Technical Discussion
  >> Home Networking, Internet Connection Sharing, etc.


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | 3 | [4] | 5 | (show all)   Print Thread
Standard User jchamier
(eat-sleep-adslguide) Tue 23-Jun-20 15:38:14
Print Post

Re: VPN site to site connection speeds


[re: caffn8me] [link to this post]
 
In reply to a post by caffn8me:
It's because my firewalls are configured to blacklist any IP address which attempts to connect to them on any port and interface address combination that isn't running an explicitly permitted service.
Defence in depth, and an end to end security design. As is the other poster whom is using an external service for identity management, which has its own checks on password forcing. None of this is easy for a hobbyist at home, but is essential for anyone doing IT for commercial, on the cloud, or on premise.

20 years of broadband connectivity since 1999 trial - Live BQM
Standard User caffn8me
(eat-sleep-adslguide) Tue 23-Jun-20 15:49:49
Print Post

Re: VPN site to site connection speeds


[re: jabuzzard] [link to this post]
 
In reply to a post by jabuzzard:
Well firstly an account belonging to a user in Poland (or at least a user account on a system in Poland) was compromised. The method for this compromise has not been published.

They where able to use this local access to gain root on the systems (more on this later).
Once someone gains access to a local system and they can get ssh keys, it's pretty much game over, yes.

Obviously you are dealing with a system which needs to be accessed from unrestricted locations by large numbers of people and I accept that. I strongly suspect that isn't the case for the systems discussed in the OP's case so different mitigation strategies will be both suitable and effective. It doesn't make the strategies your system uses wrong, but it means they may not be appropriate in this situation. Please bear that in mind.

Sarah

--
If I can't drink my bowl of coffee three times daily, then in my torment, I will shrivel up like a piece of roast goat

Spiders on coffee - Badass spiders on drugs
Standard User caffn8me
(eat-sleep-adslguide) Tue 23-Jun-20 16:09:47
Print Post

Re: VPN site to site connection speeds


[re: Woolwich] [link to this post]
 
In reply to a post by Woolwich:
Do you recommend any (or a range)? Did I recently read ports for SSH should be below a certain number? 1024 perhaps? I've seen 2222 suggested in the past.
Pick a random port that doesn't run a popular service above 1024. You can check to see if a port is unassigned at https://www.adminsub.net/tcp-udp-port-finder/

Sarah

--
If I can't drink my bowl of coffee three times daily, then in my torment, I will shrivel up like a piece of roast goat

Spiders on coffee - Badass spiders on drugs


Register (or login) on our website and you will not see this ad.

Standard User caffn8me
(eat-sleep-adslguide) Tue 23-Jun-20 17:38:37
Print Post

Re: VPN site to site connection speeds


[re: jchamier] [link to this post]
 
In reply to a post by jchamier:
Defence in depth, and an end to end security design. As is the other poster whom is using an external service for identity management, which has its own checks on password forcing. None of this is easy for a hobbyist at home, but is essential for anyone doing IT for commercial, on the cloud, or on premise.
I aim to please (or frustrate if you're not supposed to be allowed in) wink

Sarah

--
If I can't drink my bowl of coffee three times daily, then in my torment, I will shrivel up like a piece of roast goat

Spiders on coffee - Badass spiders on drugs
Standard User caffn8me
(eat-sleep-adslguide) Wed 24-Jun-20 10:58:57
Print Post

Re: VPN site to site connection speeds


[re: GonePostal] [link to this post]
 
In reply to a post by GonePostal:
Very apposite Dilbert cartoon today.

https://dilbert.com/strip/2020-06-23
laugh

The golden rule of telephone helplines is that the person at the other end of the line is an idiot.

This applies to both ends.

Sarah

--
If I can't drink my bowl of coffee three times daily, then in my torment, I will shrivel up like a piece of roast goat

Spiders on coffee - Badass spiders on drugs

Edited by caffn8me (Wed 24-Jun-20 11:05:40)

Standard User caffn8me
(eat-sleep-adslguide) Wed 24-Jun-20 11:07:53
Print Post

Re: VPN site to site connection speeds


[re: Woolwich] [link to this post]
 
In reply to a post by Woolwich:
In reply to a post by caffn8me:
Ubiquiti Edgerouter X can cope with much higher VPN throughputs and I will likely have one to play with next week. I'll let you know how I get on.
Yes please.
The EdgeRouter X has arrived and I'll be playing with it tomorrow smile

Sarah

--
If I can't drink my bowl of coffee three times daily, then in my torment, I will shrivel up like a piece of roast goat

Spiders on coffee - Badass spiders on drugs
Standard User prlzx
(experienced) Wed 24-Jun-20 12:13:50
Print Post

Re: VPN site to site connection speeds


[re: caffn8me] [link to this post]
 
Interested to hear how you get on!

I have an ER-X at home not as my main broadband router, but to isolate a remote working office network and participate in site-to-site VPN connections, and is using IPSec VTI with OSPF for dynamic routing.

My second job predominantly involved working from home even before current circumstances.

It's ok for my use case, ERPro-8 and ER-8-XG currently used for offices and higher capacity sites.



prlzx on Zen: FTTC (VDSL) at ~40Mbps / 10Mbps
with IP4/6 (no v6? - not true Internet)
Standard User dorotymcgee
(newbie) Thu 25-Jun-20 14:03:49
Print Post

Re: VPN site to site connection speeds


[re: Woolwich] [link to this post]
 
Which VPN works best in USA - ExpressVPN, NordVPN, or some other?
Standard User Woolwich
(committed) Thu 25-Jun-20 14:07:54
Print Post

Re: VPN site to site connection speeds


[re: dorotymcgee] [link to this post]
 
In reply to a post by dorotymcgee:
Which VPN works best in USA - ExpressVPN, NordVPN, or some other?

Sorry, dunno, I'm here, not there.
Standard User jabuzzard
(committed) Thu 25-Jun-20 14:40:26
Print Post

Re: VPN site to site connection speeds


[re: caffn8me] [link to this post]
 
In reply to a post by caffn8me:
It's because my firewalls are configured to blacklist any IP address which attempts to connect to them on any port and interface address combination that isn't running an explicitly permitted service.


Hah, now watch when they connect from multiple IP addresses for the scan...

Now it might of course be because an HPC site at a UK university is a high profile target that warrants extra special measures when scouting out.

However none standard port numbers in testing where a waste of time. The other option would be port knocking, but that is way too complicated for much of the user base and would not work with the graphical desktop offering.
Pages in this thread: 1 | 2 | 3 | [4] | 5 | (show all)   Print Thread

Jump to