29 Apr 2024 |
@emma:chat.blahaj.zone | I just worry about the possibility of losing access, especially with OS updates. I probably worry too much in general though. | 13:59:11 |
@emma:chat.blahaj.zone | I haven't even setup ssh auth yet though. Contemplating how I would like to do it in my QubesOS setup. And I also need to setup my vpn qube. Anyway thanks for the response. | 14:01:07 |
narc1013 | Yeah always a legitimate concern with remote access, although you can only do so much to mitigate it. For what it's worth I've never had a pfSense update break or go sideways, but it's not impossible. Without actual hardware redundancy though it sounds like you're doing everything you reasonably can. | 14:07:02 |
narc1013 | If it's a major concern, you could get a cheap consumer grade router and configure it such that your family could swap it in in case of an emergency until you could get on site to fix the pfSense box. | 14:08:22 |
@emma:chat.blahaj.zone |
Without actual hardware redundancy though it sounds like you're doing everything you reasonably can.
I appreciate the recommendation, but if my setup fails my family will be helpless and would likely just contact the ISP to come swap the pfSense box with a new ISP router. If it comes to that, "it is what it is" at that point I guess.
| 14:14:03 |
@emma:chat.blahaj.zone | *
Without actual hardware redundancy though it sounds like you're doing everything you reasonably can.
Thank you.
I appreciate the recommendation, but if my setup fails my family will be helpless and would likely just contact the ISP to come swap the pfSense box with a new ISP router. If it comes to that, "it is what it is" at that point I guess.
| 14:14:20 |
@emma:chat.blahaj.zone | *
Without actual hardware redundancy though it sounds like you're doing everything you reasonably can.
Thank you.
I appreciate the recommendation, but if my setup fails, my family will be helpless and would likely just contact the ISP to come swap the pfSense box with a new ISP router. If it comes to that, "it is what it is" at that point I guess.
| 14:15:05 |
@emma:chat.blahaj.zone | Oh, should I generate the ssh keys separately and then add them to pfSense or should I let pfSense generate the ssh keys automatically? Does pfSense support password-protected ssh keys? | 14:19:54 |
narc1013 | Sorry just saw this. I'm not sure how to generate keypairs directly in pfSense, but it does support keys protected by passphrases. Most of the information I see suggests generating your keypair externally and then pasting the pubkey into the authorized keys area for the relevant user in pfSense | 15:29:08 |
@emma:chat.blahaj.zone | In reply to @narc1013:matrix.org Sorry just saw this. I'm not sure how to generate keypairs directly in pfSense, but it does support keys protected by passphrases. Most of the information I see suggests generating your keypair externally and then pasting the pubkey into the authorized keys area for the relevant user in pfSense Thanks. Yes that's what I'm planning to do. The docs say enabling ssh in pfSense without ssh keys already added will generate keys, but it doesn't specify password protection support. I'm just going to generate a new key-pair in my keys qube and paste the pub key as you said. | 15:31:42 |
narc1013 | Ah yeah. That may just be the sever keys that it auto-generates? Not sure. But yeah your approach sounds correct. | 15:32:54 |
@emma:chat.blahaj.zone | In reply to @narc1013:matrix.org Ah yeah. That may just be the sever keys that it auto-generates? Not sure. But yeah your approach sounds correct. Thanks again for the sanity check 😊 | 15:36:35 |
narc1013 | No problem! | 15:36:51 |
george.roswell | In reply to @emma:chat.blahaj.zone I just worry about the possibility of losing access, especially with OS updates. I probably worry too much in general though. if I were you I'd configre both, OpenVPN and Wireshark. If you need to work on the config of one of these, you can use the other to stay connected. | 19:18:11 |
george.roswell | In reply to @emma:chat.blahaj.zone I just worry about the possibility of losing access, especially with OS updates. I probably worry too much in general though. * if I were you I'd configre both, OpenVPN and Wireshark. If you need to work on the config of one of these, you can use the other to stay connected. has worked for me in the past. | 19:18:26 |
@emma:chat.blahaj.zone | In reply to @k1nk0z:subr0sa.0j0.jp if I were you I'd configre both, OpenVPN and Wireshark. If you need to work on the config of one of these, you can use the other to stay connected. has worked for me in the past. I assume you meant to say Wireguard? I forgot that it was being implemented. I'll definitely look into it. | 19:41:40 |
george.roswell | In reply to @emma:chat.blahaj.zone I assume you meant to say Wireguard? I forgot that it was being implemented. I'll definitely look into it. Yes, sorry, just a typo | 19:42:06 |
@emma:chat.blahaj.zone | In reply to @k1nk0z:subr0sa.0j0.jp Yes, sorry, just a typo Yeah I figured. Thanks for the recomendation. | 19:42:33 |
george.roswell | * if I were you I'd configre both, OpenVPN and Wireguard (not Wireshark). If you need to work on the config of one of these, you can use the other to stay connected. has worked for me in the past. | 19:42:30 |
george.roswell | In reply to @emma:chat.blahaj.zone Yeah I figured. Thanks for the recomendation. youre welcome | 19:42:54 |
george.roswell | another option would be the Tailscale package. (is based on Wireguard) | 19:44:14 |
george.roswell | * another option would be the Tailscale package. (it's based on Wireguard) | 19:44:42 |
@emma:chat.blahaj.zone | Interesting. I guess I'll do some investigating then. | 19:45:29 |
george.roswell | check out the Lawrence Systems vlog on YT | 19:46:45 |
@emma:chat.blahaj.zone | Ha yeah, I used to watch him on YT a while ago. I tend to check with his vids from time to time. | 19:47:24 |
@emma:chat.blahaj.zone | Really helpful stuff. | 19:47:40 |
george.roswell | they also have forum | 19:48:05 |
@emma:chat.blahaj.zone | Oh yeah I forgot about that. Will check there too. | 19:48:35 |
30 Apr 2024 |
| @tekzer0:matrix.org changed their profile picture. | 01:14:39 |
| Kernellinux changed their profile picture. | 14:27:29 |