On Wednesday 25 March 2020 08:34:48 G.W. Haywood wrote: > Hi there, > > On Wed, 25 Mar 2020, Gene Heskett wrote: > > setting [a VPN] up looks rather daunting. > > It isn't so difficult when you get the hang of it. If you like I can > set one up for you by sending two files and some simple instructions. > Here's the configuration for an openvpn server at my place of work, > it's a little more complex than strictly necessary but still as you > see fairly simple. It uses the vanilla Debian install of OpenVPN, and > once enabled in /etc/default/openvpn it starts automatically at boot > (and just keeps on giving:). I've stripped all the comments: > > 8<-------------------------------------------------------------------- >-- dev tun > port 1197 > proto tcp-server > ifconfig 10.3.3.1 10.3.3.2 > secret /etc/openvpn/private_keys/key.farm1 > keepalive 10 60 > ping-timer-rem > persist-tun > persist-key > user nobody > group nogroup > daemon > comp-lzo > log-append /var/log/openvpn/farm1.log > 8<-------------------------------------------------------------------- >-- msg marked. > > On Wed, 25 Mar 2020, Vincent Lammens wrote: > > ... plus, VPN's are a waste of money, HTTPS makes the web secure > > anyway, so no need to waste money on a VPN. > > This statement is false in just about every way possible. Perhaps you > have not had the need to use VPNs for their primary purpose, which is > to communicate Privately over a public open channel like the Internet. > A VPN offers other benefits too, such as convenience, and transparent > data compression. > > 1. For example, I use VPNs to communicate over the public Internet - > Privately (that's what the 'P' in VPN stands for) - between my own > sites and customers' sites. The communications are largely in the > form of measurements, instrumentation to monitor the reliability of > computers and equipment installed in offices, businesses and farms. > This is not related to (and does not use) HTTP, therefore HTTPS can > have nothing to offer. In addition, given proper routing I can ssh > into a customer's computer over a VPN using the Private IP address of > that computer exactly as if the computer is on the LAN here, which is > very convenient even if the doubled encryption is perhaps a little > wasteful of CPU cycles. I can ping the IP to see if the box is alive > for example, and all sorts of other things that you can do on a LAN. > In addition to being encrypted, all communications between the sites > are transparently compressed. > > 2. The Private tunnels are created by OpenVPN. OpenVPN is free, and > after using it for nearly two decades I also know it's very reliable. > > 3. HTTPS does NOT make the Web secure. Not even close. I've never believed was anything but to scare the dumber criminal away.
> I'm not sure > that even the banks still try to peddle that fiction any more. Mine seems to. > Any > criminal can have a free certificate from Letsencrypt. I have some > for my own use, renewed automatically every three months by certbot, > although I'm not a criminal. If you believe that I'm not a criminal > then I have this box of money in the garage that I'd like to give to > you, please just send the shipping charge and your postal address. Thanks G.W. Haywood. More q's when its time to install of course. Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) If we desire respect for the law, we must first make the law respectable. - Louis D. Brandeis Genes Web page <http://geneslinuxbox.net:6309/gene>
