• 0 Posts
  • 8 Comments
Joined 2 years ago
cake
Cake day: June 15th, 2023

help-circle

  • SFP is pretty straightforward. Most of the SFP modules you can buy you just connect and they work. For something like that, you would be doing fiber to ethernet hand off at a switch. Then you have pretty much everything run to the switch including router and just VLAN isolate. It’s not super complicated, but if you never messed with VLANs it might be better to go with something pre-packaged unless you’re up for learning.

    You could also do a DIY router and run a multi-gig SFP+ network card over PCIe. You still have to purchase a separate SFP module for that, but that is another option.


  • I set up a backup cell connection to my cable internet connection. Sketchy Chinese 4G LTE modem. My router was a DIY job I set up off of Ubuntu Server. Everything ran to a Cisco switch and then was VLAN isolated. For the two WAN connections, I ran scripts from the router that periodically tried to reach out to several DNS providers and then average response rates to determine if the main connection was up. If not then it would modify default routes and push everything to the cell.

    The cell connection had pretty low data cap, so it was just for backup and wasn’t a home style plan. I used the old TTL modification trick to get it to pass data like a phone. When I moved the backup to 5G, TTL modification stopped working and I had to resort to creating tunnel interfaces to an actual phone. Since that tunnel is limited in bandwidth to the lowest value, my speeds were really cut in half.


  • Morgikan@lemm.eetoSelfhosted@lemmy.worldAny feedback from port knockers ?
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    1
    ·
    edit-2
    1 year ago

    A VPN would give you access to a network, but not necessarily the devices on that network. It adds another layer of security as the user not only has to have SSH credentials/keys, but they also have to have the same for the VPN. SSH and VPNs would really be used in conjunction with each other.

    It’s onion security.



  • Typically schools and universities have acceptable use policies for student VPNs. It is not very difficult to detect VPN setup on a network and universities almost always have at least some form of network monitoring happening.

    That said, VPNs are often times blocked and so is SFTP. Most universities I’ve done work with have a requirement that the traffic will be blocked unless you can make a case to IT as to why you need that access.

    There are few legitimate use cases for student VPNs and IT staff are usually not idiots and understand what you are up to.



  • Morgikan@lemm.eetoSelfhosted@lemmy.worldDNS hijacking
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    Just throwing out a couple of other solutions I didn’t see mentioned for DoH/DoT:

    1. CoreDNS
    2. Blocky

    Both of those support encryption and allow for DNSBL. If you are wanting to hand out DNS entries over DHCP it may a problem with your ISPs router there. Either replace it, sit one you do control between it and your network, or run DHCP snooping from a switch to restrict it’s DHCP.