Re: Re: NAS software for Raspberry Pi that supports full range of client OS (Win-10, MacOS-X, Linux) ?
Hi there,
On Wed, 25 Mar 2020, Gene Heskett wrote:
setting [a VPN] up looks rather daunting.
It isn't so difficult when you get the hang of it. If you like I can
set one up for you by sending two files and some simple instructions.
Here's the configuration for an openvpn server at my place of work,
it's a little more complex than strictly necessary but still as you
see fairly simple. It uses the vanilla Debian install of OpenVPN, and
once enabled in /etc/default/openvpn it starts automatically at boot
(and just keeps on giving:). I've stripped all the comments:
8<----------------------------------------------------------------------
dev tun
port 1197
proto tcp-server
ifconfig 10.3.3.1 10.3.3.2
secret /etc/openvpn/private_keys/key.farm1
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
user nobody
group nogroup
daemon
comp-lzo
log-append /var/log/openvpn/farm1.log
8<----------------------------------------------------------------------
On Wed, 25 Mar 2020, Vincent Lammens wrote:
... plus, VPN's are a waste of money, HTTPS makes the web secure
anyway, so no need to waste money on a VPN.
This statement is false in just about every way possible. Perhaps you
have not had the need to use VPNs for their primary purpose, which is
to communicate Privately over a public open channel like the Internet.
A VPN offers other benefits too, such as convenience, and transparent
data compression.
1. For example, I use VPNs to communicate over the public Internet -
Privately (that's what the 'P' in VPN stands for) - between my own
sites and customers' sites. The communications are largely in the
form of measurements, instrumentation to monitor the reliability of
computers and equipment installed in offices, businesses and farms.
This is not related to (and does not use) HTTP, therefore HTTPS can
have nothing to offer. In addition, given proper routing I can ssh
into a customer's computer over a VPN using the Private IP address of
that computer exactly as if the computer is on the LAN here, which is
very convenient even if the doubled encryption is perhaps a little
wasteful of CPU cycles. I can ping the IP to see if the box is alive
for example, and all sorts of other things that you can do on a LAN.
In addition to being encrypted, all communications between the sites
are transparently compressed.
2. The Private tunnels are created by OpenVPN. OpenVPN is free, and
after using it for nearly two decades I also know it's very reliable.
3. HTTPS does NOT make the Web secure. Not even close. I'm not sure
that even the banks still try to peddle that fiction any more. Any
criminal can have a free certificate from Letsencrypt. I have some
for my own use, renewed automatically every three months by certbot,
although I'm not a criminal. If you believe that I'm not a criminal
then I have this box of money in the garage that I'd like to give to
you, please just send the shipping charge and your postal address.
--
73,
Ged.
Reply to: