tinc is a Virtual Private Network (VPN) daemon that uses tunnelling and encryption to create a secure private network between hosts on the Internet. tinc is Free Software and licensed under the GNU General Public License version 2 or later. Because the VPN appears to the IP level network code as a normal network device, there is no need to adapt any existing software. This allows VPN sites to share information with each other over the Internet without exposing any information to others. In addition, tinc offers encryption, authentication, compression, automatic mesh routing, NAT traversal, and network bridging. Supports IPv6, too.
Git: https://www.tinc-vpn.org/git/browse?p=tinc
In the AUR.
Self-hosting the things you used to put on the cloud might be appealing for you. Problem is, you'd like to be able to access your devices from anywhere. The solution is a virtual private network, or VPN. If you work remotely, you almost certainly are familiar with the process of connecting to a VPN to access your organization's network assets. Individuals can set up the same.
There are plenty of commercial implementations of Wireguard. Probably the best-known (and best-regarded) is Tailscale. And Tailscale is indeed fantastic! But in the spirit of owning as much of our stack as possible, I'm going to show you how to implement a Wireguard-based network from scratch, without third-party tools.
An open source, self-hosted implementation of the Tailscale control server.
Tailscale is a modern VPN built on top of Wireguard. It works like an overlay network between the computers of your networks using NAT traversal. Everything in Tailscale is Open Source, except the GUI clients for proprietary OS (Windows and macOS/iOS), and the control server. The control server works as an exchange point of Wireguard public keys for the nodes in the Tailscale network. It assigns the IP addresses of the clients, creates the boundaries between each user, enables sharing machines between users, and exposes the advertised routes of your nodes.
Headscale's goal is to provide self-hosters and hobbyists with an open-source server they can use for their projects and labs. It implements a narrow scope, a single Tailnet, suitable for a personal use, or a small open-source organisation. Please note that we do not support nor encourage the use of reverse proxies and container to run Headscale.
Seems like I could replace Nebula with this. And worry much less about Nebula certs silently expiring and fucking things up.
Like Tailscale (wireguard, actually) but running over the Veilid network.
Works with any Wireguard server (but if you use theirs you get some additional functionality). Supports MFA.
WireGuard road warrior installer for Ubuntu, Debian, AlmaLinux, Rocky Linux, CentOS and Fedora. This script will let you set up your own VPN server in no more than a minute, even if you haven't used WireGuard before. It has been designed to be as unobtrusive and universal as possible.
I recently needed to go on holiday, and was staying in a hotel with WiFi. Out of an abundance of paranoia, I decided to try setup a “router” that could sit between my devices and the hotel network.
Requires a USB wifi NIC in addition because the Pi has only one wireless interface.
I don't know why they needed to name a travel router this, but whatever.
Offshore.CAT is a compiled list of the real & genuine, along with the bad & garbage offshore services that we have either used/have had experience with in the past.
We publish these reports because I'm tired of getting asked what hosting they should use.
Offshore.CAT is not affiliated with any of the listed websites, our website takes zero responsibility from illegal or unethical usage. All informations are exposed as-is and might be not up to date if something recently changed.
List of "only yours" cloud services for everyday needs.
Nebula is a mutually authenticated peer-to-peer software defined network based on the Noise Protocol Framework. Nebula uses certificates to assert a node's IP address, name, and membership within user-defined groups. Nebula's user-defined groups allow for provider agnostic traffic filtering between nodes. Discovery nodes allow individual peers to find each other and optionally use UDP hole punching to establish connections from behind most firewalls or NATs. Users can move data between nodes in any number of cloud service providers, datacenters, and endpoints, without needing to maintain a particular addressing scheme.
Nebula was created to provide a mechanism for groups hosts to communicate securely, even across the internet, while enabling expressive firewall definitions similar in style to cloud security groups.
Tunnelblick is an open source OpenVPN client for MacOSX. You can either checkout and compile the source code yourself or you can download the .dmg packages for it. Note that if you're running Mountain Lion you'll have to grab the unstable version.
A website with a downloadable shell script which turns a raspi into a personal OpenVPN server. Lets you customize the configuration if you like. Appears to use a hardened OpenVPN configuration. The script will work with pretty much any Debian or Ubuntu v14.04 server you stand up someplace. The script can also be use to manage the server so you don't have to fight with the OpenVPN command lines.
A script that sets up openvpn on debian, ubuntu, centos, and arch linux. Interactive, will ask you questions used to generate configuration settings.
Another how-to for getting the Juniper's Java-based VPN client working on Linux machines.