I laugh when I see stuff like this. VPNs aren't monolithic things. There's ipsec, many forms of tcp tunneling, there's even some udp options depending on what you're tunneling. If you don't use dns, and tunnel over tcp:443, there's literally no way to detect or block a tunnel. Legislate away, lol
Fascism comes for the VPN
November 17, 2025 at 6:37 PM
I laugh when I see stuff like this. VPNs aren't monolithic things. There's ipsec, many forms of tcp tunneling, there's even some udp options depending on what you're tunneling. If you don't use dns, and tunnel over tcp:443, there's literally no way to detect or block a tunnel. Legislate away, lol
난 애초에 KT 평문 문자 전송 기사도 이상함…
음성이랑 동일하게 IPSec 안탄거면 그냥 암호화가 안된거라 음성과 동급인건데 갑자기 E2E 개소리를 하기 시작함…
RCS에도 E2E 들어간게 얼마 안되었는데요?????
기술적으로 SMS/MMS에 E2E를 어떻게 함?????
이메일도 못하는걸?????
음성이랑 동일하게 IPSec 안탄거면 그냥 암호화가 안된거라 음성과 동급인건데 갑자기 E2E 개소리를 하기 시작함…
RCS에도 E2E 들어간게 얼마 안되었는데요?????
기술적으로 SMS/MMS에 E2E를 어떻게 함?????
이메일도 못하는걸?????
November 14, 2025 at 5:59 AM
난 애초에 KT 평문 문자 전송 기사도 이상함…
음성이랑 동일하게 IPSec 안탄거면 그냥 암호화가 안된거라 음성과 동급인건데 갑자기 E2E 개소리를 하기 시작함…
RCS에도 E2E 들어간게 얼마 안되었는데요?????
기술적으로 SMS/MMS에 E2E를 어떻게 함?????
이메일도 못하는걸?????
음성이랑 동일하게 IPSec 안탄거면 그냥 암호화가 안된거라 음성과 동급인건데 갑자기 E2E 개소리를 하기 시작함…
RCS에도 E2E 들어간게 얼마 안되었는데요?????
기술적으로 SMS/MMS에 E2E를 어떻게 함?????
이메일도 못하는걸?????
I used libreswan to establish an IPsec tunnel between two hosts, which worked. But afterwards the web servers running on one of the hosts couldn't be accessed anymore. Does anyone know why that is? Why does an IPsec tunnel between A and B impede vanilla https requests to A?
November 13, 2025 at 8:03 AM
I used libreswan to establish an IPsec tunnel between two hosts, which worked. But afterwards the web servers running on one of the hosts couldn't be accessed anymore. Does anyone know why that is? Why does an IPsec tunnel between A and B impede vanilla https requests to A?
If you say have a giant caddy proxy in front of websites that does TLS and proxying. What protocol do you use for communicating with the backend website. Also https or plain http, ipsec or other tunneling?
November 12, 2025 at 2:07 PM
If you say have a giant caddy proxy in front of websites that does TLS and proxying. What protocol do you use for communicating with the backend website. Also https or plain http, ipsec or other tunneling?
OpenSSH was the ultimate fuck you along with IPsec and Carp.
'Took on Cisco and won' is quite a palmares!
'Took on Cisco and won' is quite a palmares!
November 12, 2025 at 12:24 PM
OpenSSH was the ultimate fuck you along with IPsec and Carp.
'Took on Cisco and won' is quite a palmares!
'Took on Cisco and won' is quite a palmares!
最近のAndroidはL2TP/IPsec方式でVPNに繋げないのね。IKEv2が必須だけどRTX1210だとGUIから設定できないみたいなので謎コマンドを習得しないといけないのか。
November 11, 2025 at 11:05 AM
最近のAndroidはL2TP/IPsec方式でVPNに繋げないのね。IKEv2が必須だけどRTX1210だとGUIから設定できないみたいなので謎コマンドを習得しないといけないのか。
저쪽 집 IMS 에 IPSec 이 꺼져있다고 해서 구경하러 갔죠
그런데 오고 보니 우리 집 IMS 도 IPSec 이 꺼져있는 거에요. 보자마자 눈물이 났어요
그런데 오고 보니 우리 집 IMS 도 IPSec 이 꺼져있는 거에요. 보자마자 눈물이 났어요
November 10, 2025 at 5:20 AM
저쪽 집 IMS 에 IPSec 이 꺼져있다고 해서 구경하러 갔죠
그런데 오고 보니 우리 집 IMS 도 IPSec 이 꺼져있는 거에요. 보자마자 눈물이 났어요
그런데 오고 보니 우리 집 IMS 도 IPSec 이 꺼져있는 거에요. 보자마자 눈물이 났어요
クラウドはオンプレに比べて、はるかに大規模に仮想化しているので、セキュリティの点でもサイジングの点でもメリットがあります。
ただ、そのことが逆に、ユーザーサイドでコントロールできる範囲を狭めています。もはやプライベートクラウドは死語ですし😅
オンプレに回帰したくても、Teamsなどのコミュニケーションツールをオンプレに移行するのは不可能ですし、あらたな働き方であるリモートワークでオンプレサーバに接続してくるリスク低減はコストに見合いません――たとえば在宅勤務でIPsec-VPN接続だとしても、(法的にも費用的にも)ご自宅の他のデバイスのセキュリティまで面倒を見ることができません。
ただ、そのことが逆に、ユーザーサイドでコントロールできる範囲を狭めています。もはやプライベートクラウドは死語ですし😅
オンプレに回帰したくても、Teamsなどのコミュニケーションツールをオンプレに移行するのは不可能ですし、あらたな働き方であるリモートワークでオンプレサーバに接続してくるリスク低減はコストに見合いません――たとえば在宅勤務でIPsec-VPN接続だとしても、(法的にも費用的にも)ご自宅の他のデバイスのセキュリティまで面倒を見ることができません。
November 9, 2025 at 6:11 AM
クラウドはオンプレに比べて、はるかに大規模に仮想化しているので、セキュリティの点でもサイジングの点でもメリットがあります。
ただ、そのことが逆に、ユーザーサイドでコントロールできる範囲を狭めています。もはやプライベートクラウドは死語ですし😅
オンプレに回帰したくても、Teamsなどのコミュニケーションツールをオンプレに移行するのは不可能ですし、あらたな働き方であるリモートワークでオンプレサーバに接続してくるリスク低減はコストに見合いません――たとえば在宅勤務でIPsec-VPN接続だとしても、(法的にも費用的にも)ご自宅の他のデバイスのセキュリティまで面倒を見ることができません。
ただ、そのことが逆に、ユーザーサイドでコントロールできる範囲を狭めています。もはやプライベートクラウドは死語ですし😅
オンプレに回帰したくても、Teamsなどのコミュニケーションツールをオンプレに移行するのは不可能ですし、あらたな働き方であるリモートワークでオンプレサーバに接続してくるリスク低減はコストに見合いません――たとえば在宅勤務でIPsec-VPN接続だとしても、(法的にも費用的にも)ご自宅の他のデバイスのセキュリティまで面倒を見ることができません。
#notsohumblebrag: So far at this new job I have corrected others’ critical mistakes on network segmentation, IPSec configuration and related firewall/routing, DICOM/PACS, and SIP registration for fax over IP. Next up is recovering a couple failed hard drives across multiple RAID arrays.
I don’t […]
I don’t […]
Original post on oliphaunt.social
oliphaunt.social
November 7, 2025 at 3:57 PM
#notsohumblebrag: So far at this new job I have corrected others’ critical mistakes on network segmentation, IPSec configuration and related firewall/routing, DICOM/PACS, and SIP registration for fax over IP. Next up is recovering a couple failed hard drives across multiple RAID arrays.
I don’t […]
I don’t […]
Origin
archlinux.org
November 6, 2025 at 7:39 PM
Origin
archlinux.org
November 6, 2025 at 7:39 PM
Arch Linux - strongswan 6.0.3-1 (x86_64)
archlinux.org
November 6, 2025 at 7:40 PM
Tixeo adopte WireGuard et Headscale pour un VPN plus flexible et performant 🔒, mais doit garder IPSec pour l’hébergement SecNumCloud imposé par l’ANSSI.
https://bit.ly/496fE7c
https://bit.ly/496fE7c
VPN : comment Tixeo a remplacé OpenVPN | LeMagIT
L’éditeur français d’outils de visios chiffrées de bout en bout a, pour ses usages internes, abandonné OpenVPN au profit du moins connu WireGuard avec le coordinateur open source Headscale.
www.lemagit.fr
November 6, 2025 at 4:06 PM
Tixeo adopte WireGuard et Headscale pour un VPN plus flexible et performant 🔒, mais doit garder IPSec pour l’hébergement SecNumCloud imposé par l’ANSSI.
https://bit.ly/496fE7c
https://bit.ly/496fE7c
Tixeo adopte WireGuard et Headscale pour un VPN plus flexible et performant 🔒, mais doit garder IPSec pour l’hébergement SecNumCloud imposé par l’ANSSI.
👉 [lire]
👉 [lire]
November 6, 2025 at 6:24 AM
Tixeo adopte WireGuard et Headscale pour un VPN plus flexible et performant 🔒, mais doit garder IPSec pour l’hébergement SecNumCloud imposé par l’ANSSI.
👉 [lire]
👉 [lire]
(GCKS) to provide authorized Group Members (GMs) with IPsec Group Security Associations (GSAs). The GMs then exchange IP multicast or other group traffic as IPsec packets. This document obsoletes RFC 6407. This document is a product of the IP Security Maintenance 3/4
November 5, 2025 at 9:39 PM
(GCKS) to provide authorized Group Members (GMs) with IPsec Group Security Associations (GSAs). The GMs then exchange IP multicast or other group traffic as IPsec packets. This document obsoletes RFC 6407. This document is a product of the IP Security Maintenance 3/4
PPK is available before the IKE SA expires, then the only way to use it is to delete the current IKE SA and create a new one from scratch, which is inefficient. This specification defines a way to use PPKs in active IKEv2 SAs for creating additional IPsec SAs and 5/6
November 5, 2025 at 8:24 PM
PPK is available before the IKE SA expires, then the only way to use it is to delete the current IKE SA and create a new one from scratch, which is inefficient. This specification defines a way to use PPKs in active IKEv2 SAs for creating additional IPsec SAs and 5/6
Version 2 (IKEv2) extension defined in RFC 8784 allows IPsec traffic to be protected against someone storing VPN communications and decrypting them later, when (and if) a Cryptographically Relevant Quantum Computer (CRQC) is available. The protection is achieved by 2/6
November 5, 2025 at 8:24 PM
Version 2 (IKEv2) extension defined in RFC 8784 allows IPsec traffic to be protected against someone storing VPN communications and decrypting them later, when (and if) a Cryptographically Relevant Quantum Computer (CRQC) is available. The protection is achieved by 2/6
Origin
cgit.freebsd.org
October 30, 2025 at 4:12 PM
Just published a deep dive on the new SUSE 2025-3855-1 security advisory. It patches a significant vulnerability in the StrongSwan IPsec implementation. Read more: 👉
tinyurl.com/58jazzyr #SUSE #Security
tinyurl.com/58jazzyr #SUSE #Security
SUSE 2025-3855-1 StrongSwan Security Patch: Mitigating a Critical IPsec VPN Vulnerability
Blog com notícias sobre, Linux, Android, Segurança , etc
tinyurl.com
October 29, 2025 at 6:59 PM
Just published a deep dive on the new SUSE 2025-3855-1 security advisory. It patches a significant vulnerability in the StrongSwan IPsec implementation. Read more: 👉
tinyurl.com/58jazzyr #SUSE #Security
tinyurl.com/58jazzyr #SUSE #Security
Fix Windows VPN Client Never Connects in First Shot (L2TP/IPsec MFA Issue on Windows 10/11)
If your Windows VPN client never connects on the first attempt—even though you approve the Microsoft Authenticator prompt—you're not alone. Many users have reported this issue when using L2TP/IPsec VPNs…
If your Windows VPN client never connects on the first attempt—even though you approve the Microsoft Authenticator prompt—you're not alone. Many users have reported this issue when using L2TP/IPsec VPNs…
Fix Windows VPN Client Never Connects in First Shot (L2TP/IPsec MFA Issue on Windows 10/11)
If your Windows VPN client never connects on the first attempt—even though you approve the Microsoft Authenticator prompt—you're not alone. Many users have reported this issue when using L2TP/IPsec VPNs with EAP-MSCHAPv2 authentication and MFA via Microsoft Authenticator. Let’s break down what causes it and how to fix it.
winfix.fdaytalk.com
October 29, 2025 at 5:47 PM
Fix Windows VPN Client Never Connects in First Shot (L2TP/IPsec MFA Issue on Windows 10/11)
If your Windows VPN client never connects on the first attempt—even though you approve the Microsoft Authenticator prompt—you're not alone. Many users have reported this issue when using L2TP/IPsec VPNs…
If your Windows VPN client never connects on the first attempt—even though you approve the Microsoft Authenticator prompt—you're not alone. Many users have reported this issue when using L2TP/IPsec VPNs…
I’m feeling this post in my *bones* this week 😪 #ipsec https://discuss.systems/@dev/115442027212451776
Dev (@dev@discuss.systems)
Calling the field Net”working” when on the net it is the cause of most failures
discuss.systems
October 29, 2025 at 3:56 PM
I’m feeling this post in my *bones* this week 😪 #ipsec https://discuss.systems/@dev/115442027212451776
Quick research suggests TPROXY is ossified and limited only to TCP/UDP. This leaves out all other standardised layer 3/4 protocols (including native IPSec in IPv6 without UDP encap hack).
October 28, 2025 at 5:39 AM
Quick research suggests TPROXY is ossified and limited only to TCP/UDP. This leaves out all other standardised layer 3/4 protocols (including native IPSec in IPv6 without UDP encap hack).
