2020-06-06 - Re: [GRASE-Hotspot] NOTICE: Removal of VPN Remote Access June 13th 2020

Header Data

From: Tim <ti***8@gmail.com>
Message Hash: 4a4262cd7e1a4319c2afa7570273575e0991b4f6ee5469808f5a1777487b69ff
Message ID: <CAESLx0KxDyCA2keU=-eqD_WSVy=ikwy=4PWKUA+huGzJa0LuaA@mail.gmail.com>
Reply To: <CAJgHx0mCqePv+4mbemD0qYhaHqTJVRvsGTL=N0p2bLoXpKUA=w@mail.gmail.com>
UTC Datetime: 2020-06-06 04:32:16 UTC
Raw Date: Sat, 06 Jun 2020 19:32:16 +0800

Raw message

Hi Erik

The package didn't actually have any GRASE Hotspot specific functionality.
Again, like most things with the hotspot, it was made at a time when the
only user was myself and I managed a few locations. I never anticipated
having > 300 users connected to the VPN.

All the VPN did was connected the hotspot install to an OpenVPN server I
ran, with some scripts for managing the CA in an automated (but secure)
way. It never provided any integration with the GRASE Hotspot, other than
being in the package repo.

The idea was that you could install the grase-conf-openvpn package on your
own machine (yep, a Linux machine) so you could remotely connect to your
hotspot installs. It never provided a VPN to clients or tunnelled any
internet traffic for protecting it (like most people associate with a VPN
nowadays). It only ever connected the devices to an internal private
network.

The reasons for me removing it include the cost of running a server (time
and $), the security implications of 300 hotspot servers all being able to
talk to each other (I'm not being held responsible for someone's network
being broken into through the VPN), and the multitude of other options
available.

For me personally, something like ZeroTier is a much better option, no
running a VPN server but still have the ability to connect to remote
installs regardless of public IPs. (I can stop worrying about port
forwarding and Dynamic DNS for dynamic IPs).

It sounds like you may be able to run your own VPN yourself. There was
nothing special about the configs. So just generate a generic OpenVPN
config for your server, install the OpenVPN package and drop the config in.
If you go back 1 commit at
https://github.com/GraseHotspot/grase-conf-openvpn (
https://github.com/GraseHotspot/grase-conf-openvpn/tree/f1ebc2cb39c05492a27530c52edfe95f0e0a42be)
you can find the config file that was used, but obviously it wouldn't help
you with your server as the hostname and keys would be all wrong. Most
OpenVPN servers can generate a config for you.

Regards

Tim

On Sat, 6 Jun 2020 at 17:13, Erik Andre Aabrekk <er***e@oneway.no> wrote:

> Dear tim.
>
> Is this a service you have been hosting or a addon for use of openvpn?
>
> If its possible it would be Nice to keep the vpn option, and make it
> possible to use my own openvpn configs.
>
> Is this possible? Since i host my own vpn server.
>
> Erik Andre
>
> lør. 6. jun. 2020, 08:19 skrev Tim <ti***8@gmail.com>:
>
>> For a number of reasons, and the availability of alternative options, we
>> will be discontinuing the remote access VPN service. This means that from
>> June 13th 2020 the grase-conf-openvpn package will not be available, and
>> existing installs will no longer connect to the VPN or be accessible
>> remotely.
>>
>> See
>> https://grasehotspot.org/2020/06/06/notice-removal-of-vpn-remote-access/
>> for the full announcement and a list of alternative methods for remote
>> access.
>>
>> Thank you to everyone who filled in the survey last week, it has helped
>> put numbers to the resources and also helped me find alternatives that we
>> can suggest.
>>
>> Regards
>>
>> Tim
>>
>> --
>> This mailing list is for the Grase Hotspot Project
>> http://grasehotspot.org
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "Grase Hotspot" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to gr***e@grasehotspot.org.
>> To view this discussion on the web visit
>> https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/CAESLx0%2BktBCiYsDE72rhD6JBrOYWK7WmmyD6%2BVOQ_i9wRwrgXg%40mail.gmail.com
>> <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/CAESLx0%2BktBCiYsDE72rhD6JBrOYWK7WmmyD6%2BVOQ_i9wRwrgXg%40mail.gmail.com?utm_medium=email&utm_source=footer>
>> .
>>
> --
> This mailing list is for the Grase Hotspot Project http://grasehotspot.org
> ---
> You received this message because you are subscribed to the Google Groups
> "Grase Hotspot" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to gr***e@grasehotspot.org.
> To view this discussion on the web visit
> https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/CAJgHx0mCqePv%2B4mbemD0qYhaHqTJVRvsGTL%3DN0p2bLoXpKUA%3Dw%40mail.gmail.com
> <https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/CAJgHx0mCqePv%2B4mbemD0qYhaHqTJVRvsGTL%3DN0p2bLoXpKUA%3Dw%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>

Thread