hachyderm.io is one of the many independent Mastodon servers you can use to participate in the fediverse.
Hachyderm is a safe space, LGBTQIA+ and BLM, primarily comprised of tech industry professionals world wide. Note that many non-user account types have restrictions - please see our About page.

Administered by:

Server stats:

9.8K
active users

Dirk Hohndel

So... VPN solution to log into my network when traveling. Since Android killed the L2TP support (gee, thanks) simply using the L2TP in my Unifi USG is no longer an option. What do people recommend? OpenVPN is a bit of a pain to maintain and blocked in too many places for comfort. Something like ZeroTier (selfhosted)? WireGuard? Something better?
I don't want a commercial hosted VPN - I want something where no one but me / my systems have access to the network...

@dirkhh Personally, I've been using WireGuard since Android did in L2TP. Why Google! Why!

@sjvn
right? So yes, other protocols are MORE secure... but why take away one that so many people had set up... I literally carried an older Android device with me until now to chain two hotspots to each other to deal with this... but that's just... what's the word... DUCKING STUPID
So I need a different solution.

@dirkhh Exactly. Yes, I know it's outdated. Yes, I know it doesn't encrypt anything--that's what IPSec is for. But, It Worked.

@dirkhh I ended up buying routers (TP-LINK Archer AX11000) specifically because OpenVPN was built it, which made it a lot easier to mess with.

I haven't been blocked using it so far, but YMMV.

@dirkhh check out @tailscale. Based on wireguard and works like magic :)

@dirkhh Headscale/Tailscale might be the fastest / easiest for a single VPN endpoint, the hackery I'm doing to get around to multiple may not be a sane stand to take.

I've got several solid recommendations on self-hosted ZeroTier, though I'm somewhat sad it doesn't support wireguard, but it (not played with it) on paper looks closer to what I want.

I'd concur avoiding openvpn, it was good for the time, but we can do far better these days.

@warthog9
I do need something where I can have three distinct VPNs...
So that's why I've been so hesitant to replace what I have🤷‍♂️

@dirkhh half tempted to play with ZeroTier now ;-)

@dirkhh So far my biggest grumble across all the new VPNs is their utter lack of integration into NetworkManager too, and I'm not sure why the general eschewing of that. Mind you the OpenVPN support works, but isn't always great either.

@warthog9
so the nice mobile clients don't work if you don't use their root node.
But you can self-host the controller, and therefore your encryption keys are yours this should still be fine... but I find that disappointing.

@dirkhh Was just reading that, I sorta get some of the 'whys' but, yeah, that's disappointing. I know headscale/tailscale has a way to inject your own root/moon (well their equivalent anyway) into the mix which is nice, but yeah that seems an unfortunate shortcoming.

@warthog9 ok, back to reading the Algo docs :)