|
tailscale + droplet
|
# ? Aug 7, 2020 05:15 |
|
|
# ? May 21, 2024 11:55 |
|
Shame Boy posted:i wish someone had warned me about this, i touched a printer once at work and now i'm the printer guy who has to touch all the printers i dont even know where our printer is, or if we have one
|
# ? Aug 7, 2020 06:30 |
|
Shame Boy posted:i wish someone had warned me about this, i touched a printer once at work and now i'm the printer guy who has to touch all the printers lmao if you touch a computer with anything but barely held back contempt you are automatically the "it guy"
|
# ? Aug 7, 2020 06:41 |
|
PIZZA.BAT posted:starting to lose my patience with nord. i've been having a lot of trouble connecting over the past few weeks and their app gives you no indication of where the problem may be. pretty frustrating!! if you havent done it already go to options -> auto connect. disable "choose a vpn protocol automatically" and change your vpn protocol to nordlynx which is their wireguard implementation. its waaaaaaaaaaay better than openvpn which is a huge pile of poo poo.
|
# ? Aug 7, 2020 07:40 |
|
my secret to printer success was to buy a $40 brother laser printer on black friday, and use it to print for the next decade without needing to replace the toner cart that it came with. long term archival should be done on laser anyways, because it's plastic melted onto the paper instead ink that can run/fade. and if you're that paranoid, you can smash it after you print your bitcoin codes, then buy another.
|
# ? Aug 7, 2020 08:47 |
|
PIZZA.BAT posted:starting to lose my patience with nord. i've been having a lot of trouble connecting over the past few weeks and their app gives you no indication of where the problem may be. pretty frustrating!! nord is pretty wild they spend a shitload of money advertising and apparently somewhere close to $0 on configuring their vpn servers this is a pretty good list of vpn hosts and caveats https://thatoneprivacysite.net/
|
# ? Aug 7, 2020 08:55 |
|
Subjunctive posted:tailscale + droplet
|
# ? Aug 7, 2020 11:55 |
or algo if you just want ipsec which works natively without a client on basically every os
|
|
# ? Aug 7, 2020 13:16 |
|
D. Ebdrup posted:or algo if you just want ipsec which works natively without a client on basically every os unfortunately IPSec gets broken by ISPs all the time, especially WiFi providers. Shaggar posted:if you havent done it already go to options -> auto connect. disable "choose a vpn protocol automatically" and change your vpn protocol to nordlynx which is their wireguard implementation. its waaaaaaaaaaay better than openvpn which is a huge pile of poo poo. Is wireguard any good yet? It seems like it’s been in beta forever
|
# ? Aug 7, 2020 13:19 |
|
ewiley posted:Is wireguard any good yet? It seems like it’s been in beta forever i use it, has a few annoying quirks that are probably only annoying to me due to how my home network is set up but otherwise it's Fine™ don't trust it with state secrets or anything but it gets my traffic where i want it when i'm not home
|
# ? Aug 7, 2020 15:00 |
|
I'm thinking of trying to practice playbooks by setting up Algo on a spare Pi. Does anyone know if Algo is poo poo or not? Like, I'm not even sure I'd actually use it IRL but being able to run mobile traffic through my PiHoles when I'm "away from keyboard" (as the kids say these days) would be a nice-to-have?
|
# ? Aug 7, 2020 15:10 |
|
Schadenboner posted:I'm thinking of trying to practice playbooks by setting up Algo on a spare Pi. Does anyone know if Algo is poo poo or not?
|
# ? Aug 7, 2020 15:13 |
|
mystes posted:I think I used algo before and it worked fine but you don't need to know anything about ansible to use it anyway? Yeah but I'm looking at an impending job change and I know gently caress-all about ansible/terraform/whatever else is on every loving job posting these days and I'm very much a learn-by-doing person (as cool as "scriptable wiki lists" assuredly is I just can't read Ansible For DevOps and retain any of it without actually doing something that I want done). Algo has a good walk-through for Ansible and and standing up a VPN is useful/something I've wanted to do for a while. Sometimes the Chocolate and the Peanut Butter have to have a reason to be in the same room, is what I'm saying?
|
# ? Aug 7, 2020 15:19 |
|
ewiley posted:unfortunately IPSec gets broken by ISPs all the time, especially WiFi providers. the only place i've used it with is nordvpn and it works infinitely better than using it w/ openvpn. it could be that since they're still in a testing mode with it the servers setup for it are in better shape, i.e. low user loads, proper config, better hosting, but i pretty much always hit my bandwidth limit. w/ openvpn i'd get close and some hosts were dogshit.
|
# ? Aug 7, 2020 15:31 |
|
Wireguard is fine and you can connect to cloudflare's warp vpn with it. Miles better experience than both openvpn and ipsec
|
# ? Aug 7, 2020 17:32 |
|
I thought Algo supported wireguard now e: it does
|
# ? Aug 7, 2020 17:42 |
|
it has done for ages, pretty sure I was using it a couple of years ago
|
# ? Aug 7, 2020 20:53 |
|
tbh openvpn doesn't get enough credit for being Fine and also multi-platform i run it as a server on openwrt on a router smaller than a deck of cards and it used to work great when i'd work from anywhere else in the beforetimes, so it can probably run just fine for a nerd and a few friends in aws or something for private ut99 matches
|
# ? Aug 7, 2020 21:34 |
|
they’re all multiplatform tho? even wireguard stopped being a linux thing ages ago
|
# ? Aug 7, 2020 22:30 |
evil_bunnY posted:That or mullvad, yeah mullvad is nice yeah, airvpn is also an option
|
|
# ? Aug 8, 2020 01:23 |
|
openvpn is fine but windows 10 does some absolutely mind glowingly dumb poo poo with networking that fucks with any VPN that doesn't specifically use a built in windows tunnel interface and openvpn/basically all ssl vpn just install a virtual 10/100/1000 adapter
|
# ? Aug 8, 2020 04:39 |
|
30 TO 50 FERAL HOG posted:openvpn is fine but windows 10 does some absolutely mind glowingly dumb poo poo with networking that fucks with any VPN that doesn't specifically use a built in windows tunnel interface and openvpn/basically all ssl vpn just install a virtual 10/100/1000 adapter can you expand on this? to me having the interface makes sense as it needs to present an L3 gateway to route traffic via
|
# ? Aug 8, 2020 04:58 |
|
taqueso posted:How do companies keep track of their secret keys so they don't leak but also aren't lost? Seems like a hard problem especially with backups. i mean isnt this literally the purpose of HSMs? keep private keys available but non exportable.
|
# ? Aug 8, 2020 08:21 |
|
ewiley posted:unfortunately IPSec gets broken by ISPs all the time, especially WiFi providers. ? what specifically are you talking about? ssl injection or...?
|
# ? Aug 8, 2020 08:26 |
|
ate poo poo on live tv posted:? i recall hearing about some ISPs blocking things like IPsec and SMTP if you're on a residential service, the idea being that they can then make you pay more for a "business" service. that was some time ago though edit: also not sure what ewiley means with "WiFi providers" Pile Of Garbage fucked around with this message at 08:41 on Aug 8, 2020 |
# ? Aug 8, 2020 08:35 |
|
AFAIK SMTP is because the average state of user's box is owned. Never heard of IPSec being blocked.
|
# ? Aug 8, 2020 08:39 |
|
Rufus Ping posted:Wireguard is fine and you can connect to cloudflare's warp vpn with it. Miles better experience than both openvpn and ipsec i recently spun up a new digital ocean droplet for vpn / dns (pi-hole) purposes 'cause apparently they're offering double the resources for the same price i had been paying and i decided to give wireguard a shot instead of openvpn. super easy to setup, very happy with it so far. are there any concrete concerns with wireguard, beyond it just being the new hotness and therefore probably actually broken in three dozen facepalm worthy ways?
|
# ? Aug 8, 2020 08:50 |
|
wireguard appears to be secure but was not designed to keep you anonymous, so don’t use it if you’re trying to do illegal poo poo, your activity may be identifiable from server logs nordvpn claim their implementation fixes the by-design privacy issues but i haven’t actually looked at what they’ve done so can’t comment further it’s great if you’re just connecting known people to your own networks tho
|
# ? Aug 8, 2020 09:07 |
|
because i'm a giant turbo-nerd i've got a fortigate 60E-POE firewall at home which i've configured to do SSL-VPN with MFA via a Duo Auth Proxy (the Duo free-tier is very needs suiting). that way whenever im on the go i can tunnel back through my home internet. also i customised the SSL-VPN web portal so that it's very 219.css https://vpn.darkstar1.net/ e: just remembered i'm restricting connections by geoip so if you're not in AU that link prolly won't work Pile Of Garbage fucked around with this message at 09:16 on Aug 8, 2020 |
# ? Aug 8, 2020 09:13 |
|
Oneiros posted:i recently spun up a new digital ocean droplet for vpn / dns (pi-hole) purposes 'cause apparently they're offering double the resources for the same price i had been paying and i decided to give wireguard a shot instead of openvpn. super easy to setup, very happy with it so far. algo or Streisand will setup encrypted DNS for whatever that’s worth 30 TO 50 FERAL HOG posted:openvpn is fine but windows 10 does some absolutely mind glowingly dumb poo poo with networking that fucks with any VPN that doesn't specifically use a built in windows tunnel interface and openvpn/basically all ssl vpn just install a virtual 10/100/1000 adapter just get an openwrt compatible router and install openvpn or wireguard on it and then you can safely remove windows and install gentoo
|
# ? Aug 8, 2020 13:01 |
|
Pile Of Garbage posted:can you expand on this? to me having the interface makes sense as it needs to present an L3 gateway to route traffic via the windows native VPN also creates interfaces for VPN connections (as does wireguard), so he may be talking about specific interface types maybe? Not really sure. either way i think its still a problem with openvpn as other 3rd party proprietary SSL/ipsec VPNs do the exact same thing and dont have some of the same performance issues as openvpn.
|
# ? Aug 8, 2020 18:59 |
|
q!=e
|
# ? Aug 8, 2020 19:00 |
|
Pile Of Garbage posted:i recall hearing about some ISPs blocking things like IPsec and SMTP if you're on a residential service, the idea being that they can then make you pay more for a "business" service. that was some time ago though Back when people actually traveled, some in-flight and hotel WiFi would gently caress with IPSec connections, deprioritizing the traffic, breaking them in weird ways. Forcing to HTTPS seemed to work OK, but was a lot lower performance for my VPN. 30 TO 50 FERAL HOG posted:openvpn is fine but windows 10 does some absolutely mind glowingly dumb poo poo with networking that fucks with any VPN that doesn't specifically use a built in windows tunnel interface and openvpn/basically all ssl vpn just install a virtual 10/100/1000 adapter Oh my Goooooood I had to deal with this fuckery when we moved from win7 to win10. They added some magic to the windows networking stack to silently prefer some interfaces while ignoring the actual OS routing table. Using find-netroute was literally the only way to see it in action. The upshot was when using full-tunnel VPN Windows would end up looping traffic through the “very fast” VPN pseudo-interface away from the regular interface despite there being a /32 route to the vpn gateway. Windows would read the iftype of the interface in the registry but the OpenVPN TAP adapter (and all other VPN provider adapters) showed up as ‘ethernet’. Microsoft has a ‘vpn’ adapter type, but that’s only for their PPP virtual adapters that didn’t work with the lazy code that VPN software developers used assuming their virtual adapters work just like Ethernet adapters (with respect to things like DHCP address assignment, ARP, etc).
|
# ? Aug 10, 2020 19:48 |
|
Rogers ISP here in Canada at one point qossed all secure traffic into the ground because people were using secured bit torrent connections that they couldn't spy on, so all home workers logged into VPNs got lovely throughput for months
|
# ? Aug 10, 2020 20:35 |
|
ewiley posted:Back when people actually traveled, some in-flight and hotel WiFi would gently caress with IPSec connections, deprioritizing the traffic, breaking them in weird ways. Forcing to HTTPS seemed to work OK, but was a lot lower performance for my VPN. I have heard of some hotels which would offer two wifi networks to guests. One which was free and had access to web, social media, Netflix etc. But block most common VPN and similar traffic. Then a second which allowed that traffic but to connect cost extra. The idea being people travelling for leisure would generally not pay for the upgrade but would complain on trip advisor etc if they didn’t work. Corporate travellers would not care and just expense the upgrade back to their company.
|
# ? Aug 11, 2020 02:07 |
|
ewiley posted:Oh my Goooooood I had to deal with this fuckery when we moved from win7 to win10. They added some magic to the windows networking stack to silently prefer some interfaces while ignoring the actual OS routing table. Using find-netroute was literally the only way to see it in action. The upshot was when using full-tunnel VPN Windows would end up looping traffic through the “very fast” VPN pseudo-interface away from the regular interface despite there being a /32 route to the vpn gateway. Windows would read the iftype of the interface in the registry but the OpenVPN TAP adapter (and all other VPN provider adapters) showed up as ‘ethernet’. Microsoft has a ‘vpn’ adapter type, but that’s only for their PPP virtual adapters that didn’t work with the lazy code that VPN software developers used assuming their virtual adapters work just like Ethernet adapters (with respect to things like DHCP address assignment, ARP, etc). WFH these last couple of months I have had nothing but trouble dealing with split tunnelling on the corp VPN.
|
# ? Aug 11, 2020 02:17 |
|
Varkk posted:I have heard of some hotels which would offer two wifi networks to guests. One which was free and had access to web, social media, Netflix etc. But block most common VPN and similar traffic. Then a second which allowed that traffic but to connect cost extra. The idea being people travelling for leisure would generally not pay for the upgrade but would complain on trip advisor etc if they didn’t work. Corporate travellers would not care and just expense the upgrade back to their company. Whatever Acela does to its onboard WiFi would make it so my IPSec vpn could start and pass *a tiny bit* of traffic then just refuse to do any more. whatever British Airways uses domestically works fine but over the Atlantic it would poo poo the bed but SSL still kept chugging along I’m just glad I don’t have to deal with it anymore.
|
# ? Aug 11, 2020 02:26 |
|
~Coxy posted:WFH these last couple of months I have had nothing but trouble dealing with split tunnelling on the corp VPN. I’m really curious about ‘cloud’ based web filtering and pseudo-VPN “SASE” like Netskope. It uses some kind of DNS hackery to forward all web traffic to a filtering service, is able to offload boring web traffic like YouTube and facebook to a local proxy, and back-haul sensitive traffic over a tunnel all using a local agent. This has the advantages of a split tunnel to send known traffic out local internet access and secure ‘internal’ traffic over a tunnel, all while maintaining things like DLP and SSL decryption somehow. sorry to poo poo-up the secfuck thread with VPN janitoring, but after 4 months of full-tunnel VPN to systems that really were meant for temporary use it’s getting a bit more attention than usual, and i can foresee some spectacular remote access secfuckling coming up.
|
# ? Aug 11, 2020 02:33 |
|
we use Zscaler Private Access and Internet access, same concept. works well enough but the adoption was painful.
|
# ? Aug 11, 2020 14:06 |
|
|
# ? May 21, 2024 11:55 |
|
Mozilla laid off 250 people. From which department? Well given where I'm posting, you may have figured already https://twitter.com/MichalPurzynski/status/1293220570885062657 (and some others)
|
# ? Aug 12, 2020 01:55 |