Hi there, On Wed, 25 Mar 2020, Gene Heskett wrote:
setting [a VPN] up looks rather daunting.
It isn't so difficult when you get the hang of it. If you like I can set one up for you by sending two files and some simple instructions. Here's the configuration for an openvpn server at my place of work, it's a little more complex than strictly necessary but still as you see fairly simple. It uses the vanilla Debian install of OpenVPN, and once enabled in /etc/default/openvpn it starts automatically at boot (and just keeps on giving:). I've stripped all the comments: 8<---------------------------------------------------------------------- dev tun port 1197 proto tcp-server ifconfig 10.3.3.1 10.3.3.2 secret /etc/openvpn/private_keys/key.farm1 keepalive 10 60 ping-timer-rem persist-tun persist-key user nobody group nogroup daemon comp-lzo log-append /var/log/openvpn/farm1.log 8<---------------------------------------------------------------------- On Wed, 25 Mar 2020, Vincent Lammens wrote:
... plus, VPN's are a waste of money, HTTPS makes the web secure anyway, so no need to waste money on a VPN.
This statement is false in just about every way possible. Perhaps you have not had the need to use VPNs for their primary purpose, which is to communicate Privately over a public open channel like the Internet. A VPN offers other benefits too, such as convenience, and transparent data compression. 1. For example, I use VPNs to communicate over the public Internet - Privately (that's what the 'P' in VPN stands for) - between my own sites and customers' sites. The communications are largely in the form of measurements, instrumentation to monitor the reliability of computers and equipment installed in offices, businesses and farms. This is not related to (and does not use) HTTP, therefore HTTPS can have nothing to offer. In addition, given proper routing I can ssh into a customer's computer over a VPN using the Private IP address of that computer exactly as if the computer is on the LAN here, which is very convenient even if the doubled encryption is perhaps a little wasteful of CPU cycles. I can ping the IP to see if the box is alive for example, and all sorts of other things that you can do on a LAN. In addition to being encrypted, all communications between the sites are transparently compressed. 2. The Private tunnels are created by OpenVPN. OpenVPN is free, and after using it for nearly two decades I also know it's very reliable. 3. HTTPS does NOT make the Web secure. Not even close. I'm not sure that even the banks still try to peddle that fiction any more. Any criminal can have a free certificate from Letsencrypt. I have some for my own use, renewed automatically every three months by certbot, although I'm not a criminal. If you believe that I'm not a criminal then I have this box of money in the garage that I'd like to give to you, please just send the shipping charge and your postal address. -- 73, Ged.
