Re: SoHo VPN providers and rDNS, etc -- recommendations?

Fri, 12 May 2023 16:57:29 -0700 


> On May 12, 2023, at 12:25 PM, Mark Thurston <m...@mdvthu.com> wrote:
> 
>> I've got a simple question.  I'm in the US, and I'm looking for a VPN 
>> provider that uses IPsec and can provide an rDNS record for my public IPv4 
>> pointing back to my domain.  I've asked several VPN providers and they don't 
>> seem to understand what I'm asking (NordVPN, ProtonVPN, NordLayer, etc).  
>> Maybe I'm just asking wrong.
>> 
>> How do you make SPF, DKIM, and X.509 TLS certificates with DNS: SNI's work 
>> without this?
>> 
>> The other thing that would be handy is if they also provided DNS hosting for 
>> customer domains (so I could drop GoDaddy which I'm sick of).
>> 
>> You'd think they'd offer both for one-stop-shopping but I can't seem to 
>> locate any.  Does anyone use Amazon for this for a single or a couple of 
>> IPv4's?  What's been your experience?
>> 
>> Any others that people are happy with?
>> 
> 
> I'm not sure a VPN service aimed at the average punter will provide this.
> 
> I would suggest an entry-level VM on a cloud-provider (Linode's "nanode" 
> $5pm, for example). Then you can then choose your DNS nameserver allowing you 
> to configure your DNS yourself including all the extras that you need.


I think you misunderstand what I'm saying: I don't want to host DNS, I want the 
provider to do that.  I would edit my zonefiles
locally and upload them via "nsupdate" (with authentication, of course) to the 
primary.

I'd also need them to be the registrar for my domain.


> Re VPNs, if you have the option and need speed, I would go with WireGuard 
> rather than IPSec. From a purely trying-to-keep-it-on-topic point of view, 
> the improved resource use of WireGuard will allow you to use a low-powered 
> embedded OpenWrt device at the other end of the VPN.


I need it to be IPsec, and I'm one of the StrongSwan maintainers, so I have to 
dogfood.


> The linuxserver.io wireguard Docker image 
> (https://docs.linuxserver.io/images/docker-wireguard) is excellent for fast 
> deployment of wireguard on off the shelf VMs.


I don't need a dedicated server... I'm limited to less than 400mb/s so sharing 
a server is fine, as long as I get a dedicated address for my tunnel.



_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel






















					Reply via email to