cara> I'd also be interested in how people are self-hosting their VPNs (and john stoffel's view may be similar, I can't say, but hi anyways!) me/doug> I'm struggling with what's the benefit/motivation? My take which started long ago: 20-30 yrs ago as a sysadmin supporting remote access/workers, my (very not-genius-level) brain learned that a VPN... a box/product I'd install on "my"/work network, handing out INside-access to outside-workers for a session.... adds (pops up during session) a virtual interface on home-computer network stack, so while in a VPN session the home worker can magically "have an ipaddr on the inside of workplace network" thus allowed into not-public work servers (or drive their work desktop) BUT! on server setup, I+bosses must decide if yes/no allowing split-tunnel (policy set on VPN server which the VPN clients suffer with usually? if "no split") If yes/split-tunnel allowed, client gets a 2nd! default gateway = route to 0.0.0.0 giving best home-computer network performance (mixing work and play works well) BUT smart?/paranoid-workplace setups choose NO split tunnel, and force home-user's (ISP-given) default route to either disappear? or become unused via route metric/preference adjustment? so that, either way "don't let the home worker's unsafe world anywhere to tunnel near/into work network". Thus the downside! When workplace uplink is wimpy/ancient (e.g. T1/56kb then), and all home-user's internet traffic gets tunnelled in+out via WORK network pipe, envision as I had to discover, how that stinks awfully: adding+forcing+slowing-down home/play traffic via busy work pipe/route-to-0.0.0.0! Sorry to ramble, later I joined WPI netops, but not deep into security/VPN. (Frank/Chuck/Ben/John+more: I miss you all bigtime, I learned so much) So (now retired) I see endless TV ads for VPN's preaching the benefits of their secure VPN, and I don't get it, .... assume buyers/sheep are fooled. Real value = ? I may be blind, but lacking a VPN, my outside/web traffic is still https / encrypted, are they selling some enhanced default-gw world featuring bad-guys-blocked-from-hacking-you? I trust my home router, though I'm open minded to how "wide open" that might be, relative to some ideal. =====side rant, but I can tie it in :) One guy at work, long ago not WPI, did inappropriate network/chat/etc things on lunch/etc time, and ALL his internet traffic thru my/work router was directed to/from at a service/server which he subscribed to, with the benefit of anonymizing himself and hiding his uncool chat rooms (appearing to be elsewhere, tunnelling unsafe habits for work desktop whether sysadmin=netadmin=I was blocking them or not) Too bad for him though: cubicle wall height = below boss's eyeball from adjacent cubicle, and he got canned, while I helped his boss figure out what was going on. So, maybe or maybe not, that's the kind of VPN I suspect they're selling, but I don't see the value for normal folks....or maybe anyone. (educate me!) Unless their hosted-server-world-route network security is a win. Thanks for listening, and my thursday's look better than usual this month, so hoping for WLUG virtually dec 14. -doug On Thu, Dec 7, 2023 at 4:01 PM Cara Salter via WLUG <wlug@lists.wlug.org> wrote:
On 12/7/23 15:20, Tim Keller via WLUG wrote:
That's true. Though, the 28th is now past xmas and likely people are going to be all over the place.
For a topic, I was thinking about what VPN options are there for linux at this point? Obviously there's NordVPN, but there's also Proton as well.
Something people might be interested in?
I'd also be interested in how people are self-hosting their VPNs, whether that's Wireguard, Wireguard with shenanigans on top, OpenVPN, or something else.
-- cara
_______________________________________________ WLUG mailing list -- wlug@lists.wlug.org To unsubscribe send an email to wlug-leave@lists.wlug.org Create Account: https://wlug.mailman3.com/accounts/signup/ Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/ Web Forum/Archive: https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/NUSZZJ...