Support VPN Client
-
Such as PPTP and OpenVPN
Even if PPTP is considered insecure it is very useful when it come time to have a static IP at home or for a Small Office, it is also faster than OpenVPN.
Supporting OpenVPN would open the world to privacy-minded people.
-
@JOduMonT OpenVPN is already in the app store https://cloudron.io/store/io.cloudron.openvpn.html
-
@jdaviescoates said in Support VPN Client:
OpenVPN is already in the app store
I'm talking about OpenVPN Client so the Cloudron Server could connect to a VPN providers
the OpenVPN available in the app store the server version -
@JOduMonT said in Support VPN Client:
Even if PPTP is considered insecure it is very useful when it come time to have a static IP at home or for a Small Office, it is also faster than OpenVPN.
This is wrong in every sense of the word. OpenVPN is more secure and much faster. It can also use static IPs, Dynamic DNS, and even supports authentication with LDAP.
@JOduMonT said in Support VPN Client:
I'm talking about OpenVPN Client so the Cloudron Server could connect to a VPN providers
the OpenVPN available in the app store the server versionOpenVPN client can be installed via cli directly on the server (unsupported modification) and configured like any linux server to use openvpn client.
-
I would like to take a step back to understand what the use case is. If I understand correctly, you want Cloudron to connect to some OpenVPN server. Can you clarify why this is needed?
-
@girish said in Support VPN Client:
Cloudron to connect to some OpenVPN server
you understood me perfectly
example of usage
in the case than you prefer hosting your data at home/office instead of in the cloud
a lot of those have the issue of dynamic IP which is manageable via dyndns, but if you want to send email without relaying on a third party, because you are an data sovereignist extremist and/or a privacy conscientious, you would prefer to use a service such as PureVPN which offer a static IP over PPTP which allow you to open port online and manage your PTR, so as a mailserver you could be clean and able to send email from home/office without paying a crazy price for a static IP and/or having a business Internet Account.If we push the idea forward and we don't force all the traffic to pass-through, it could be use by transmission and/or qBitTorrent to download.
-
@JOduMonT That idea, although novel, will fail in the real world.
Spammers have abused all popular methods to get static IPs for their purposes. Except for a vanishingly small set of carefully curated IPs, mail is going in the spam folder. I host my email at home, with Cloudron. I tried running my own SMTP, but the IP problem is neigh unavoidable.Here is a quick test before you dump time into this. Log in to your VPN, take your static IP, and check all the major spam checkers. Do at least 10. If you are on any of them, chances are you'll have mail deliver problems.
I've been thinking a TON about digital identity, what tells the world we are who we say we are. With email, its a broken and old mish-mash of technology, but one of the pillars of only living. Less important but rising in popularity is Mobile Number.
Not sure how to do this in a way that keeps your data in your hands, but also plays well with others.
I gave up, signed up for Sendgrid. It works fantastic as a mail relay. Good luck.
-
@JOduMonT Ah ok, thanks for the explanation. Previously, some customers had asked for Argo tunnel integration because they had a dynamic IP/wanted to hide their IP entirely.
P.S: I moved this topic to discuss
-
@will said in Support VPN Client:
Log in to your VPN
I understand your point but these IP could be cleaned on request
and surprisingly PureVPN Singapore
https://bgp.he.net/ip/43.228.157.1#_rbl
all the AS36351 is green (for now at least)@will said in Support VPN Client:
I gave up, signed up for Sendgrid.
You didn't completely gave up, you still host your own email no, which still better than storing you email in clear on a 3rd parties server.
-
@JOduMonT You're right, I just wish we could move faster away from email and mobile numbers for identity. More to something like a PIV card.
In the US military we used something called a Common Access Card. PIV/PKI authentication to do just about everything. Estonia's E-residency does something similar. -
If you don't own the VPN server how is routing the send through a 3rd party VPN server any more private than sending it through a 3rd party relay (eg. Sendgrid, Mailgun, Amazon...)?
I've actually been interested in similar features but for very different reasons. I have my Cloudron hosted on a VPS, but I also have some services hosted at home on a RPi and NAS. I don't expose my home to the public internet except via a VPN, so connecting a Cloudron service to my home network could be useful.
I don't have a strong usecase for it right now though and I'm making due with a set of Docker containers forwarding ports over SSH. https://git.iamthefij.com/iamthefij/dockamole. I'm currently working on a Dockamole server Cloudron app that will allow me to access the Cloudron LDAP server remotely for SSO on other hosts. I also hoped I'd be able to access graphite so I could aggregate Cloudron metrics into my Grafana instance, but it doesn't seem like Graphite is reachable from a Cloudron app.
-
I come back on that idea, because a lot of people seams to only see the usage of hiding your services behind.
In my case, my Provider (ISP) block port 25 and 80, with a VPN, those will be open.
So it is not to hide myself, but to open up to the world
And between PPTP vs OpenVPN Client, it don't really matter, I just thought PPTP would be faster since it has less encryption.
-
@jodumont I don't know a single commercial VPN provider that provides a public IP to each VPN connection. So your server would still be behind a NAT, and would most certainly not have inbound 25 and 80 available.
-
@mehdi said in Support VPN Client:
I don't know a single commercial VPN provider that provides a public IP to each VPN connection
Public IPv4 address | OVPN
https://www.ovpn.com/en/features/public-ipv4 -
@mehdi said in Support VPN Client:
I don't know a single commercial VPN provider that provides a public IP to each VPN connection
It is probably because you didn't fell the need
I lived in Switzerland and before in Canada, where Torrenting and self hosting is not an issue.
But since I'm in Thailand; first, Torrenting is it as the Government fell about you, and the Internet is monitored and limited (not as much than China but still) they block several ports and websites.It took me a while to find and I chat with a lot of online support to find few of them
Has I will not recommend it but still a good example PureVPN support this
you control which port you open with OpenVPN but the IP is dynamic and yes it still through a NAT, and you could buy a static IP available via only PPTP (which they don't claim at loud).If I remember well mullvad also offer this kind of service
My idea came from: https://labriqueinter.net
