🇨🇦

  • 7 Posts
  • 156 Comments
Joined 2 years ago
cake
Cake day: July 1st, 2023

help-circle
  • Where in the world did you get that idea?

    VPNs serve three functions:

    • add a layer of encryption so your local network operator and ISP can’t inspect your traffic, its contents and its true destination. (this is what OP is looking for)

    • make it appear to the service you are connecting to, that you are connecting from a different location than where you actually are. (for example make Netflix think you’re in a different region to show you different content)

    • provide secure access to private services that are not exposed directly to the Internet. IE securely connecting devices on seprate LAN networks together over the Internet via an encrypted tunnel. This is a VPNs true purpose and how they are primarily used in Professional/Comercial settings. (pretty much every corporation you’ve ever interacted with runs a VPN that connects its stores/warehouses/offices together)


  • I really don’t like the idea of every device automatically having a publicly reachable IP.

    There’s certainly situations where that would be nice; but I’m quite fond of most equipment and services being behind a router and it’s firewall, requiring explicit configuration to be exposed to the open net.

    Nobody outside my home network ever needs access to my toaster… (btw, why tf is my toaster wifi enabled…?)






  • I will always recommend Borg backup just because of it’s compression+de-duplication algorithms:

    550gb of raw data, 20 historical backups going back over a year (10.98tb of data total), only 400gb of disc space used to store them all…

    You can backup directly to remote servers via ssh, nfs, or directly between two borg instances, optionally encrypted in transit and at rest.

    Borg is a CLI tool normally, but there are a number of GUI frontends you can use if you really want: Vorta, BorgWeb, and BorgWarehouse for example. (I’ve not used any of these, just examples from a google search)








  • I wonder why so many people had issues with the v6 pihole update.

    I pulled the new docker container and it ran overtop the previous version just fine. The only issue I had was I had the admin password set to empty via an env variable and that variable name changed. Took like 10 min to find and fix. The rest migrated perfectly.

    Now I’m just waiting on orbital-sync to add v6 support, but that’s just around the corner and not that critical.


  • 95% of things I just don’t expose to the net; so I don’t worry about them.

    Most of what I do expose doesn’t really have access to any sensitive info; at most an attacker could delete some replaceable media. Big whoop.

    The only thing I expose that has the potential for massive damage is OpenVPN, and there’s enough of a community and money invested in that protocol/project that I trust issues will be found and fixed promptly.

    Overall I have very little available to attack, and a pretty low public presence. I don’t really host any services for public use, so there’s very little reason to even find my domain/ip, let alone attack it.


  • Looking at openspeedtests github page, this immediately sticks out to me:

    Warning! If you run it behind a Reverse Proxy, you should increase the post-body content length to 35 megabytes.

    Follow our NGINX config

    /edit;

    Decided to spin up this container and play with it a bit myself.

    I just used my standard nginx proxy config which enables websockets and https, but I didn’t explicitly set the max_body_size like their example does. I don’t really notice a difference in speed, switching between the proxy and a direct connection.

    So, That may be a bit of a red herring.





  • This part always confuses me, so I won’t be able to give specifics; just a general direction. Most guides explain how to route traffic from a vpn client to the lan of the vpn host. You need to route traffic from the vpn host/lan to a client of the vpn.

    You need to change the routing table on the VPS, adding a static route to route traffic heading for your VPNs subnet to the VPN host instead of out the default gateway.

    How exactly to do that I’ll have to leave to someone else unfortunately. Network config confuses the hell out of me.