Re: site-to-site VPN with credential prompts?

To: debian-user@lists.debian.org
Subject: Re: site-to-site VPN with credential prompts?
From: Erwan David <erwan@rail.eu.org>
Date: Wed, 26 Mar 2025 11:28:40 +0100
Message-id: <[🔎] Z-PW2KnklWqJrijt@rail.eu.org>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <Z+PC6BQaEWfs/fkV@tuxteam.de>
References: <[🔎] CAH8yC8kg=yNE7Avp6++wEr3Nfcnpp5zWMmjRjhaGRHmx0ubMoQ@mail.gmail.com> <[🔎] c4e72e8d-5d09-423d-b907-52c7e1cf1f31@gmail.com> <[🔎] eb891680-242e-42bf-80b9-f2c8af617e43@gmail.com> <[🔎] fa07848b356064f4bcdc46af5a378c91600e0923.camel@janc.be> <[🔎] b7fa0af1-1421-46b3-9d94-4f55fb005347@gmail.com> <Z+OPrWo3/44t6e6r@tuxteam.de> <[🔎] Z-O903wJ5P-F0-Pa@phare.normalesup.org> <Z+PC6BQaEWfs/fkV@tuxteam.de>

On Wed, Mar 26, 2025 at 10:03:36AM CET, tomas@tuxteam.de said:
> On Wed, Mar 26, 2025 at 09:41:55AM +0100, Nicolas George wrote:
> > tomas@tuxteam.de (HE12025-03-26):
> > > I was once sitting at a $(DAYJOB) where they blocked everything but
> > > 443 (and 80). I tunneled ssh over socat (with TLS, so that the handshake
> > > didn't look suspect, in case their firewall sniffed that). Bonus: I
> > > got to see whether they did MITM, since I made my own server and
> > > client certs.
> > 
> > If behind a BOFH firewall, ssh is usually a lot easier to tunnel to
> > sneak through than a VPN.
> 
> My bet was that 443 is always open because otherwise mid- and hi-
> level mgmt would be on top of the poor admins because they couldn't
> go to their share trading casinos: I won :)

Admins would also have problems to get security updates (and not accessing *overflow)


-- 
Erwan David

Reply to:

Follow-Ups:
- Re: site-to-site VPN with credential prompts?
  - From: <tomas@tuxteam.de>

References:
- site-to-site VPN with credential prompts?
  - From: Jeffrey Walton <noloader@gmail.com>
- Re: site-to-site VPN with credential prompts?
  - From: jeremy ardley <jeremy.ardley@gmail.com>
- Re: site-to-site VPN with credential prompts?
  - From: jeremy ardley <jeremy.ardley@gmail.com>
- Re: site-to-site VPN with credential prompts?
  - From: Jan Claeys <lists@janc.be>
- Re: site-to-site VPN with credential prompts?
  - From: jeremy ardley <jeremy.ardley@gmail.com>
- Re: site-to-site VPN with credential prompts?
  - From: <tomas@tuxteam.de>
- Re: site-to-site VPN with credential prompts?
  - From: Nicolas George <george@nsup.org>
- Re: site-to-site VPN with credential prompts?
  - From: tomas@tuxteam.de

Prev by Date: Re: site-to-site VPN with credential prompts?
Next by Date: Re: site-to-site VPN with credential prompts?
Previous by thread: Re: site-to-site VPN with credential prompts?
Next by thread: Re: site-to-site VPN with credential prompts?
Index(es):
- Date
- Thread