Good info.

I don't know wireguard as well as OpenVPN, but there are ways in OpenVPN to limit which VPN clients can talk to whom, on what ports, blah blah blah, because like you say from a industry point of view the VPN server is what's trusted, and all the personel connecting in are untrusted because their laptop might have been stolen, hacked, etc. But I imagine all of that could also be done through iptables/ipfw. The thing i think that wasn't mentioned in quite as much detail as i'd like is some background on the differences in the crypto protocols used, although that would be a series in its own right lol. Some of the wireguard crypto i've heard of before, but most not.

@@cannaroe1213 Generally the way you would do this on wireguard is with firewall rules at both sides. Wireguard provides a secure tunnel, but that's basically it.

"it was recently merged in upstream openbsd" huh? wireguard has been in the kernel for over two years now

@@blakkheim 2 years falls within my definition of recent personally. Like I said, there was a software implementation before that, so if you have a preexisting system, it's worth making sure you are recent enough to have the kernel module.

I think it's a realistic latex jogger skin-suit. They cost $500+.

dumbest joke

@@lanpartylandlord6123 Okay and?

@@trayambakrai dumbest response

If it's not a deepfake then I swear they have to be roommates or something. I swear I've seen that room in one of Luke's videos before lol

bruh literally what i thought LOL

Drake wishes to be this BASED.

Is he still packing in this universe?

Take it back

Drake without the corny

The BSD's have a different way of promoting themselves. You can get most of the help through forums or their official mailing lists..

On a previous video he did mention many OpenBSD channels like The OpenBSD guy (also on Odysee) Root BSD (also on Odysee) Zaney

I wouldn't call it based, it's a cuck license.

It should be openSSD

*BASED*

Based.

*B* a *S* e *D*

Only KZbinr I religiously follow now, never feel like he's out there to milk his subscribers for all they're worth and that just makes me want to support him more.

Yeah, I like the fact OpenSMTP for emailing is part of the base system as well as a bunch of other userspace programs and their daemon counterparts.

@@Elhamidi0249 It makes it easy and convenient to use nothing but a base install for a network device like a firewall or DHCP, and/or DNS server, etc. I like using my t as an ad and/or domain blocker without the need to install something like pi-hole.

@@adrianfisher3349 It also makes a good desktop OS thanks to X11 and 3 window managers to choose from coming preinstalled with a default config.

@@Elhamidi0249 I've been using it as my daily driver for years now. It's good for productivity because it doesn't allow me to waste time on Netflix or Prime Video, etc :D I wish it had better support for Latex though.

@@adrianfisher3349 I also plan to daily drive it as I am doing this right now mainly to move away from GNU/Linux because even something like GNU/Linux comes with add-on features and apps you really don't want to have on your daily driver. Sure, they make your life easier on your desktop but here's the thing: You don't need them at all, at least 99.9% of the time and if you do then it's the 0.1% of the time you actually need it. But I also want to learn and understand computers and operating systems in general better and that's a thing I personally struggle with GNU/Linux. Sure, GNU/Linux gives you the foundational knowledge of how an OS built off from which components but it feels like a salad bowl of tools smashed together and forceably mixed into one pot expecting everything works OOTB everything magically being very well integrated. That's also my little nit pick with FreeBSD too but on FreeBSD the devs put actually a good amount of work into the OS to make everything work together and fine-tune the base system components. The only thing is when you install apps from the ports tree they don't integrate very well into your FreeBSD install. Docs aren't so well integrated into the base system as in form of man pages but you got the FreeBSD Handbook which is your Arch Linux Wiki, only just for FreeBSD instead for Arch Linux. But nonetheless both operating systems are top-notch, I used to use NomadBSD, a desktop FreeBSD derivative for USB flash drives with a custom Openbox setup and a carefully selected suite of everyday needed desktop applications, before switching over to OpenBSD and they made a really good job bringing FreeBSD to the mobile desktop computing market, everything works OOTB with everything you (don't) need (depends on how you view it), installation was remarkably easy thanks to their custom installer, hell, you could even choose you favorite apps right on while you installing your system like your favorite graphical file managers, browsers, both command-line and graphical text editors and more. Another cool thing is, since you sacrifice only a USB flash drive you don't touch your hard drives/(NVMe) SSDs installed into your computer. And NomadBSD is free and open source like every BSD out there. Of course I could also install FreeBSD on a flash drive and build my custom desktop from there, which I will definitely do at some point, but NomadBSD is an OOTB solution as I mentioned before and for exploring what FreeBSD could look and feel like it on a daily driven desktop is fantastic. I highly recommend it over other ready-to-go desktop BSD options like GhostBSD, derived from TrueOS and PC-BSD, both of which are defunct FreeBSD forks aiming at desktop users - GhostBSD is the only fork who has survived bringing a pleasant desktop experience thanks to their custom software repos and MATE as the default DE - and MidnightBSD, a fork of FreeBSD v4.4 to bring FreeBSD to the desktop user masses.

@endofsummer Really? Why is that? Some dependencies missing or some configs that the OS doesn't allow you to touch?

Explain what you mean? I want to make my own VPN , can I spoof location to the North Pole? Can I make the ISP name say anything I want?

@@unreleasedjuicewrld9792 If you only care about spoofing your location, then security probably isn't a great concern, other than preventing your server to become a part of a botnet, or do nasty things. You can use a cloud provider to buy a VPS on the North Pole, and install whatever OS and VPN software you want. The ISP name will be whatever ISP is used for your server though. My point is that if you're so security conscious that you choose OpenBSD over say Linux, then you probably have extremely high privacy expectations (e.g. investigative journalism, activism, or criminal activity), and can't afford to trust any cloud provider. In that case you probably also want to fully control both the hardware and the software stack, and not use VPS or OpenBSD images from your cloud provider.

@@szaszm_ why do I actually need to buy a VPS at the North Pole? How does it know it’s at the North Pole? Surly it can be spoofed? When I used Tor one time I looked at my IP, and it was in the middle of the ocean and the ISP name was also custom & the IP numbers seemed somewhat customized too.

@@unreleasedjuicewrld9792 Geoip. When using a VPN, you're masking your own IP address by routing your traffic through the VPN. The other endpoint therefore only sees the VPN server connecting to it, not your home IP address. Tor is a different story, there you use the exit node's IP address in a similar way, except there are more hops inside the network, and it's less traceable.

You're joking, right? Identifying the protocol means that it can be easily blocked by overzealous sysadmins.

@@KutAnimus Better to be blocked than cucked

This never made any sense to me, why do they do this? Doesn't this impair learning for CS students?

@@subnumeric they do not really care. if you get your gear, you are good.

@@cool-soap I thought he was a anime girl

Dynamic DNS

For self hosting services?

Only the wireguard server requires a static, so in outlaws example, the vps server should be the wireguard server.

😂

In 10 years maybe we'll see black luke walking in the woods ranting about God and linux, I can only hope.

Network engineering, so yeah I have some security background but not as much as penetration testers (although one of my good friends is a pen tester)

@@MentalOutlaw oh cool i didnt know that

amd64 stands for the x86 or x64 architecture itself, it doesn't mean that its running something made for amd

that spare raspberry Pi is worth gold right now.

@@tanmaypanadi1414 bro wtf just checked their price. Didn't know they got this expensive. Might have to go for those chinese alternatives if I ever need one.

Orbis OS uses various FreeBSD components such as the kernel, TCP/IP network stack and other stuff. Also a webkit-based web browser and they're restricted to only use MIT/BSD licensed software due to them not wanting to contribute anything back which is something the GPL required you to do so. Same thing with other mega corpo's software like Apple's macOS/iOS, Nintendo's Horizon OS, Google's Android/Chrome OS (the only GPL licensed software bundled with Android and Chrome OS is the linux kernel, obviously that's an exception but they're forced to contribute anything back they do to it). No OpenBSD involved in there.

Also, why did you and lucky stopped collaborating together? it has been fun watching the onetap vods

@@𪛗 I confused open BSD With FreeBSD

@@𪛗 we still talk I just haven’t been in a KZbin scene For a little bit

Should be doable. I think you can even stop sending port numbers all together if both server and clients do one specific thing. Even if you need some sort of port numbers, you can encode/encrypt port numbers however you want. Port numbers are just a hint for the kernel to push the packet to a correct socket opened by a correct process. If clients and server know what they are doing then conventional port numbers are not needed. For example you can write your server and client programs so that they read ALL network packets and find packets sent to them by reading something else than the port number in the packet

LOL @ the Stand w Ukr/Biden flag. Are you also tipple boosted?

@@goodcitizen4587 Yes.

Yes it's an extra security layer. You configure your web servers to only allow SSH connections from the VPN. So in order for someone to connect they need your ssh keys and VPN access