seanho00
commented
7 years ago Or maybe just keep VPN servers and web servers separate; I have plenty of VPSes to use. Tinc can stay on its default port for most hosts,and run on 443 on the VPN hosts.
Closed seanho00 closed 7 years ago
seanho00
commented
7 years ago Or maybe just keep VPN servers and web servers separate; I have plenty of VPSes to use. Tinc can stay on its default port for most hosts,and run on 443 on the VPN hosts.
SSL/TLS on port 443 is the only transport that can consistently get through firewalls, e.g., hotel Wi-Fi. Consider running all public-facing services through sslh multiplexing?
Or perhaps keep ssh separate on non-standard port, so ansible can still get in if sslh breaks?
May impact #56