> On May 12, 2023, at 12:25 PM, Mark Thurston <m...@mdvthu.com> wrote:
>
>> I've got a simple question. I'm in the US, and I'm looking for a VPN
>> provider that uses IPsec and can provide an rDNS record for my public IPv4
>> pointing back to my domain. I've asked several VPN providers and they don't
>> seem to understand what I'm asking (NordVPN, ProtonVPN, NordLayer, etc).
>> Maybe I'm just asking wrong.
>>
>> How do you make SPF, DKIM, and X.509 TLS certificates with DNS: SNI's work
>> without this?
>>
>> The other thing that would be handy is if they also provided DNS hosting for
>> customer domains (so I could drop GoDaddy which I'm sick of).
>>
>> You'd think they'd offer both for one-stop-shopping but I can't seem to
>> locate any. Does anyone use Amazon for this for a single or a couple of
>> IPv4's? What's been your experience?
>>
>> Any others that people are happy with?
>>
>
> I'm not sure a VPN service aimed at the average punter will provide this.
>
> I would suggest an entry-level VM on a cloud-provider (Linode's "nanode"
> $5pm, for example). Then you can then choose your DNS nameserver allowing you
> to configure your DNS yourself including all the extras that you need.
I think you misunderstand what I'm saying: I don't want to host DNS, I want the
provider to do that. I would edit my zonefiles
locally and upload them via "nsupdate" (with authentication, of course) to the
primary.
I'd also need them to be the registrar for my domain.
> Re VPNs, if you have the option and need speed, I would go with WireGuard
> rather than IPSec. From a purely trying-to-keep-it-on-topic point of view,
> the improved resource use of WireGuard will allow you to use a low-powered
> embedded OpenWrt device at the other end of the VPN.
I need it to be IPsec, and I'm one of the StrongSwan maintainers, so I have to
dogfood.
> The linuxserver.io wireguard Docker image
> (https://docs.linuxserver.io/images/docker-wireguard) is excellent for fast
> deployment of wireguard on off the shelf VMs.
I don't need a dedicated server... I'm limited to less than 400mb/s so sharing
a server is fine, as long as I get a dedicated address for my tunnel.
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel