23 Feb
2023
23 Feb
'23
2:16 p.m.
I was getting ready to say the same thing. A vpn service provider is MUST issue you a
private key for your connection only (that is the only way the service works). BUT they
are NEVER going to send you the private key for their server. That is exactly what we do
for IRLP VPN to provide basic connectivity. We are now approaching 500 repeaters (nodes)
with 44.127.x.x IP addresses.
OTOH, we use PGP to authenticate all connections in to the IRLP network and connections
between repeaters (regardless of VPN use). The private key is generated during their
installation of the software, but never leaves the IRLP computer. Public keys are
collected and circulated throughout the network. A human reviews and authorizes a specific
key be added to the public key ring. But this is completely separate from the use of a
VPN.
—
Dave K9DC, K9IP
On Feb 23, 2023, at 13:53, lleachii--- via 44net
<44net(a)mailman.ampr.org> wrote:
It was noted that some users would find key generation, etc. to be quite
advanced/expert.
It's interesting that was noted.
A main reason I understood some commercial companies generate a private key for you - is
so that they can offer you a complete Wireguard configuration file for setup purposes.
They would be unable to do that via a public-key-only exchange/setup with the remote
peer.
73,
- Lynwood
KB3VWG