What are Reddit's favorite Virtual LAN Apps?
pfSense
ZeroTier
SoftEther VPN
LogMeIn Hamachi
Freelan
ZeroShell
Radmin VPN
P2PVPN
NetOverNet
Top Reddit reviews mentioning Virtual LAN Apps:
Looks like they've been deleting some of their older blogposts. That's unfortunate. I especially liked the colon cancer one.
Yea, I got one of these and ended up fixing it for good.
My son gave his friend our WAP password for his phone and then the little punk friend decided to go on a downloading spree. How does one give out give out the WAP password and still remain safe?
Let me tell you.
I set up a PFsense router. with an openVPN connection to the Netherlands.
All my machines have a static IP address. Anything requesting a DHCP address gets sent through the VPN and comes out the Netherlands. I'll never see another Rightscorp notice again.
edit: If you set one of these up, make sure to have the DHCP clients use openDNS or Google and NOT your DNS server on the router or provider. Also create a rule blocking all traffic from the DHCP clients to the WAN, to ensure the WAN traffic gets blocked in case the VPN goes down.
Yes - you're looking for PFSense. There are other options too, but I'm a big fan of that one. I use something similar as my current router, a Core i3 PC with a pair of dual-port server NICs, running PFSense. It has no problem handling NAT, firewalling, Squid proxy, blocking lists of known bad actors, etc.
There's a couple of things you could do. If you had two separate internet connections, you could use load balancing to get a faster connection by combining the two. Connectify Dispatch works great for that.
If you want a faster connection to your local network, you could use LACP teaming to bond the two connections together to make a 2Gbps virtual interface. You will need a switch that supports LACP though, and it's tough to take full advantage of this unless you have multiple client machines download files from your computer. Another benefit of this is if one port happens to fail, it will continue to run off the other port. Really only helpful for servers though that need 100% uptime.
Of you could turn the computer into a simple Pfsense router.
Or you could just bridge the connections in Windows making them act similar to a switch. Gives you the possibility to plug other ethernet devices into it, for example if you want to use your laptop simultaneously at your desk, you could plug it into the other ethernet port if your don't have a switch nearby.
> the device they use needs further explanation
Probably an MitM proxy like this one. It's very simple to do: you just need to install a custom SSL cert on the phone, which allows any gateway with the corresponding SSL key to decrypt all the traffic. The same tech is used by many corporate firewalls to also inspect HTTPS traffic, and decent prosumer firewalls like pfSense can do it, too.
There are other people in the thread going on about SSL certificate pinning (which can prevent the above MitM interception), but Google don't appear to be using hard pinning: I've seen plenty of people use Google services from Android and Chrome on corporate networks that have such SSL-intercepting firewalls without issue. I just MitM'ed a couple of Google apps on my iPhone without any problems.
> It is a scare piece.
It's certainly at least a bit stupid. The phone is recording your location via GPS, which is obviously unaffected by turning of WiFi and pulling the SIM.
Download it, try it, enjoy it.
If you have BSD / Unix experience, awesome, it'll give you even more control over it. If you don't, no worries, the router has a web interface, and it's REALLY straightforward and has a lot more features and power than a bog-standard router (hell, you can run an OpenVPN server on it, plus IPSEC, plus monitoring and traffic logging, plus QoS - this is the kind of thing you'd pay Cisco / Juniper a couple of grand for).
First pick an opensource firewall
Here i will help... Buy one of these
https://www.pfsense.org/products/
Then lock out Microsoft
Start by adding these address to your Firewall.
- dns.msftncsi.com
- ipv6.msftncsi.com
- win10.ipv6.microsoft.com
- ipv6.msftncsi.com.edgesuite.net
- a978.i6g1.akamai.net
- win10.ipv6.microsoft.com.nsatc.net
- en-us.appex-rf.msn.com
- v10.vortex-win.data.microsoft.com
- client.wns.windows.com
- wildcard.appex-rf.msn.com.edgesuite.net
- v10.vortex-win.data.metron.life.com.nsatc.net
- wns.notify.windows.com.akadns.net
- americas2.notify.windows.com.akadns.net
- travel.tile.appex.bing.com
- www.bing.com
- any.edge.bing.com
- fe3.delivery.mp.microsoft.com
- fe3.delivery.dsp.mp.microsoft.com.nsatc.net
- ssw.live.com
- ssw.live.com.nsatc.net
- login.live.com
- login.live.com.nsatc.net
- directory.services.live.com
- directory.services.live.com.akadns.net
- bl3302.storage.live.com
- skyapi.live.net
- bl3302geo.storage.dkyprod.akadns.net
- skyapi.skyprod.akadns.net
- skydrive.wns.windows.com
- register.mesh.com
- BN1WNS2011508.wns.windows.com
- settings-win.data.microsoft.com
- settings.data.glbdns2.microsoft.com
- OneSettings-bn2.metron.live.com.nsatc.net
- watson.telemetry.microsoft.com
- watson.telemetry.microsoft.com.nsatc.net"
Or just use linux... But you know Fuck Microsoft and their bullshit.. Just starve them of the data and use the shit out of their products for free.. Make them regret giving it away for free. It is the best solution..
Edit most of you know that host file edits dont make a difference as they are hard coded into DNS.aspi and cannot be bypassed through the host file.. External firewall and route them to 0.0.0.0
>You was from Denmark right
yep... it was kinda hard getting the pfsense box... first i had to go to https://store.pfsense.org/ and then i had to click BUY! can you imagine that?
you could also go to https://www.pfsense.org/partners/locator.html and find a local reseller. :)
As an alternative, you can do this on an amd64 or x86 platform with PfSense which is a very popular FreeBSD based firewall appliance.
https://www.pfsense.org/download/
PfSense has available a number of packages built from open source projects to install additional functionality, for instance antivirus and caching proxy.
Since it's based on a PC platform, you can build a router with as much or as little processor, RAM and disk as you wish. This allows you to run what is considered by many a commercial grade firewall on a device which consumes no more power than the TP-LINK router.
Another advantage of being PC based is that you can run it as a virtual machine.
I'm running pfSense. It's very flexible, and a good learning experience for me. I've got it configured to block ads at the router level via the firewall and DNS based blocking, so the vast majority of ads (including phone ads!) are gone without having to install anything on connected devices.
thanks!
the desktop parts is a firewall/router running pfsense for load balancing between multiple (slower) internet connections
the laptop parts is for gaming almost classic titles like the very first Command & Conquer, Red Alert, Quake 3, Abe's Odyseee/Exodus... for these older games that you'd spend hours and hours, it made sense to have a lower power rig to save on electricity.
> when you talk about pfSense you're really talking about the UI atop freeBSD.
Many people have this opinion, all of them are wrong. There are actually a lot of patches to FreeBSD base and some of the packages, in addition to the GUI. The "GUI" is also the configuration layer (the same PHP runs both).
In answer to OP: yes, there has been a fair amount of attention on the PHP GUI in the last year. You can see where people have reported bugs, we've fixed them, and made new releases.
If you're saying wanna-be admin as in you want to learn how to do these things, the best way to do this is to set yourself up a pfSense router and learn how to use it. It's open source and you can install it on pretty much any machine with two NICs and do what you're after. I had it running on a old celeron PC for years that served my entire home network, sometimes with three youtube videos and netflix going all at the same time without noticable issues.
You set up OpenVPN on the pfSense router, connect to that from anywhere, then interact with the rest of your network like you're plugged into it locally. This way, the only thing that's exposed is the OpenVPN port, which is going to require keys to get into.
If you're ~~extra paranoid~~ security minded, you can go on to harden your servers inside your network to add additional hurdles to attackers. If your router is compromised, sure an attacker is in your network, but now they've gotta take the extra step of breaking into your server.
Security by obscurity is dead. Picking a non-default port number isn't going to help you. Botnets scan everything all the time now, attacks are automated. It used to be you had to have something of value to really worry about attacks, but nowadays they're just looking for another zombie to add to the horde.
-rwsr-xr-x is likely using pfsense. You can install it on an old computer and use that as a router instead of buying a whole new device. There are several ways to do this inside of pfsense like using DNS, Squid / Squidguard like above, and Dansguardian. Check out /r/PFSENSE and https://www.pfsense.org/ if you're interested.
I'm going to have to disagree with this, especially in regards to small businesses.
A firewall is typically used as a perimeter security device, and should remain separate from any other systems hosting content, especially when said content is available to the internet.
It doesn't take much hardware to build a pfSense based security appliance (software is free), and run your hosting services on another system.
Binned a Sonicwall for a pfSense box at my previous employment. I'm currently using pfSense running on a re-purposed Citrix CAG just for captive portal public wifi. We have ASAs so I'll take what's been said here on board and see how far off the EOL is.
Well the PFsense sizing guide on their website recommends multiple cores at more than 2GHz each when working with over 500Mb/s speeds.
I think you've done well to get the performance that you have out of that poor little atom ;-)
I personally think you will be fine with a quad core xeon at 1.6GHz or so (or two dual cores) as for 100-500Mb/s they recommend one core at 2GHz.
Just make sure you get good Intel network adapters - I've had decent experiences with getting Realtek ones up to 1Gb/s but it seems I'm in a minority.
The comments here are depressing. NAT breaks the end-to-end nature of the Internet. Why is it that either nobody comprehends the importance of this or nobody cares..?
I was inspired to finish up this post and put it up in response to this BS: https://www.zerotier.com/blog/?p=13
Because it's a fully fledged, opensource, software firewall that can run on any number of hardware configurations with a shitload of services, addon support and super good firewalling.
I use a pfSense firewall at home. There is a plugin called pfBlockerNG that allows for Geo-IP blocking very easily. Click to install the plugin, select the countries you want to block (or select all and unselect the ones you want to allow), and activate it.
Pf Sence can do all you ask for,performance is not an issue as long as the pc running the router has enough ram(1 gig) and a decent cpu. All the documentation and some examples can be found here: https://www.pfsense.org/ The os is very powerful and can require a bit of getting use to because it is based on bsd but with a bit of practice it is easy.
A good VPN that doesn't store logs should suffice. Check out /r/VPN. ~~The best thing you can do is buy a router that supports custom Linux firmware such as dd wrt and apply the VPN directly on it so no data is leaked.~~ VPN Software should suffice it seems. You could repurpose an old pc and make it into a linux router with pfsense (this stuff is amazing) : https://www.pfsense.org/
There are also ways to have a failsafe so if the VPN fails, no data is leaked. Furthermore, if you pirate, a seedbox or using Usenet and downloading via SFTP would be very secure : /r/torrents, /r/seedbox, /r/Usenet, /r/privacy.
edit: changed router info. Also, you should look for a VPN with one or more servers/gateways that are located near AU to ease bandwidth loss.
I would go with Openvpn on a server or router if its supported. If you want to run it on a server you could look into https://www.softether.org/ , It's a nice looking solution that I use for my homelab.
Hi,
Long time lurker here , anyway my opinion about any IoT device , CCTV , Alarms , Smart-<put appliance name here >, they are all terrible at security, the manufacturers don't care about OS updates , their special OS is usually an old linux/unix Kernel with 1k CVE's
Last project was to deploy a Build Automation Appliance that was required by the manufacturer to be exposed over the DMZ.. not enough the max size of the pin code ? !4 Digits ... and according to the supplier & the partner is secure enough ... We are talking about a >10k € device ( not solution just the device !) not your 20 € IP Cam
If you are in an Enterprise Environment: Create VLAN consider it insecure Block all connectivity to anywhere including internal VM's Consider all Hosts on that network as hostile/ compromised Use a VPN or a NAT with heavy ACL in place, double check all the needed ports and give it the absolute minimum required.
Any "industrial router" would drop any upnp attempts , etc etc.
If you are in an HOME/SOHO/SMB Environment: Create VLAN consider it insecure Block all connectivity to any other network Install OPVPN or better use zetotier https://www.zerotier.com/
If you have sysadmin know-how you can also use a VM to act as a reverse proxy to the IP CAM Ui
To solve the Build Automation Appliance issue whats I did was install a Ubuntu VM , deploy zerotier , close the entire network only allowing access via the VM. Since zerotier has IOS/Androind Clients so all works perfect.
I see two causes to this.
One the wide spread availability of internet. I know people who live in the middle of no where and cant get cable/dsl but still have 5mb/s 4g wireless.
Two, pirating. If I let you play offline, then I can't make sure your connection is valid. Moreover, if I let you play offline on LAN then you can use a program that sets up a type of VPN allowing you to play "LAN" over the internet. here and here
+1 on the UBNT ERL. We deploy them for our non-MSP clients, it costs them $99 and it's a great unit. Make sure to upgrade the firmware to 1.7 for some traffic tracking.
I've not used the VPN options on the ERL since I like SoftEther VPN so much. If you need VPN either site-to-site or mobile VPN, I highly suggest SoftEther VPN server running on a little 512M memory VM.
While there's a time and a place for solutions such as pfSense, the situation OP describes is probably best served by a commercial, hardware-driven solution. Nexgate's support offerings are also questionable for such an environment: 8-hour SLA, 1-hour max ticket time, "high level" troubleshooting for non-Nexgate devices, etc. https://www.pfsense.org/get-support/software-support.html
You might also want to try SoftEther VPN. It's an open-source P2TP VPN server written by the University of Tsukuba in Japan. It is free, easy to use and most importantly it supports clustering and thereby scaling horizontally.
You might set your Pi and any other network services (files, media centre, IP cams, smart home stuff, remote desktop to your home machine...) to connect to a ZeroTier network. Then connect to the same one from your phone or laptop and it all becomes visible. You might find a whole bunch of services you find useful to access from outside your home network, or at least reduce your dependence on your phone connecting to WiFi for everything to function at all. And it's nice that you never have to expose anything in a DMZ or set up your own complicated OpenVPN server to accomplish that.
(For something like a light switch, which doesn't run an exposed OS, you could set up a Pi as a gateway to the rest of your network.)
And if, like me, you were wondering what a heap of Layer 3 networking terms mean, ZeroTier is a great way to learn! I use it at work to remotely connect to a machine at the office.
Check out tunngle and LogMeIn Hamachi, If the game is fairly popular then you can easily find a server to connect with via tunggle which allows you to play mutiplayer on pirated games via local lan play mode.
Check out tunngle: https://www.tunngle.net/en/
Check out LogMeIn Hamachi: https://www.vpn.net/
Set up an OpenVPN server. You could install it on your existing Ubuntu VM (guide) or you could spin up a new VM and use something like pfSense.
You'd only have to forward a single port on your router (default is UDP 1194) and you need a certificate as well as a username/password to connect so it's secure. You can pick the level of encryption to use and it's very strong.
You'd then connect in from whatever device (there are OpenVPN clients for almost all platforms) and access everything via its normal LAN IP address. It's basically like you're directly connected to your home network.
No. The minimum hardware requirements are just 1 GB of disk (not 1 TB, just 1 GB). Almost any type of disk is fine if you're just using it as a firewall/router replacement, since there's very little disk I/O after startup. Even a thumb drive can work, but they're usually not terrible reliable for long term.
If you look at the prebuilt hardware that pfSense sells, it's all with eMMC flash drives or SSD drives, but that's for reliability, not speed.
However there are optional packages that will create a lot of disk I/O and use a lot of disk space - squid, for example. If you're planning on installing them, then you need more space, and need to pay attention to disk performance.
You can install pfSense on a small, slow disk, and then also add a large, fast disk for squid (or other packages) if you like.
You might also sling the gold membership for those that want to support the project, but don't necessarily need to buy hardware (or have hardware lying around and feel the appliances are "too expensive") or are non-commercial entities.
$100 a year, for me, is much better spent than drinking and tinkling out Charbucks. Y'all probably have a much better profit margin on that than the hardware, too, right?
If you have a spare PC and the technical skills to install an additional NIC, you can set up a very bad-ass router (we are talking >1 million entry state tables here) that puts pretty much anything under $1000 to shame using pfSense. Throw in a nice 5-10 port switch and a Ubiquiti AP and you are good to go for right under $100.
Check out /r/PFSENSE
I'm not sure if it does ALL of the things you need, but I'm using pfSense pfSense (As a firewall)
BandwidthD will show you who is using how much, OR what domains are getting used how much.
RRD graphs show usage over various periods 8 hours, 1 day, 1 week, 1 month, 3 months, 1 year.
It can also do throttling of various types and blocking of domains.
Edit: I think it can do most of that. It wouldn't exactly generate reports, but you can go look at the data and prind the graphs and tables.
Alright mate I’m about to drop about 6 years worth of perfection on you. I’m not on a computer so bear with me.
So the Westeros only mod is good yeah, but we at the moment don’t need it to host three people fairly stably (maybe one desync every couple hours)
So you get (Hamachi, y’all make accounts and get yourselves on your own server, and before you get into a game you go into windows firewall. Advanced settings, it’ll say ‘domain profile’, ‘public profile’, ‘private profile’ or some shit like that. Go into the advanced settings there and disable the firewall totally on each of those, and under ‘protected connections’ or some shit untick hamachi.
Now in hamachi itself open up the settings and have a look around until you find ‘encrypt peer connections’ or something like that and just turn it off.
So now whatever problems you guys may have had having a direct tunnel on hamachi should be clear.
So launch your game, but turn off everything to do with slavery in your advanced set-up. Slavery just craps all over synchronisation and it’s not worth it. Honestly helps so so much to turn it off. Dragons also seem to hurt sync a bit, but we keep them on and only de sync every couple hours so worth it IMO.
When you start the game, don’t touch anything for like 10-15 days of in-game time. Idk if this is voodoo or what but we read it somewhere and it seems to work, and we were getting so frustrated we’d try anything. Hope this helps (it should), when you desynchronise; and you will eventually, just have the host save the game, everyone quit to desktop and rehost. Shouldn’t happen often.
Correct. We're aiming for early September with no fixed release date, in case there are unexpected events or security updates. You can give it a try right now, install 2.4.4 development snapshot. We could use the help with testing.
I'd recommend a pfSense appliance. Buying straight from them will get you support as well and the available packages can provide some fantastic security benefits including Snort, IP blocking by category (country, known bad, etc). This appliance here sounds about perfect for your situation: https://www.pfsense.org/products/product-family.html#sg-2440
We also have a subreddit for pfsense if you want to ask questions there: /r/PFSENSE
Ok, looks like the VPN you sent me uses their own closed source protocol. Those are your choices right now: OpenVPN(Probably not going to work since you said that all other VPNs don't work), L2TP over IPSec, PPTP(Not encrypted, not recommended), shadowsocks and the softether protocol(Only one that worked for me). The easiest way to set up all but one of those in a user friendly way is [Softether](softether.org) (open source). I suggest that you keep a pc on at home and remote control it via team viewer in case you need to configure something or make sure it is still on. Follow this tutorial to install the server on a Windows machine. Open up port 443 and enable it in softether as well. Next, try to connect to your VPN server using the softether client and your public ip. Success? Go try it out in school! Make sure your public IP address didn't change. Softether also supports l2tp over IPSec and MS-SSTP if you're interested in trying that out. You can also configure softethers dynamic subdomain if you don't want to check the IP every day. Please don't hesitate to ask me if you have any problems, but also don't forget to tell me if it worked ;) Your bandwidth is limited by your home's upload speed though but it's as easy(if you've done it 3 times like me) as installing it on a cheap vps.
SoftEther VPN is another (now open-source) option. It has support for loads of clients and protocols (including OpenVPN) and has some neat tunnelling features (VPN over HTTPS, DNS or ICMP)
You can use LogMeIn Hamachi, my friends and I would use it in High School. It pretty much faked a LAN network over WiFi. The free version maxes out at 5 users at once I think. But we had one computer running the server, then 3 of us playing on it.
LogMeIn Hamachi website https://www.vpn.net/
The only thing you would be using Cloudflare for in this instance is IP address masking. I've had sftp, Kolab, Nextcloud and all manner of other random internet accessible services without Cloudflare over the years. You are probably not going to need it.
My advice is to get a good firewall up and running. pfSense and ipfire are fantastic options, I personally use ipfire at home and at work.
With a firewall in place you can filter out a fair amount of crap before it ever gets close to fail2ban. But yes fail2ban is probably a good idea
The computing power of consumer grade routers tends to be pretty low (low cost, low power ARM or MIPS CPUs, for example). Slow CPUs can have bad multitasking or high processing times for individual tasks, and so can't handle the numbers of concurrent connections some home networks could potentially generate, or increase latency. The effects of this are even more noticeable the more services the router can provide (VPN, proxy, load balancing, just to name a few).
A server built to be a router using an OS such as IPCop or pfSense has limitless capacity and functionality opportunity.
To add to this, its called a State Table. Basically each connection your computer makes has to be written down and remembered, if i remember correctly thats 1kb per state, so if you have a generic router that has say 16megs of ram, not only is the router having to set aside space for the onboard OS but it also has to remember what connections are being used, settings etc. Like Borizz says, some States can stay open indefinitely.
For example if you use bittorrent at all you are probably using anywhere from 100 - 500 connections (thats 500 states in the table, that would mean you are using 500kb of your ram...) now compound that with multiple wireless devices and you can start to see how things add up.
I use a custom box utilizing PFsense OS with 512megs of ram and a 1ghz processor... needless to say, i never have any issues anymore because it manages everything for my WAP.
pfSense would be a natural evolution for you. You can roll your own on self-supported hardware, roll your own on 1st tier hardware, or purchase a fully supported solution from one of pfSense's recommended vendors. The vendors include support for hardware and software, or software support can be purchased separately.
pfSense is a fully commercially supported product- it is not simply an enthusiast-only amateur product. Their commercial support staff are firewall experts- not just pfSense, but familiarity with top-tier offerings.
I'm a huge fan.
There's a couple ways to do this:
- Zerotier or Tailscale (doesn't require port forwarding or additional hardware, would need to be installed on all your machines)
- A VPN on your server/machine
- Generally better for this to be wireguard or opnVPN
I currently have a little raspberry pi zero w which acts as my pihole dns sink plus piVPN which uses openVPN (can also be configured with wireguard). I can access anything on the LAN, provided the firewall rules I've set allow it.
- ZeroTier (Needs no port forwarding, however this not a traditional VPN service, instead consider this as an extended LAN)
- SoftEther VPN - Traditional VPN, does not need port forwarding either.
- TailScale VPN
After a lot of struggle I was able to get the Hamachi VPN ARM linux build to work on some of my older stuff.
It was not very straight forward, I copied a number of libs from another system to get it to work, but after adding dropbear to it, I was able to ssh into the phone from anywhere.
PfSense will do most of what you want to do out of the box.
It's way more fun doing it yourself though. Your terminology seems on point as far as I can tell. I used that same guide you linked to the when built my home brewed router. It was good as a general guide, the iptables configuration was a bit basic and the network configuration is different in newer versions of ubuntu server. Consider debian server too. It is very lean and I find the network configuration for static ip's and routes simpler.
If driver support is in 11.2, try our latest 2.4.4 snapshots.
https://www.pfsense.org/snapshots/
I know it says 11.1 but that's an error, we'll update it ASAP. pfSense development snapshots version 2.4.4 are based on FreeBSD 11.2-RC since June 1st. https://twitter.com/pfsense/status/1002558800900034560
You should give pfSense a shot. It's an excellent open source router/firewall software you can run on a variety of devices or as VM. A Site-to-Site VPN should get you started on your setup here.
The announce list was recently deprecated in favor of a "newsletter" (differnet delivery mechanism other than mailman), but all others are maintained. You can sign up for the newsletter here: https://www.pfsense.org/download/
Well, everything. https://www.pfsense.org/ for firewall and vpn purposes.
Most likely as a small, ressource efficient host for every web application like the internal landing page, wikis, chat applications, backup controller, deployment controller, search engine, logging, sql host, pretty much everything thats not normally done with a windows domain controller (DHCP, DNS, Active directory and stuff.)
I don't understand why this question keeps coming up without people finding Netgate gear. It's literally on the very front page of https://www.pfsense.org. Or in the section at the top titled Products. Or on the side bar of this very subreddit. I just don't get how people can "search and not immediately see anything".
They are the primary supporters/owners of pfSense, the product you buy from them is high quality and guaranteed to support the newest versions of pfSense.
As a rule of thumb, no device should be directly connected to the internet unless it has been specifically developed for that purpose.
Set up a VPN gateway and let users connect to the gateway, which then gives them access to the internal network (including the NAS). There are plenty of appliances available for running a VPN gateway (from cheap consumer-grade Chinese TP-Links to enterprise devices from Cisco). One of the most popular choices for home and small business environments is pfSense, which is free and can run on a wide range of PCs. A sub-$50 small form-factor PC from eBay is good enough to run it.
I have many years with pFsense and it was our "managed services" firewall back-pocket for clients that did not want to purchase a Fortigate.
The best thing about the software is that you can use your own hardware:
https://www.pfsense.org/hardware/
Also, a plug for the BSD Perimeter guys who are top-notch for paid support:
You can actually just run the VPN server on your Windows VPS, such as SoftEther, enable the protocols you want so you can even access it from your OS native VPN client, then set the firewall to only allow listening to RDS from that interface, done.
Softether. You have client applications (for configuration) on windows and macos. The server itself can be on linux (VM). You have plenty of videos on youtube how to set it up.
If you guys have a Korean VPN, you can use this link for stream: http://sports.news.naver.com/tv/index.nhn?category=epl&gameId=2017121010011830574
You can find free Korean VPN here: https://www.softether.org/5-download
You just need the Korean VPN to start the stream, usually you can turn it off when it's up and going and it'll continue to work. It's a bit of work, but hey, it's 720p and decent frame rate (min. 30 fps).
SoftEther is also free open source software, is significantly easier to set up, works without client software on most operating systems, has many native ways of getting through firewalls and performs better
In this case you could circumvent the problem by utilizing a VPN, that is based on regular HTTPS (like SoftEther does) to use skype or streaming sites with the value package. Have used this VPN type quite a lot of times and it manages to fool DPI better than TOR bridges do.
You are on a cruise ship anyway, so get off your device.
Check out ZeroTier. It's a piece of software you would install on your Home PC and on the devices you want to remotely access it. Essentially it puts them both on the same back-end subnet VPN'd and encrypted by ZeroTiers main servers.
​
It's decent. Quick to roll out and simple to understand.
​
This might fall foul of rule#1 and get removed, but regardless, good luck and I hope that helps.
Zerotier is open source: https://github.com/zerotier/ZeroTierOne
If you don't want to use/don't trust the hosted version of Zerotier feel free to deploy your own moon which will give you the same capabilities as the hosted one: https://www.zerotier.com/manual.shtml#4_4
Let me know if you've got any other question, I have been using Zerotier since almost 5 months now for my personal servers and it's wonderful to just have one network that I can access from anywhere around the world.
I've been using https://www.zerotier.com/ for this sort of thing... Works great, has a free tier (100 devices)... Is easy to setup like Hamachi is, but with more customization... It's not a perfect solution, but it works...
Hey!
I spent a long time finding a good solution to this problem. Tried probably everything people are going to suggest. Unfortunately VPNs can be tricky to set up (and a lot of external networks block them) and carrier grade NAT can make this tough. However I've found a solution which for the past couple years has worked perfectly: zerotier. This creates a virtual network for you without any of the hassle.
​
- Create an account at https://www.zerotier.com/
- Install the DSM package on your NAS and log into the network (you will have to login to the portal to allow your NAS access to the network)
- Install zerotier on your computer or cell phone and connect. As far as those devices are concerned they are on the same local network.
This works well for file sharing, remote access or even just a bit of good old fashioned LAN gaming. Let me know how you get on.
It creates a small (free is five users) virtual private network that you and your friends can join. So when you create the network and your friends join you just open your singleplayer world to LAN and they will see it in their Multiplayer listed under local network worlds. It was pretty straight forward for me when I downloaded Hamachi but if you need a tutorial on how to get it going there are a shit ton of tutorials on the webs. Fuck, Youtube probably is swamped with little kids doing just that.
You'd be best off doing some research on your own to find one that works best for your own needs. The one I'm most familiar with is called pfsense but there may be better options for what you're looking for.
I actually find the aliases system to be pretty easy to deal with, and you can also insert dividers in the rule sets to split them up into more visual blocks (ie, "all web related rules here"). But having a naming convention for aliases to make them easier to find helps, ie a system for how you name them. However, since there is a search function in the fields where you enter them, that too makes finding the right alias easy when creating a rule.
And if you want incomprehensible and nightmarish, try something like a Cisco firewall on the CLI. Compared to that, pfSense is a dream. I really have few issues with pfSense's UI now, there's a learning curve but I think it's already pretty good compared to everything else I've seen.
But I think a rule that literally says that traffic to "Mailservers" is open on "MailPorts" is pretty comprehensible. Also, if you hover over either alias, a pop-up appears that shows you every IP under that alias. So readability of firewall rules in pfSense is not something I find objectionable, rather the opposite.
CARP clustering in a virtual environment might be an issue, as CARP involved broadcasts and the like. I've never tried setting it up virtual, but try /r/pfSense if you need help, or indeed https://forums.pfsense.org - and since your org looks like it's a bit larger, buying support from pfSense directly to set this up is absolutely an option. They have 24/7 support available if you need it, see https://www.pfsense.org/get-support/
I would consider getting pfSense Gold. You get access to a well maintained book as well as a large archive of videos - each 1-2 hours on a specific topic.
https://www.pfsense.org/our-services/gold-membership.html
You also get auto-config backups which are handy.
You're getting both hardware/software support AND warranty by buying with Netgate. If something should go wrong, they offer 24/7 support. Plus, you're supporting the pfSense community at the same time. Also, the SG-1000 comes with 1 year of pfSense gold. Benefits listed here: https://www.pfsense.org/our-services/gold-membership.html
I'll piggy back a question here, does only the SG-1000 come with gold, or do the other appliances?
Normally, I'd ask questions about requirements to help us understand what functionality you require, and meander towards a solution that way. But I'll just skip to the end and point in the most common directions:
https://www.pfsense.org/products/
https://www.sophos.com/en-us/products/unified-threat-management/tech-specs.aspx#
Thanks, yes there is a huge amount of cheap Intel aluminum mini-PC, more powerful for about the same price.
However this device is obviously oriented toward network application so the J1900 is plenty enough. While most people only need 2 NICs, the 4 NICs on this device makes it special (niche?), I like the idea of removing my Gigabit switch next to my router. Also, RAM/mSata/Wifi is dead cheap.
There is a similar $400 device from pfsense https://www.pfsense.org/products/product-family.html#sg-2440 I'm sure it's a very fine device but the price is way above what I want to pay for my router at home, also it's bigger.
It's a basically a package of FreeBSD (unix) along with the configurations for running a router all packaged up into a nice installer with a web based front end. You toss it on an older piece of hardware with 2 or more network cards in it and it runs as a router. I used to run it on an old P4 system and I eventually invested in buying a relatively inexpensive Atom server that also runs an in house Minecraft server.
My current IKEA brand network center with file server peeking out on the right.
The nice thing with the QoS is it's really configurable but also has a wizard to help you get a basic setup with prebuilt rules for a ton of different games and applications.
It can be complicated to configure but a basic install is really easy and it's a good way to learn more about networking.
I have actually thought about doing a write up on how to set something like this up.
One word: pfSense. If you aren't using it as a router/firewall already it has a load to offer, though in that sense it isn't "lightweight".
There is an option called "Register DHCP leases in DNS forwarder" which does exactly what you need. DHCP clients when requesting a lease will provide their hostname, which pfSense will then register in the DNS forwarder, so anyone on any OS can then type "ping dragon-pc" and get it resolving to an IP.
For sake of argument you can run pfSense just as a DNS and DHCP server if you needed to, or if you're familiar with virtualisation it's fully virtualisable. But seriously, it's an awesome router/firewall with lots of stuff that is very useful at LANs, like seeing a live traffic graph broken down by computer and how much it is using.
This is very relevant and an easy way to circumvent MITM because afaik SoftEther is a VPN protocol wrapped inside HTTPS, this means even if the HTTPS connection is tampered with using MITM the data stream inside of HTTPS is still encrypted. The proxy would need to be built specifically to strip multiple layers of data, which is problematic because this would require the proxy to know the wrapped protocol. I'm unaware of a proxy software that loops decrypted data into the decryption routine again.
This double encryption can be disabled though if you need to for whatever reason
In that case, OP should actually consider running a softether VPN on port 443 instead of trying to fool around with onion service connections.
Don't get me wrong, onion servives will do what he wants it to; as long as the firewalled network allows tor connections. In most cases this isn't possible in a limited network without some kind of bridge. Every network is different though.
File transfer will be much faster if he goes the softether route. Also with OpenVPN support, he would be able to connect to it without special software on most smartphones. Configuring it on port 443 and using tcp traffic will pretty much guarantee he will always have a connection regardless of the network limitations.
Once I found out my school's website was using a crappy email suite's webserver, googled it, found an exploit, and was able to get a directory listing. It actually had all the teacher's emails, but I didn't check that, because I saw surveillance.htm. Clicked it, link to every camera in the school. They didn't password it at all. I checked it one day in programming class after I was done, other people saw it, next day EVERYONE in the school knew. day after, I get called in to the office "not to do anything I wasn't supposed to.". I told him to put passwords on the cameras. He ignored me. Before I left, on my last day, I checked and they still didn't have passwords.
I also used to play a standalone copy of team fortress classic with 3 other guys during lunch. about a week after a school shooting threat, some new teacher said we weren't allowed to play violent games. We told her we've never had anyone say anything about it before, and as far as we knew there were no rules in the school handbook nor the computer usage agreement about restricting content like this, and pointed out that the principal had seen us playing it before with no issues. She went and whined to him and he said that some parents might get offended if they come in the school. We told him we'd tell them off for him, but he declined the offer.
My college's wifi blocks a lot of stuff, including the website for SoftEther, a proxy software, but strangely not ssh clients. It also blocks steam client logins, but not the steam website.
close origin
download this
https://www.softether.org/5-download
when you install it, open it, and double click the second option "VPN gate public VPN relay servers"
find a north korean one and connect.
re-open origin. It should say the time and date it unlocks at
once you open the game, you can disconect the VPN, but you will have to close origin, VPN, and then open it until next friday
Gonna save you some trouble:
This is similar to a VPN, it is a mesh SDN (software defined network), all communication is encrypted and all clients appear to be on the same network. Setup is very easy. Also its free if you have less than 50 client devices.
I don't want to be a downer but....
birdie (warrant canary, which zerotier team confirmed existed, I didn't just link a error 404 page for no reason) is missing.
Well, if you don't mind there is a possibility that government is snooping you don't have to care about this.
As a replacement peer-to-peer VPN, I highly recommend ZeroTier. After installing the app, you'll want to create a network at my.zerotier.com, and add your devices. Your devices are then assigned managed private IPs that just work.
Bonus: they've got apps for iOS, Android, Windows, Linux, and so on.
edit: then you'll have to use Screen Sharing.app, SSH, Finder's Go → Connect to Server, etc with the IPs to actually do what you need, so it's not as easy to use. But the NAT-punching and network traversal has been very reliable and performant in my experience.
You could throw ZeroTier on the EC2 instances. Peer to peer VPN/SDN. We use it at our company for a bunch of things.
Edit: We use ZeroTier in combination with Quagga to run more advanced routing via OSPF. ZeroTier provides the connections and Quagga runs the OSPF over the connections.
If setting a server is too troublesome, you can also try hamachi. It lets your PC think that you are connected to other PCs via LAN and play games without having to set an online server.
To make it work, simply have it downloaded in your and your friends PCs and create a server (basically just choosing the name) and a password. Then share it with your friends and they will connect to it.
So, with everything that’s going on I feel like it’d be cool to create a world just for stoners to drop in and hang out with others on a game and Minecraft would be perfect. If someone’s willing to, they could create a hamachi server (created by LogMeIn) connection so everyone could join. Hamachi Server Link
Just last weekend on PlugY my buddy and I loaded up our decade old characters and played over Hamachi. It generates a VPN, creating an effective LAN environment with new IP addresses.
Install Hamachi.
Sign up for the service (free).
Create Server (Choosing a unique name).
Have your buddy do the same, but instead they should join the server name you made.
Hop into D2, and TCP/IP connect directly using the new IP.
Play D2 like old times.
Alright,
Iirc you need the driver on Shadow and the other app on your local PC Hamachi on both ofc and setup a network (assuming you know how to get that working) and just join, now you should see Shadow in the spacedesk program on your local PC, just click it (check and mess with settings first) and done. Surprisingly easy, it ain't the most smoothest or best solution, but it is the best we can get as of now, hope it works for you!
Haha ;)
You only need GOG Galaxy on your computer. If your friend already has it through Steam, you can crossplay between GOG and Steam. I haven't tried it myself, but you might need to create a VPN and connect using the LAN option.
Disclaimer - It's been a while since I've done anything with MCPE servers, but this should help point you in the right direction.
The first thing to be aware of is that Minecraft on an iPad and Minecraft on a computer are two very separate things. The current computer version of Minecraft is called the Java Edition, and the iPad/mobile/console version is called the Bedrock Edition. Unlike the Java Edition, Minecraft Bedrock does not have any official server software. Your best bet would probably be to use realms. It is Very important that you buy realms for the right Edition of Minecraft. If you're interested in 3rd party server software, the Minecraft Wiki has some information here. Your other alternative would be to use something like Hamachi and connect using Minecraft's built in LAN hosting.
Yeah, this won't really work that well!
You will need a spare computer (desktop) that has at least 2 network ports in it!
You would install "pfSense" and use that for your firewall:
Sounds like you want a web proxy for their devices, that would give you much more insight (albeit, since most of the internet is HTTPS nowadays, you're only going to see the base domain and not the full URL).
You might be able to set up a simple open Squid proxy to start on your raspberry pi and configure their devices to point to it, and then review the logs. Or, alternatively you could set up something like a cheap pfsense firewall.
FWIW, there's a whole page at the pfSense page dedicated to hardware requirements, with a table graduated by connection speed. Cross-referencing your needs with the last table on the page shows you'll need a 2.0+ GHz multicore CPU with server class hardware and PCI-e NICs.
In the download options on https://www.pfsense.org/download/ there's a serial console option. I've never used it but I assume it's for installing the machines that don't have VGA ports or are inaccessible. I assume it follows the regular installer and just sends the data out the serial port. With that said I assume that it draws screens with ASCII characters but the text will be embedded in there as ASCII text. You might have a better experience letting it draw the screen and then having your screenreader read the text rather than having your screen reader echo each character as it is sent to your terminal emulator ( PuTTY?)
Have you use the PFsenses interface in a web browser before? I worked with many different Screen readers and I'm afraid the way the web interface is constructed it would be very difficult to run with the screen reader. well you can SSH to pfsense there is very limited functionality unless you're added in the raw configuration files which is no fun.
I do know in the system settings you can choose alternate web interface settings. I would encourage you to explore those and see if any of them are more screenreader friendly.
PS. if you attempt a serial consul install you will need a null modem cable or null modem adapter to connect the two devices together.
I haven’t seen them since the re-design of the logo. I heard that they come with appliances, but I heard that like 6 months ago. Idk if that’s still the case or not.
If you intend to get them printed, you probably want to be extra careful - that’s one of their big things per this document.
As I read it, keep any logos away from customer stuff; toss it on your laptop or something instead
Here's the best fix ever!
1) https://www.amazon.com/gp/product/B01AJEJG1A/ref=oh_aui_detailpage_o03_s00?ie=UTF8&psc=1
2) Then.. https://www.pfsense.org/download/
Everyone should build their own routers!
I'm with /u/clickwir, I wouldn't put my network in a container or VM either (even with a dedicated NIC). Especially if you plan to fiddle around with other containers or VMs on that host.
You should start by looking at pfSense's requirements when deciding where to put it. Keep in mind those are for basic routing. If you plan to add squid and other services to pfsense you'll need more horsepower.
I'd personally use https://www.pfsense.org/
And for the hardware I'd use something like this (because it has more network adapters then your 'ol regular PC: https://www.amazon.com/gp/product/B019Z8T9J0
Well, a good place to start for great bang for the buck would be a pfSense appliance, but not sure what your strange setup is for.
If you can get one fiber in, you can use that to get 10 gigabit Internet. Assuming someone offers that.
You can roll your own hardware with pfsense and get that throughput. Some guidelines here: https://www.pfsense.org/products/#requirements
Might be cheaper than purchasing an appliance. That being said, I have a Sophos box and love it!
Here's a link to the pfSense hardware requirements, based on your specs I would virtualize pfSense that way you get your bang for your buck, you can use it for other things
>I would like to purchase a secure modem/router...
I would go for pfSense router.
>(not sure which OS is best)
Qubes OS is the best option. Easier to play with and configure than OpenBSD.
>For a phone...
You can also e.g. buy a Nexus 6P from a second hand shop or from other people selling it and then flash it with CopperheadOS.