toad.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Mastodon server operated by David Troy, a tech pioneer and investigative journalist addressing threats to democracy. Thoughtful participation and discussion welcome.

Administered by:

Server stats:

227
active users

#openvpn

2 posts2 participants0 posts today
Continued thread

So some of these might actually be one of the oldest #fastd VPN keys ever. As @neocturne had started that whole fastd project back then here at @ffhl and even wrote (bachelor?) theses on it. To have a VPN solution on these 500 MHz MIPS routers which would finally have some decent throughput performance. #tinc or even worse #OpenVPN just did not cut it speed wise back then. And all other #Linux kernel solutions back then had major drawbacks (like not working with NAT if I recall correctly)

Replied in thread

@pmevzek @landley I wish I had this luxury.

  • Cuz I often have to deal with fucked-up networks that are #IPv4only and sometimes going #DualStack is flatout not being allowed and even having #IPv6 at the public-facing side is seen as a problem.

And I'm more often than not not the guy who gets to make that decision.

  • I was only able to get IPv6 allowed WAN-side at one place after my employer encountered the problem that some workers have shitty #CGNAT that bricks #OpenVPN so they could not #VPN to the HQ.

Honestly, I never thought we'd make it long enough that my #OpenVPN CA cert would exceed its 10-year expiration lifetime. Now I gotta generate a new one and regenerate all my ovpn client configs. Well, shit.

Does anyone know how this new SSL cert expiry date thing is going to affect things like user authentication with SSL certs, i.e. for openvpn.

If we're running our own CA, can I get safari, chrome et al to accept longer cert expiry?

#Linux#SSL#OpenVPN
Replied in thread

@JessTheUnstill @Pibble

And yes, I treat all devices as insecure and would rather invest the time and effort needed get #TechIlliterates up to speed on the #OfflinePGP method!

Given the cheapness of storage (legitimate 1TB microSD cards exist and they ain't 4-digit items!) I'd legitimately look into #OTP #encryption and (IF I had the €€€€€€ to do so!) would even sponsor implementing it in #OpenVPN, #WireGuard and #OpenSSH (for #SSH-Tunmeling).

  • The #US is a #RogueNation with a Rogue Government! The sooner we accept this reality the sooner we can not only adjust to it but act accordingly…

I sincerely wish y'all could legitimately call me a tinfoilhat but so far I've been proven right all the time...

#HELP

I just received a concerning email from the OTF (@opentechfund.bsky.social) stating that a major source of their funding is in jeopardy.

If you care about open-source, anti-censorship, or the open internet, please consider supporting one of the projects they fund.

#FOSS #OpenSource #TechNews
#USPol #Politics #News #PoliticalNews
#NetNeutrality #EFF
#Wikimedia #Signal #SignalApp
#TOR #TAILs #OpenVPN #VPN #LetsEncrypt #HTTPS #SSL
#Censorship #AntiCensorship

opentech.fund/projects-we-supp

Und Gott sprach: "Lächle, es könnte schlimmer kommen."
Und er lächelte und es kam schlimmer:

Die US-Regierung unter #Trump hat Fördermittel für den Open Technology Fund (#OTF) blockiert.

Betroffen sind u.a. #LetsEncrypt, das #Tor-Netzwerk, #OpenVPN und F-Droid.

Der OTF klagt nun auf Freigabe der Mittel. Rund 650.000 $ fehlen allein für laufende Kosten im März.

heise.de/news/Nach-Trump-Dekre

heise online · US-Behörde stoppt Gelder für Let's Encrypt und Tor ‒ Open Tech Fund wehrt sichBy Sven Festag
Replied in thread

@StaceyCornelius In the past I did configure seperate systems for clients so they can travel without fuss regardless if "P.R." #China or #Russia or the #USA or #KSA...

  • The trick is to never have anything on your device and have a dedicaded burner!

Using @tails_live / @tails / #Tails and @torproject / #TorBrowser and when that's not an option, a #SSH-Tunnel / #OpenVPN or #WireGuard-#VPN to be able to #VNC into a machine.

  • Remember: They can only extract data that was saved on a machine!

CONSIDER THE #US ENEMY TERRITORY AS IN "If you wouldn't enter #NorthKorea, then why would you enter the USA?"

#SysadminLife pondering…

Given
- Remote #Debian/#Ubuntu server
- can‘t be accessed from internet
- behind (CG-)NATv4, no IPv6
- can reach any outside tcp/udp port

- A network under my full control
- Firewall can do: #IPSec, #Wireguard, #OpenVPN, #Tailscale/#Headscale Client
- I can self host any opensource service/container, and expose it

Challenge
- Make services on that server accessible TO my network
- server MUST NOT reach ONTO my network
- No 3rd party service dependence

Which remote file access options(s) do you use (or would recommend) over a cellular + VPN connection?

Use case: I am reassessing the best options for my remote access to NAS files over cellular + VPN (#OpenVPN, #Wireguard) with anticipated 10 to 50 Mbps connectivity speed.

Typical use is working on documents, spreadsheets, source code, one-way backup of phone pictures. For my use, automatic synchronization with the NAS is more important than speed because the NAS handles backups.

I am leaning toward setting up #Syncthing again because it would also work well for offline use. For this poll, I am considering #SSHFS, #SMB, and #NFSv4 are using direct access to the NAS with no local storage (yes more latency, but probably acceptable) instead of adding rsync between the PC and NAS over one of those network file systems.

The following options have worked in the past on the various OS that I have needed to use: