The 8232 Project

I trust code more than politics.

  • 12 Posts
  • 48 Comments
Joined 1 year ago
cake
Cake day: February 25th, 2024

help-circle







  • Thank you for this!

    Is OPNsense like dd-wrt or OpenWrt?

    The thing is (and this is by no means a knock on you) if you are doing pen testing then you definitely need to increase your knowledge on networking.

    I have background in Wi-Fi hacking and LAN attacks, and I understand the structure of networking (LAN, WAN, layers of the internet, DNS, CAs, etc.). My head starts to hurt when RADIUS is involved, ad hoc networking (which I understand the concepts of, just not how it works. I want to learn this first), mDNS, and other complicated topics. I’m trying to push past those mental roadblocks and learn as best I can, but it’s a tricky topic!

    https://wiki.freeradius.org/

    There’s something to check out just to get some concepts. You can do plenty of things to harden your security that could give you the comfort you need without defaulting to encrypted connections over LAN.

    Thank you! I’ll definitely check this out. You’ve been a huge help!





  • This is fair, and does solve the problem. I didn’t explicitly state that I needed it to be convenient, so you’re right. Having one network that is LAN only and switching to it to use Jellyfin, and having a second network that is WAN only and using ProtonVPN there would probably be the most secure setup. Unfortunately, it still doesn’t solve the issue of encryption in transit over the LAN, but that might be fixable with Tailscale. The LAN could even be ethernet-only, to mitigate wireless attacks.

    That makes me wonder if there’s a way I could simply plug an ethernet cord from my phone to the airgapped Pi and use it that way. Is that possible? Surely it is. Could ProtonVPN be used on the phone even while the phone is connected physically to the Pi?





  • Okay, so you might be unfamiliar with networking

    I’m familiar with some parts of networking, but selfhosted VPNs are something I am unfamiliar with, so thank you for helping me out!

    No need to use Tailscale if you’re just using your Wi-Fi or Ethernet.

    I want it to be encrypted during transit, even if it is over the LAN.

    Tailscale/Headscale creates it’s own VPN network which will need its own IP space.

    This is what I was afraid of, because this means it probably can’t run alongside ProtonVPN, since it would fill up the VPN slot on Android, right?

    If so, it means we’ve come full circle. Unless there is a way to use Tailscale alongside ProtonVPN or a way to get Jellyfin clients to trust self-signed certificates, I don’t see any other option than buying a domain and exposing the server to the internet. Am I missing something?







  • So:

    • ProtonVPN is installed on my Android phone
    • Android has Always-on VPN enabled
    • Android has Block connections without VPN enabled
    • Host Jellyfin on my Raspberry Pi 5
    • Install Headscale on my Raspberry Pi 5
    • Install Headscale on my Android phone
    • Install a Jellyfin client on my Android phone
    • Configure everything

    And that will work? It will be encrypted during transit? And only run on the LAN? Does ProtonVPN need to allow LAN connections (I assume it does)?