3 Dec
2021
3 Dec
'21
1:25 p.m.
On Thu, 2 Dec 2021, Kristjan Komlo?i via 44Net wrote:
Considering that hamradio doesn't allow
encryption, OpenVPN and
Wireguard are off the table. What I think would be cooler is if we tried
Encryption is not allowed _over the air_. There is nothing wrong with
running encryption over the public internet or between devices or over a
NAT edge. It has to be GRE or another VPN method with the encryption
turned off. OpenVPN supports an encryption of "none". Ubiquiti's EdgeOS
no longer allows that to be passed to OpenVPN however. It's important to
note that turning off encryption opens up the possibility of replay
attacks and other misbehavior. Defense in depth should always be
part of the implementation. Use in conjuction with firewall rules.
--
Kris Kirby, KE4AHR
Disinformation Architect, Systems Mangler, & Network Mismanager