On Mon, 27 Sep 2021 16:47:07 -0400
Henning Follmann <hfollm...@itcfollmann.com> wrote:
> On Mon, Sep 27, 2021 at 09:01:32PM +0200, Stella Ashburne wrote:
> > Hello Henning,
> >
> > Thanks for your reply.
> >
> [...]
> >
> > nmcli is from the package network-manager, yes? If it is, I'd
> > prefer not to install it. Why? Many VPN providers/vendors recommend
> > against using Network Manager to connect to OpenVPN servers because
> > the former is buggy and leaks details about the user.
>
There was an early period when N-M was known as 'Notwork Manager', but
that was long ago.
>
> And N-M is not "buggy". It is IMO one of the better way for the
> general PC user to manage their physical connections.
> I however have never used it to set up openvpn or wireguard. I use
> both currently, but will most likely phase out openvpn.
>
I've used it for some years with OpenVPN, but with my own server, not
some random commercial thing. I run it on both my mobile computers as a
matter of course (it also handles wifi pretty well) but would never
consider it on a desktop. It's a Gnome application, but I just hold my
nose and use a large enough hard drive. It doesn't actually have many
Gnome dependencies
>
> > Sure, for example on
> > ArchLinux's wiki pages, there are tutorials on how to set EAP-TTLS
> > etc. I don't even know what EAP-TTLS stands for.
ArchLinux docs are pretty good, even for standard Debian.
See if you can wade through some of the basics of FreeRADIUS. It has
extensive documentation of a range of auth technologies. e.g. EAP-TLS
('extended authentication protocol') is the basic certificate-based
auth where the client must supply a certificate. I believe the 'TTLS'
version does not require a client certificate, so I've never looked at
it. Pretty much all the MS authentications are explained (CHAP, PAP,
etc.)
--
Joe
