There are, as you might expect, a few disagreements about what's most important.
Dandroid
link
fedilink
31Y

OpenVPN server was my number 1. Being able to VPN back into my home from anywhere in the world was amazing. I can’t really remember any other, since it was more than a few years ago.

Nowadays Wireguard is a more performant protocol, but it does the same thing.

@[email protected]
link
fedilink
English
3
edit-2
1Y

Not quite the same thing, you can’t do layer 2 VPNs on wireguard (I ended up using tinc for that on a previous project, it worked well). For layer 3 however it’s really good. Fast, simple, reliable, client works well on the platforms I’ve tried so far.

Good to know! What’s the practical use for a L2 VPN?

@[email protected]
link
fedilink
English
2
edit-2
1Y

My case for it was dealing with proprietary sensor devices with ethernet ports and garbage firmware. They could work if your server was on a different subnet, but a bunch of stuff broke (including the config tool) if you were not on the same ethernet LAN. The L2 tinc VPN allowed us to fix things without needing to walk around to the dozens of devices in a building with an ethernet cable, laptop and a ladder.

The firmware (& vendors) of the devices that we spent over 100K on were garbage in so many ways. One product’s proprietary server software would misbehave (read: open files but never close them, after a time running out of file descriptors) which would then cause its fleet of individual sensors to all start SYN flooding it. Another brand’s device model required us to spend lots of time manually updating them through every version of firmware because you were not allowed to jump straight to the latest version. I think it took an hour to complete the process for each unit (during which they’d get really hot and presumably throttle).

A bonus of tunnelling things back to our server over tinc was that everything was now encrypted. I used cheap GL.inet “mango” routers running OpenWRT to backhaul the sensors over the existing shared wifi network (rather than needing dedicated copper or wired VLANs). They worked almost like magic – a weird wifi stack reliability issue required me to write a watchdog that rebooted them, however, otherwise we were back on ladders every few days :| But once that pain was over things overall worked much better.

Aside: Don’t buy ANY off-the-shelf sensor product without first:

  1. Confirming that you’re not tied to their proprietary server software. Them claiming that they speak an open protocol is NOT enough.
  2. Buying a few to actually test the above AND reliability over the span of at least a week’s operation AND that they’re not just outright lying about the device’s accuracy/reliability/usefulness/etc

I made the mistake of being on holidays when the decisions on what to buy were made :P I ended up designing and building some of our sensor devices (somehow at a cheaper price even including my labour) that worked better for us, but shortly afterwards the funding ran out and I got a job elsewhere.

Create a post

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.


Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.


Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

  • 1 user online
  • 33 users / day
  • 134 users / week
  • 301 users / month
  • 2.32K users / 6 months
  • 1 subscriber
  • 3.01K Posts
  • 43.3K Comments
  • Modlog