Dec meeting.. not the 14th! 21st or 28th?
Hey wlug folk, I've got a conflict on the 14th. Does the 21st or the 28th work for people? Thanks, Tim.
I've got a conflict on the 14th.
Does the 21st or the 28th work for people?
I think the 21st *might* be possible, but it's getting late in the year. It would be lovely to see more people, and to get more feedback on how the new meeting location is working out, especially for those of you on Jitsi. Technocopia is a louder space, so it's hard for us to give good remote meetings. John
That's true. Though, the 28th is now past xmas and likely people are going to be all over the place. For a topic, I was thinking about what VPN options are there for linux at this point? Obviously there's NordVPN, but there's also Proton as well. Something people might be interested in? On Mon, Nov 27, 2023 at 4:17 PM John Stoffel <john@stoffel.org> wrote:
I've got a conflict on the 14th.
Does the 21st or the 28th work for people?
I think the 21st *might* be possible, but it's getting late in the year. It would be lovely to see more people, and to get more feedback on how the new meeting location is working out, especially for those of you on Jitsi.
Technocopia is a louder space, so it's hard for us to give good remote meetings.
John
-- I am leery of the allegiances of any politician who refers to their constituents as "consumers".
On 12/7/23 15:20, Tim Keller via WLUG wrote:
That's true. Though, the 28th is now past xmas and likely people are going to be all over the place.
For a topic, I was thinking about what VPN options are there for linux at this point? Obviously there's NordVPN, but there's also Proton as well.
Something people might be interested in?
I'd also be interested in how people are self-hosting their VPNs, whether that's Wireguard, Wireguard with shenanigans on top, OpenVPN, or something else. -- cara
cara> I'd also be interested in how people are self-hosting their VPNs (and john stoffel's view may be similar, I can't say, but hi anyways!) me/doug> I'm struggling with what's the benefit/motivation? My take which started long ago: 20-30 yrs ago as a sysadmin supporting remote access/workers, my (very not-genius-level) brain learned that a VPN... a box/product I'd install on "my"/work network, handing out INside-access to outside-workers for a session.... adds (pops up during session) a virtual interface on home-computer network stack, so while in a VPN session the home worker can magically "have an ipaddr on the inside of workplace network" thus allowed into not-public work servers (or drive their work desktop) BUT! on server setup, I+bosses must decide if yes/no allowing split-tunnel (policy set on VPN server which the VPN clients suffer with usually? if "no split") If yes/split-tunnel allowed, client gets a 2nd! default gateway = route to 0.0.0.0 giving best home-computer network performance (mixing work and play works well) BUT smart?/paranoid-workplace setups choose NO split tunnel, and force home-user's (ISP-given) default route to either disappear? or become unused via route metric/preference adjustment? so that, either way "don't let the home worker's unsafe world anywhere to tunnel near/into work network". Thus the downside! When workplace uplink is wimpy/ancient (e.g. T1/56kb then), and all home-user's internet traffic gets tunnelled in+out via WORK network pipe, envision as I had to discover, how that stinks awfully: adding+forcing+slowing-down home/play traffic via busy work pipe/route-to-0.0.0.0! Sorry to ramble, later I joined WPI netops, but not deep into security/VPN. (Frank/Chuck/Ben/John+more: I miss you all bigtime, I learned so much) So (now retired) I see endless TV ads for VPN's preaching the benefits of their secure VPN, and I don't get it, .... assume buyers/sheep are fooled. Real value = ? I may be blind, but lacking a VPN, my outside/web traffic is still https / encrypted, are they selling some enhanced default-gw world featuring bad-guys-blocked-from-hacking-you? I trust my home router, though I'm open minded to how "wide open" that might be, relative to some ideal. =====side rant, but I can tie it in :) One guy at work, long ago not WPI, did inappropriate network/chat/etc things on lunch/etc time, and ALL his internet traffic thru my/work router was directed to/from at a service/server which he subscribed to, with the benefit of anonymizing himself and hiding his uncool chat rooms (appearing to be elsewhere, tunnelling unsafe habits for work desktop whether sysadmin=netadmin=I was blocking them or not) Too bad for him though: cubicle wall height = below boss's eyeball from adjacent cubicle, and he got canned, while I helped his boss figure out what was going on. So, maybe or maybe not, that's the kind of VPN I suspect they're selling, but I don't see the value for normal folks....or maybe anyone. (educate me!) Unless their hosted-server-world-route network security is a win. Thanks for listening, and my thursday's look better than usual this month, so hoping for WLUG virtually dec 14. -doug On Thu, Dec 7, 2023 at 4:01 PM Cara Salter via WLUG <wlug@lists.wlug.org> wrote:
On 12/7/23 15:20, Tim Keller via WLUG wrote:
That's true. Though, the 28th is now past xmas and likely people are going to be all over the place.
For a topic, I was thinking about what VPN options are there for linux at this point? Obviously there's NordVPN, but there's also Proton as well.
Something people might be interested in?
I'd also be interested in how people are self-hosting their VPNs, whether that's Wireguard, Wireguard with shenanigans on top, OpenVPN, or something else.
-- cara
_______________________________________________ WLUG mailing list -- wlug@lists.wlug.org To unsubscribe send an email to wlug-leave@lists.wlug.org Create Account: https://wlug.mailman3.com/accounts/signup/ Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/ Web Forum/Archive: https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/NUSZZJ...
On Thu, Dec 07, 2023 at 09:08:00PM -0500, Doug Mildram via WLUG wrote:
So, maybe or maybe not, that's the kind of VPN I suspect they're selling, but I don't see the value for normal folks....or maybe anyone. (educate me!) Unless their hosted-server-world-route network security is a win. Thanks for listening, and my thursday's look better than usual this month, so hoping for WLUG virtually dec 14. -doug
Yes. Those "modern" VPNs are used for many reasons. Here are a couple: - To appear to servers/services that you are physically located in a different geographical area. This can help you bypass geographically restricted content, such as watching sports programs that content owners don't want you to see based on where you live (local sports broadcast blackouts). Or trick hotels into giving you a better price--yes, hotels can hike the rates they present to you if they think you are nearby--assuming you need last-minute accomodations while you are away on vacation. - To hide your real IP address from servers and/or hide your browsing from intermediaries (your ISP for example) for privacy. This could be so you can avoid being tracked and having your browsing habits sold to advertisers (something your ISP can easily do--SSL does not hide DNS queries although that is changing with the availability of DNS-over-HTTPS and similar), to hide from authorities/copyright enforcers, or for life-and-death reasons (hide from unfriendly governments.)
You've pretty much hit the high points Chuck. From my own experience when going overseas if I'm able to VPN to the country I'm going to, the rental car reservation is considerably less in cost to reserve that car than if I reserved it from state side. I'm assuming there is a difference between a poor native and a rich American. Bob On 12/8/2023 12:56 AM, Chuck Anderson via WLUG wrote:
On Thu, Dec 07, 2023 at 09:08:00PM -0500, Doug Mildram via WLUG wrote:
So, maybe or maybe not, that's the kind of VPN I suspect they're selling, but I don't see the value for normal folks....or maybe anyone. (educate me!) Unless their hosted-server-world-route network security is a win. Thanks for listening, and my thursday's look better than usual this month, so hoping for WLUG virtually dec 14. -doug Yes. Those "modern" VPNs are used for many reasons. Here are a couple:
- To appear to servers/services that you are physically located in a different geographical area. This can help you bypass geographically restricted content, such as watching sports programs that content owners don't want you to see based on where you live (local sports broadcast blackouts). Or trick hotels into giving you a better price--yes, hotels can hike the rates they present to you if they think you are nearby--assuming you need last-minute accomodations while you are away on vacation.
- To hide your real IP address from servers and/or hide your browsing from intermediaries (your ISP for example) for privacy. This could be so you can avoid being tracked and having your browsing habits sold to advertisers (something your ISP can easily do--SSL does not hide DNS queries although that is changing with the availability of DNS-over-HTTPS and similar), to hide from authorities/copyright enforcers, or for life-and-death reasons (hide from unfriendly governments.) _______________________________________________ WLUG mailing list --wlug@lists.wlug.org To unsubscribe send an email towlug-leave@lists.wlug.org Create Account:https://wlug.mailman3.com/accounts/signup/ Change Settings:https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/ Web Forum/Archive:https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/ZC4W3C...
On Fri, Dec 08, 2023 at 03:13:49AM -0500, Robert Schwein via WLUG wrote:
On 12/8/2023 12:56 AM, Chuck Anderson via WLUG wrote:
(local sports broadcast blackouts). Or trick hotels into giving you a better price--yes, hotels can hike the rates they present to you if they think you are nearby--assuming you need last-minute accomodations while you are away on vacation.
You've pretty much hit the high points Chuck. From my own experience when going overseas if I'm able to VPN to the country I'm going to, the rental car reservation is considerably less in cost to reserve that car than if I reserved it from state side. I'm assuming there is a difference between a poor native and a rich American.
Oh right, I had the hotel thing backwards. It may be cheaper if you appear to be in-country for hotels, rental cars, etc.
I travel internationally a LOT, and having a VPN host in the USA means I can access websites the same way I can from home for all of the reasons that Chuck mentioned. Recently this has been extended not only to movies, TV shows, etc. that are blocked in foreign countries because the USA advertisers can not get their pound of flesh from foreign viewers, but also because foreign governments may not allow access to those websites for various reasons. Also various financial and medical websites may not allow access from outside the USA even though I have an account on those systems and legitimate reasons for access. Using the VPN all the time means that the sites work the same no matter where my laptop or desktop is located. md md On Fri, Dec 8, 2023 at 9:54 AM Chuck Anderson via WLUG <wlug@lists.wlug.org> wrote:
On Fri, Dec 08, 2023 at 03:13:49AM -0500, Robert Schwein via WLUG wrote:
On 12/8/2023 12:56 AM, Chuck Anderson via WLUG wrote:
(local sports broadcast blackouts). Or trick hotels into giving you a better price--yes, hotels can hike the rates they present to you if they think you are nearby--assuming you need last-minute accomodations while you are away on vacation.
You've pretty much hit the high points Chuck. From my own experience when going overseas if I'm able to VPN to the country I'm going to, the rental car reservation is considerably less in cost to reserve that car than if I reserved it from state side. I'm assuming there is a difference between a poor native and a rich American.
Oh right, I had the hotel thing backwards. It may be cheaper if you appear to be in-country for hotels, rental cars, etc. _______________________________________________ WLUG mailing list -- wlug@lists.wlug.org To unsubscribe send an email to wlug-leave@lists.wlug.org Create Account: https://wlug.mailman3.com/accounts/signup/ Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/ Web Forum/Archive: https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/C6YTP5...
VPN services are a good tool for privacy. However, they they still rely on the trust in the ownership/VPN service country's laws and policies. A VPN service is effectively a 'man in the middle'. On 12/8/2023 3:13 AM, Robert Schwein via WLUG wrote:
You've pretty much hit the high points Chuck. From my own experience when going overseas if I'm able to VPN to the country I'm going to, the rental car reservation is considerably less in cost to reserve that car than if I reserved it from state side. I'm assuming there is a difference between a poor native and a rich American.
Bob
On 12/8/2023 12:56 AM, Chuck Anderson via WLUG wrote:
On Thu, Dec 07, 2023 at 09:08:00PM -0500, Doug Mildram via WLUG wrote:
So, maybe or maybe not, that's the kind of VPN I suspect they're selling, but I don't see the value for normal folks....or maybe anyone. (educate me!) Unless their hosted-server-world-route network security is a win. Thanks for listening, and my thursday's look better than usual this month, so hoping for WLUG virtually dec 14. -doug Yes. Those "modern" VPNs are used for many reasons. Here are a couple:
- To appear to servers/services that you are physically located in a different geographical area. This can help you bypass geographically restricted content, such as watching sports programs that content owners don't want you to see based on where you live (local sports broadcast blackouts). Or trick hotels into giving you a better price--yes, hotels can hike the rates they present to you if they think you are nearby--assuming you need last-minute accomodations while you are away on vacation.
- To hide your real IP address from servers and/or hide your browsing from intermediaries (your ISP for example) for privacy. This could be so you can avoid being tracked and having your browsing habits sold to advertisers (something your ISP can easily do--SSL does not hide DNS queries although that is changing with the availability of DNS-over-HTTPS and similar), to hide from authorities/copyright enforcers, or for life-and-death reasons (hide from unfriendly governments.) _______________________________________________ WLUG mailing list --wlug@lists.wlug.org To unsubscribe send an email towlug-leave@lists.wlug.org Create Account:https://wlug.mailman3.com/accounts/signup/ Change Settings:https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/ Web Forum/Archive:https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/ZC4W3C...
_______________________________________________ WLUG mailing list -- wlug@lists.wlug.org To unsubscribe send an email to wlug-leave@lists.wlug.org Create Account: https://wlug.mailman3.com/accounts/signup/ Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/ Web Forum/Archive: https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/TI4DEB...
However, they still rely on the trust in the ownership/VPN service country's laws and policies. A VPN service is effectively a 'man in the middle'.
This is why everyone should train their mother to offer a secure ISP/VPN service. "Mom's VPN: Do you trust your Mom?" md On Fri, Dec 8, 2023 at 11:44 AM Kevin Stratton via WLUG <wlug@lists.wlug.org> wrote:
VPN services are a good tool for privacy. However, they they still rely on the trust in the ownership/VPN service country's laws and policies. A VPN service is effectively a 'man in the middle'.
On 12/8/2023 3:13 AM, Robert Schwein via WLUG wrote:
You've pretty much hit the high points Chuck. From my own experience when going overseas if I'm able to VPN to the country I'm going to, the rental car reservation is considerably less in cost to reserve that car than if I reserved it from state side. I'm assuming there is a difference between a poor native and a rich American.
Bob
On 12/8/2023 12:56 AM, Chuck Anderson via WLUG wrote:
On Thu, Dec 07, 2023 at 09:08:00PM -0500, Doug Mildram via WLUG wrote:
So, maybe or maybe not, that's the kind of VPN I suspect they're
selling,
but I don't see the value for normal folks....or maybe anyone. (educate me!) Unless their hosted-server-world-route network security is a win. Thanks for listening, and my thursday's look better than usual this month, so hoping for WLUG virtually dec 14. -doug Yes. Those "modern" VPNs are used for many reasons. Here are a couple:
- To appear to servers/services that you are physically located in a different geographical area. This can help you bypass geographically restricted content, such as watching sports programs that content owners don't want you to see based on where you live (local sports broadcast blackouts). Or trick hotels into giving you a better price--yes, hotels can hike the rates they present to you if they think you are nearby--assuming you need last-minute accomodations while you are away on vacation.
- To hide your real IP address from servers and/or hide your browsing from intermediaries (your ISP for example) for privacy. This could be so you can avoid being tracked and having your browsing habits sold to advertisers (something your ISP can easily do--SSL does not hide DNS queries although that is changing with the availability of DNS-over-HTTPS and similar), to hide from authorities/copyright enforcers, or for life-and-death reasons (hide from unfriendly governments.) _______________________________________________ WLUG mailing list --wlug@lists.wlug.org To unsubscribe send an email towlug-leave@lists.wlug.org Create Account:https://wlug.mailman3.com/accounts/signup/ Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/ Web Forum/Archive: https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/ZC4W3C...
_______________________________________________ WLUG mailing list -- wlug@lists.wlug.org To unsubscribe send an email to wlug-leave@lists.wlug.org Create Account: https://wlug.mailman3.com/accounts/signup/ Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/ Web Forum/Archive: https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/TI4DEB...
WLUG mailing list -- wlug@lists.wlug.org To unsubscribe send an email to wlug-leave@lists.wlug.org Create Account: https://wlug.mailman3.com/accounts/signup/ Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/ Web Forum/Archive: https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/2OD7QH...
I use a wireguard VPN on my phone anytime I leave my house, mainly for ad blocking. I run pi-hole at home to block ads network wide, and when I leave wifi, my phone automatically joins the VPN at home and uses the same pi-hole servers for DNS. Internet traffic is still directly through my carrier (so split tunnel) but my DNS is hidden from them and ad free! -thea On Sat, Dec 9, 2023, at 03:54, Jon "maddog" Hall via WLUG wrote:
However, they still rely on the trust in the ownership/VPN service country's laws and policies. A VPN service is effectively a 'man in the middle'. This is why everyone should train their mother to offer a secure ISP/VPN service. "Mom's VPN: Do you trust your Mom?" md
On Fri, Dec 8, 2023 at 11:44 AM Kevin Stratton via WLUG <wlug@lists.wlug.org> wrote:
VPN services are a good tool for privacy. However, they they still rely on the trust in the ownership/VPN service country's laws and policies. A VPN service is effectively a 'man in the middle'.
On 12/8/2023 3:13 AM, Robert Schwein via WLUG wrote:
You've pretty much hit the high points Chuck. From my own experience when going overseas if I'm able to VPN to the country I'm going to, the rental car reservation is considerably less in cost to reserve that car than if I reserved it from state side. I'm assuming there is a difference between a poor native and a rich American.
Bob
On 12/8/2023 12:56 AM, Chuck Anderson via WLUG wrote:
On Thu, Dec 07, 2023 at 09:08:00PM -0500, Doug Mildram via WLUG wrote:
So, maybe or maybe not, that's the kind of VPN I suspect they're selling, but I don't see the value for normal folks....or maybe anyone. (educate me!) Unless their hosted-server-world-route network security is a win. Thanks for listening, and my thursday's look better than usual this month, so hoping for WLUG virtually dec 14. -doug Yes. Those "modern" VPNs are used for many reasons. Here are a couple:
- To appear to servers/services that you are physically located in a different geographical area. This can help you bypass geographically restricted content, such as watching sports programs that content owners don't want you to see based on where you live (local sports broadcast blackouts). Or trick hotels into giving you a better price--yes, hotels can hike the rates they present to you if they think you are nearby--assuming you need last-minute accomodations while you are away on vacation.
- To hide your real IP address from servers and/or hide your browsing from intermediaries (your ISP for example) for privacy. This could be so you can avoid being tracked and having your browsing habits sold to advertisers (something your ISP can easily do--SSL does not hide DNS queries although that is changing with the availability of DNS-over-HTTPS and similar), to hide from authorities/copyright enforcers, or for life-and-death reasons (hide from unfriendly governments.) _______________________________________________ WLUG mailing list --wlug@lists.wlug.org To unsubscribe send an email towlug-leave@lists.wlug.org Create Account:https://wlug.mailman3.com/accounts/signup/ Change Settings:https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/ Web Forum/Archive:https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/ZC4W3C...
_______________________________________________ WLUG mailing list -- wlug@lists.wlug.org To unsubscribe send an email to wlug-leave@lists.wlug.org Create Account: https://wlug.mailman3.com/accounts/signup/ Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/ Web Forum/Archive: https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/TI4DEB...
_______________________________________________ WLUG mailing list -- wlug@lists.wlug.org To unsubscribe send an email to wlug-leave@lists.wlug.org Create Account: https://wlug.mailman3.com/accounts/signup/ Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/ Web Forum/Archive: https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/2OD7QH...
WLUG mailing list -- wlug@lists.wlug.org To unsubscribe send an email to wlug-leave@lists.wlug.org Create Account: https://wlug.mailman3.com/accounts/signup/ Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/ Web Forum/Archive: https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/E6KICZ...
"Althea" == Althea Shaheen via WLUG <wlug@lists.wlug.org> writes:
I've been busy, so I'm coming back to this late...
I use a wireguard VPN on my phone anytime I leave my house, mainly for ad blocking. I run pi-hole at home to block ads network wide, and when I leave wifi, my phone automatically joins the VPN at home and uses the same pi-hole servers for DNS. Internet traffic is still directly through my carrier (so split tunnel) but my DNS is hidden from them and ad free!
Do you run wireguard on your firewall or do you pass it inside into a base host?
-thea
On Sat, Dec 9, 2023, at 03:54, Jon "maddog" Hall via WLUG wrote:
However, they still rely on the trust in the ownership/VPN service country's laws and policies. A VPN service is effectively a 'man in the middle'. This is why everyone should train their mother to offer a secure ISP/VPN service. "Mom's VPN: Do you trust your Mom?" md
On Fri, Dec 8, 2023 at 11:44 AM Kevin Stratton via WLUG <wlug@lists.wlug.org> wrote:
VPN services are a good tool for privacy. However, they they still rely on the trust in the ownership/VPN service country's laws and policies. A VPN service is effectively a 'man in the middle'.
On 12/8/2023 3:13 AM, Robert Schwein via WLUG wrote:
You've pretty much hit the high points Chuck. From my own experience when going overseas if I'm able to VPN to the country I'm going to, the rental car reservation is considerably less in cost to reserve that car than if I reserved it from state side. I'm assuming there is a difference between a poor native and a rich American.
Bob
On 12/8/2023 12:56 AM, Chuck Anderson via WLUG wrote:
On Thu, Dec 07, 2023 at 09:08:00PM -0500, Doug Mildram via WLUG wrote:
So, maybe or maybe not, that's the kind of VPN I suspect they're selling, but I don't see the value for normal folks....or maybe anyone. (educate me!) Unless their hosted-server-world-route network security is a win. Thanks for listening, and my thursday's look better than usual this month, so hoping for WLUG virtually dec 14. -doug Yes. Those "modern" VPNs are used for many reasons. Here are a couple:
- To appear to servers/services that you are physically located in a different geographical area. This can help you bypass geographically restricted content, such as watching sports programs that content owners don't want you to see based on where you live (local sports broadcast blackouts). Or trick hotels into giving you a better price--yes, hotels can hike the rates they present to you if they think you are nearby--assuming you need last-minute accomodations while you are away on vacation.
- To hide your real IP address from servers and/or hide your browsing from intermediaries (your ISP for example) for privacy. This could be so you can avoid being tracked and having your browsing habits sold to advertisers (something your ISP can easily do--SSL does not hide DNS queries although that is changing with the availability of DNS-over-HTTPS and similar), to hide from authorities/copyright enforcers, or for life-and-death reasons (hide from unfriendly governments.) _______________________________________________ WLUG mailing list --wlug@lists.wlug.org To unsubscribe send an email towlug-leave@lists.wlug.org Create Account:https://wlug.mailman3.com/accounts/signup/ Change Settings:https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/ Web Forum/Archive:
https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/ZC4W3C...
_______________________________________________ WLUG mailing list -- wlug@lists.wlug.org To unsubscribe send an email to wlug-leave@lists.wlug.org Create Account: https://wlug.mailman3.com/accounts/signup/ Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/ Web Forum/Archive:
https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/TI4DEB... _______________________________________________ WLUG mailing list -- wlug@lists.wlug.org To unsubscribe send an email to wlug-leave@lists.wlug.org Create Account: https://wlug.mailman3.com/accounts/signup/ Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/ Web Forum/Archive: https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/2OD7QH...
_______________________________________________ WLUG mailing list -- wlug@lists.wlug.org To unsubscribe send an email to wlug-leave@lists.wlug.org Create Account: https://wlug.mailman3.com/accounts/signup/ Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/ Web Forum/Archive: https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/E6KICZ...
_______________________________________________ WLUG mailing list -- wlug@lists.wlug.org To unsubscribe send an email to wlug-leave@lists.wlug.org Create Account: https://wlug.mailman3.com/accounts/signup/ Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/ Web Forum/Archive: https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/532CN4...
I run it on my pfSense firewall, but pivpn is also a great option if you'd rather port forward to a different device. On Wed, Dec 13, 2023, at 16:30, John Stoffel wrote:
"Althea" == Althea Shaheen via WLUG <wlug@lists.wlug.org> writes:
I've been busy, so I'm coming back to this late...
I use a wireguard VPN on my phone anytime I leave my house, mainly for ad blocking. I run pi-hole at home to block ads network wide, and when I leave wifi, my phone automatically joins the VPN at home and uses the same pi-hole servers for DNS. Internet traffic is still directly through my carrier (so split tunnel) but my DNS is hidden from them and ad free!
Do you run wireguard on your firewall or do you pass it inside into a base host?
-thea
On Sat, Dec 9, 2023, at 03:54, Jon "maddog" Hall via WLUG wrote:
However, they still rely on the trust in the ownership/VPN service country's laws and policies. A VPN service is effectively a 'man in the middle'. This is why everyone should train their mother to offer a secure ISP/VPN service. "Mom's VPN: Do you trust your Mom?" md
On Fri, Dec 8, 2023 at 11:44 AM Kevin Stratton via WLUG <wlug@lists.wlug.org> wrote:
VPN services are a good tool for privacy. However, they they still rely on the trust in the ownership/VPN service country's laws and policies. A VPN service is effectively a 'man in the middle'.
On 12/8/2023 3:13 AM, Robert Schwein via WLUG wrote:
You've pretty much hit the high points Chuck. From my own experience when going overseas if I'm able to VPN to the country I'm going to, the rental car reservation is considerably less in cost to reserve that car than if I reserved it from state side. I'm assuming there is a difference between a poor native and a rich American.
Bob
On 12/8/2023 12:56 AM, Chuck Anderson via WLUG wrote:
On Thu, Dec 07, 2023 at 09:08:00PM -0500, Doug Mildram via WLUG wrote:
So, maybe or maybe not, that's the kind of VPN I suspect they're selling, but I don't see the value for normal folks....or maybe anyone. (educate me!) Unless their hosted-server-world-route network security is a win. Thanks for listening, and my thursday's look better than usual this month, so hoping for WLUG virtually dec 14. -doug Yes. Those "modern" VPNs are used for many reasons. Here are a couple:
- To appear to servers/services that you are physically located in a different geographical area. This can help you bypass geographically restricted content, such as watching sports programs that content owners don't want you to see based on where you live (local sports broadcast blackouts). Or trick hotels into giving you a better price--yes, hotels can hike the rates they present to you if they think you are nearby--assuming you need last-minute accomodations while you are away on vacation.
- To hide your real IP address from servers and/or hide your browsing from intermediaries (your ISP for example) for privacy. This could be so you can avoid being tracked and having your browsing habits sold to advertisers (something your ISP can easily do--SSL does not hide DNS queries although that is changing with the availability of DNS-over-HTTPS and similar), to hide from authorities/copyright enforcers, or for life-and-death reasons (hide from unfriendly governments.) _______________________________________________ WLUG mailing list --wlug@lists.wlug.org To unsubscribe send an email towlug-leave@lists.wlug.org Create Account:https://wlug.mailman3.com/accounts/signup/ Change Settings:https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/ Web Forum/Archive:
https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/ZC4W3C...
_______________________________________________ WLUG mailing list -- wlug@lists.wlug.org To unsubscribe send an email to wlug-leave@lists.wlug.org Create Account: https://wlug.mailman3.com/accounts/signup/ Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/ Web Forum/Archive:
https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/TI4DEB... _______________________________________________ WLUG mailing list -- wlug@lists.wlug.org To unsubscribe send an email to wlug-leave@lists.wlug.org Create Account: https://wlug.mailman3.com/accounts/signup/ Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/ Web Forum/Archive: https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/2OD7QH...
_______________________________________________ WLUG mailing list -- wlug@lists.wlug.org To unsubscribe send an email to wlug-leave@lists.wlug.org Create Account: https://wlug.mailman3.com/accounts/signup/ Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/ Web Forum/Archive: https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/E6KICZ...
_______________________________________________ WLUG mailing list -- wlug@lists.wlug.org To unsubscribe send an email to wlug-leave@lists.wlug.org Create Account: https://wlug.mailman3.com/accounts/signup/ Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/ Web Forum/Archive: https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/532CN4...
"Althea" == Althea Shaheen via WLUG <wlug@lists.wlug.org> writes:
I run it on my pfSense firewall, but pivpn is also a great option if you'd rather port forward to a different device.
Do you have it so that if you have multiple internal devices behind your firewall, your external client can reach all those devices? I'ev been playing, but I'm sure I'm mssing something. For example: Internal network: 192.168.1.0/24 host A 192.168.1.10/32 host B 192.168.1.20/32 Firewall: 192.168.1.254 WG: 192.168.200.0/24 Client: 200.150.100.50 (made up) Ideally I'd like my client to be able to access host A or B from the road using the WG tunnel. Would I need to assign WG addresses to these hosts? Or would I just rounte 192.168.1.0/24 via wg0 on the client? That's the trouble I'm having. I also want to setup a Wireguard tunnel between home and my VPS in the cloud to make backups easier and simple. I could just do an SSH tunnel, but I'd prefer not since it's a pain for this one application to setup. So my VPS has both it's public IP, and then I have a WireGuard IP and route setup so that I can reach into the home network. And possibly also allow connections to the VPS from other clients as well. Very mesh like. John
On Wed, Dec 13, 2023, at 16:30, John Stoffel wrote:
> "Althea" == Althea Shaheen via WLUG <wlug@lists.wlug.org> writes:
I've been busy, so I'm coming back to this late...
I use a wireguard VPN on my phone anytime I leave my house, mainly for ad blocking. I run pi-hole at home to block ads network wide, and when I leave wifi, my phone automatically joins the VPN at home and uses the same pi-hole servers for DNS. Internet traffic is still directly through my carrier (so split tunnel) but my DNS is hidden from them and ad free!
Do you run wireguard on your firewall or do you pass it inside into a base host?
-thea
On Sat, Dec 9, 2023, at 03:54, Jon "maddog" Hall via WLUG wrote:
However, they still rely on the trust in the ownership/VPN service country's laws and policies. A VPN service is effectively a 'man in the middle'. This is why everyone should train their mother to offer a secure ISP/VPN service. "Mom's VPN: Do you trust your Mom?" md
On Fri, Dec 8, 2023 at 11:44 AM Kevin Stratton via WLUG <wlug@lists.wlug.org> wrote:
VPN services are a good tool for privacy. However, they they still rely on the trust in the ownership/VPN service country's laws and policies. A VPN service is effectively a 'man in the middle'.
On 12/8/2023 3:13 AM, Robert Schwein via WLUG wrote:
You've pretty much hit the high points Chuck. From my own experience when going overseas if I'm able to VPN to the country I'm going to, the rental car reservation is considerably less in cost to reserve that car than if I reserved it from state side. I'm assuming there is a difference between a poor native and a rich American.
Bob
On 12/8/2023 12:56 AM, Chuck Anderson via WLUG wrote:
On Thu, Dec 07, 2023 at 09:08:00PM -0500, Doug Mildram via WLUG wrote: So, maybe or maybe not, that's the kind of VPN I suspect they're selling, but I don't see the value for normal folks....or maybe anyone. (educate me!) Unless their hosted-server-world-route network security is a win. Thanks for listening, and my thursday's look better than usual this month, so hoping for WLUG virtually dec 14. -doug Yes. Those "modern" VPNs are used for many reasons. Here are a couple:
- To appear to servers/services that you are physically located in a different geographical area. This can help you bypass geographically restricted content, such as watching sports programs that content owners don't want you to see based on where you live (local sports broadcast blackouts). Or trick hotels into giving you a better price--yes, hotels can hike the rates they present to you if they think you are nearby--assuming you need last-minute accomodations while you are away on vacation.
- To hide your real IP address from servers and/or hide your browsing from intermediaries (your ISP for example) for privacy. This could be so you can avoid being tracked and having your browsing habits sold to advertisers (something your ISP can easily do--SSL does not hide DNS queries although that is changing with the availability of DNS-over-HTTPS and similar), to hide from authorities/copyright enforcers, or for life-and-death reasons (hide from unfriendly governments.) _______________________________________________ WLUG mailing list --wlug@lists.wlug.org To unsubscribe send an email towlug-leave@lists.wlug.org Create Account:https://wlug.mailman3.com/accounts/signup/ Change Settings:https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/ Web Forum/Archive:
https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/ZC4W3C...
_______________________________________________ WLUG mailing list -- wlug@lists.wlug.org To unsubscribe send an email to wlug-leave@lists.wlug.org Create Account: https://wlug.mailman3.com/accounts/signup/ Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/ Web Forum/Archive:
https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/TI4DEB... _______________________________________________ WLUG mailing list -- wlug@lists.wlug.org To unsubscribe send an email to wlug-leave@lists.wlug.org Create Account: https://wlug.mailman3.com/accounts/signup/ Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/ Web Forum/Archive: https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/2OD7QH...
_______________________________________________ WLUG mailing list -- wlug@lists.wlug.org To unsubscribe send an email to wlug-leave@lists.wlug.org Create Account: https://wlug.mailman3.com/accounts/signup/ Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/ Web Forum/Archive: https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/E6KICZ...
_______________________________________________ WLUG mailing list -- wlug@lists.wlug.org To unsubscribe send an email to wlug-leave@lists.wlug.org Create Account: https://wlug.mailman3.com/accounts/signup/ Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/ Web Forum/Archive: https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/532CN4...
WLUG mailing list -- wlug@lists.wlug.org To unsubscribe send an email to wlug-leave@lists.wlug.org Create Account: https://wlug.mailman3.com/accounts/signup/ Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/ Web Forum/Archive: https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/NK7RYA...
What I do is have the wireguard clients be on a different subnet than my other hosts, all behind the firewall. Then, in pfsense I made wireguard an interface like any other, and that allows me to make firewall policies, such as letting wireguard clients only to my DNS servers on port 53, or my web servers on 443. Also, since each wireguard client has a static IP reserved, I can make my phone access more than my cloud server, since I trust the security of my phone a tad more (but only a tad). For routing, I have the config for the clients either as 0.0.0.0/0 to send all traffic over the tunnel, or my private networks only for the split tunnel, and let the firewall policy handle it from there. So, you could certainly make it so that your VPS connects to your wireguard endpoint, and then send your backup traffic to it's client IP if you are going outbound to the VPS, and block the VPS from your internal network, or vice versa just open up the port you need to the host you need from the VPS to internal. Hope this helps On Thu, Dec 14, 2023, at 12:42, John Stoffel wrote:
"Althea" == Althea Shaheen via WLUG <wlug@lists.wlug.org> writes:
I run it on my pfSense firewall, but pivpn is also a great option if you'd rather port forward to a different device.
Do you have it so that if you have multiple internal devices behind your firewall, your external client can reach all those devices?
I'ev been playing, but I'm sure I'm mssing something. For example:
Internal network: 192.168.1.0/24 host A 192.168.1.10/32 host B 192.168.1.20/32
Firewall: 192.168.1.254 WG: 192.168.200.0/24
Client: 200.150.100.50 (made up)
Ideally I'd like my client to be able to access host A or B from the road using the WG tunnel. Would I need to assign WG addresses to these hosts? Or would I just rounte 192.168.1.0/24 via wg0 on the client?
That's the trouble I'm having.
I also want to setup a Wireguard tunnel between home and my VPS in the cloud to make backups easier and simple. I could just do an SSH tunnel, but I'd prefer not since it's a pain for this one application to setup.
So my VPS has both it's public IP, and then I have a WireGuard IP and route setup so that I can reach into the home network. And possibly also allow connections to the VPS from other clients as well. Very mesh like.
John
On Wed, Dec 13, 2023, at 16:30, John Stoffel wrote:
>> "Althea" == Althea Shaheen via WLUG <wlug@lists.wlug.org> writes:
I've been busy, so I'm coming back to this late...
I use a wireguard VPN on my phone anytime I leave my house, mainly for ad blocking. I run pi-hole at home to block ads network wide, and when I leave wifi, my phone automatically joins the VPN at home and uses the same pi-hole servers for DNS. Internet traffic is still directly through my carrier (so split tunnel) but my DNS is hidden from them and ad free!
Do you run wireguard on your firewall or do you pass it inside into a base host?
-thea
On Sat, Dec 9, 2023, at 03:54, Jon "maddog" Hall via WLUG wrote:
However, they still rely on the trust in the ownership/VPN service country's laws and policies. A VPN service is effectively a 'man in the middle'. This is why everyone should train their mother to offer a secure ISP/VPN service. "Mom's VPN: Do you trust your Mom?" md
On Fri, Dec 8, 2023 at 11:44 AM Kevin Stratton via WLUG <wlug@lists.wlug.org> wrote:
VPN services are a good tool for privacy. However, they they still rely on the trust in the ownership/VPN service country's laws and policies. A VPN service is effectively a 'man in the middle'.
On 12/8/2023 3:13 AM, Robert Schwein via WLUG wrote:
You've pretty much hit the high points Chuck. From my own experience when going overseas if I'm able to VPN to the country I'm going to, the rental car reservation is considerably less in cost to reserve that car than if I reserved it from state side. I'm assuming there is a difference between a poor native and a rich American.
Bob
On 12/8/2023 12:56 AM, Chuck Anderson via WLUG wrote:
On Thu, Dec 07, 2023 at 09:08:00PM -0500, Doug Mildram via WLUG wrote: So, maybe or maybe not, that's the kind of VPN I suspect they're selling, but I don't see the value for normal folks....or maybe anyone. (educate me!) Unless their hosted-server-world-route network security is a win. Thanks for listening, and my thursday's look better than usual this month, so hoping for WLUG virtually dec 14. -doug Yes. Those "modern" VPNs are used for many reasons. Here are a couple:
- To appear to servers/services that you are physically located in a different geographical area. This can help you bypass geographically restricted content, such as watching sports programs that content owners don't want you to see based on where you live (local sports broadcast blackouts). Or trick hotels into giving you a better price--yes, hotels can hike the rates they present to you if they think you are nearby--assuming you need last-minute accomodations while you are away on vacation.
- To hide your real IP address from servers and/or hide your browsing from intermediaries (your ISP for example) for privacy. This could be so you can avoid being tracked and having your browsing habits sold to advertisers (something your ISP can easily do--SSL does not hide DNS queries although that is changing with the availability of DNS-over-HTTPS and similar), to hide from authorities/copyright enforcers, or for life-and-death reasons (hide from unfriendly governments.) _______________________________________________ WLUG mailing list --wlug@lists.wlug.org To unsubscribe send an email towlug-leave@lists.wlug.org Create Account:https://wlug.mailman3.com/accounts/signup/ Change Settings:https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/ Web Forum/Archive:
https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/ZC4W3C...
_______________________________________________ WLUG mailing list -- wlug@lists.wlug.org To unsubscribe send an email to wlug-leave@lists.wlug.org Create Account: https://wlug.mailman3.com/accounts/signup/ Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/ Web Forum/Archive:
https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/TI4DEB... _______________________________________________ WLUG mailing list -- wlug@lists.wlug.org To unsubscribe send an email to wlug-leave@lists.wlug.org Create Account: https://wlug.mailman3.com/accounts/signup/ Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/ Web Forum/Archive: https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/2OD7QH...
_______________________________________________ WLUG mailing list -- wlug@lists.wlug.org To unsubscribe send an email to wlug-leave@lists.wlug.org Create Account: https://wlug.mailman3.com/accounts/signup/ Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/ Web Forum/Archive: https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/E6KICZ...
_______________________________________________ WLUG mailing list -- wlug@lists.wlug.org To unsubscribe send an email to wlug-leave@lists.wlug.org Create Account: https://wlug.mailman3.com/accounts/signup/ Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/ Web Forum/Archive: https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/532CN4...
WLUG mailing list -- wlug@lists.wlug.org To unsubscribe send an email to wlug-leave@lists.wlug.org Create Account: https://wlug.mailman3.com/accounts/signup/ Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/ Web Forum/Archive: https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/NK7RYA...
NB: Question at end. Althea Shaheen via WLUG <wlug@lists.wlug.org> writes:
since I trust the security of my phone a tad more (but only a tad).
Why am I seeing ^M at the end of line. Somewhere along the pipe something must take responsibility for replacing IBM crlf with Unix \n. No matter; I'll do it myself.
so hoping for WLUG virtually dec 14. -doug
I assume that didn't happen. If it did, sorry I missed it.
I also want to setup a Wireguard tunnel between home and my VPS in the cloud to make backups easier and simple.
For a short time I thought I might need a VPN to simulate the home-internal network I used to have http://www.free-comp-shop.com/none/wireless.html#diagram I got the wireguard white paper and decided, no. Don't need encryption; no real secrets here.
I run pi-hole at home to block ads network wide,
Don't need ad blocking, don't know what's a pi-hole. Sounds Rude. I was watching the /var/log/auth.log on fcx1, my cloudy-VPN, as fools tried to guess passwords for users that don't even exist. No worries, they can't even guess user names, my passwd is good. Then I saw the same IP try to guess a password for root, over and over. Oh oh. I forgot that one. They guessed a login id. Enough! I remembered Tim talking about using fail to ban. I don't know anything about it but I guessed how to spell it and apt-get install fail2ban It is more configuration than I expected, but I'll figure it out. I thought, no hurry, there is zero chance of guessing the root password because you can't log in as root over ssh. Just to be sure I "su -" on the laptop and "ssh fcx1". To my horror it let me log on as root (with password, of course). I thought that was blocked by deep world-wide default! I don't remember why I thought that. Maybe it was a decade ago and on a different distribution. I am using Debian. Does anyone know a quick and easy way to make it so? I want to be able to "su -" after I log in, but I can see no excuse for ssh to let a root log in directly.
This is why everyone should train their mother to offer a secure ISP/VPN service. "Mom's VPN: Do you trust your Mom?" md
With my life? Yes. With a computer? No! -- Keith PS: Seven copies of WLUG mailing list -- wlug@lists.wlug.org -- deleted. You will have to make do with this one:
On 12/18/23 21:53, Keith Wright via WLUG wrote:
Does anyone know a quick and easy way to [disallow root login via SSHD]?
I don't think root lockout is enabled by default in Debian. It isn't disabled in the source distribution of OpenSSH-9.6p1, which I just checked. In some popular Linux distros the installation process doesn't ask for a root password, leaving root locked out that way. To disallow root SSH login, edit your /etc/ssh/sshd_config file, and add a line: PermitRootLogin no to the file. There should be a commented default setting about 120 lines down into the config file. Just add the "PermitRootLogin no" line in that region. Alternativly, you can create a new file, perhaps named /etc/ssh/sshd_config.d/no-root-ssh.conf and put the "PermitRootLogin no" line in there. The filename doesn't matter, but whatever name you do chose the filename must end in ".conf" or it will be ignored. Once you've created this file, you'll need to restart the SSHD using: service sshd restart or any of the other normal methods for doing that. --MCV. On 12/18/23 21:53, Keith Wright via WLUG wrote:
I don't remember why I thought that. Maybe it was a decade ago and on a different distribution. I am using Debian.
Does anyone know a quick and easy way to make it so?
That is cool that pfSense can do wireguard! On Thu, Dec 14, 2023 at 7:32 PM Althea Shaheen via WLUG <wlug@lists.wlug.org> wrote:
What I do is have the wireguard clients be on a different subnet than my other hosts, all behind the firewall. Then, in pfsense I made wireguard an interface like any other, and that allows me to make firewall policies, such as letting wireguard clients only to my DNS servers on port 53, or my web servers on 443. Also, since each wireguard client has a static IP reserved, I can make my phone access more than my cloud server, since I trust the security of my phone a tad more (but only a tad).
For routing, I have the config for the clients either as 0.0.0.0/0 to send all traffic over the tunnel, or my private networks only for the split tunnel, and let the firewall policy handle it from there.
So, you could certainly make it so that your VPS connects to your wireguard endpoint, and then send your backup traffic to it's client IP if you are going outbound to the VPS, and block the VPS from your internal network, or vice versa just open up the port you need to the host you need from the VPS to internal.
Hope this helps
> "Althea" == Althea Shaheen via WLUG <wlug@lists.wlug.org> writes:
I run it on my pfSense firewall, but pivpn is also a great option if you'd rather port forward to a different device.
Do you have it so that if you have multiple internal devices behind your firewall, your external client can reach all those devices?
I'ev been playing, but I'm sure I'm mssing something. For example:
Internal network: 192.168.1.0/24 host A 192.168.1.10/32 host B 192.168.1.20/32
Firewall: 192.168.1.254 WG: 192.168.200.0/24
Client: 200.150.100.50 (made up)
Ideally I'd like my client to be able to access host A or B from the road using the WG tunnel. Would I need to assign WG addresses to these hosts? Or would I just rounte 192.168.1.0/24 via wg0 on the client?
That's the trouble I'm having.
I also want to setup a Wireguard tunnel between home and my VPS in the cloud to make backups easier and simple. I could just do an SSH tunnel, but I'd prefer not since it's a pain for this one application to setup.
So my VPS has both it's public IP, and then I have a WireGuard IP and route setup so that I can reach into the home network. And possibly also allow connections to the VPS from other clients as well. Very mesh like.
John
On Wed, Dec 13, 2023, at 16:30, John Stoffel wrote:
>>> "Althea" == Althea Shaheen via WLUG <wlug@lists.wlug.org> writes:
I've been busy, so I'm coming back to this late...
I use a wireguard VPN on my phone anytime I leave my house, mainly for ad blocking. I run pi-hole at home to block ads network wide, and when I leave wifi, my phone automatically joins the VPN at home and uses the same pi-hole servers for DNS. Internet traffic is still directly through my carrier (so split tunnel) but my DNS is hidden from them and ad free!
Do you run wireguard on your firewall or do you pass it inside into a base host?
-thea
On Sat, Dec 9, 2023, at 03:54, Jon "maddog" Hall via WLUG wrote:
However, they still rely on the trust in the ownership/VPN service country's laws and policies. A VPN service is effectively a 'man in the middle'. This is why everyone should train their mother to offer a secure ISP/VPN service. "Mom's VPN: Do you trust your Mom?" md
On Fri, Dec 8, 2023 at 11:44 AM Kevin Stratton via WLUG < wlug@lists.wlug.org> wrote:
VPN services are a good tool for privacy. However, they they still rely on the trust in the ownership/VPN service country's laws and
On Thu, Dec 14, 2023, at 12:42, John Stoffel wrote: policies.
A VPN service is effectively a 'man in the middle'.
On 12/8/2023 3:13 AM, Robert Schwein via WLUG wrote:
You've pretty much hit the high points Chuck. From my own experience when going overseas if I'm able to VPN to the country I'm going to, the rental car reservation is considerably less in cost to reserve that car than if I reserved it from state side. I'm assuming there
is
a difference between a poor native and a rich American.
Bob
On 12/8/2023 12:56 AM, Chuck Anderson via WLUG wrote: > On Thu, Dec 07, 2023 at 09:08:00PM -0500, Doug Mildram via WLUG wrote: > So, maybe or maybe not, that's the kind of VPN I suspect they're selling, > but I don't see the value for normal folks....or maybe anyone. (educate > me!) > Unless their hosted-server-world-route network security is a win. > Thanks for listening, and my thursday's look better than usual this month, > so hoping for WLUG virtually dec 14. -doug > Yes. Those "modern" VPNs are used for many reasons. Here are a couple: > > - To appear to servers/services that you are physically located in a > different geographical area. This can help you bypass > geographically restricted content, such as watching sports programs > that content owners don't want you to see based on where you live > (local sports broadcast blackouts). Or trick hotels into giving you > a better price--yes, hotels can hike the rates they present to you > if they think you are nearby--assuming you need last-minute > accomodations while you are away on vacation. > > - To hide your real IP address from servers and/or hide your browsing > from intermediaries (your ISP for example) for privacy. This could > be so you can avoid being tracked and having your browsing habits > sold to advertisers (something your ISP can easily do--SSL does not > hide DNS queries although that is changing with the availability of > DNS-over-HTTPS and similar), to hide from authorities/copyright > enforcers, or for life-and-death reasons (hide from unfriendly > governments.) > _______________________________________________ > WLUG mailing list --wlug@lists.wlug.org > To unsubscribe send an email towlug-leave@lists.wlug.org > Create Account:https://wlug.mailman3.com/accounts/signup/ > Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/ > Web Forum/Archive:
https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/ZC4W3C...
_______________________________________________ WLUG mailing list -- wlug@lists.wlug.org To unsubscribe send an email to wlug-leave@lists.wlug.org Create Account: https://wlug.mailman3.com/accounts/signup/ Change Settings:
https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/
Web Forum/Archive:
https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/TI4DEB...
_______________________________________________ WLUG mailing list -- wlug@lists.wlug.org To unsubscribe send an email to wlug-leave@lists.wlug.org Create Account: https://wlug.mailman3.com/accounts/signup/ Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/ Web Forum/Archive:
https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/2OD7QH...
_______________________________________________ WLUG mailing list -- wlug@lists.wlug.org To unsubscribe send an email to wlug-leave@lists.wlug.org Create Account: https://wlug.mailman3.com/accounts/signup/ Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/ Web Forum/Archive:
https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/E6KICZ...
_______________________________________________ WLUG mailing list -- wlug@lists.wlug.org To unsubscribe send an email to wlug-leave@lists.wlug.org Create Account: https://wlug.mailman3.com/accounts/signup/ Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/ Web Forum/Archive: https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/532CN4...
WLUG mailing list -- wlug@lists.wlug.org To unsubscribe send an email to wlug-leave@lists.wlug.org Create Account: https://wlug.mailman3.com/accounts/signup/ Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/ Web Forum/Archive: https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/NK7RYA...
WLUG mailing list -- wlug@lists.wlug.org To unsubscribe send an email to wlug-leave@lists.wlug.org Create Account: https://wlug.mailman3.com/accounts/signup/ Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/ Web Forum/Archive: https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/7MG6IR...
-- I am leery of the allegiances of any politician who refers to their constituents as "consumers".
On 12/7/23 21:08, Doug Mildram via WLUG wrote:
cara> I'd also be interested in how people are self-hosting their VPNs (and john stoffel's view may be similar, I can't say, but hi anyways!)
me/doug> I'm struggling with what's the benefit/motivation?
For me, it lets me access my home network when I'm away from my apartment.
My take which started long ago: 20-30 yrs ago as a sysadmin supporting remote access/workers, my (very not-genius-level) brain learned that a VPN... a box/product I'd install on "my"/work network, handing out INside-access to outside-workers for a session.... adds (pops up during session) a virtual interface on home-computer network stack, so while in a VPN session the home worker can magically "have an ipaddr on the inside of workplace network" thus allowed into not-public work servers (or drive their work desktop) BUT! on server setup, I+bosses must decide if yes/no allowing split-tunnel (policy set on VPN server which the VPN clients suffer with usually? if "no split") If yes/split-tunnel allowed, client gets a 2nd! default gateway = route to 0.0.0.0 giving best home-computer network performance (mixing work and play works well)
My split-tunnel VPN doesn't set a default gateway, just a route to 10.x.x.x/x. I'm thinking of shenanigans to let my roommates VPN into the normal resident network and letting myself VPN into the management network via jump box, but that's not implemented yet. Shenanigans with Packetfence are planned for the break...
BUT smart?/paranoid-workplace setups choose NO split tunnel, and force home-user's (ISP-given) default route to either disappear? or become unused via route metric/preference adjustment? so that, either way "don't let the home worker's unsafe world anywhere to tunnel near/into work network".
I'm neither smart nor paranoid :p so I use split-tunnel.
So (now retired) I see endless TV ads for VPN's preaching the benefits of their secure VPN, and I don't get it, .... assume buyers/sheep are fooled. Real value = ? I may be blind, but lacking a VPN, my outside/web traffic is still https / encrypted, are they selling some enhanced default-gw world featuring bad-guys-blocked-from-hacking-you? I trust my home router, though I'm open minded to how "wide open" that might be, relative to some ideal.
Most commercial VPNs I've found have low quality. The one that I use when I want the benefits (different geolocation results, etc) is Mullvad, for a variety of reasons. Interested in other people's thoughts! -- cara
"Tim" == Tim Keller <turbofx@gmail.com> writes:
That's true. Though, the 28th is now past xmas and likely people are going to be all over the place.
For a topic, I was thinking about what VPN options are there for linux at this point? Obviously there's NordVPN, but there's also Proton as well.
Something people might be interested in?
I'd also be interested in a talk about Wireguard and how to implement it in a couple of cases: 1. one end on home router/firewall, other end on remote device. - can I go from internal host to remote device? 2. just a pair of devices, seperated by a firewall - this is simpler, but more complicated than step 1. I've done SSH tunnels in the past, looking more for a generic way to do backups of a device in the cloud from my home backup server. WireGuard should be the ticket, but it's being annoying. John
participants (11)
-
Althea Shaheen -
Cara Salter -
Chuck Anderson -
Doug Mildram -
John Stoffel -
Jon "maddog" Hall -
Keith Wright -
Kevin Stratton -
Michael Voorhis -
Robert Schwein -
Tim Keller