Speaking of music, my coworker shared Miracle of Sound's album and i had no idea - dang XD

dun like code

You have the pleasure of running t on your computer tough.

https://www.youtube.com/watch?v=Ow_OjkSLZDI

it doesnt matter if you write it or use it :P

for those into world music

or havce good taste

ahjaha

sorry bout typos

He has a Point tough, if i am not reading it wrong you basically allow any input there for gre

What do you recommend me?

What do you recommend me?

Using Openvpn

I use that, because I need to setup a VPN connection and it fails because of the firewalld

I'm a client to that connection

And ideally, deploy OPNsense wherever you want to connect to and set "P2P" Mode

Not a server

So I can't set anything

I'm a client to that connection

Again, Openvpn does clients

I just use new VPN with the NM widget

I have it both ways - my home firewall acts as client for a p2p connection to my server for example so i can access the internal network from my home

the client doesnt need to have anything set but where to connect to.

Openvpn will do the heavy lifting work of connecting, configuring routes, making sure the client doesnt need to open a port to connect and all.

Ok, let me see. I just do: Network->New (throught "+" button)->VPN->PPTP

I do Network > New > Import from File

After generating or getting a .ovpn from a server anywhere

I do Network > New > Import from File

keep it going

(you need to adjust the port if you set a different one)

I don't have access to the server

then where do u enter your credentials?

I don't have access to the server

Tell the server owner to open ovpn then - he has to offer pptp vpn after all too.

and openvpn beats the living hell out of pptp

then where do u enter your credentials?

In the main window after it imported?

kay

ill check it later

Mmmm... That will not happen... At least no in my organization

Mmmm... That will not happen... At least no in my organization

Why not?

I moved mine to use it instead and we are working to move a customer onto it too

Because network managers are stupids and don't care about nobody else in the company

Because network managers are stupids and don't care about nobody else in the company

Network managers in my company, I mean

Because network managers are stupids and don't care about nobody else in the company

They care about their job - and openvpn takes a ton of configuration away that needs to be done manually. It'd be easier for them.

Because network managers are stupids and don't care about nobody else in the company

I have been there. Who in the @#$% world disable 6666 and 6667 port or ssh in a Library Wifi?

Unless they have the "Make yourself not replaceable" Syndrome

I have been there. Who in the @#$% world disable 6666 and 6667 port or ssh in a Library Wifi?

LOL!

LOL!

I use ssh for git...

I have been there. Who in the @#$% world disable 6666 and 6667 port or ssh in a Library Wifi?

Because there are "fraudulent" entries for 6666.

https://www.speedguide.net/port.php?port=6666

And that is why i always have an emergency vpn on 80/tcp

Unless they have the "Make yourself not replaceable" Syndrome

Nah, they are just lazy enough to don't do aboslutely nothing. They create all VPNs with a script where they just put the IP of the gateway

Almost nobody blocks _that_

Because there are "fraudulent" entries for 6666.

I didn't know this. I ended up using a web client for IRC.

Nah, they are just lazy enough to don't do aboslutely nothing. They create all VPNs with a script where they just put the IP of the gateway

Does your Company know of the risks these idiots doing that?

Yes

And they don't care

Because our "remote work" VPN

From the start node we connect to a proper IPSec Network, that is real secure

IPSec ?

So, if this VPN falls or is attacked, they answer is: goes to the site and connect directly

IPSec ?

They use openswan, it's not that bad

So, if this VPN falls or is attacked, they answer is: goes to the site and connect directly

That isn't Security i'd be happy with

They use openswan, it's not that bad

I dont get the whole ipsec thing after being bathed in glory by openvpn

I have been there. Who in the @#$% world disable 6666 and 6667 port or ssh in a Library Wifi?

In my library nothing is allowed apart from 80/HTTP and 443/TLS.

For example: You can't use 443/SSH

literally every other vpn, especially commercial, suddenly looks really much "Fuck that"

In my library nothing is allowed apart from 80/HTTP and 443/TLS.

:(

For example: You can't use 443/SSH

Can you get around that?

Can you get around that?

VPN on 80/tcp

Can you get around that?

Hahahahaha. Of course, of course.

For example: You can't use 443/SSH

It hurts.

ERROR: S client not available

Everything can be bypassed.

VPN on 80/tcp

Not HTTP. Won't work on DPI.

But what works is stunnel + OpenVPN over 443

It hurts.

That is their default catchall setting to allow as little as possible

Stupid DPI firewalls see the packets as TLS and assume it's HTTPS

Stupid DPI firewalls see the packets as TLS and assume it's HTTPS

Dude even on DPI active most of the time http passes trough

Their "DPI" is checking the host header for where to

Dude even on DPI active most of the time http passes trough

Huh?

What do you mean?

and if its a known free vpn block it

So need a vpn to get around this.

since i use 10 different domains to access the same server...

XD

That is their default catchall setting to allow as little as possible

> Mainstream unqualified SysAdmins.

So need a vpn to get around this.

yep. a private one - most dont offer those ports.

Stupid DPI firewalls see the packets as TLS and assume it's HTTPS

What they use as DPI?

DPI is kind of my area

:D

What they use as DPI?

commercial filter shit

Something that has some kind of ISO Cert or something

Not all commercial are shit

Sandvine is pretty good

They dont care if it works, it just needs to pass ISO or something

And they work on BSD

Sandvine is pretty good

We dont want it to be good.

Not all commercial are shit

:s/chit/shit/

If its good it might block our vpns.

XD

And contribute with the FreeBSD

:s/chit/shit/

Corrected ;)

You are in grammar ninja mode today, no?

Something that has some kind of ISO Cert or something

Yes