Re: Dec meeting.. not the 14th! 21st or 28th?
by John Stoffel
>>>>> "Althea" == Althea Shaheen via WLUG <wlug(a)lists.wlug.org> writes:
> I run it on my pfSense firewall, but pivpn is also a great option if
> you'd rather port forward to a different device.
Do you have it so that if you have multiple internal devices behind
your firewall, your external client can reach all those devices?
I'ev been playing, but I'm sure I'm mssing something. For example:
Internal network: 192.168.1.0/24
host A 192.168.1.10/32
host B 192.168.1.20/32
Firewall: 192.168.1.254
WG: 192.168.200.0/24
Client: 200.150.100.50 (made up)
Ideally I'd like my client to be able to access host A or B from the
road using the WG tunnel. Would I need to assign WG addresses to
these hosts? Or would I just rounte 192.168.1.0/24 via wg0 on the
client?
That's the trouble I'm having.
I also want to setup a Wireguard tunnel between home and my VPS in the
cloud to make backups easier and simple. I could just do an SSH
tunnel, but I'd prefer not since it's a pain for this one application
to setup.
So my VPS has both it's public IP, and then I have a WireGuard IP and
route setup so that I can reach into the home network. And possibly
also allow connections to the VPS from other clients as well. Very
mesh like.
John
> On Wed, Dec 13, 2023, at 16:30, John Stoffel wrote:
>>>>>>> "Althea" == Althea Shaheen via WLUG <wlug(a)lists.wlug.org> writes:
>>
>> I've been busy, so I'm coming back to this late...
>>
>>> I use a wireguard VPN on my phone anytime I leave my house, mainly
>>> for ad blocking. I run pi-hole at home to block ads network wide,
>>> and when I leave wifi, my phone automatically joins the VPN at home
>>> and uses the same pi-hole servers for DNS. Internet traffic is still
>>> directly through my carrier (so split tunnel) but my DNS is hidden
>>> from them and ad free!
>>
>> Do you run wireguard on your firewall or do you pass it inside into a
>> base host?
>>
>>> -thea
>>
>>> On Sat, Dec 9, 2023, at 03:54, Jon "maddog" Hall via WLUG wrote:
>>
>>>> However, they still rely on the trust in the ownership/VPN service country's laws and
>>> policies.
>>>> A VPN service is effectively a 'man in the middle'.
>>> This is why everyone should train their mother to offer a secure ISP/VPN service.
>>> "Mom's VPN: Do you trust your Mom?"
>>> md
>>
>>> On Fri, Dec 8, 2023 at 11:44 AM Kevin Stratton via WLUG <wlug(a)lists.wlug.org> wrote:
>>
>>> VPN services are a good tool for privacy. However, they they still rely
>>> on the trust in the ownership/VPN service country's laws and policies.
>>> A VPN service is effectively a 'man in the middle'.
>>
>>> On 12/8/2023 3:13 AM, Robert Schwein via WLUG wrote:
>>>>
>>>> You've pretty much hit the high points Chuck. From my own experience
>>>> when going overseas if I'm able to VPN to the country I'm going to,
>>>> the rental car reservation is considerably less in cost to reserve
>>>> that car than if I reserved it from state side. I'm assuming there is
>>>> a difference between a poor native and a rich American.
>>>>
>>>> Bob
>>>>
>>>> On 12/8/2023 12:56 AM, Chuck Anderson via WLUG wrote:
>>>>> On Thu, Dec 07, 2023 at 09:08:00PM -0500, Doug Mildram via WLUG wrote:
>>>>> So, maybe or maybe not, that's the kind of VPN I suspect they're selling,
>>>>> but I don't see the value for normal folks....or maybe anyone. (educate
>>>>> me!)
>>>>> Unless their hosted-server-world-route network security is a win.
>>>>> Thanks for listening, and my thursday's look better than usual this month,
>>>>> so hoping for WLUG virtually dec 14. -doug
>>>>> Yes. Those "modern" VPNs are used for many reasons. Here are a couple:
>>>>>
>>>>> - To appear to servers/services that you are physically located in a
>>>>> different geographical area. This can help you bypass
>>>>> geographically restricted content, such as watching sports programs
>>>>> that content owners don't want you to see based on where you live
>>>>> (local sports broadcast blackouts). Or trick hotels into giving you
>>>>> a better price--yes, hotels can hike the rates they present to you
>>>>> if they think you are nearby--assuming you need last-minute
>>>>> accomodations while you are away on vacation.
>>>>>
>>>>> - To hide your real IP address from servers and/or hide your browsing
>>>>> from intermediaries (your ISP for example) for privacy. This could
>>>>> be so you can avoid being tracked and having your browsing habits
>>>>> sold to advertisers (something your ISP can easily do--SSL does not
>>>>> hide DNS queries although that is changing with the availability of
>>>>> DNS-over-HTTPS and similar), to hide from authorities/copyright
>>>>> enforcers, or for life-and-death reasons (hide from unfriendly
>>>>> governments.)
>>>>> _______________________________________________
>>>>> WLUG mailing list --wlug(a)lists.wlug.org
>>>>> To unsubscribe send an email towlug-leave(a)lists.wlug.org
>>>>> Create Account:https://wlug.mailman3.com/accounts/signup/
>>>>> Change Settings:https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/
>>>>> Web Forum/Archive:
>>> https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/ZC4W3…
>>>>
>>>> _______________________________________________
>>>> WLUG mailing list -- wlug(a)lists.wlug.org
>>>> To unsubscribe send an email to wlug-leave(a)lists.wlug.org
>>>> Create Account: https://wlug.mailman3.com/accounts/signup/
>>>> Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/
>>>> Web Forum/Archive:
>>> https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/TI4DE…
>>> _______________________________________________
>>> WLUG mailing list -- wlug(a)lists.wlug.org
>>> To unsubscribe send an email to wlug-leave(a)lists.wlug.org
>>> Create Account: https://wlug.mailman3.com/accounts/signup/
>>> Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/
>>> Web Forum/Archive:
>>> https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/2OD7Q…
>>
>>> _______________________________________________
>>> WLUG mailing list -- wlug(a)lists.wlug.org
>>> To unsubscribe send an email to wlug-leave(a)lists.wlug.org
>>> Create Account: https://wlug.mailman3.com/accounts/signup/
>>> Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/
>>> Web Forum/Archive:
>>> https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/E6KIC…
>>
>>> _______________________________________________
>>> WLUG mailing list -- wlug(a)lists.wlug.org
>>> To unsubscribe send an email to wlug-leave(a)lists.wlug.org
>>> Create Account: https://wlug.mailman3.com/accounts/signup/
>>> Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/
>>> Web Forum/Archive: https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/532CN…
> _______________________________________________
> WLUG mailing list -- wlug(a)lists.wlug.org
> To unsubscribe send an email to wlug-leave(a)lists.wlug.org
> Create Account: https://wlug.mailman3.com/accounts/signup/
> Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/
> Web Forum/Archive: https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/NK7RY…
3 months, 2 weeks
Re: Dec meeting.. not the 14th! 21st or 28th?
by Althea Shaheen
I run it on my pfSense firewall, but pivpn is also a great option if you'd rather port forward to a different device.
On Wed, Dec 13, 2023, at 16:30, John Stoffel wrote:
>>>>>> "Althea" == Althea Shaheen via WLUG <wlug(a)lists.wlug.org> writes:
>
> I've been busy, so I'm coming back to this late...
>
>> I use a wireguard VPN on my phone anytime I leave my house, mainly
>> for ad blocking. I run pi-hole at home to block ads network wide,
>> and when I leave wifi, my phone automatically joins the VPN at home
>> and uses the same pi-hole servers for DNS. Internet traffic is still
>> directly through my carrier (so split tunnel) but my DNS is hidden
>> from them and ad free!
>
> Do you run wireguard on your firewall or do you pass it inside into a
> base host?
>
>> -thea
>
>> On Sat, Dec 9, 2023, at 03:54, Jon "maddog" Hall via WLUG wrote:
>
>>> However, they still rely on the trust in the ownership/VPN service country's laws and
>> policies.
>>> A VPN service is effectively a 'man in the middle'.
>> This is why everyone should train their mother to offer a secure ISP/VPN service.
>> "Mom's VPN: Do you trust your Mom?"
>> md
>
>> On Fri, Dec 8, 2023 at 11:44 AM Kevin Stratton via WLUG <wlug(a)lists.wlug.org> wrote:
>
>> VPN services are a good tool for privacy. However, they they still rely
>> on the trust in the ownership/VPN service country's laws and policies.
>> A VPN service is effectively a 'man in the middle'.
>
>> On 12/8/2023 3:13 AM, Robert Schwein via WLUG wrote:
>>>
>>> You've pretty much hit the high points Chuck. From my own experience
>>> when going overseas if I'm able to VPN to the country I'm going to,
>>> the rental car reservation is considerably less in cost to reserve
>>> that car than if I reserved it from state side. I'm assuming there is
>>> a difference between a poor native and a rich American.
>>>
>>> Bob
>>>
>>> On 12/8/2023 12:56 AM, Chuck Anderson via WLUG wrote:
>>>> On Thu, Dec 07, 2023 at 09:08:00PM -0500, Doug Mildram via WLUG wrote:
>>>>> So, maybe or maybe not, that's the kind of VPN I suspect they're selling,
>>>>> but I don't see the value for normal folks....or maybe anyone. (educate
>>>>> me!)
>>>>> Unless their hosted-server-world-route network security is a win.
>>>>> Thanks for listening, and my thursday's look better than usual this month,
>>>>> so hoping for WLUG virtually dec 14. -doug
>>>> Yes. Those "modern" VPNs are used for many reasons. Here are a couple:
>>>>
>>>> - To appear to servers/services that you are physically located in a
>>>> different geographical area. This can help you bypass
>>>> geographically restricted content, such as watching sports programs
>>>> that content owners don't want you to see based on where you live
>>>> (local sports broadcast blackouts). Or trick hotels into giving you
>>>> a better price--yes, hotels can hike the rates they present to you
>>>> if they think you are nearby--assuming you need last-minute
>>>> accomodations while you are away on vacation.
>>>>
>>>> - To hide your real IP address from servers and/or hide your browsing
>>>> from intermediaries (your ISP for example) for privacy. This could
>>>> be so you can avoid being tracked and having your browsing habits
>>>> sold to advertisers (something your ISP can easily do--SSL does not
>>>> hide DNS queries although that is changing with the availability of
>>>> DNS-over-HTTPS and similar), to hide from authorities/copyright
>>>> enforcers, or for life-and-death reasons (hide from unfriendly
>>>> governments.)
>>>> _______________________________________________
>>>> WLUG mailing list --wlug(a)lists.wlug.org
>>>> To unsubscribe send an email towlug-leave(a)lists.wlug.org
>>>> Create Account:https://wlug.mailman3.com/accounts/signup/
>>>> Change Settings:https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/
>>>> Web Forum/Archive:
>> https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/ZC4W3…
>>>
>>> _______________________________________________
>>> WLUG mailing list -- wlug(a)lists.wlug.org
>>> To unsubscribe send an email to wlug-leave(a)lists.wlug.org
>>> Create Account: https://wlug.mailman3.com/accounts/signup/
>>> Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/
>>> Web Forum/Archive:
>> https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/TI4DE…
>> _______________________________________________
>> WLUG mailing list -- wlug(a)lists.wlug.org
>> To unsubscribe send an email to wlug-leave(a)lists.wlug.org
>> Create Account: https://wlug.mailman3.com/accounts/signup/
>> Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/
>> Web Forum/Archive:
>> https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/2OD7Q…
>
>> _______________________________________________
>> WLUG mailing list -- wlug(a)lists.wlug.org
>> To unsubscribe send an email to wlug-leave(a)lists.wlug.org
>> Create Account: https://wlug.mailman3.com/accounts/signup/
>> Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/
>> Web Forum/Archive:
>> https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/E6KIC…
>
>> _______________________________________________
>> WLUG mailing list -- wlug(a)lists.wlug.org
>> To unsubscribe send an email to wlug-leave(a)lists.wlug.org
>> Create Account: https://wlug.mailman3.com/accounts/signup/
>> Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/
>> Web Forum/Archive: https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/532CN…
3 months, 2 weeks
Re: Dec meeting.. not the 14th! 21st or 28th?
by John Stoffel
>>>>> "Althea" == Althea Shaheen via WLUG <wlug(a)lists.wlug.org> writes:
I've been busy, so I'm coming back to this late...
> I use a wireguard VPN on my phone anytime I leave my house, mainly
> for ad blocking. I run pi-hole at home to block ads network wide,
> and when I leave wifi, my phone automatically joins the VPN at home
> and uses the same pi-hole servers for DNS. Internet traffic is still
> directly through my carrier (so split tunnel) but my DNS is hidden
> from them and ad free!
Do you run wireguard on your firewall or do you pass it inside into a
base host?
> -thea
> On Sat, Dec 9, 2023, at 03:54, Jon "maddog" Hall via WLUG wrote:
>> However, they still rely on the trust in the ownership/VPN service country's laws and
> policies.
>> A VPN service is effectively a 'man in the middle'.
> This is why everyone should train their mother to offer a secure ISP/VPN service.
> "Mom's VPN: Do you trust your Mom?"
> md
> On Fri, Dec 8, 2023 at 11:44 AM Kevin Stratton via WLUG <wlug(a)lists.wlug.org> wrote:
> VPN services are a good tool for privacy. However, they they still rely
> on the trust in the ownership/VPN service country's laws and policies.
> A VPN service is effectively a 'man in the middle'.
> On 12/8/2023 3:13 AM, Robert Schwein via WLUG wrote:
>>
>> You've pretty much hit the high points Chuck. From my own experience
>> when going overseas if I'm able to VPN to the country I'm going to,
>> the rental car reservation is considerably less in cost to reserve
>> that car than if I reserved it from state side. I'm assuming there is
>> a difference between a poor native and a rich American.
>>
>> Bob
>>
>> On 12/8/2023 12:56 AM, Chuck Anderson via WLUG wrote:
>>> On Thu, Dec 07, 2023 at 09:08:00PM -0500, Doug Mildram via WLUG wrote:
>>>> So, maybe or maybe not, that's the kind of VPN I suspect they're selling,
>>>> but I don't see the value for normal folks....or maybe anyone. (educate
>>>> me!)
>>>> Unless their hosted-server-world-route network security is a win.
>>>> Thanks for listening, and my thursday's look better than usual this month,
>>>> so hoping for WLUG virtually dec 14. -doug
>>> Yes. Those "modern" VPNs are used for many reasons. Here are a couple:
>>>
>>> - To appear to servers/services that you are physically located in a
>>> different geographical area. This can help you bypass
>>> geographically restricted content, such as watching sports programs
>>> that content owners don't want you to see based on where you live
>>> (local sports broadcast blackouts). Or trick hotels into giving you
>>> a better price--yes, hotels can hike the rates they present to you
>>> if they think you are nearby--assuming you need last-minute
>>> accomodations while you are away on vacation.
>>>
>>> - To hide your real IP address from servers and/or hide your browsing
>>> from intermediaries (your ISP for example) for privacy. This could
>>> be so you can avoid being tracked and having your browsing habits
>>> sold to advertisers (something your ISP can easily do--SSL does not
>>> hide DNS queries although that is changing with the availability of
>>> DNS-over-HTTPS and similar), to hide from authorities/copyright
>>> enforcers, or for life-and-death reasons (hide from unfriendly
>>> governments.)
>>> _______________________________________________
>>> WLUG mailing list --wlug(a)lists.wlug.org
>>> To unsubscribe send an email towlug-leave(a)lists.wlug.org
>>> Create Account:https://wlug.mailman3.com/accounts/signup/
>>> Change Settings:https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/
>>> Web Forum/Archive:
> https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/ZC4W3…
>>
>> _______________________________________________
>> WLUG mailing list -- wlug(a)lists.wlug.org
>> To unsubscribe send an email to wlug-leave(a)lists.wlug.org
>> Create Account: https://wlug.mailman3.com/accounts/signup/
>> Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/
>> Web Forum/Archive:
> https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/TI4DE…
> _______________________________________________
> WLUG mailing list -- wlug(a)lists.wlug.org
> To unsubscribe send an email to wlug-leave(a)lists.wlug.org
> Create Account: https://wlug.mailman3.com/accounts/signup/
> Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/
> Web Forum/Archive:
> https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/2OD7Q…
> _______________________________________________
> WLUG mailing list -- wlug(a)lists.wlug.org
> To unsubscribe send an email to wlug-leave(a)lists.wlug.org
> Create Account: https://wlug.mailman3.com/accounts/signup/
> Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/
> Web Forum/Archive:
> https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/E6KIC…
> _______________________________________________
> WLUG mailing list -- wlug(a)lists.wlug.org
> To unsubscribe send an email to wlug-leave(a)lists.wlug.org
> Create Account: https://wlug.mailman3.com/accounts/signup/
> Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/
> Web Forum/Archive: https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/532CN…
3 months, 2 weeks
Re: Dec meeting.. not the 14th! 21st or 28th?
by Althea Shaheen
I use a wireguard VPN on my phone anytime I leave my house, mainly for ad blocking. I run pi-hole at home to block ads network wide, and when I leave wifi, my phone automatically joins the VPN at home and uses the same pi-hole servers for DNS. Internet traffic is still directly through my carrier (so split tunnel) but my DNS is hidden from them and ad free!
-thea
On Sat, Dec 9, 2023, at 03:54, Jon "maddog" Hall via WLUG wrote:
> >However, they still rely on the trust in the ownership/VPN service country's laws and policies.
> >A VPN service is effectively a 'man in the middle'.
> This is why everyone should train their mother to offer a secure ISP/VPN service.
> "Mom's VPN: Do you trust your Mom?"
> md
>
> On Fri, Dec 8, 2023 at 11:44 AM Kevin Stratton via WLUG <wlug(a)lists.wlug.org> wrote:
>> VPN services are a good tool for privacy. However, they they still rely
>> on the trust in the ownership/VPN service country's laws and policies.
>> A VPN service is effectively a 'man in the middle'.
>>
>>
>> On 12/8/2023 3:13 AM, Robert Schwein via WLUG wrote:
>> >
>> > You've pretty much hit the high points Chuck. From my own experience
>> > when going overseas if I'm able to VPN to the country I'm going to,
>> > the rental car reservation is considerably less in cost to reserve
>> > that car than if I reserved it from state side. I'm assuming there is
>> > a difference between a poor native and a rich American.
>> >
>> > Bob
>> >
>> > On 12/8/2023 12:56 AM, Chuck Anderson via WLUG wrote:
>> >> On Thu, Dec 07, 2023 at 09:08:00PM -0500, Doug Mildram via WLUG wrote:
>> >>> So, maybe or maybe not, that's the kind of VPN I suspect they're selling,
>> >>> but I don't see the value for normal folks....or maybe anyone. (educate
>> >>> me!)
>> >>> Unless their hosted-server-world-route network security is a win.
>> >>> Thanks for listening, and my thursday's look better than usual this month,
>> >>> so hoping for WLUG virtually dec 14. -doug
>> >> Yes. Those "modern" VPNs are used for many reasons. Here are a couple:
>> >>
>> >> - To appear to servers/services that you are physically located in a
>> >> different geographical area. This can help you bypass
>> >> geographically restricted content, such as watching sports programs
>> >> that content owners don't want you to see based on where you live
>> >> (local sports broadcast blackouts). Or trick hotels into giving you
>> >> a better price--yes, hotels can hike the rates they present to you
>> >> if they think you are nearby--assuming you need last-minute
>> >> accomodations while you are away on vacation.
>> >>
>> >> - To hide your real IP address from servers and/or hide your browsing
>> >> from intermediaries (your ISP for example) for privacy. This could
>> >> be so you can avoid being tracked and having your browsing habits
>> >> sold to advertisers (something your ISP can easily do--SSL does not
>> >> hide DNS queries although that is changing with the availability of
>> >> DNS-over-HTTPS and similar), to hide from authorities/copyright
>> >> enforcers, or for life-and-death reasons (hide from unfriendly
>> >> governments.)
>> >> _______________________________________________
>> >> WLUG mailing list --wlug(a)lists.wlug.org
>> >> To unsubscribe send an email towlug-leave(a)lists.wlug.org
>> >> Create Account:https://wlug.mailman3.com/accounts/signup/
>> >> Change Settings:https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/
>> >> Web Forum/Archive:https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org…
>> >
>> > _______________________________________________
>> > WLUG mailing list -- wlug(a)lists.wlug.org
>> > To unsubscribe send an email to wlug-leave(a)lists.wlug.org
>> > Create Account: https://wlug.mailman3.com/accounts/signup/
>> > Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/
>> > Web Forum/Archive: https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/TI4DE…
>> _______________________________________________
>> WLUG mailing list -- wlug(a)lists.wlug.org
>> To unsubscribe send an email to wlug-leave(a)lists.wlug.org
>> Create Account: https://wlug.mailman3.com/accounts/signup/
>> Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/
>> Web Forum/Archive: https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/2OD7Q…
> _______________________________________________
> WLUG mailing list -- wlug(a)lists.wlug.org
> To unsubscribe send an email to wlug-leave(a)lists.wlug.org
> Create Account: https://wlug.mailman3.com/accounts/signup/
> Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/
> Web Forum/Archive: https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/E6KIC…
>
3 months, 2 weeks
Re: Dec meeting.. not the 14th! 21st or 28th?
by Jon "maddog" Hall
>However, they still rely on the trust in the ownership/VPN service
country's laws and policies.
>A VPN service is effectively a 'man in the middle'.
This is why everyone should train their mother to offer a secure ISP/VPN
service.
"Mom's VPN: Do you trust your Mom?"
md
On Fri, Dec 8, 2023 at 11:44 AM Kevin Stratton via WLUG <wlug(a)lists.wlug.org>
wrote:
> VPN services are a good tool for privacy. However, they they still rely
> on the trust in the ownership/VPN service country's laws and policies.
> A VPN service is effectively a 'man in the middle'.
>
>
> On 12/8/2023 3:13 AM, Robert Schwein via WLUG wrote:
> >
> > You've pretty much hit the high points Chuck. From my own experience
> > when going overseas if I'm able to VPN to the country I'm going to,
> > the rental car reservation is considerably less in cost to reserve
> > that car than if I reserved it from state side. I'm assuming there is
> > a difference between a poor native and a rich American.
> >
> > Bob
> >
> > On 12/8/2023 12:56 AM, Chuck Anderson via WLUG wrote:
> >> On Thu, Dec 07, 2023 at 09:08:00PM -0500, Doug Mildram via WLUG wrote:
> >>> So, maybe or maybe not, that's the kind of VPN I suspect they're
> selling,
> >>> but I don't see the value for normal folks....or maybe anyone. (educate
> >>> me!)
> >>> Unless their hosted-server-world-route network security is a win.
> >>> Thanks for listening, and my thursday's look better than usual this
> month,
> >>> so hoping for WLUG virtually dec 14. -doug
> >> Yes. Those "modern" VPNs are used for many reasons. Here are a couple:
> >>
> >> - To appear to servers/services that you are physically located in a
> >> different geographical area. This can help you bypass
> >> geographically restricted content, such as watching sports programs
> >> that content owners don't want you to see based on where you live
> >> (local sports broadcast blackouts). Or trick hotels into giving you
> >> a better price--yes, hotels can hike the rates they present to you
> >> if they think you are nearby--assuming you need last-minute
> >> accomodations while you are away on vacation.
> >>
> >> - To hide your real IP address from servers and/or hide your browsing
> >> from intermediaries (your ISP for example) for privacy. This could
> >> be so you can avoid being tracked and having your browsing habits
> >> sold to advertisers (something your ISP can easily do--SSL does not
> >> hide DNS queries although that is changing with the availability of
> >> DNS-over-HTTPS and similar), to hide from authorities/copyright
> >> enforcers, or for life-and-death reasons (hide from unfriendly
> >> governments.)
> >> _______________________________________________
> >> WLUG mailing list --wlug(a)lists.wlug.org
> >> To unsubscribe send an email towlug-leave(a)lists.wlug.org
> >> Create Account:https://wlug.mailman3.com/accounts/signup/
> >> Change Settings:
> https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/
> >> Web Forum/Archive:
> https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/ZC4W3…
> >
> > _______________________________________________
> > WLUG mailing list -- wlug(a)lists.wlug.org
> > To unsubscribe send an email to wlug-leave(a)lists.wlug.org
> > Create Account: https://wlug.mailman3.com/accounts/signup/
> > Change Settings:
> https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/
> > Web Forum/Archive:
> https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/TI4DE…
> _______________________________________________
> WLUG mailing list -- wlug(a)lists.wlug.org
> To unsubscribe send an email to wlug-leave(a)lists.wlug.org
> Create Account: https://wlug.mailman3.com/accounts/signup/
> Change Settings:
> https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/
> Web Forum/Archive:
> https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/2OD7Q…
>
3 months, 2 weeks
Re: Dec meeting.. not the 14th! 21st or 28th?
by Kevin Stratton
VPN services are a good tool for privacy. However, they they still rely
on the trust in the ownership/VPN service country's laws and policies.
A VPN service is effectively a 'man in the middle'.
On 12/8/2023 3:13 AM, Robert Schwein via WLUG wrote:
>
> You've pretty much hit the high points Chuck. From my own experience
> when going overseas if I'm able to VPN to the country I'm going to,
> the rental car reservation is considerably less in cost to reserve
> that car than if I reserved it from state side. I'm assuming there is
> a difference between a poor native and a rich American.
>
> Bob
>
> On 12/8/2023 12:56 AM, Chuck Anderson via WLUG wrote:
>> On Thu, Dec 07, 2023 at 09:08:00PM -0500, Doug Mildram via WLUG wrote:
>>> So, maybe or maybe not, that's the kind of VPN I suspect they're selling,
>>> but I don't see the value for normal folks....or maybe anyone. (educate
>>> me!)
>>> Unless their hosted-server-world-route network security is a win.
>>> Thanks for listening, and my thursday's look better than usual this month,
>>> so hoping for WLUG virtually dec 14. -doug
>> Yes. Those "modern" VPNs are used for many reasons. Here are a couple:
>>
>> - To appear to servers/services that you are physically located in a
>> different geographical area. This can help you bypass
>> geographically restricted content, such as watching sports programs
>> that content owners don't want you to see based on where you live
>> (local sports broadcast blackouts). Or trick hotels into giving you
>> a better price--yes, hotels can hike the rates they present to you
>> if they think you are nearby--assuming you need last-minute
>> accomodations while you are away on vacation.
>>
>> - To hide your real IP address from servers and/or hide your browsing
>> from intermediaries (your ISP for example) for privacy. This could
>> be so you can avoid being tracked and having your browsing habits
>> sold to advertisers (something your ISP can easily do--SSL does not
>> hide DNS queries although that is changing with the availability of
>> DNS-over-HTTPS and similar), to hide from authorities/copyright
>> enforcers, or for life-and-death reasons (hide from unfriendly
>> governments.)
>> _______________________________________________
>> WLUG mailing list --wlug(a)lists.wlug.org
>> To unsubscribe send an email towlug-leave(a)lists.wlug.org
>> Create Account:https://wlug.mailman3.com/accounts/signup/
>> Change Settings:https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/
>> Web Forum/Archive:https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org…
>
> _______________________________________________
> WLUG mailing list -- wlug(a)lists.wlug.org
> To unsubscribe send an email to wlug-leave(a)lists.wlug.org
> Create Account: https://wlug.mailman3.com/accounts/signup/
> Change Settings: https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/
> Web Forum/Archive: https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/TI4DE…
3 months, 2 weeks
Re: Dec meeting.. not the 14th! 21st or 28th?
by Cara Salter
On 12/7/23 21:08, Doug Mildram via WLUG wrote:
> cara> I'd also be interested in how people are self-hosting their VPNs
> (and john stoffel's view may be similar, I can't say, but hi anyways!)
>
> me/doug> I'm struggling with what's the benefit/motivation?
For me, it lets me access my home network when I'm away from my apartment.
> My take which started long ago:
> 20-30 yrs ago as a sysadmin supporting remote access/workers,
> my (very not-genius-level) brain learned that a VPN...
> a box/product I'd install on "my"/work network,
> handing out INside-access to outside-workers for a session....
> adds (pops up during session) a virtual interface
> on home-computer network stack, so
> while in a VPN session the home worker can magically
> "have an ipaddr on the inside of workplace network"
> thus allowed into not-public work servers (or drive their work desktop)
> BUT! on server setup, I+bosses must decide if yes/no allowing split-tunnel
> (policy set on VPN server which the VPN clients suffer with usually? if
> "no split")
> If yes/split-tunnel allowed, client gets a 2nd! default gateway = route
> to 0.0.0.0
> giving best home-computer network performance (mixing work and play
> works well)
My split-tunnel VPN doesn't set a default gateway, just a route to
10.x.x.x/x. I'm thinking of shenanigans to let my roommates VPN into the
normal resident network and letting myself VPN into the management
network via jump box, but that's not implemented yet. Shenanigans with
Packetfence are planned for the break...
> BUT smart?/paranoid-workplace setups choose NO split tunnel, and
> force home-user's (ISP-given) default route to either disappear?
> or become unused via route metric/preference adjustment? so that, either way
> "don't let the home worker's unsafe world anywhere to tunnel near/into
> work network".
I'm neither smart nor paranoid :p so I use split-tunnel.
> So (now retired) I see endless TV ads for VPN's
> preaching the benefits of their secure VPN, and I don't get it, ....
> assume buyers/sheep are fooled. Real value = ? I may be blind,
> but lacking a VPN, my outside/web traffic is still https / encrypted,
> are they selling some enhanced default-gw world
> featuring bad-guys-blocked-from-hacking-you? I trust my home router,
> though I'm open minded to how "wide open" that might be, relative to
> some ideal.
Most commercial VPNs I've found have low quality. The one that I use
when I want the benefits (different geolocation results, etc) is
Mullvad, for a variety of reasons.
Interested in other people's thoughts!
--
cara
3 months, 2 weeks
Re: Dec meeting.. not the 14th! 21st or 28th?
by Jon "maddog" Hall
I travel internationally a LOT, and having a VPN host in the USA means I
can access websites the same way I can from home for all of the reasons
that Chuck mentioned. Recently this has been extended not only to movies,
TV shows, etc. that are blocked in foreign countries because the USA
advertisers can not get their pound of flesh from foreign viewers, but also
because foreign governments may not allow access to those websites for
various reasons. Also various financial and medical websites may not
allow access from outside the USA even though I have an account on those
systems and legitimate reasons for access. Using the VPN all the time
means that the sites work the same no matter where my laptop or desktop is
located.
md
md
On Fri, Dec 8, 2023 at 9:54 AM Chuck Anderson via WLUG <wlug(a)lists.wlug.org>
wrote:
> On Fri, Dec 08, 2023 at 03:13:49AM -0500, Robert Schwein via WLUG wrote:
> > On 12/8/2023 12:56 AM, Chuck Anderson via WLUG wrote:
> > > (local sports broadcast blackouts). Or trick hotels into giving you
> > > a better price--yes, hotels can hike the rates they present to you
> > > if they think you are nearby--assuming you need last-minute
> > > accomodations while you are away on vacation.
>
> > You've pretty much hit the high points Chuck. From my own experience
> > when going overseas if I'm able to VPN to the country I'm going to, the
> > rental car reservation is considerably less in cost to reserve that car
> > than if I reserved it from state side. I'm assuming there is a
> > difference between a poor native and a rich American.
>
> Oh right, I had the hotel thing backwards. It may be cheaper if you
> appear to be in-country for hotels, rental cars, etc.
> _______________________________________________
> WLUG mailing list -- wlug(a)lists.wlug.org
> To unsubscribe send an email to wlug-leave(a)lists.wlug.org
> Create Account: https://wlug.mailman3.com/accounts/signup/
> Change Settings:
> https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/
> Web Forum/Archive:
> https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org/message/C6YTP…
>
3 months, 2 weeks
Re: Dec meeting.. not the 14th! 21st or 28th?
by Chuck Anderson
On Fri, Dec 08, 2023 at 03:13:49AM -0500, Robert Schwein via WLUG wrote:
> On 12/8/2023 12:56 AM, Chuck Anderson via WLUG wrote:
> > (local sports broadcast blackouts). Or trick hotels into giving you
> > a better price--yes, hotels can hike the rates they present to you
> > if they think you are nearby--assuming you need last-minute
> > accomodations while you are away on vacation.
> You've pretty much hit the high points Chuck. From my own experience
> when going overseas if I'm able to VPN to the country I'm going to, the
> rental car reservation is considerably less in cost to reserve that car
> than if I reserved it from state side. I'm assuming there is a
> difference between a poor native and a rich American.
Oh right, I had the hotel thing backwards. It may be cheaper if you
appear to be in-country for hotels, rental cars, etc.
3 months, 2 weeks
Re: Dec meeting.. not the 14th! 21st or 28th?
by Robert Schwein
You've pretty much hit the high points Chuck. From my own experience
when going overseas if I'm able to VPN to the country I'm going to, the
rental car reservation is considerably less in cost to reserve that car
than if I reserved it from state side. I'm assuming there is a
difference between a poor native and a rich American.
Bob
On 12/8/2023 12:56 AM, Chuck Anderson via WLUG wrote:
> On Thu, Dec 07, 2023 at 09:08:00PM -0500, Doug Mildram via WLUG wrote:
>> So, maybe or maybe not, that's the kind of VPN I suspect they're selling,
>> but I don't see the value for normal folks....or maybe anyone. (educate
>> me!)
>> Unless their hosted-server-world-route network security is a win.
>> Thanks for listening, and my thursday's look better than usual this month,
>> so hoping for WLUG virtually dec 14. -doug
> Yes. Those "modern" VPNs are used for many reasons. Here are a couple:
>
> - To appear to servers/services that you are physically located in a
> different geographical area. This can help you bypass
> geographically restricted content, such as watching sports programs
> that content owners don't want you to see based on where you live
> (local sports broadcast blackouts). Or trick hotels into giving you
> a better price--yes, hotels can hike the rates they present to you
> if they think you are nearby--assuming you need last-minute
> accomodations while you are away on vacation.
>
> - To hide your real IP address from servers and/or hide your browsing
> from intermediaries (your ISP for example) for privacy. This could
> be so you can avoid being tracked and having your browsing habits
> sold to advertisers (something your ISP can easily do--SSL does not
> hide DNS queries although that is changing with the availability of
> DNS-over-HTTPS and similar), to hide from authorities/copyright
> enforcers, or for life-and-death reasons (hide from unfriendly
> governments.)
> _______________________________________________
> WLUG mailing list --wlug(a)lists.wlug.org
> To unsubscribe send an email towlug-leave(a)lists.wlug.org
> Create Account:https://wlug.mailman3.com/accounts/signup/
> Change Settings:https://wlug.mailman3.com/postorius/lists/wlug.lists.wlug.org/
> Web Forum/Archive:https://wlug.mailman3.com/hyperkitty/list/wlug@lists.wlug.org…
3 months, 3 weeks