+1and it also support HA. Sent from my Samsung Galaxy smartphone.
Original message From: Mark Tinka Date:
13/06/2019 14:59 (GMT-03:00) To: nanog@nanog.org Subject: Re: SSL VPN On
1/Jun/19 16:53, Mehmet Akcin wrote:> Hey there>> I am trying to choose SSL VPN
for a remote offic
On Thu, Jun 13, 2019 at 09:58:20AM -0400, Joe Abley wrote:
> Hey Joe,
>
> On 12 Jun 2019, at 12:37, Joe Provo wrote:
>
> > On Wed, Jun 12, 2019 at 04:10:00PM +, David Guo via NANOG wrote:
> >> Send abuse complaint to the upstreams
> >
> > ...and then name & shame publicly. AS-path forgery "
On Thu, Jun 13, 2019 at 6:12 PM Eric Tykwinski
wrote:
> This is the second time I’ve seen WireGuard this past week, and honestly
> sounds really promising.
> I’m probably going to test out on VyOS since I know it has support, but
> any word on ASA or JunOS?
> I.E. is this going to export to hardw
> On Jun 13, 2019, at 2:32 PM, Randy Bush wrote:
>
>> OpenVPN in pfSense?
>
> yep
>
>> We run tons of these around the world.
>
> i only do 0.5kg
>
> wireguard, https://www.wireguard.com/, is simpler (always a good thing
> with security), and has had code looked at by some credible experts.
> OpenVPN in pfSense?
yep
> We run tons of these around the world.
i only do 0.5kg
wireguard, https://www.wireguard.com/, is simpler (always a good thing
with security), and has had code looked at by some credible experts.
randy
On Thu, Jun 13, 2019 at 12:59 PM Mark Tinka wrote:
>
> OpenVPN in pfSense?
>
> We run tons of these around the world.
>
> Mark.
>
>
With the client config generator package, "openvpn-client-export",
installed, this is imho the best option for an end-user VPN. pfSense has a
much nicer UI than Open
On 1/Jun/19 16:53, Mehmet Akcin wrote:
> Hey there
>
> I am trying to choose SSL VPN for a remote office 3-4 people max each
> any given time.
>
> I have looked at Pulse and Cisco, and wanted to check in here for
> recommendations on latest trends.
>
> Trying to get a solution easy to manage an
other than the possibility of the stuffed AS being associated with
behavior, no harm if nothing malicious is happening. if something
malicious is happening, we probably have bigger problems.
have used path poisoning for a notable research experiment; where we
credit the first major poisoner, lore
On Thu, Jun 13, 2019 at 11:37 AM Jared Mauch wrote:
>
> You also may not know who allows their own ASN inbound as well. It certainly
> is a mixed bag.
>
> I do consider poisoning at best horrible hygiene and at worst evidence of
> malicious intent.
Yes, I fully agree it it bletcherous -- which
I don't think the number of networks with disabled loop prevention is that
small.
For example, let's say you're a hosting provider who has 3 locations... no
reason to do cold potato routing and you don't have dedicated links between
sites, yet you still want ranges announced at DC A to be reach
I've used it in the distant past for TE purposes. Assuming you're
poisoning one ASN via one transit it's not exactly rocket science to
figure out if "it worked" or not. As Warren mentioned, sometimes your
transits just don't provide all the knobs you need.
I suspect the number of networks th
You also may not know who allows their own ASN inbound as well. It certainly is
a mixed bag.
I do consider poisoning at best horrible hygiene and at worst evidence of
malicious intent.
Good filtering isn’t just prefix or AS path based it’s both.
Best filtering is pinning the prefix to a spe
On Thu, Jun 13, 2019 at 11:18 Warren Kumari wrote:
> On Thu, Jun 13, 2019 at 9:59 AM Joe Abley wrote:
> >
> > Hey Joe,
> >
> > On 12 Jun 2019, at 12:37, Joe Provo wrote:
> >
> > > On Wed, Jun 12, 2019 at 04:10:00PM +, David Guo via NANOG wrote:
> > >> Send abuse complaint to the upstreams
>
On Thu, Jun 13, 2019 at 9:59 AM Joe Abley wrote:
>
> Hey Joe,
>
> On 12 Jun 2019, at 12:37, Joe Provo wrote:
>
> > On Wed, Jun 12, 2019 at 04:10:00PM +, David Guo via NANOG wrote:
> >> Send abuse complaint to the upstreams
> >
> > ...and then name & shame publicly. AS-path forgery "for TE" wa
On 13 Jun 2019, at 10:06, Job Snijders wrote:
> 1/ We can’t really expect on the loop detection to work that way at the
> “jacked” side. So if this is innocent traffic engineering, it is unreliable
> at best.
>
> 2/ Attribution. The moment you stuff AS 2914 anywhere in the path, we may get
>
Hi Joe,
On Thu, Jun 13, 2019 at 9:59 Joe Abley wrote:
> Hey Joe,
>
> On 12 Jun 2019, at 12:37, Joe Provo wrote:
>
> > On Wed, Jun 12, 2019 at 04:10:00PM +, David Guo via NANOG wrote:
> >> Send abuse complaint to the upstreams
> >
> > ...and then name & shame publicly. AS-path forgery "for T
Hey Joe,
On 12 Jun 2019, at 12:37, Joe Provo wrote:
> On Wed, Jun 12, 2019 at 04:10:00PM +, David Guo via NANOG wrote:
>> Send abuse complaint to the upstreams
>
> ...and then name & shame publicly. AS-path forgery "for TE" was
> never a good idea. Sharing the affected prefix[es]/path[s] wo
17 matches
Mail list logo