OpenVPN | tinc | |
---|---|---|
82 | 19 | |
10,024 | 1,852 | |
1.9% | - | |
9.2 | 5.6 | |
6 days ago | about 2 months ago | |
C | C | |
GNU General Public License v3.0 or later | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
OpenVPN
- Critical OpenVPN Zero-Day Flaws
-
Ask HN: Who is hiring? (October 2023)
OpenVPN is hiring! https://openvpn.net/
C++ Developer in the United States. Full-time| Fully remote| Flexible work schedules
Link to look at vacancy details and apply:
-
Are there any work arounds for the Netflix new "household" system?
How you connect to your modem will depend on the device you are using, but for windows laptops as an example you download the OpenVPN program and input your modem details there, much like you would any other vpn service. I think there would be some guides on youtube. https://openvpn.net/
-
Can i use PFSense to control incoming user connections (without a vpn?)
I just started playing with CloudConnexa for remotely managing my second pFSense. Really nice and is free for up to 3 concurrent users. https://openvpn.net. Can also self-host OpenVPN access server with a free 2 concurrent license.
-
Is the 7spotlight Markle family interview airing now? Is anyone watching and can provide comment? 👀📺
If anyone is being blocked check out free OpenVPN
-
gluetunvpn docker help
It is likely an issue with the 'cipher' options, if any, that are in your ".opvn" file. This is telling you that the opvn setting is not finding a matching cipher it is allowed to use. The fix per the message would be to add the Servers cipher to your options. https://github.com/OpenVPN/openvpn-gui/issues/381 https://github.com/OpenVPN/openvpn/blob/master/doc/man-sections/cipher-negotiation.rst
-
Is it possible for a sysadmin to block only some packets from a VPN connection ?
I too haven't used the client-nat directive in some years (I currently implement 1:1 NAT with pfsense to access my network because I'm too lazy to change the networks subnet from the default) so I decided to retest and it does appear that OpenVPN Connect clients do not properly support the client-nat directive but the traditional OpenVPN server/clients still do. I've just tested this on OpenVPN 2.6.3 Server, OpenVPN 2.6.1 GUI for Windows from openvpn.net, and OpenVPN Connect iOS 3.3.3 and only the OpenVPN Connect client has any difficulty. Difficulty being that you can use client-nat successfully but it has to be configured server-side it can't be pushed to or setup on the client (OpenVPN Connect) side. The Server and Windows (non-OpenVPN Connect) clients work an any setup whether it's configured server-side, pushed to the client, or set up in the client config.
-
WebUI not accessible, even with port opened
Ask openvpn.net for commercial support: https://support.openvpn.com/
-
My Installed App as Developer
OpenVPN is a VPN client that I used primarily for work. We used VPN to connect to the dev server and we are using VPN. I also sometimes used that to open websites that got blocked in Indonesia like Reddit.
-
minexmr2.com updated to p2pool v3.1, monerod v0.18.2.0, and ready for Mar 18 p2pool (not monero) hardfork
I connect all the servers with secure OpenVPN private network. And block unused ports anywhere with ufw.
tinc
-
Would we still create Nebula today?
But both Nebula and tinc max out at around 1 Gbit/s on my Hetzner servers, thus not using most of my 10 Gbit/s connectivity. This is because they cap out at 100% of 1 CPU. The Nebula issue about that was closed due to "inactivity" [2].
I also observed that when Nebula operates at 100% CPU usage, you get lots of package loss. This causes software that expects reasonable timings on ~0.2ms links to fail (e.g. consensus software like Consul, or Ceph). This in turn led to flakiness / intermittent outages.
I had to resolve to move the big data pushing softwares like Ceph outside of the VPN to get 10 Gbit/s speed for those, and to avoid downtimes due to the packet loss.
Such software like Ceph has its own encryption, but I don't trust it, and that mistrust was recently proven right again [3].
So I'm currently looking to move the Ceph into WireGuard.
Summary: For small-data use, tinc and Nebula are fine, but if you start to push real data, they break.
[1]: https://github.com/gsliepen/tinc/issues/218
[2]: https://github.com/slackhq/nebula/issues/637
[3]: https://github.com/google/security-research/security/advisor...
- Which overlay network?
-
Tailscale/golink: A private shortlink service for tailnets
From a purely networking perspective, there are far better solutions than tailscale.
Have a look at full mesh VPNs like:
https://github.com/cjdelisle/cjdns
https://github.com/yggdrasil-network/yggdrasil-go
https://github.com/gsliepen/tinc
https://github.com/costela/wesher
These build actual mesh networks where every node is equal and can serve as a router for other nodes to resolve difficult network topologies (where some nodes might not be connected to the internet, but do have connections to other nodes with an internet connection).
Sending data through multiple routers is also possible. They also deal with nodes disappearing and change routes accordingly.
tailscale (and similar solutions like netbird) still use a bunch of "proxy servers" for that. You can set them up on intermediate nodes, but that have to be dealt with manually (and you get two kinds of nodes).
-
Tunneling to Synology NAS without opening ports.
Two other options are Tinc https://tinc-vpn.org/ or Nebula https://www.defined.net/nebula/
-
Port Forward Security & Alternatives
And there is Tinc; the OG overlay network. I don't have experience with this. Seemed a bit of a pain to setup. https://tinc-vpn.org
-
WireGuard multihop available in the Mullvad app
For what its worth I have used the open source Tinc VPN [1] for mesh multihop routing for ages. It is nowhere near as fast as Wireguard but I could envision Tinc incorporating support for Wireguard if the author were so inclined. Like you mentioned Tinc does not mesh with other VPN's AFAIK.
[1] - https://tinc-vpn.org/
-
You may not need Cloudflare Tunnel. Linux is fine
This is actually very simple in concept and is just as simple or even simpler to do with tinc (https://tinc-vpn.org).
Since I can use tinc in bridge mode, I can run tinc on the upstream server and on a local machine which then provides access to several physical machines without running extra software on each of those machines, which is particularly useful for machines that are resource limited, like my Macintosh LC II and LC III+:
http://elsie.zia.io/
It'd be nice if it weren't so difficult to get public addresses.
-
Tinc Is Not Catan
I clicked expected some broken analogy between https://tinc-vpn.org/ and the Catan board game, but instead it is a Catan implementation. Fair enough.
-
Graphviz: Open-source graph visualization software
will generate a real-time network graph using the Graphviz DOT language. It's a cool feature that I find quite useful.
[0] https://tinc-vpn.org/
What are some alternatives?
Pritunl - Enterprise VPN server
Nebula - A scalable overlay networking tool with a focus on performance, simplicity and security
ocserv
ZeroTier - A Smart Ethernet Switch for Earth
tailscale - The easiest, most secure way to use WireGuard and 2FA.
SoftEther - Cross-platform multi-protocol VPN software. Pull requests are welcome. The stable version is available at https://github.com/SoftEtherVPN/SoftEtherVPN_Stable.
openvpn3-linux - OpenVPN 3 Linux client
headscale - An open source, self-hosted implementation of the Tailscale control server
lightway-laser - Lightway Laser is a reference point-to-point Linux client/server implementation for Lightway Core.