Support VPN Client



  • Such as PPTP and OpenVPN

    Even if PPTP is considered insecure it is very useful when it come time to have a static IP at home or for a Small Office, it is also faster than OpenVPN.

    Supporting OpenVPN would open the world to privacy-minded people.





  • @jdaviescoates said in Support VPN Client:

    OpenVPN is already in the app store

    I'm talking about OpenVPN Client so the Cloudron Server could connect to a VPN providers
    the OpenVPN available in the app store the server version



  • @JOduMonT said in Support VPN Client:

    Even if PPTP is considered insecure it is very useful when it come time to have a static IP at home or for a Small Office, it is also faster than OpenVPN.

    This is wrong in every sense of the word. OpenVPN is more secure and much faster. It can also use static IPs, Dynamic DNS, and even supports authentication with LDAP.

    @JOduMonT said in Support VPN Client:

    I'm talking about OpenVPN Client so the Cloudron Server could connect to a VPN providers
    the OpenVPN available in the app store the server version

    OpenVPN client can be installed via cli directly on the server (unsupported modification) and configured like any linux server to use openvpn client.



  • I would like to take a step back to understand what the use case is. If I understand correctly, you want Cloudron to connect to some OpenVPN server. Can you clarify why this is needed?



  • @girish said in Support VPN Client:

    Cloudron to connect to some OpenVPN server

    you understood me perfectly

    example of usage

    in the case than you prefer hosting your data at home/office instead of in the cloud
    a lot of those have the issue of dynamic IP which is manageable via dyndns, but if you want to send email without relaying on a third party, because you are an data sovereignist extremist and/or a privacy conscientious, you would prefer to use a service such as PureVPN which offer a static IP over PPTP which allow you to open port online and manage your PTR, so as a mailserver you could be clean and able to send email from home/office without paying a crazy price for a static IP and/or having a business Internet Account.

    If we push the idea forward and we don't force all the traffic to pass-through, it could be use by transmission and/or qBitTorrent to download.



  • @JOduMonT That idea, although novel, will fail in the real world.
    Spammers have abused all popular methods to get static IPs for their purposes. Except for a vanishingly small set of carefully curated IPs, mail is going in the spam folder. I host my email at home, with Cloudron. I tried running my own SMTP, but the IP problem is neigh unavoidable.

    Here is a quick test before you dump time into this. Log in to your VPN, take your static IP, and check all the major spam checkers. Do at least 10. If you are on any of them, chances are you'll have mail deliver problems.

    I've been thinking a TON about digital identity, what tells the world we are who we say we are. With email, its a broken and old mish-mash of technology, but one of the pillars of only living. Less important but rising in popularity is Mobile Number.

    Not sure how to do this in a way that keeps your data in your hands, but also plays well with others.

    I gave up, signed up for Sendgrid. It works fantastic as a mail relay. Good luck.



  • @JOduMonT Ah ok, thanks for the explanation. Previously, some customers had asked for Argo tunnel integration because they had a dynamic IP/wanted to hide their IP entirely.

    P.S: I moved this topic to discuss



  • @will said in Support VPN Client:

    Log in to your VPN

    I understand your point but these IP could be cleaned on request
    and surprisingly PureVPN Singapore
    https://bgp.he.net/ip/43.228.157.1#_rbl
    all the AS36351 is green (for now at least)

    @will said in Support VPN Client:

    I gave up, signed up for Sendgrid.

    You didn't completely gave up, you still host your own email no, which still better than storing you email in clear on a 3rd parties server. 😉



  • @JOduMonT You're right, I just wish we could move faster away from email and mobile numbers for identity. More to something like a PIV card.
    In the US military we used something called a Common Access Card. PIV/PKI authentication to do just about everything. Estonia's E-residency does something similar.



  • If you don't own the VPN server how is routing the send through a 3rd party VPN server any more private than sending it through a 3rd party relay (eg. Sendgrid, Mailgun, Amazon...)?

    I've actually been interested in similar features but for very different reasons. I have my Cloudron hosted on a VPS, but I also have some services hosted at home on a RPi and NAS. I don't expose my home to the public internet except via a VPN, so connecting a Cloudron service to my home network could be useful.

    I don't have a strong usecase for it right now though and I'm making due with a set of Docker containers forwarding ports over SSH. https://git.iamthefij.com/iamthefij/dockamole. I'm currently working on a Dockamole server Cloudron app that will allow me to access the Cloudron LDAP server remotely for SSO on other hosts. I also hoped I'd be able to access graphite so I could aggregate Cloudron metrics into my Grafana instance, but it doesn't seem like Graphite is reachable from a Cloudron app.


Log in to reply