On 06/04/2021 20:07, Sid Spry wrote:
If you control everything you can use wireguard or OpenVPN.
https://lwn.net/Articles/850098/
Salutory reading ...
Cheers,
Wol
On Fri, 11 Sep 2020 21:48:45 -0400,
Ashley Dixon wrote:
>
> [1 ]
> On Fri, Sep 11, 2020 at 09:42:25PM -0400, John Covici wrote:
> > So, I then tried to do emerge @module-rebuild and got strange results. I
> > get
> > when emerging wireguard endlessly repeat
ust the the (3) systems on this transient net.
>
>
> So, my research suggest that WireGuard might be best because most of
> what I'm moving around is a wide variety of image types, as well as
> video and 3D/4D files and binaries for odd-ball embedded devices, of a
> wide variety. Ev
t;> (1) The corporate windows workstation/server. (always stationary).
>> (4) Total, often just the the (3) systems on this transient net.
>>
>>
>> So, my research suggest that WireGuard might be best because most of
>> what I'm moving around is a wide variety
) are with me most about 70% of the time, but
often they will be in different locations hundreds of miles apart.
(1) The corporate windows workstation/server. (always stationary).
(4) Total, often just the the (3) systems on this transient net.
So, my research suggest that WireGuard might be best
On Fri, Sep 11, 2020 at 09:42:25PM -0400, John Covici wrote:
> So, I then tried to do emerge @module-rebuild and got strange results. I get
> when emerging wireguard endlessly repeated lines like the following:
> # Do not try to update included dependency files
> and when I try to em
s their own
> software you can install however Gentoo doesn't have it in the tree, or
> a overlay that I know of.
As I understand it, Surfshark offers OpenVPN and WireGuard binaries for those
who don't compile their own software, or for those who can't configure their
OpenVPN/WireGuard clien
operates in userspace, the IPSec stack is in kernelspace
and its performance superior to userspace VPN technologies.
My understanding is that IKE was just used to boot strap and maintain
the in kernl IPSec. Thus IKE could easily run in user space.
Apparently Wireguard is even more efficient
On Fri, 11 Sep 2020 21:48:45 -0400,
Ashley Dixon wrote:
>
> [1 ]
> On Fri, Sep 11, 2020 at 09:42:25PM -0400, John Covici wrote:
> > So, I then tried to do emerge @module-rebuild and got strange results. I
> > get
> > when emerging wireguard endlessly repeat
results. I get when emerging
wireguard endlessly repeated lines like the following:
# Do not try to update included dependency files
and when I try to emerge sys-zfs/zfs-kmod it hangs on checking on
whether modules can be rebuilt.
I thought it might be some kind of permission question
hey have been
>> audited by independent people to ensure they have no logs even if asked.
> Surfshark gets good reviews and it offers the wireguard protocol with the
> ChaCha20 cipher for better encryption and performance. However, the
> Netherlands is part of the EU and 14 eyes, s
This is correct. Like a lot of VPN providers, Surfshark has their own
>> software you can install however Gentoo doesn't have it in the tree, or
>> a overlay that I know of.
> As I understand it, Surfshark offers OpenVPN and WireGuard binaries for those
> who don't compile their o
gt; to specific clients - and that probably wouldn't work for your scenario.
SMB is being patched on a regular basis by MS to improve its security - the
recent global Wannacry attack being a case in point. I would think SMB is the
most attacked protocol on a daily basis and trying to configure a SM
you could offer access via OpenVPN and tunnel samba through that.
I haven't been able yet to figure out what implications creating a VPN
has. I understand it's supposed to connect networks through a secured
tunnel, but what kind of access to the LAN does someone get who connects
via VPN? Besides,
Hi all!
I'm using app-admin/pass. There is an android app (password store) and if
you have a vps server, you can sync it remotely using git. Or maybe with a
wireguard vpn?
The android app is maybe not as good as lastpass, but for me it's enough
and free :)
And I think the price should
de US jurisdiction. I also read they have been
>>> audited by independent people to ensure they have no logs even if asked.
>> Surfshark gets good reviews and it offers the wireguard protocol with the
>> ChaCha20 cipher for better encryption and performance. However, the
hus offers a big attack
>> surface for hackers and bots. I'm not sure you want to expose this to
>> the internet without some sort of firewall in place to restrict access
>> to specific clients - and that probably wouldn't work for your scenario.
>
> At least it's a possibi
AN was forked into LibreSWAN and FreeSWAN is now called StrongSWAN.
Anyway, part of the IKEv2 standard is to offer support for mobile and
multihomed users (MOBIKE).
Although IKE operates in userspace, the IPSec stack is in kernelspace and its
performance superior to userspace VPN technologies. A
[
ok ]
* Applying 242-socket-util-flush-accept.patch ... [
ok ]
* Applying 242-wireguard-listenport.patch ... [
ok ]
* Applying 242-file-max.patch ... [
ok ]
* Applying 242-
,
wireguard, be that actual maintainer on gentoo?
Gentoo spawns CoreOS(smarty pants CTO) and long time gentooer. CoreOS
purchase by Redhat, to give them a future and IBM purchasing Redhat,
just to get legal rights to the gentoo heritage?
Greg X, is one of THE chief gentoo kernel devs, and still
appily using a $5/month Linode VPS to do
> this.)
>
> There may be ways to make this work without having the Host initiate
> outbound connections, but I'm not sure what they would be.
>
> As for which VPN, a number of people like OpenVPN. I personally prefer
> OpenSSH's ab
one.
>>
>> I think that your friend's best bet is to have the IR initiate an
>> outbound VPN to something on the Internet that the Client can then
>> initate connections to. (I'm happily using a $5/month Linode VPS to do
>> this.)
>>
>> There may be ways to
rotection, and
routing options for the same.
If you control everything you can use wireguard or OpenVPN.
To answer some of your later questions in summary:
1. Of the projects libreswan seems to best maintained, though openswan still
releases regularly. I would start with libreswan. For racoon,
t settles that then. I guess it will be Surfshark. Pretty
> sure it is in the Netherlands but may be wrong on country. I just
> recall it being outside US jurisdiction. I also read they have been
> audited by independent people to ensure they have no logs even if asked.
Surfshark gets
ts fixed IP within the inner local network.
>
I'm not sure this makes sense. Firstly, in the case of OpenVPN at
least, there is a Windows client and associated signed fake network
device drivers. Perhaps if using Wireguard you might want to connect
through a VM to your VPN; I am not sure if there is a Win
with a changing IP address. I would have been
much more likely to look at OpenVPN or Wireguard or OpenSSH.
Finally, there is SSTP encrypting PPP frames within TLS. I don't know
why one would use this instead of OpenVPN, except that it comes as part
of the MSWindows package, while OpenVPN has
.
Your MX record(s) resolve to the IP address of the VPS. You can change
local IPs or ISPs or even country as often as you like.
Another more complex method is to use a more traditional VPN; e.g. GRE
tunnel, IPsec tunnel, SSH L2 / L3 tunnel, OpenVPN, WireGuard and IP
forwarding on the
ely complicated and
> difficult to set up. I consider it an awful nightmare.
You need to first understand how tunnel devices work. Then it becomes
very easy to set up. The access to the LAN can be restricted by
firewall rules. As long as you don't setup routes from the transfer
network (
sers, and portability to
> > most major OS platforms.
OpenVPN is widely used because it is relatively easy to configure on the
client side and provides binary client applications for every/most OS. Other
VPN methods are IKE/IPSec typically used by corporate setups and the more
rece
lands but may be wrong on country. I just
> >>> recall it being outside US jurisdiction. I also read they have been
> >>> audited by independent people to ensure they have no logs even if asked.
> >>
> >> Surfshark gets good reviews and it offers the wireguard pr
ving the Host initiate
outbound connections, but I'm not sure what they would be.
As for which VPN, a number of people like OpenVPN. I personally prefer
OpenSSH's ability to do a routed (L3) (or bridged L2) VPN. (I've got
SSH exposed already, so it's one less port to expose.) I see a number
of
that
I'm getting.
On 4/6/21 1:07 PM, Sid Spry wrote:
Can you clarify why you need to use IPsec?
I don't have a /need/ in any normal sense. But I do /want/ to mess /
play with and learn about /IPsec/. -- I have used many other VPNs;
OpenVPN and WireGuard. But I'm finding my understanding of IPsec
>>> through proxies or NAT, support for dynamic IP addresses and DHCP,
>>> scalability to hundreds or thousands of users, and portability to
>>> most major OS platforms.
> OpenVPN is widely used because it is relatively easy to configure on the
> client side and provides bi
that is one of
> > > > the main reasons why I do not have a VPN connection but use ssh
> > > > instead. The only disadvantage is that I can't do RDP sessions
> > > > with that --- I probably could and just don't know how to ---
> > > > but thing
ection (if we could ever get that to work).
> > > I haven't been able to figure that out myself, and that is one of
> > > the main reasons why I do not have a VPN connection but use ssh
> > > instead. The only disadvantage is that I can't do RDP sessions
> > &g
the Host initiate
> outbound connections, but I'm not sure what they would be.
>
> As for which VPN, a number of people like OpenVPN. I personally prefer
> OpenSSH's ability to do a routed (L3) (or bridged L2) VPN. (I've got SSH
> exposed already, so it's one less port to expo
OpenSwan / FreeS/WAN - I dabbled with
FreeS/WAN the better part of 20 years ago. It worked at the time. But
I've not needed or wanted to do anything with IPsec again until
recently. -- I've taken a foray through OpenVPN and WireGuard, both of
which were decidedly easier than IPsec.
It's
very well understood, globally distributed, highly
redundant database with unique keys.
We have methods to authenticate it; DNSSEC.
We have ways to hid it's use; DNSCrypt, DNS-over-TLS (DoT),
DNS-over-HTTPS (DoH), DNS-over-53-over-IPsec (transport mode), and VPNs
(IPsec (tunnel mode), OpenVPN, Wir
r-1.0.4
net-libs/liblockfile-1.16
net-libs/libmbim-1.18.0
net-libs/libmnl-1.0.4
net-libs/libndp-1.7
net-libs/libnsl-1.2.0
net-libs/libpcap-1.9.1
net-libs/libqmi-1.22.2
net-libs/libtirpc-1.2.5
net-libs/rpcsvc-proto-1.4.1
net-mail/mailbase-1.5-r1
net-misc/curl-7.69.1
net-misc/dhcp-4.4.1
net-misc/iput
39 matches
Mail list logo