@Khrys Article sympa qui leur permet de se dédouaner d'avoir fait de la pub dans le passé pour N*rdVPN - "oops, on avait besoin de sous". Fair enough. Mais ça manque un tantinet d'explications techniques.
TL;DR:
Utilisez #Wireguard et pas l'usine à gaz de #OpenVPN et ce avec l'un des fournisseurs suivants:
Proton
Mullvad
IVPN
Si vous voulez savoir pourquoi ? Des explications très claires ici.
Homelab TODO:
There is an existing pfSense guide to automatically renew an OpenVPN connection to PIA on some cadence. It also handles port forwarding for applications.
I've created a more modern idea with their Wireguard servers along with renewing the tunnel every 15 minutes and adapted to work with qBittorrent. I need to document and get this into version control somewhere.
Dites les pro de #openvpn, vous savez comment configurer l'outil pour que les requêtes DNS passent par le VPN et pas les autres.
Ça serait pour bloquer les pub sur un #android
@governa
Good article, but much easier to use ssh tunnelling to get access to internal network resources.
I can't really think of a use case for #openvpn as it states in the note it doesn't allow port forwards within the cluster. I'll try this when I am away from home and see how data is routed
Also quite telling that blocking ads and circumventing geo-ip blocking counts as innovation these days. Truly a kind of innovation we wouldn’t have without #capitalism …
Old customer infrastructure based on #Proxmox 5 and an ancient #Dell server running an outdated #pfSense.
They asked me to update everything because the ERP provider (a small software house) accessing via #VPN claims the pfSense version is too old. I agree and decide to upgrade Proxmox.
On the old Dell, I install #OpenBSD and, in agreement with the ERP provider, a #Wireguard VPN.
After a few days, they 'recall' me because, for their internal compliance and following their '#security manual,' they need to enter the password manually every time they connect, and Wireguard doesn't support user/password concept.
They ask for the possibility to change the PSK with each access to ensure that the one in their configuration files is not the current one - an absurd operation. I don't have a maintenance contract and can't take this responsibility, as it doesn't make sense. Clearly, they agreed on Wireguard without even knowing what it was.
To avoid issues, I ask them what to install instead. They suggest #OpenVPN might be acceptable. I proceed accordingly. They contact me again: 'The version of OpenVPN is not suitable, and OpenBSD is not certified according to our security procedures.' I ask them to tell me what is certified. They respond: '#Debian 7, #Wheezy - and the version of OpenVPN from Debian 7.'
I politely point out that Debian 7 reached its End of Life in 2016, and even the extended LTS has been unsupported for 3 years. They don't care, they must abide by their manual - it's safe for them.
The customer asks me to accommodate them anyway, but I reflect on the fact that when they inevitably get compromised, it will be my fault for installing something so outdated today.
I declined the job - limiting myself to updating Proxmox.
I'm not sure if I'm more offended by the bureaucracy of certain 'internal manuals' or by the closed-mindedness of certain colleagues who can't stand up against such dynamics.
Nie jest to jednak awaria w @ftdl, #przepraszam za zamieszanie.
Mam dziwny #problem z #MacBook – nie działa mi połowa stron internetowych, tak jakby były problemy z DNSami niektórych stron. Nie działają mi serwisy, o których wspomniałem wcześniej, ale także moje postawione w #OracleCloud. Co ciekawe strona #Twitch działa, ale nie chce nic się załadować.
Na pewno nie jest to wina Internetu, ponieważ na telefonie wszystko działa. Nie mam żadnego #VPN, nie mam ustawionych żadnych customowych #DNS. Nie jest to też wina przeglądarki, ponieważ sprawdziłem na ośmiu. Nie wiem co robić.
Nie instalowałem dzisiaj żadnych programów, nie otwierałem podejrzanych maili oraz nie przeglądałem żadnych podejrzanych stron. Jedyne co robiłem i co najbardziej nasuwa mi się na myśl to usunięcie aplikacji #OpenVPN oraz 1.1.1.1.
Czy ktoś z was może wie, jak to naprawić?
Good to know. I think I have an old no-name one in storage I might dig out & try at some point. But that effort is worse than buying one. So for the moment I’m stuck with attempting reverse tethering.
I love the swiss-army-knife that #openVPNcould have been, had they not tried to nanny users by forcing encryption.
@SecurityWriter@datenritter OFC, I do use Certificate & Key based VPNs with only allow-listed users and endpoints to tunnel insecure protocols and access to said systems.
Random shoutout to my personal go-to app when it comes to #PDF manipulation on #macOS, #PDFGenius 4. I use it for many years by now, and it hasn't let me down once. Absolute steal for €10.
Do you use little overlooked gems like that one yourself, or wrote one yourself? Something you wish more people would know about? Give a shoutout and tag it with #FridayFeature. Just reply to this here post, include the tag, and I'll boost!
Making a good backup of my #fedora laptop before upgrading to version 38 that just was released. Hope all goes well, started using Fedora in November and first in-place upgrade and might not go back go Debian for a while either.
I got my upgrade done on a VM of #fedora but my #OpenVPN profile wont connect. Not sure if its a Network issue within Fedora or not. Only using a config file and Network Manager to make the connection. I'll hold off on upgrading my Laptop until I can get this resolved.
Android forces us to run a WiFi hotspot. Not good. OpenVPN workaround… (fedia.io)
(article linked from m/Android)