Ah, the thrilling saga of #VPNs and moose conspiracies! Because when "Wireguard" isn't exotic enough, you dive into the abyss of the "shaitanmachine"—obviously the go-to for when your standard VPN is banned by some mysterious geopolitical overlord. Let's face it, the real challenge here is finding a VPN that isn't more of a mystery than the plot of a soap opera!
https://blog.nommy.moe/blog/exotic-mesh-vpn/ #mooseconspiracies #Wireguard #shaitanmachine #cybersecurity #HackerNews #ngated

Die FritzBox meiner Mutter ist so alt, die kann kein #Wireguard.

Also muss ich jetzt wirklich so einen lahmen #IPsec Site-to-Site bauen...

So I know that #OpenVPN is neither as fast nor as efficient as #WireGuard but OpenVPN is really good at obscuring its traffic. If you run it over TCP, it looks identitcal to an https connection. Therefore, OpenVPN will be a master at evading deep packet inspection on firewalls. OpenVPN still has its place, even though it will never match the raw performance of WireGuard.

Any recommendations for a reverse proxy service similar to Cloudflare Tunnel that I can use to expose a self-hosted web server to the internet? Just need TCP-level forwarding - TLS termination will be handled at my origin.

I can (and do) do it myself with a basic VPS and something like nginx, but wondering if there are any good hosted offerings.

Biggest release yet: 11 major features and nearly 100 bugfixes!

Mobile Clients with Internal MFA (TOTP/Biometry) and External SSOs.

Desktop Client adds External SSO/IdP MFA.

🫆 New: MFA on Desktop via Mobile Biometry

As an open company, we’ve launched public processes like the Architecture Decision Record and a page with pentesting findings & fixes (unique in VPNs, as far as we know).

Release notes: https://defguard.net/blog/defguard-15-release-notes/

So seit gestern läuft bei mir zuhause eine #OPNsense die per #WireGuard mit der OPNsense von #RollenspielMonster bei #Hetzner verbunden ist.
Schon geil einfach ohne einen weiteren #VPN aufbauen zu müssen auf alle Server zugreifen zu können.

So I've got an LXC container with Pi-Hole running for our LAN now. Next up I'm gonna look at setting up Wireguard in a way where I first hop from my phone to our LAN, and then hop to Mullvad from there. I need to somehow configure the Mullvad jump to be only applied to my phone and computers, while leaving my wife's computer and phone out of it.

Re-learning Ansible too. Need to share config between containers some way.

Ok the Parent's Fileserver (PFS) needs to be reachable over protocols that should not be port forwarded. My options are:

1. Site-to-Site wireguard (Mikrotik <-> Unifi)
2. Connect PFS as a client to the Mikrotik via wireguard
3. Place my entire k8s cluster and the PFS on tailscale

The PFS will be on tailscale anyway, since it needs to be reachable by my Dad's laptop.

So I guess the real question is, is it worthwhile to bother with tailscale on the cluster, or is a site-to-site a better or more useful option?

I think I am leaning towards the site-to-site to keep complexity lower.
#HomeLab #Networking #Kubernetes #Tailscale #Wireguard

Leider wurde im letzten Urlaub mein #WireguardVPN und #dnsovertls hin und wieder im WLAN blockiert.
Was gibt es den unkomploziertes dagegen für #selfhosted VPNs?

Es geht darum im Urlaub ne Deutsche IP zu haben und sein traffic in WLAN anderer zu schützen.

#Mullvad: Introducing #QUIC Obfuscation for #WireGuard

https://mullvad.net/en/blog/2025/9/9/introducing-quic-obfuscation-for-wireguard

Why yes, HBO, I am using a VPN. I set it up myself and I'm a bit proud of it. Thank you for noticing.

Also, fine. I'll turn it off for now.

Dear #followerpower,

when I want to setup a fully #selfhosted #Netbird overlay #VPN to replace my manual #wireguard VPN network, where would be the best location for the proxy/relay/etc servers when I have 3 #Proxmox nodes and a #Pfsense HA cluster?

Having the central control servers behind pfsense seems no good solution. Having them on the Proxmox cluster somehow neither.
So, maybe it's best to locate these services onto a other VPS server outside of my own /26 network outside of the Proxmox cluster?

The desired network would consist of
- 3 node Proxmox cluster with /26 IPv6 & /48 IPv6
- 1 VPS with IPv4 & IPv6 connectivity
- 1 VPS with IPv4 only
- 1 DSL dialup site
- 1 Fibre dialup site with pfsense firewall
- maybe 2 or 3 more DSL dialup sites as well

Any recommendations?

Coworker was nerding out about Tailscale today. So I guess I'm trying Tailscale at home.

I utilize Wireguard to VPN back home, so I'm not entirely sure I'm going to do with this. Guess we'll see.

Mullvad VPN introduces QUIC obfuscation for WireGuard.
Tunnels VPN traffic via HTTP
Much harder to block
Live on desktop v2025.9, mobile updates soon

More here: https://www.technadu.com/mullvad-vpn-launches-quic-obfuscation-for-wireguard-to-help-users-beat-internet-blocks/608963/

Mullvad VPN rolls out QUIC obfuscation for WireGuard on all desktop platforms! This new feature disguises VPN traffic as regular web browsing , helping users evade censorship & firewall blocks seamlessly. Available in v2025.9, coming soon to mobile! #VPN #Privacy #Censorship #WireGuard #newz

Read more: https://cyberinsider.com/mullvad-adds-quic-obfuscation-for-wireguard-to-evade-censorship/

Oh look! Another tech bro masterpiece: bridging #WireGuard into #Tailscale using #Docker because why not add another layer of complexity? GitHub is probably thrilled to host yet another over-engineered solution to a problem nobody knew existed.
https://github.com/juhovh/tailguard #techbro #masterpiece #complexity #overengineering #HackerNews #ngated