Admin for mbin instance of fe.derate.me

  • 3 Posts
  • 29 Comments
Joined 1 year ago
cake
Cake day: June 18th, 2023

help-circle







  • You’re right that they are miles ahead of other companies regarding communication and opt-out. And indeed it’s rare that they will adhere to your choice when they implement new functions. For new users it’s good to know that they perhaps want to switch this data collection off. Maybe it’s a knee jerk reaction from my side: wanting to increase privacy and seeing this message brought up some worries. Especially because other companies started the same. Google also disguises stuff for better privacy or security, but in the end it’s just to prevent users from blocking their data analytics.








  • You need to trust your provider. If you choose a bigger one, chances are you are a bit safer. Those kind of providers make big bucks on companies, so if they harm the trust of their customers they are out of business. You could try to choose software which implements E2EE and zero-trust to be safer, but those are not available on all software categories. VPS providers have access to all your stuff. So it’s all up to you which provider you trust. I would prefer a bigger name too some obscure little basement hoster.



  • In that case, enjoy! It’s a great feeling when you get it working.

    If you’re going to do it on your synology, see if you need to fix the TUN error. Also, you need to add ip routes to your synology to have the IP’s from your VPN on docker forwarded to docker. Make sure these are persistent or added on every startup.

    Make sure you allow the VPN to work by adding it to the synology firewall.

    You need to setup port forwarding on your router. It needs to point to your synology to the port which is linked to the docker container. You also need to add the route to your router to be able to access your network. For instance, if your VPN has 10.0.3.* and your LAN uses 10.0.0., your LAN/router won’t know where to send the response packets to the VPN network. So when connected to your VPN you will never be able to load stuff. If you add that 10.0.3. needs to route to your synology, and your synology knows that range needs to be routed to the Docker VPN container everybody knows where it needs to go.


  • Tailscale is (like) a VPN, but traffic will go through their servers. If you setup your own VPN server then traffic will remain between your client and your own server.

    Did you setup port forwarding and routing tables when you installed your VPN server?.

    The Synology VPN package is lacking behind a lot, so you could be missing some security updates.

    If you use a VPN to hide your services, you reduce your attack/risk. Since there is only one package/software suite which could’ve vulnerabilties. And VPN’s are focussed on security. If you expose all your hosted stuff, all those programs need to be secure to prevent abuse. And not everybody is as skilled to build it securily.

    I would recommend, for you, to use something like tailscale. Since you seem like someone at the beginning of their safety journey. With setting up a VPN server, you need to know a little bit what your doing to make it secure and work. And you could invest time to learn it all, or you could use something that does it for you. Another, not so wise, advise could be to use a docker container to host the VPN. Most containers have all settings correctly setup and have guides to make it secure. But that means you don’t know what you installed and that could be a bad thing as well. Furthermore, docker adds to the complexity of making it work.