JP Vossen via plug on 17 Apr 2022 10:20:43 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Pi-Hole, BIND9, & Latency - Big Mistake


On 4/16/22 16:55, Aaron Mulder via plug wrote:
On Sat, Apr 16, 2022 at 3:25 PM JP Vossen via plug
<plug@lists.phillylinux.org> wrote:
The other semi-related and really annoying thing is that the kid's school Chromebooks do all kinds of crazy crap [...] it makes me sad that that feature breaks the hack that I have to have in MY security because the school wants to do it's things its ways (which I also get).  I should re-architect my network to have a zero-trust, wide open segment for crap like that.

Works great to have them on the guest network, until...

"Dad!  How do I print this?"

WireGuard!  It's in F-Droid and the Play & App stores, and it's pretty easy to set up on the server [1].  Then `egrep -v '^#|^$' NAME.wg0.conf | qrencode -t ansiutf8` and have WG on the phone scan the QR code on your screen.

It's awesome.  K9 Mail and SSH on my internal LAN work from my phone anywhere, and there is no FW port scan noise because my WG listener is a high, non-standard, UDP port that silently discards anything that's not the right protocol and an allowed client.

[1] There are TONS of docs and examples out there, but watch out for copy&pasting examples off the net and then forgetting to change the Ethernet adapter name from eth0 to whatever you really have.  Took me DAYS to figure that out.

Later,
JP
--  -------------------------------------------------------------------
JP Vossen, CISSP | http://www.jpsdomain.org/ | http://bashcookbook.com/
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug