.
Another more complex method is to use a more traditional VPN; e.g. GRE
tunnel, IPsec tunnel, SSH L2 / L3 tunnel, OpenVPN, WireGuard and IP
forwardi
ven't been able yet to figure out what implications creating a VPN
> has. I understand it's supposed to connect networks through a secured
> tunnel, but what kind of access to the LAN does someone get who
> connects via VPN? Besides, VPN is extremely complicated and
> diff
gt;
>> I think that your friend's best bet is to have the IR initiate an
>> outbound VPN to something on the Internet that the Client can then
>> initate connections to. (I'm happily using a $5/month Linode VPS to do
>> this.)
>>
>> There may be ways
twork.
>
I'm not sure this makes sense. Firstly, in the case of OpenVPN at
least, there is a Windows client and associated signed fake network
device drivers. Perhaps if using Wireguard you might want to connect
through a VM to your VPN; I am not sure if there is a Windows client.
Secondly
ction with a changing IP address. I would have been
much more likely to look at OpenVPN or Wireguard or OpenSSH.
Finally, there is SSTP encrypting PPP frames within TLS. I don't know
why one would use this instead of OpenVPN, except that it comes as part
of the MSWindows package, while
net protection, and
routing options for the same.
If you control everything you can use wireguard or OpenVPN.
To answer some of your later questions in summary:
1. Of the projects libreswan seems to best maintained, though openswan still
releases regularly. I would start with libreswan. Fo
ertainty.
[snip ...]
> Well, that settles that then. I guess it will be Surfshark. Pretty
> sure it is in the Netherlands but may be wrong on country. I just
> recall it being outside US jurisdiction. I also read they have been
> audited by independent people to ensure they have
onses that
I'm getting.
On 4/6/21 1:07 PM, Sid Spry wrote:
Can you clarify why you need to use IPsec?
I don't have a /need/ in any normal sense. But I do /want/ to mess /
play with and learn about /IPsec/. -- I have used many other VPNs;
OpenVPN and WireGuard. But I'm finding
lands but may be wrong on country. I just
> >>> recall it being outside US jurisdiction. I also read they have been
> >>> audited by independent people to ensure they have no logs even if asked.
> >>
> >> Surfshark gets good reviews and it offers the wireguard pr
sands of users, and portability to
> > most major OS platforms.
OpenVPN is widely used because it is relatively easy to configure on the
client side and provides binary client applications for every/most OS. Other
VPN methods are IKE/IPSec typically used by corporate setups and the more
s to make this work without having the Host initiate
outbound connections, but I'm not sure what they would be.
As for which VPN, a number of people like OpenVPN. I personally prefer
OpenSSH's ability to do a routed (L3) (or bridged L2) VPN. (I've got
SSH exposed already, so
on (if we could ever get that to work).
> > > I haven't been able to figure that out myself, and that is one of
> > > the main reasons why I do not have a VPN connection but use ssh
> > > instead. The only disadvantage is that I can't do RDP sessions
> > >
r UDP tunnel transport
>>> through proxies or NAT, support for dynamic IP addresses and DHCP,
>>> scalability to hundreds or thousands of users, and portability to
>>> most major OS platforms.
> OpenVPN is widely used because it is relatively easy to configure on the
> cl
one of
> > > > the main reasons why I do not have a VPN connection but use ssh
> > > > instead. The only disadvantage is that I can't do RDP sessions
> > > > with that --- I probably could and just don't know how to ---
> > > > but thin
he Host initiate
> outbound connections, but I'm not sure what they would be.
>
> As for which VPN, a number of people like OpenVPN. I personally prefer
> OpenSSH's ability to do a routed (L3) (or bridged L2) VPN. (I've got SSH
> exposed already, so it's
t;ip xfrm".
- strongSwan / Libraswan / OpenSwan / FreeS/WAN - I dabbled with
FreeS/WAN the better part of 20 years ago. It worked at the time. But
I've not needed or wanted to do anything with IPsec again until
recently. -- I've taken a foray through OpenVPN and WireGuard, b
ust.
If we throw all the trusted CAs out the window, how do you /bootstrap/
encrypted communications? - My personal opinion is DNS.
We already have a very well understood, globally distributed, highly
redundant database with unique keys.
We have methods to authenticate it; DNSSEC.
We have ways
0.24
dev-util/dialog-1.3.20170131
dev-util/gdbus-codegen-2.62.6
dev-util/glib-utils-2.62.6
dev-util/gperf-3.1
dev-util/gtk-doc-am-1.32
dev-util/gtk-update-icon-cache-3.24.16
dev-util/intltool-0.51.0-r2
dev-util/meson-0.52.1
dev-util/ninja-1.9.0
dev-util/nvidia-cuda-toolkit-10.2.89-r1
dev-util/pkgco
39 matches
Mail list logo