On 4/12/2023 6:18 PM, David Brooks wrote:
On 12/04/2023 23:14, David Brooks wrote:
Hi Paul 🙂
How would you answer my question posed here:-
http://al.howardknight.net/?ID=168133750800
TIA
My question is in the Subject line of the header!
*Would YOU grant access*?
https://en.wikipedia.org/wiki/Internet_Key_Exchange
"Most IPsec implementations consist of an IKE daemon that runs in user space
and an IPsec stack in the kernel that processes the actual IP packets.
User-space daemons have easy access to mass storage containing
configuration information, such as the IPsec endpoint addresses,
keys and certificates, as required.
Kernel modules, on the other hand, can process packets efficiently
and with minimum overhead - which is important for performance reasons."
Perhaps you should use a "limited account" of some sort, one without admin,
for credential management ? If there is a key store, it should only
grant access to keys the limited account can access.
Nobody should be asking you for a root or admin level of access.
*******
In many ways, this is just as stupid as your existing situation.
You don't really want all the traffic in the hours, spewing out
of Vladivostok.
The advantage in routing all the traffic, is the session keys could be
kept inside the broadband modem/router. The session is terminated inside
the router, un-encrypted packets travel from the router on one side of
the room, to your PC/Mac. The PC/Mac doesn't know what is going on.
https://www.vpnunlimited.com/help/devices/guide-to-vpn-for-wifi-routers
VPN Unlimited supports the following routers:
Asus RT-N16 (Tomato firmware)
Asus RT-N66U (Tomato 1.28 by Shibby)
Asus (Asuswrt-Merlin)
DD-WRT
GLiNet Router
OpenWrt
Xiaomi Mi Router 3
pfSense
TP-Link
Padavan
MikroTik
Paul
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)