Conversation

Notices

1. Embed this notice
   Solène :flan_hacker: (solene@bsd.network)'s status on Sunday, 19-Jan-2025 20:04:11 JST Solène :flan_hacker:

   Is anyone aware of an open source project to create a gateway between 2 networks and force traffic over a VPN?

   Basically, I think of a raspberry pi that would connect over WiFi and provide network to a computer on ethernet. The pi would establish a VPN and make sure the computer packets do not leak. This could also act as a simple firewall so that you can let the computer handle the VPN but to a couple of IP only.

   I already designed all features that could be provided, how to manage the thing too, but before going further I wondered if such project did not exist yet? I wasn't able to find anything except expensive commercial products. And having to do all the configuration from something bare is not an option (due to skill issues for end users and risks of misconfiguration).

   • Embed this notice
     Solène :flan_hacker: (solene@bsd.network)'s status on Monday, 20-Jan-2025 00:52:07 JST Solène :flan_hacker:

     in reply to

     • Filipi Limi

     @morenonatural yes, looks like it, but it's not something you can build yourself

     nitrokey has a product too https://shop.nitrokey.com/shop/nw750-nitrowall-nw750-590?search=nitrowall#attr=

   • Embed this notice
     Filipi Limi (morenonatural@todon.nl)'s status on Monday, 20-Jan-2025 00:52:08 JST Filipi Limi

     in reply to

     @solene the viwib seems to check a lot of boxes in that list

     https://ungleich.ch/u/products/viwib-wifi-ipv6-box/

   • Embed this notice
     Petros Chrysovitsinos (petegoldenbar@mastodon.social)'s status on Monday, 20-Jan-2025 03:11:58 JST Petros Chrysovitsinos

     in reply to

     @solene i think a Beryl AX (GL-MT3000) would be perfect for your use case. It will act as a Wireguard client to establish the connection to your Wireguard VPN Server.

   • Embed this notice
     Solène :flan_hacker: (solene@bsd.network)'s status on Monday, 20-Jan-2025 03:11:58 JST Solène :flan_hacker:

     in reply to

     • Petros Chrysovitsinos

     @petegoldenbar seems great but this is a commercial product :(

   • Embed this notice
     Alexandre Oliva (moving to @lxo@snac.lx.oliva.nom.br) (lxo@gnusocial.jp)'s status on Monday, 20-Jan-2025 04:04:36 JST Alexandre Oliva (moving to @lxo@snac.lx.oliva.nom.br)

     in reply to
     that sounds like a job for openvpn with explicit routes
   • Embed this notice
     Solène :flan_hacker: (solene@bsd.network)'s status on Monday, 20-Jan-2025 04:16:43 JST Solène :flan_hacker:

     in reply to

     • Alexandre Oliva (moving to @lxo@snac.lx.oliva.nom.br)

     @lxo what happens if your firewall fails and openvpn does not establish or does not start? leaks :)

   • Embed this notice
     Alexandre Oliva (moving to @lxo@snac.lx.oliva.nom.br) (lxo@gnusocial.jp)'s status on Monday, 20-Jan-2025 13:46:18 JST Alexandre Oliva (moving to @lxo@snac.lx.oliva.nom.br)

     in reply to
     aah, globally routable addresses? yeah, that requires some extra care indeed. now, this brought openswan (?) tunnels to mind; I recall reading some docs that IIRC were meant ot address this kind of scenario, but that was way too long ago (I guess 20+ years), the memory is too dim, I'm not even sure it would be useful any more :-(
     
     I'd probably still go with openvpn, and add safeguards such as blackhole routes and firewalling on both ends to avoid leaks, if I had to deal with public IP addresses. but it would all be much safer without public IP addresses.