[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Macs & VPNs

To: "list@xxxxxxxxxxxxx" <list@xxxxxxxxxxxxx>
Subject: Re: [LUG] Macs & VPNs
From: mr meowski <mr.meowski@xxxxxxxx>
Date: Thu, 25 Oct 2018 13:29:13 +0000
Accept-language: en-GB, en-US
Content-id: <C321093A6337454CB67155069D648515@eurprd08.prod.outlook.com>
Content-language: en-US
Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dclug.org.uk; s=1538993161; h=Sender:Content-Transfer-Encoding:Content-Type :Reply-To:List-Subscribe:List-Help:List-Post:List-Unsubscribe:List-Id:Subject :MIME-Version:Content-ID:In-Reply-To:References:Message-ID:Date:To:From:Cc: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Owner:List-Archive; bh=BEA4xkOSBX4IbTiixlBTSRFZZJdLZOjDdTWaJgm2QBE=; b=IgQRkiNUvobrh6NR1P7cCr4YCm Sddm/x/a7t7uzF7eFHOsOl6yG9HiuRHm5EGWgoOPCmtEApTt6mwfCbFgDO9tlf8tcJLXZAjwY2Wm3 NQOKK61nlWvXy8G6LK7bXv3C/KELbDklgmg/PTB4JeWr/WZ4FEmSU5pjGf5rmRR9LicQ=;
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=live.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2Q80OOSSZZ/nwm+oQd4AVrF0bhyG/ABi1h9yXC/NZzk=; b=XVTMIQgdaXRZOvn7AId30o/yYCg4/wohAawkW7+fd4avvsib4qHo8hBC9dvqlmg/+4e37S6KrmDAzmS3h0p21QOzahxbAaZDO92DP5lf0D8reJGKKNafROI44rSDwYRRk/cMy3LSiLA8RgZy97XzRCmBzODI22VaiyDUfD6cMOMydrJWvDyGai7O2rBD8k0uBRXFYzw3p8ViB/qdGCn5yHzeOON+t5A8XjUHb4ivnXgWiWr91Xy6fxMjInI9Pl6Njt8pxlVn5bJHjx9ZxmtqQSM2Ae2NUunX5eOj1/1b3unofrZASs0f0IGiJfPa+PjAKXhxib6BeKn/khQ7uFOsTA==
Thread-index: AQHUTmSv/Jr33YXzokaMR2YOH7sFpqT0j4KAgDuHm4CAABmHgA==
Thread-topic: [LUG] Macs & VPNs

On 25/10/2018 12:57, Martin Gautier wrote:

> In the end, I've gone with a Draytek modem, psfsense appliance and 
> OpenVPN. Seems to be running fine. The pfsense VPN wizard was very useful.
> 
> I'll have a play with Wireguard when I have some down time, it looks 
> interesting. pfsense with Wireguard bundled in an appliance would be 
> awesome.

Glad to help (if I did).

You weren't tempted by OpnSense instead of pfSense? Keep them on your 
list for next time you have do this (the pfSense holding company have 
always been a bit... weird for want of a better phrase).

Wireguard is the future however - in the space of a month I've changed 
all my stuff around so instead of having OpenVPN in service as usual 
with optional Wireguard for testing I'm now 100% Wireguard with OpenVPN 
relegated to the background just in case. The difference is night and 
day - ease of setup/admin, flexibility, resource consumption. On mobile 
clients it's even more unmistakable - less battery drain, instant 
reconnects as you roam between wifi or mobile networks. You can even set 
up a new client on the fly by SSH'ing into your Wireguard config box - 
which doesn't have to be the actual endpoint machine itself - generating 
the config and then running it through a QR code generator:

qrencode -t ansiutf8 < /etc/wireguard/clients/littlebird.wg0.conf

Point the new phone/tablet/laptop's camera at the pretty picture on the 
tty and you're done. You can also do multi-site to multi-site star 
topologies via Wireguard and route all clients through to a single flat 
VLAN - the sort of thing that used to give me nightmares via IPSEC or 
Open VPNs.

Looks like Wireguard won't be officially merged until the 4.20 (or 5.0 
depending on what Linus calls it) kernel for Linux but you can do a DKMS 
build already on most distros and stable clients are available for 
Windows, Mac and Android.

It's not that often that something new comes along and completely 
blitzes the standardized incumbent software but Wireguard is just such a 
thing.

Cheers
-- 
The Mailing List for the Devon & Cornwall LUG
https://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq

References:
- Re: [LUG] Macs & VPNs
  - From: Martin Gautier

Prev by Date: Re: [LUG] Using File Browser in Ubuntu
Next by Date: Re: [LUG] Using File Browser in Ubuntu
Previous by thread: Re: [LUG] Macs & VPNs
Next by thread: [LUG] Using File Browser in Ubuntu
Index(es):
- Date
- Thread