[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Hi Giles, On this date - Sat, Oct 12, 2019 at 04:25:51PM +0100, Giles Coochey wrote: > Hi All, > > It was good to be at Paignton Library for the South Devon Tech Jam this > afternoon, disappointing we couldn't get my laptop on the projector - > something I must look into. As I mentioned, I thought I would leave some of > the reference URLs for further reference of VPNs: > > An Open-VPN based solution (consumer) - I have no affiliation with them, > other than using Open-VPN open-source technology myself, and you can Google > for other VPN providers, your choice should involve a combination of who you > trust offset against your local network provider, and of course cost. > > https://www.privatetunnel.com/pricing/ > > The National Cyber Security Centre (UK) about SSL VPN Advisory: > > https://www.ncsc.gov.uk/news/alert-vpn-vulnerabilities > > A Similar Advisory Note from the NSA (US): > > https://media.defense.gov/2019/Oct/07/2002191601/-1/-1/0/CSA-MITIGATING-RECENT-VPN-VULNERABILITIES.PDF > > Cipher Suites supported by StrongSWAN (The IPsec site-to-site solution we > explored in the talk), note - many of these Cipher Suites are also supported > by OpenVPN, so the same advice as to their security provisions also apply, > as they do with Pfsense solutions, cross referencing these with the recent > advisories above should help you choose a secure configuration, perhaps not > against the NSA themselves, but certainly about what they perceive others: > > https://wiki.strongswan.org/projects/strongswan/wiki/IKEv2CipherSuites > > Legacy Example Configurations for StrongSWAN, while they are labelled > "Legacy" this just means the Legacy method of configuration, as opposed to > legacy methods of security. For me, I find them simpler to understand than > the newer way of configuring StrongSWAN, the end result of security in > implementation is the same: > > https://wiki.strongswan.org/projects/strongswan/wiki/IKEv2StrokeExamples > > NetGate supply small appliances, to full enterprise solutions, but can also > provide Open-Source PFsense images to run under any old x86_64 hardware > should anyone want to investigate both OpenVPN or IPsec site to site VPN > solutions without the need of involving a third-party (and thus avoiding > necessary trust issues we discussed): > > https://www.netgate.com/solutions/pfsense/ > > As always, I'm available by Email for further in-depth advice, and opinion, > which are my own of course! > > Best Regards, > > Giles Coochey > > PS - Paul - if you could forward these links to anyone at the talk, who > might not have been on the DCGLUG list. I'm working on adding mailing list support for SDTJ discussions, so once that's up, you're welcome to join. That one will be named `sdtj-discuss`, and I hope to have attendees subscribed for out-of-session discussion! There should also be a `sdtj-announce` for annoucements. Right now its not ready, but I've just got funding from our server hosting company today to deploy the new servers alongside the legacy ones. :) In terms of sharing links, the other plan is to have a blog on the site for writeups of the meetings, so if you want to - when the blog/website is ready, waiting on frontend design by one of the commitee members, you can send to me directly on my SDTJ mail address any notes you want in future talks.. or past talks. Your talk sounded excellent, and I'm sure all of those attending the meetup went home with some more knowledge of VPNs! WireGuard is something I've been looking into, but I'm personally happy with OpenVPN *at the moment*... Anyway, thanks again for your talk. -- Sincerely, Dom Rodriguez (shymega). -- The Mailing List for the Devon & Cornwall LUG https://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq