BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] Wireguard [Was Re: dovecot: "Disconnected (no auth attempts in 0 secs)"?]
- Subject: [Discuss] Wireguard [Was Re: dovecot: "Disconnected (no auth attempts in 0 secs)"?]
- From: dsr at randomstring.org (Dan Ritter)
- Date: Fri, 18 Dec 2020 10:29:07 -0500
- In-reply-to: <d8581edf-4664-31bc-6e0b-c10ed9c822a7@mattgillen.net>
- References: <mailman.1.1607619604.20325.discuss@lists.blu.org> <24539.38809.149419.966527@blazemonger.com> <ce8252e2-5112-e571-7250-143827b268c4@borg.org> <d8581edf-4664-31bc-6e0b-c10ed9c822a7@mattgillen.net>
Matthew Gillen wrote: > > > On 12/17/2020 12:47 PM, Kent Borg wrote: > > P.S. I get *lots* of break in attempts (that's how I know my connection > > is live), but my system has very few users, all with good passwords, so > > I don't worry. > > I've struggled with this; with so few users it seems silly to expose > certain things to the whole world (from an IP point of view). > > I've been poking at wireguard (new VPN-ish capability built in to linux > kernel; I feel like wireguard is to VPNs what NoSQL DBs are to > relational DBs) No, wireguard is a first-class VPN transport, equivalent to IPsec or OpenVPN, considerably better than using SSH as a tunnel. The key feature of wireguard is that it only does the minimal amount of work necessary to send/receive encrypted packets, and appears as a new NIC to the OS. It ignores all packets that arrive for it without the proper encryption. It doesn't make routing decisions itself, the OS does that. There are no knobs to tweak; you can't make it insecure or incompatible by accident. >, which to my initial reading seems like the right > solution: server only exposes services to things on an "internal net", > wireguard on the mobile devices makes sure that when talking to any > services on that server that the connection gets tunneled through (with > good crypto that isn't application-specific) to the 'internal' side. That's one of many possible ways to use it. Other uses: - point-to-point VPN tunnel - hub-and-spoke VPN with routing - site-to-site VPN with routing - full-mesh VPN (requires external tools to keep all the config manageable) > However, I have yet to get it working the way I want. Anyone played > with it? ( https://www.wireguard.com/ ; > https://arstechnica.com/gadgets/2020/11/wireguard-for-windows-0-3-1-is-the-release-youve-been-waiting-for/ > ) Extensively, but not on Windows. I use it personally and at work on Linux and MacOS. -dsr-
- Follow-Ups:
- [Discuss] Wireguard [Was Re: dovecot: "Disconnected (no auth attempts in 0 secs)"?]
- From: me at mattgillen.net (Matthew Gillen)
- [Discuss] Wireguard [Was Re: dovecot: "Disconnected (no auth attempts in 0 secs)"?]
- From: kentborg at borg.org (Kent Borg)
- [Discuss] Wireguard [Was Re: dovecot: "Disconnected (no auth attempts in 0 secs)"?]
- References:
- [Discuss] dovecot: "Disconnected (no auth attempts in 0 secs)"?
- From: dbarrett at blazemonger.com (Daniel Barrett)
- [Discuss] dovecot: "Disconnected (no auth attempts in 0 secs)"?
- From: kentborg at borg.org (Kent Borg)
- [Discuss] Wireguard [Was Re: dovecot: "Disconnected (no auth attempts in 0 secs)"?]
- From: me at mattgillen.net (Matthew Gillen)
- [Discuss] dovecot: "Disconnected (no auth attempts in 0 secs)"?
- Prev by Date: [Discuss] Wireguard [Was Re: dovecot: "Disconnected (no auth attempts in 0 secs)"?]
- Next by Date: [Discuss] Wireguard [Was Re: dovecot: "Disconnected (no auth attempts in 0 secs)"?]
- Previous by thread: [Discuss] Wireguard [Was Re: dovecot: "Disconnected (no auth attempts in 0 secs)"?]
- Next by thread: [Discuss] Wireguard [Was Re: dovecot: "Disconnected (no auth attempts in 0 secs)"?]
- Index(es):