#DerStandard:
"
Trumps Kürzungsrausch gefährdet für das Internet wichtige Open-Source-Projekte

Die neue US-Regierung entzieht dem Open Technology Fund die Mittel. Von diesem sind unter anderem Let’s Encrypt, Tor und F-Droid finanziell abhängig. Der OTF hat Klage eingereicht
"
https://www.derstandard.at/story/3000000263520/lets-encrypt-tor-trump-kuerzungen-gefaehrden-fuer-das-internet-wichtige-open-source-projekte?ref=article

30.3.2025

The Open Technology Fund has filed a lawsuit against the Trump administration for cutting funding previously authorized by Congress

The organization is part of the United States Agency for Global Media and is a major sponsor for #Tor, #letsencrypt #OpenVPN, and many anti-surveillance projects

The White House cut USAGM funding earlier this month through a presidential executive order
https://news.bloomberglaw.com/federal-contracting/open-technology-fund-sues-global-media-agency-over-fund-freeze (paywalled)

Anyone seen how to tell #openvpn to use the #FreeBSD opvn(4) option? - let's me use DCO - but there's no examples I can find which show what to do. First step done: kldload if_ovpn

I find edge cases.

On an scp over a VPN, I get: ssh_ssh_dispatch_run_fatal: Connection to 10.1.0.17 port 22: message authentication code incorrect

Are you using client-connect in your #openvpn script?

If so, will your share that script with me please?

Thanks.

#SysadminLife pondering…

Given
- Remote #Debian/#Ubuntu server
- can‘t be accessed from internet
- behind (CG-)NATv4, no IPv6
- can reach any outside tcp/udp port

- A network under my full control
- Firewall can do: #IPSec, #Wireguard, #OpenVPN, #Tailscale/#Headscale Client
- I can self host any opensource service/container, and expose it

Challenge
- Make services on that server accessible TO my network
- server MUST NOT reach ONTO my network
- No 3rd party service dependence

Hey #homelab users!

You probably already know me by my free @BoxyBSD project and I often got asked about IPv4 addresses. Currebtly, I tinker with a new but also honestly not free service. The idea is creating a static IP service for homelab users. I'm aware that there're already some around, so what could be some benefits here?

- Static single #IPv4 & #IPv6 /48 (so you can subnet your homelab to several /64 without breaking #slacc)
- Bigger subnets (IPv4: /29, /28, /27 | IPv6: /32)
- Full RIPE personalization (inc. abuse & Co)
- #OpenVPN, #Wireguard, #GRE Support
- Auto configure (e.g., you load the wireguard config on any client and the addresses Arena immediately bound to that interface)
- Split usage / multiple tunnels: Use different IPs from your subnets at different locations
- Integration into #BoxyBSD
- Location in Germany or Netherlands (selectable)
- Hosted on redundant #FreeBSD nodes

Pricing:
- The starter package probably around 10€/month (not more) + 15€ setup including 2T traffic
- Pricing for addiriinal/larger subnets not yet sure, probably higher setup fees to avoid hoppers and spamers to keep the addresses clean
- Optional traffic packages (when exceeding speed Limit of 10Mbit which should still be ok for most homelabs)

World this be interesting? Im aware that many ones already do this by VPS themselves, so this might just be a bit easier and optionally offering whole networks including RIPE personalizations.

This morning I worked on my existing #OpenVPN #ansible role for the new gateway. I've copied most of the configuration away from the existing server. Now It's a matter of templating & testing.

I'm doing the #ansible configuration of #OpenVPN server:

* at home
* on a #FreeBSD host
* with a dynamic IP address

May be an interesting challenge - I've been doing it for 10+ years, but most of the heavy lifting has been handled by the appliance.

e.g. when an IP address change happens

* handling IP address change
* getting the routing right
* any pf stuff to reset?
* other issues I'm not comprehending yet

I'm guessing that some of the issues may not be relevant because I'm just not using those features

The #firewall of #Iran was kind of a mystery in it's sophistication and maturity. Some told me it's even more potent than the #GreatFirewall of #China.

Reading through a recently published report gives a good understanding on how nationwide #censorship systems work. The report is accessible here

I don’t know if this is my lab or anything else, but #Wireguard is faster than #OpenVPN on #IPv6.
On #IPv4 it’s almost the same.
But I prefer WireGuard for this reason on my setup.
#FreeBSD #jail #bastilleBSD

Today, I'm grateful for #Tor and for #OpenVPN servers that use TCP.

Amazing! @reynir wrote an article about his discoveries of two CVE in OpenVPN while re-implementing the same protocol -- TL;DR: it's worth to spend time and money on re-developing network & security protocols. Read it at https://blog.robur.coop/articles/2024-08-21-OpenVPN-and-MirageVPN.html

Now and then it would be nice to run a few commands with VPN enabled without interfering with other tasks.

OpenVPN does not support network namespaces directly, but as a proof of concept I have written an `up` script that configures the tun device inside a network namespace.

This allows me to run commands (including bash) with `ip netns exec vpn cmd`

https://codeberg.org/pmakholm/openvpn-netns/src/branch/main/vpn-up.sh

It seems to be impossible to connect to @mullvadnet via the #SNCF train #wifi, despite the SNCF website explicitly saying #VPN is allowed.

Does anyone have similar experiences or solutions? I tried various country servers, #Wireguard and #OpenVPN, IPv4 and IPv6.