Gentoo centric VPN

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Gentoo centric VPN

james-3
So, I need to be able setup and tear down a 4-component network.
Sometimes all (4) systems will be in the same location, probably about
50% of the time.

My (3) personal systems are:
(1) gentoo laptop (Open RC if that matters)
(1) window-7 laptop
(1) Android Cell (galaxy note 9)

These (3) are with me most about 70% of the time, but
often they will be in different locations hundreds of miles apart.


(1) The  corporate windows workstation/server. (always stationary).
(4) Total, often just the the (3) systems on this transient net.


So, my research suggest that WireGuard might be best because most of
what I'm moving around is a wide variety of image types, as well as
video and 3D/4D files  and binaries for odd-ball embedded devices, of a
wide variety. Eventually the file movement will be mostly automated
(scripted). WireGuard purports to have the most bandwidth capabilities
and some of these file_sets will be in the  gigabyte range often.


I've found lots to read and noodle with, but I'm curious what  (gentoo)
folks would suggest. For starters it cannot use an outsourced VPN;
that's dictated by others. So a "home-spun VPN" is warranted.


From others ::
"But WireGuard being awesome is old news. The new news is that now
there�s an easy way to integrate it into Android ROMs and kernels. "



https://opensource.com/article/18/8/open-source-tools-vpn

https://www.wireguard.com/install/

https://github.com/max-moser/network-manager-wireguard

https://forum.xda-developers.com/android/development/wireguard-rom-integration-t3711635


Those are a few links I found, but I really want a gentoo centric
method. Others suggests, for custom ROMs, to anything to secure the
Android phone and get rid of the "crap apps" would be most welcome. If I
cannot get rid of them I'd like a systematic way to bury those pesky
Android apps that pedestrian use, down the tree somewhere. I guess what
I'm trying to say is once I get the (4) devices working, I'll be testing
a variety of way to setup Android or embedded gentoo on that Android
Galaxy-9 so I control the stack, it can deeply sniffed, either on the
internal device or on external ports, via Deep Packet Inspection codes
on the ports via other microprocessors running embedded gentoo.

Use Gentoo prefix?

An android experimental stack?

I have a second cell phone so I can do whatever I need to with the
Android Galaxy Note 9. Jtag or other low level hardware programmers are
of keen interest; mandatory. Perhaps Samsung or another vendor sells the
hardware programming equipment? 5G bandwidth is definitely front and
center, when and where it's available, but ignored for now or until
those phones are available.


Discussion, ideas and suggestions are most welcome.


curiously,
James

Reply | Threaded
Open this post in threaded view
|

Re: Gentoo centric VPN

William Kenworthy
On 05/09/18 20:15, james wrote:

> So, I need to be able setup and tear down a 4-component network.
> Sometimes all (4) systems will be in the same location, probably about
> 50% of the time.
>
> My (3) personal systems are:
> (1) gentoo laptop (Open RC if that matters)
> (1) window-7 laptop
> (1) Android Cell (galaxy note 9)
>
> These (3) are with me most about 70% of the time, but
> often they will be in different locations hundreds of miles apart.
>
>
> (1) The  corporate windows workstation/server. (always stationary).
> (4) Total, often just the the (3) systems on this transient net.
>
>
> So, my research suggest that WireGuard might be best because most of
> what I'm moving around is a wide variety of image types, as well as
> video and 3D/4D files  and binaries for odd-ball embedded devices, of a
> wide variety. Eventually the file movement will be mostly automated
> (scripted). WireGuard purports to have the most bandwidth capabilities
> and some of these file_sets will be in the  gigabyte range often.
>
>
> I've found lots to read and noodle with, but I'm curious what  (gentoo)
> folks would suggest. For starters it cannot use an outsourced VPN;
> that's dictated by others. So a "home-spun VPN" is warranted.
>
>
> From others ::
> "But WireGuard being awesome is old news. The new news is that now
> there�s an easy way to integrate it into Android ROMs and kernels. "
>
>
>
> https://opensource.com/article/18/8/open-source-tools-vpn
>
> https://www.wireguard.com/install/
>
> https://github.com/max-moser/network-manager-wireguard
>
> https://forum.xda-developers.com/android/development/wireguard-rom-integration-t3711635
>
>
> Those are a few links I found, but I really want a gentoo centric
> method. Others suggests, for custom ROMs, to anything to secure the
> Android phone and get rid of the "crap apps" would be most welcome. If I
> cannot get rid of them I'd like a systematic way to bury those pesky
> Android apps that pedestrian use, down the tree somewhere. I guess what
> I'm trying to say is once I get the (4) devices working, I'll be testing
> a variety of way to setup Android or embedded gentoo on that Android
> Galaxy-9 so I control the stack, it can deeply sniffed, either on the
> internal device or on external ports, via Deep Packet Inspection codes
> on the ports via other microprocessors running embedded gentoo.
>
> Use Gentoo prefix?
>
> An android experimental stack?
>
> I have a second cell phone so I can do whatever I need to with the
> Android Galaxy Note 9. Jtag or other low level hardware programmers are
> of keen interest; mandatory. Perhaps Samsung or another vendor sells the
> hardware programming equipment? 5G bandwidth is definitely front and
> center, when and where it's available, but ignored for now or until
> those phones are available.
>
>
> Discussion, ideas and suggestions are most welcome.
>
>
> curiously,
> James
>
Have not used wireguard.

all running over port 443

openvpn for linux/android

proxytunnel on windows to stunnel on a linux server for the corporate
network.

Use the sslh multiplexor to control and switch incoming ssl.

Unfortunately I have some difficult networks to get out of.  Performance
is ok for gentoo distfile download from my repo, but I have not tried
super large files.


BillK



Reply | Threaded
Open this post in threaded view
|

Re: Gentoo centric VPN

james-3
On 9/5/18 8:44 AM, Bill Kenworthy wrote:

> On 05/09/18 20:15, james wrote:
>> So, I need to be able setup and tear down a 4-component network.
>> Sometimes all (4) systems will be in the same location, probably about
>> 50% of the time.
>>
>> My (3) personal systems are:
>> (1) gentoo laptop (Open RC if that matters)
>> (1) window-7 laptop
>> (1) Android Cell (galaxy note 9)
>>
>> These (3) are with me most about 70% of the time, but
>> often they will be in different locations hundreds of miles apart.
>>
>>
>> (1) The  corporate windows workstation/server. (always stationary).
>> (4) Total, often just the the (3) systems on this transient net.
>>
>>
>> So, my research suggest that WireGuard might be best because most of
>> what I'm moving around is a wide variety of image types, as well as
>> video and 3D/4D files  and binaries for odd-ball embedded devices, of a
>> wide variety. Eventually the file movement will be mostly automated
>> (scripted). WireGuard purports to have the most bandwidth capabilities
>> and some of these file_sets will be in the  gigabyte range often.
>>
>>
>> I've found lots to read and noodle with, but I'm curious what  (gentoo)
>> folks would suggest. For starters it cannot use an outsourced VPN;
>> that's dictated by others. So a "home-spun VPN" is warranted.
>>
>>
>> From others ::
>> "But WireGuard being awesome is old news. The new news is that now
>> there�s an easy way to integrate it into Android ROMs and kernels. "
>>
>>
>>
>> https://opensource.com/article/18/8/open-source-tools-vpn
>>
>> https://www.wireguard.com/install/
>>
>> https://github.com/max-moser/network-manager-wireguard
>>
>> https://forum.xda-developers.com/android/development/wireguard-rom-integration-t3711635
>>
>>
>> Those are a few links I found, but I really want a gentoo centric
>> method. Others suggests, for custom ROMs, to anything to secure the
>> Android phone and get rid of the "crap apps" would be most welcome. If I
>> cannot get rid of them I'd like a systematic way to bury those pesky
>> Android apps that pedestrian use, down the tree somewhere. I guess what
>> I'm trying to say is once I get the (4) devices working, I'll be testing
>> a variety of way to setup Android or embedded gentoo on that Android
>> Galaxy-9 so I control the stack, it can deeply sniffed, either on the
>> internal device or on external ports, via Deep Packet Inspection codes
>> on the ports via other microprocessors running embedded gentoo.
>>
>> Use Gentoo prefix?
>>
>> An android experimental stack?
>>
>> I have a second cell phone so I can do whatever I need to with the
>> Android Galaxy Note 9. Jtag or other low level hardware programmers are
>> of keen interest; mandatory. Perhaps Samsung or another vendor sells the
>> hardware programming equipment? 5G bandwidth is definitely front and
>> center, when and where it's available, but ignored for now or until
>> those phones are available.
>>
>>
>> Discussion, ideas and suggestions are most welcome.
>>
>>
>> curiously,
>> James
>>
> Have not used wireguard.
>
> all running over port 443
>
> openvpn for linux/android
>
> proxytunnel on windows to stunnel on a linux server for the corporate
> network.
>
> Use the sslh multiplexor to control and switch incoming ssl.
>
> Unfortunately I have some difficult networks to get out of.� Performance
> is ok for gentoo distfile download from my repo, but I have not tried
> super large files.
>
>
> BillK

Thanks BillK. I'll test this and post-back. I'm going to test a variety
of suggestions, with deference to a gentoo-centric solution.

James