STOP using VPN, embrace Zero-Trust networking!
Рет қаралды 87,818
Күн бұрынTwingate is a secure Zero Trust Network Access solution that offers integration in your security ecosystem, supports Infrastructure as Code (IaC), and is a great alternative to VPNs. In this video, I explain how Twingate works, how to set up a connector, how to add a resource, install the client, and configure security policies. We will also discuss the conceptional issues with VPN solutions and the Zero-Trust concept.
Sign Up on Twingate for free-*: bit.ly/47WN1Gr
________________
💜 Support me and become a Fan!
→ christianlempa.de/patreon
💬 Join our Community!
→ christianlempa.de/discord
________________
Read my Tech Documentation
christianlempa.de/docs
My Gear and Equipment-*
christianlempa.de/kit
________________
Timestamps:
00:00 - Introduction
00:47 - What is Twingate?
03:18 - Why are VPNs not secure anymore?
07:34 - Zero-Trust Network Access Concept
09:17 - Twingate Architecture
12:25 - Deploy Twingate Connector
17:50 - Set up Resources
20:40 - Security Policies and Trust
#zerotrust #twingate #homelab
________________
All links with “`*`” are and/or include affiliate links.
@urzalukaskubicek9690 9 ай бұрын
"Stop using VPN and instead embrace this corporate commercial solution where you depend on third party infastructure." should be the title of this video. Let's be hones, this is advertisement, for commercial product, there is nothing wrong with VPNs.
@urzalukaskubicek9690 9 ай бұрын
Really thinking about unsubscribing.
@redlinejoes 9 ай бұрын
That is partially accurate. I would have to disagree because there's a lot wrong with how VPNs get configured. The trust model is broken and VPNs are included in the inherent trust model. Zero Trust, not this fake zero trust from Twingate, but real self managed Zero Trust like application embedded Zero Trust from OpenZiti is necessary.
@christianlempa 9 ай бұрын
It is advertisement, but the ZTNA concept is relevant regardless of the product or service that’s shown in the video. Feel free to do whatever you want, but I hope you reconsider unsubscribe :)
@eaglefn4918 9 ай бұрын
You are completely right! This concept is stupid. Do not trust third party infrastructure. Of course, it is free and fast. Otherwise nobody would use it.
@r4ymaster 9 ай бұрын
@@urzalukaskubicek9690exactly this, me too, I would rather host my own vpn and not depend on some *insert flavor of the month* cloud solution.
@ImARichard 9 ай бұрын
While I can appreciate the tech, for me, it seems like opting to use a third party service over a self managed VPN connection is just not better. It opens up another attack vector that you have no control over. You have to trust that the third party service, Twingate in this case, never makes a mistake. Hell, they don't even have to make a mistake, they just have to become a juicy enough target to be attacked by a good enough adversary and you become collateral damage. From a self hosting perspective one of the largest motivations to do it, aside from learning, was to stop depending on third party services because of how often they become compromised, or accidentally leak your data. VPN isn't a perfect solution of course, but routing all your access through a third party is not better, just different. I realize this is an advertisement but even still compared to your other sponsored videos this felt more like an empty marketing pitch than a video about cool technology.
@matt2817 9 ай бұрын
Agreed. Twingate would become a target at some point. Clearly, Twingate would isolate each customer's service/resources but depending on what the attackers have access to (e.g. internal services, customer support tools), compromising Twingate customers might be trivial.
@EzhegAB 9 ай бұрын
Completely agree, 100%. Nothing exciting, but the beginning of the video was very intriguing.
@IngleseAngel 9 ай бұрын
why are you using a similar profile picture than me? why?
@RAZR_Channel 9 ай бұрын
The methodology ( Zero-Trust ) itself is an contradiction… if we are going to bring trust down to absolute 0-Zero : that would include : TwinGate … which will probably fall in line with historical scandals such as Watergate / PizzaGate / Enron / Theranos. that aside this is a brutally overt 23 minute… pounding infomercial. Yet, I have a far better solution : tiny… Classified… Ads…
@farmeunit 8 ай бұрын
The thing to remember is that they have teams of people working on their product versus some guy who’s job isn’t just security or VPNs. They likely have multiple jobs and simply can’t focus on everything at once. Not to mention budget, etc..
@GrishTech 9 ай бұрын
I understand this is a sponsored video. I think the general audience will appreciate a follow up video comparing all the various solutions out there, such as zerotier, Tailscale, tinc, and why would you choose one over the other.
@odlanyermuller4849 9 ай бұрын
This is the way
@ichilvers 9 ай бұрын
and NetMaker
@THEMithrandir09 9 ай бұрын
Non-opensource is such a big turnoff though..
@Felix-ve9hs 9 ай бұрын
Zero Trust Network Access is really great ... unless when you don't know if you can trust the ZTNA provider. Just because a lot of big companies are using something, does not make it secure (remember SolarWinds?)
@LampJustin 9 ай бұрын
Yeah totally and they don't even seem to support IPv6. At least their website doesn't hand out a Quad-A record. So much on them claiming to be the future
@Felix-ve9hs 9 ай бұрын
@@LampJustin In their forum twingate said that they want to roll out IPv6 in the next release of the client, what was 3 months ago.
@Felix-ve9hs 9 ай бұрын
So ZTNA is basically a VPN, but with all the hard work already done for you (dynamic dns, vpn server, firewall/nat rules) and the added ability to have security policies and policy enforcement. Authentication (strong password, certificates, 2FA) and authorization (firewall rules allow you to minimize what a VPN client has access to) are already there with VPN. ZTNA is something that sounds really nice for a corporate environment where users and resources are constantly changing. For a home lab or home network however, most users and services are pretty static, and having to trust and maintain the ZTNA service is just not worth it for me.
@peterbean410 6 ай бұрын
yeah, the whole thing ZTNA vs VPN is just BS really.
@yaroslavurshu2732 9 ай бұрын
It is ADs?
@Gnanmankoudji 9 ай бұрын
I wouldn't dream of using another third party to carry all my most sensitive traffic. Advanced access control is good, but not like that in my opinion.
@GrishTech 9 ай бұрын
If twingate went completely open source with their client and control server, they would have an edge over something like tailscale. Twingate ACL's seem better than tailscale though. Tailscale at least keeps their client 100% open-source, which allows alternative control servers to be developed (such as headscale, which has contributions from tailscale developers who contributed on their own time).
@johndroyson7921 9 ай бұрын
I understand why people are upset about the title and throwing shade at VPNs. But, you clearly stated that this was a sponsored video at the beginning. Honestly, if your goal is to start a career in IT, this is exactly the kind of product to start getting familiar with in your homelab environment. There are ways to secure a VPN without 3rd party services, but this is so much more convenient and easy.
@christianlempa 9 ай бұрын
Thanks I think you’re on spot
@jaxxarmstrong 9 ай бұрын
The whole goal to get more secure is to actually minimize the use of 3rd party solutions where you have no real control how your data is being handled or monitored. In this case a self-hosted VPN solution would be much more secure, even if it involves opening up a firewall port for it. You know better, Christian. This pure advertisement hurt your image more than you'd like.
@canadianwildlifeservice8883 9 ай бұрын
I also think the message here was that a self-hosted VPN can be more secure if you know what you're doing. But having to create a plethora of firewall rules, VLANS, ect. is a a lot of work. Basically these cloud services create a backdoor to your home network. I mean, whether something is a cloud service, or a remote access trojan is purely based on how it's used and by whom. I personally would not feel comfortable with a backdoor being planted on all my devices just so I can access them "securely". But of course it's not really a backdoor, but a cloud tunnel, but it's really just semantics at this point..
@Gnanmankoudji 9 ай бұрын
I confess I'm rather confused by all this Zero-Trust concept. If the principle of Zero-Trust is to add layers where you have to add another trusted third parties, there's something I don't understand. My VPN runs by myself, and I already have to trust the code, which may be open source but isn't infallible, and I also have to trust the hardware that runs it, which isn't infallible either, but it's the best I can do to accept a minimum number of trusted third parties. Zero-Trust just seems like a marketing term to me since it is often used by third parties that you have to trust...
@B20C0 9 ай бұрын
@@Gnanmankoudji Zero trust done right is essentially just an added layer of security. You just mistrust devices and users in general no matter the network and implement solutions like MFA, enforce devide policies etc. There's even self hosted open source solutions for that. But you are right, it has become a buzz word of some sort. The underlying principles should be common sense by now.
@giux900 9 ай бұрын
openvpn runs wuth no port open on 1194, there is a dedicated tls-auth channel that reply only to authenticated packets, this put your vpn port to not reply any portscan. Is just stealthed.
@farmeunit 8 ай бұрын
You act like everyone that runs a home network is also a security professional…. Even “normal people” sometimes need a VPN, but aren’t experienced enough to keep it secure and functional. Not to mention easy. Look at Fortigate’s VPN vulnerabilities, for example.
@matthiasbenaets 9 ай бұрын
I might be talking to a wall but whatever, and who asked? but... 4 out of the 5 latest videos have been just full video ads. I can't take any of the information provided at face value or serious in these case. especially since you try to educate in then. unsubbed for now. but I do appreciate the transparency.
@christianlempa 9 ай бұрын
Thanks for addressing this, I'm sorry you feel that way. I hope to have soon some changes in place that would bring you back to the channel.
@tuqe 9 ай бұрын
@@christianlempaI don’t mind when part of the video is sponsored, like “here is how you do this complicated thing that is a standard, then here is an open source package that is fine, and here is a shiny package that has a bunch of features (that just happens to have enterprise pricing)”
@PontschPauPau3451 9 ай бұрын
It happened to Nick Chapsas, the C# KZbinr, too. At one point not too long ago every single video of his was an ad about AI and some service his users should subscribe to. It's gotten to the point where even once-lauded KZbinrs like these are just becoming typical "influencers" that just shill products. I've unsubscribed as well.
@kice 9 ай бұрын
In my opinion, anything can be fully self-hosted, it will be fine to take the money. Because for us, end users, we don’t want to depend on a not proven technology. Also SaaS startups can only survive by targeting enterprises, not us.
@kenklak 9 ай бұрын
I’m fine with this being sponsored. I can easily digest this valuable information and decide for myself what to use. Thanks for the info. Some people don’t think you should be able to eat.
@christianlempa 9 ай бұрын
Awesome, thank you!
@blakrj 9 ай бұрын
@christianlempa - Perhaps you can provide an overview of your infrastructure setup? Simply picking 'frontend' in your case doesn't give much info (i.e. is this a renamed docker_default, or other custom). Can this talk to the main network? What about VLANs? In addition, how different is this to Cloudflare solution you warned about previously?
@cheebadigga4092 9 ай бұрын
VPN is better. You're in control.
@royitoroy 7 ай бұрын
chris very good video thanks! i have a question i have a cgnat and i have my wordpress landing pages and many of my services exposed on the internet and for that i use a vps in linode with a wireguard and a nginx so; with this twingate i could expose my landing pages and services without using the vps nor wireguar nor nginx anymore?
@Mr.Jean-Paul 9 ай бұрын
I use tailscale combined with tailnet lock and headscale, everything local and secure enough!
@yifeiren8004 9 ай бұрын
What is the tailgate?
@NatalieUoker 9 ай бұрын
tailscale and headscale, but tailgate? is this some tool/application?
@yifeiren8004 9 ай бұрын
@@NatalieUoker I am also wondering what tailgate is. I can't find it through google 🙃
@kellyheflin5931 6 ай бұрын
Hi Chris, can Twingate be implemented onto pfsense firewall network? Thank you.
@chrisumali9841 2 ай бұрын
Thanks for the demo and info, have a great day
@christianlempa 2 ай бұрын
Thanks, you too!
@HenrikLarsson458 9 ай бұрын
The main issue for me here is the words "Stop using VPN" in this ad supported video. Do you really believe that? You make viewers doubt if your advice is sincere or not. Which will hurt all of your other videos as well. No it is not better/more secure than a self hosted open source VPN, just different.
@giux900 9 ай бұрын
Agree with you!
@mambo7668 9 ай бұрын
sure, rely on a third party to route your traffic can you elaborate why vpn is not secure? this looks like advertising
@romayojr 9 ай бұрын
there's a huge advertisement watermark in the upper right corner of the video. he eplained why vpn is not secured anymore, the time stamps have titles that will help you find it
@Blivius92 9 ай бұрын
Hi Chris, Good video en some good explanation. I’m not going to use it though, I don’t want vpn going through third party networks. Also reconsider your advertisements. Some videos ago you explained why not to use cloudflare tunneling, and here we are talking about vpn trough third party networks. Just advertise something you really stand for :-) Don’t get me wrong though, just a tip :-)
@christianlempa 9 ай бұрын
Thanks! I appreciate your honest feedback :)
@giux900 9 ай бұрын
I had same thought, very critical and useful video about cloudflare tunneling (for that video i sub this channel) and now ''hey guys let 3th party go inside your network'' just because there is a bunch of money behind. I don't like that. Never sell your criticism and well disposed suspect for the good of money.
@kyberorg 9 ай бұрын
That's exactly what I thought.
@androidgeeking 7 ай бұрын
So this is really to hide from ISP but to access remote devices securely? I couldn't access sites from my mobile phone I blocked in my ISP's network but I could on desktop. What gives?
@markandrow4010 8 ай бұрын
Great and thanks.
@lochmatterthierry6487 2 ай бұрын
twingate client works behind CGNAT without using static IP from sim-provider?😮
@ebiscaia 9 ай бұрын
Hi Christian, This is unrelated with the video, but as I know you self-host docker applications in your homelab, I would like to know how you deal with sqlite and multiple replicas. I followed your video about storage in Kubernetes and I am having issues with the database. Thanks.
@eaglefn4918 9 ай бұрын
I can not believe, that this is your opinion. You put a third party trojan in your network and explain it like the best thing ever. Did you watch this video yourself before publishing it? 😢
@davidgadam 3 ай бұрын
It would be good if there is a demo show how to set up a DNS name, instead of ip address.
@christianlempa 3 ай бұрын
Good idea, maybe I'll cover DNS in a future video!
@0ChAnTi 9 ай бұрын
Hi Christian, for corporate environment and their employee user/devices this solution seems to provide nice features. But I see issues in other when service owner and user/device are not in such relation. I think you fall short to explain some details, from my point of view: - What about clients from coporation networks with equal high security structures? - Any user/client device needs to install the Twingate software as it seems to get access? - What are the requirements for the the clients at all? - Is a connection without the twingate agent possible? I am with you regarding the "least privilege principle" approach. And a session MFA authentication would allow me to verify the person, but to press a person to give up the freedom of device choice , I don´t see.
@christianlempa 9 ай бұрын
You always need to do a proper evaluation, if the solution is a good fit. The main goal of the video was to explain the differences between VPN and ZTNA, and how to easily implement this strategy with twingate.
@urzalukaskubicek9690 9 ай бұрын
Twingate Controller "provided on their servers" - no thank you.
@yerunski 9 ай бұрын
The whole video has a watermark 'advertisement'. I'm skipping this one.
@hackingit 8 ай бұрын
It is secure alternative to VPNs. These days I am looking for VPNs that are undetectable by websites. I am trying to earn from microtasks but that is region specific and VPNs don't work. Can you suggest a solution?
@AnFv86 9 ай бұрын
Has anyone tried to use the alias instead of the IP? I can't get it to work and I can't understand why.
@Medalavi 4 ай бұрын
What is the benefit of Twingate vs Tailsclae or Perimeter81 which using WireGuard Connection?
@christianlempa 4 ай бұрын
You have to compare the features and find out what's important to you. Maybe I'll make a comparison video somewhere this year.
@volkerscheithauer9378 6 ай бұрын
How does it compare to Teleport? Would like to see a video on these two: Teleport vs. Twingate.
@heaton922 9 ай бұрын
anyone can use custom dns - pihole as DNS filter? I tried that is not work. going back tailscale
@DJRhinofart 9 ай бұрын
A properly configured VPN implementation will have VPN clients come into a "Grey Zone" subnet, and then firewalls between the Grey Zone, and the Internal resources. Firewalls are not just for the Edges of the network. At my day-job we have probably around 100 Firewalls throughout our Corporate Network. Also between the Corporate, and High Security networks have different brand Firewalls.
@MrMcp76 3 ай бұрын
Zerotrust is the way to go. VPNs provide no protection to your network once a bad actor gets on an end-user's system who is connected to your VPN. Ask me how I know 😞 Great video .. regardless if it is a sponsored video or not
@christianlempa 3 ай бұрын
Thank you man!
@youdontknowme7298 9 ай бұрын
Im reallly confused ..... Is this a sponsored video?!? If yes, why doesnt it say so? I only says Advertisment, but thats to vague. Can we be a little more transparent with the viewership?
@christianlempa 9 ай бұрын
There's an ad banner in the entire video, as well as a notification when you start watching the video... I'm honestly not sure how much more transparency you need :/
@youdontknowme7298 9 ай бұрын
@@christianlempa That Ad banner only means that something in the video is advertised or this video is making money from that. But this video was "Sponsored" by the tool you did. Sorry i wrote it in a confusing way, i just want to help you out and make things more clear to the viewer.
@freestudymusic550 3 ай бұрын
Nice video😊
@christianlempa 3 ай бұрын
Thanks 😊
@danielberglv259 9 ай бұрын
Seams awsome, but sadly like so many other services the client for Linux is something that seams to have been put together by an intern during a 30 minute break. It's always the same. Either a Linux client is missing or it may as well be. VPN may be an old way of doing this, but at least it has wide and tested platform support.
@joaopedroalbernaz 9 ай бұрын
Hey, there's a video on my 24 min AD, what's up with that?
@milosand 9 ай бұрын
What's the diference with cloudflare Zero trust? You have a video about the security issue of this service. Thanks for your videos.
@christianlempa 9 ай бұрын
There will be a comparison video in the future, just takes some time to prepare it
@X27WCP 9 ай бұрын
i pass think my selfhosted vpn is pretty safe
@Glatze603 5 ай бұрын
@christianlempa: I absolutely share your definition of Zero Trust (07:46), unfortunately most people don't really understand it, as you can see from many of the comments.
@christianlempa 5 ай бұрын
Thank you for highlighting this! It's such an important concept to understand, I think that needs more videos. :D
@animefreaks4738 7 ай бұрын
Tailscale vs Twingate. What should I use in 2023?
@canadianwildlifeservice8883 9 ай бұрын
At home I use the Sophos Firewall's openVPN server. I like to think that because it's enterprise-level that it is secure. If you use a long random password, keep the opvn import file safe, and ditch the auto-created firewall rule at the top that allows the VPN users to access everything, you can create a rule that only allows the VPN users to access only hosts/IPs on your network that you allow. This is how it has been done for years. In the video he states that VPN is not secure. Did something drastically change that makes it not secure anymore or this belief just fear mongering by these cloud providers?
@christianlempa 9 ай бұрын
There are some security issues highlighted in the video. Btw at Sophos we also have a Zero-Trust Network Access Solution :)
@canadianwildlifeservice8883 9 ай бұрын
@@christianlempa Yes, I have heard that it will be included in the upcoming version 20 of Sophos Firewall. I will have to read more about it. I already like the 2FA that is mandatory in the firewall webadmin. I wish the SSL VPN used it as well.
@Andy-jz1zw 9 ай бұрын
@@canadianwildlifeservice8883If you mean a VPN with MFA via Sophos then it can be enabled. Maybe this is only at the enterprise level - never touched the personal one. Go into the admin portal and look under authentication. You can add mfa and also configure it to work from an AD group. User signs in then will get a qr code then can scan - they then sign in with username, password and mfa code right at the end of the password
@steveyg777 Ай бұрын
Can you recommend a more zero configuration solution like twingate for normal people like myself who don't understand all the programming/Linux/docker garbage please?
@muralimenon2681 8 ай бұрын
With a VPN the client does not get access to all internal resources. You can configure so only a subnet or specific servers are accessible!
@AbdulWahid1st 9 ай бұрын
I have a different opinion regarding vpn not secure, especialIy in what u said about ‘client is trusted as part of intranet’. I think vpn is only as secure as how we secure our vpn servers. We should always expect many outside traffic coming from the vpn server, and configure our firewall accordingly. Most of all, aside from network provider, all my data and authentication are transmitted through my own servers. Don’t get me wrong, I love this zero trust concept, and I am using cloudflare tunnel, which I think exactly the same as what twingate doing, maybe, cmiiw. Which is my daily alternative to my vpn. And in terms of speed, I didn’t notice any differences, definitely depending on usage, whether to ssh or stream jellyfin. So which one you like, controlling access via your own firewall, or zero trust provider’s controller or dashboard or whatever.
@EnterTheVoid- Ай бұрын
Bro, you lost me at minute 15:50... Where did the linux come in ? Im on gaddam windows. Also what is vs code? Is It compatible with windows?
@DigiDoc101 9 ай бұрын
My main problem with this product is that their android/iOS apps suck. I'll have to sign in every time I disconnect. With tailscale, it is a click away to toggle on/off. Very annoying!
@ilovestitch 9 ай бұрын
It sounds like this is a tool used for correcting issues caused only by verrrrryyyy poorly deployed VPNs and poorly configured firewalls... too much reliance on external servers, closed source, etc...'zero trust' just means 'trust us/our servers with all your data throughput' in this case. same issue with tailscale
@MR-vj8dn 8 ай бұрын
But why would you choose to use this service in the first place? I don’t get what it solves or even offers that isn’t there already, but with a proven track record.
@davidiamyou 9 ай бұрын
So is it just another Tailscale/Headscale?
@keywal 9 ай бұрын
The 2 device limit put me off this for the home lab.
@DominatorIII 9 ай бұрын
Where do you see a 2 device limit?
@keywal 9 ай бұрын
@@DominatorIII Settings > General... 2 devices per user Upgrade to Teams for 5 devices per user
@ashfaaqahamed3902 9 ай бұрын
Make video on elastic search deployment on kubernetes
@Raja-oi7xv 9 ай бұрын
Go with elk stack
@ashfaaqahamed3902 9 ай бұрын
@@Raja-oi7xv do u have idea about that
@dotcaodin 9 ай бұрын
That's so nice!! Thank you for sharing. I don't understand the complaint about Ads videos once they still bring value to the public. Sincerely, people are focus on bad things only.
@christianlempa 9 ай бұрын
Thank you 😊
@lukasyelle4708 9 ай бұрын
@@christianlempa I agree, I like seeing the tech regardless if it’s an ad or not! Keep up the great work Christian! Quality content as always.
@igorokic5299 7 ай бұрын
Hey Christian, what is better in your opinion: Twingate or Tailscale?
@Glatze603 9 ай бұрын
Hi Christian, even if you can't host it yourself, it offers some very good and important approaches towards Zero Trust! Used correctly (at least 2 docker containers - as lxc and distributed across 2 of 3 Proxmox nodes, in a DMZ with dedicated firewall rules towards LAN networks and the Internet) this is a really good and secure solution for accessing services in your own area access homelab. Thank you for your time and this video 🙂
@christianlempa 9 ай бұрын
Thank you so much :)
@niro1960 8 ай бұрын
Nope -> 3rd Party ≠ Zero Thrust. Opens-> New attack vector.
@Glatze603 5 ай бұрын
@@niro1960 Please find out in more detail what zero trust means!
@romayojr 9 ай бұрын
this is good stuff. i’m interested in implementing this in my homelab environment. do you know what the upload limitations are for the free version? i want to use this as a proxy to my nextcloud instance.
@christianlempa 9 ай бұрын
Since the traffic is not flowing through their services there’s no other limitation than the ISP on client/server
@gabe_0x 9 ай бұрын
If it's not free and open-source, then it's a waste of everyone's time. I'm happy to pay for bandwidth and hardware, but I will never trust a company with protecting my data.
@MrBarto95 9 ай бұрын
Maybe test netmaker or netbird
@aelidrissi3584 9 ай бұрын
We understand that ads are okay but please keep the good work on home lab / open source / learning / diy / fun. I have the feeling that this channel is drifting. Hope I am wrong.. and sorry if this was rude to say..
@Kevin-oj2uo 9 ай бұрын
Yeah it seems like KZbin ads are not paying enough so they have to start accepting these sponsor videos. I don't like this trending because eventually it will become just for profit like Linus tech tips. I will prefer a video every month as an enthusiast.
@christianlempa 9 ай бұрын
I’ll release a video later this day to talk about some of this, hope that gives you some clarity on the topic.
@MarkoKukovec 9 ай бұрын
What is the proper ways to secure tokens in the production? How do you not store them in clear text? I mean in the compose we can use environment variables defined in the .env file, but again, variables in .env are stored in clear text. Security in this way is acheaved by who exactly can read .env file. What is better solution? How to encrypt them and decrypt on the fly? You have to put description key somewhere. Thank you for all the help and hints I'll receive on this question.
@christianlempa 9 ай бұрын
There are multiple options, I'm still evaluating some for me. Currently, I'm using just environment variables that I pass through the session when I need them, but apparently it's not very convenient. Don't worry, I'll add this topic to the list of videos I'm going to do in the future!
@milutinnikolic7681 9 ай бұрын
I did this deployment for about 5-6m ago. Working perfect for me.
@christianlempa 9 ай бұрын
Awesome :)
@RubenMPSRZ 9 ай бұрын
Skynet was the name of my wifi since I was living with my parents. 🤣
@christianlempa 9 ай бұрын
:D
@ask_carbon 9 ай бұрын
Yea its a dislike from me. A bit disappointed too.
@christianlempa 9 ай бұрын
Sorry if you think so
@theosky7162 9 ай бұрын
Cloud shall NOT touch my data.
@MrZiemwit 9 ай бұрын
so basically its worst zerotiier/tailscale
@christianlempa 9 ай бұрын
Nah you got that wrong bro
@jimmayx 5 ай бұрын
My question is: as the admin to all the internal services, I would need access to virtually everything. So with a giant winner-takes all account, how are these more secure from an account hijack? Assuming the bad actor meets the basic security requirements and gained access to my account managing my homelab, how am I safer?
@redlinejoes 9 ай бұрын
Please go read Project Zero Trust by George Finney.
@quangnam10 8 ай бұрын
i think it look like tailscale
@giux900 9 ай бұрын
not a good way to sponsor! I liked the clouflare tunneling considerations and the basic criticism that should permeate everything in IT. So the balance about risk/benefit should be our thought, not the title of your video! You should never say stop using vpn. Openvpn is a 21year old protocol full audited with with also hardened versions and widely used worldwide. Is just secure as should be. So, talk about the main point. What is more zero trusted? A self hosted opensource service with user in full control, or a corporate service with closed source software running inside your house? you cannot deleted this comment.
@christianlempa 9 ай бұрын
Thanks for you honest feedback
@YannMetalhead 9 ай бұрын
I know it's a sponsored video so I won't complain, but no way I would use something like that.
@christianlempa 9 ай бұрын
No worries :)
@Glatze603 9 ай бұрын
@ALL: Self-hosting is a trend on a private level. Companies are now moving more than ever to the cloud and are therefore dependent on other companies (see Microsoft). Personally, I'm also a fan of hosting as many services as possible myself, but solutions like those from TG or CF are no less secure - on the contrary. The “big” companies in particular are in the spotlight and can least afford security breaches or poorly programmed security solutions. As far as these approaches are concerned, I believe that this solution is currently at the forefront when it comes to security and integrity.
@christianlempa 9 ай бұрын
Well said! As much as the self-hosting fans dislike security services... That's what the big boys use ;)
@mindenesvegyes8512 9 ай бұрын
@@christianlempa aha.. said this after the big boys like lastpass hacked more times in row... don't be arrogant ;) I like your channel and learnt a lot but if you continue this "money hungry bitch" behavior and sell your soul for money (sponsors), instant unsub.
@klausdieter8283 6 ай бұрын
I dont get it :/ is the data between the connector and client encrypted? how will the firewall work with encrypted data?
@christianlempa 5 ай бұрын
It is, the firewall will most likely just forward it because the connection is initiated from inside the network.
@bastelwastel8551 9 ай бұрын
Yeah, no thank you. I roll my own solution that i have full control over. Outsourcing your security is not my thing, but nice that you get some ad money
@icheema3671 6 ай бұрын
all the issues highlighted with vpn in this video are quite easy to address.
@SHSolutions 9 ай бұрын
Wir nutzen Zscaler. Aus Anwender Sicht, welcher produktiv arbeiten soll, ziemlich lästig und kontraproduktiv…. 👎🏻
@LMLecho 12 күн бұрын
Unless im missing something or this was baked in after the fact....it clealry days "Advertisement" top right 🤷♂️🤷♂️🤷♂️
@trendingtopicresearch9440 7 ай бұрын
Yes, give a company access to your LAN. What could go wrong.
@schossel 9 ай бұрын
This is within some of the worst videos on this channel. Explaining that using a third party server is more secure than your own VPN. Come on. It took me a few minutes to recognize that this whole video is an ad. This happened a few times now with these videos. I'll give you a last chance because mostly I like your channel, but if this is the way it'll be going in the future then I'm gone.
@Simonkenteriksson 9 ай бұрын
Great video :)
@christianlempa 9 ай бұрын
Thanks!
@TheBeardedLibertarian 9 ай бұрын
Awesome
@MyAeroMove 9 ай бұрын
We are so worried about security and so bored managing VPN... So, we are outsourcing whole corporate entrance gates to some ... company because ... it's based in US 😂 Please get back that old level of quality to your videos. I'm really missing it.
@christianlempa 9 ай бұрын
Don't worry, I'll address some of the concerns in a special video today, we'll get back to it!
@tylersmith8662 7 ай бұрын
im curious how you come to the conclusion that "VPN is no longer secure"
@jrjrjrjdhdjs 9 ай бұрын
Dont mind the ads because he is showing us tools that can be used in IT/homelab. It would be different if he was showing something unrelated.
@zaidranger666 9 ай бұрын
Get shrekt rekt wreckt
@rushank2112 3 ай бұрын
I would have not promoted this. Thanks for the efforts!
@christianlempa 3 ай бұрын
You're welcome :)
@GormReventlow 9 ай бұрын
Excellent video. I love the focus on secure connections to a homelab network.
@christianlempa 9 ай бұрын
Thank you 🙏
@TheGrumpyCyclist 9 ай бұрын
❤😊❤
@ohiosuave 9 ай бұрын
PAYWALL....So I Zero Trust IT...
@altaccount648 7 ай бұрын
I would *never* ditch VPNs for important services on my server. Corporations can beg me for my money some more. Thanks, but no thanks.
@PaulBunkey 9 ай бұрын
Oh, looks just like Tailscale. A fork?
@christianlempa 9 ай бұрын
Nope xD
@mvaldes 9 ай бұрын
This is an ads channel now 😂
@christianlempa 9 ай бұрын
😢
@nicholasbackwell1869 9 ай бұрын
@mvaldes - I presume by that comment you don't run your own business. I can understand as a consumer why you might feel that way but as anyone in the IT industry might be able to observe, the world is constantly changing and learning theory only goes so far when it comes to tech. I'm sure Christian does a lot of testing and quality control to make his videos which is why he's a popular KZbinr which is more to say then you or me. I'd also like to point out I'm not the only enthusiast that simply likes shiny new toys/tools/equipment... Only examples but any enthusiast in automotive buying car parts or tradesman buying Milwaukee, Klein or whatever else you fancy I'm sure can understand. As anyone who gets up everyday to make a living for themselves why wouldn't you want to get paid for your work? I mean unless your sponsoring Christian?
@immortalmyth5685 9 ай бұрын
Getting money from youtube or your works always is a nice thing. If no one donate or sponsor him how can he keep up this channel? But i would like chris give some caption or tell about sponsor. So i can decide to watch to the end of video or not
@nicholasbackwell1869 9 ай бұрын
@@immortalmyth5685 there's an "advertisement" disclaimer in the top right corner of the video and he mentions the video was made possible because of Twingate at like 45 seconds into the video.... it's about as much notice as you get from a coffee cup "Caution! It's hot"
@Andy-jz1zw 9 ай бұрын
What's wrong with ads? It's relevant with the content and I would've thought for most of us, its fun to play about with this stuff.
@joelmeza3145 9 ай бұрын
What a shame!
@voodooyam 6 ай бұрын
Not for me I like to use my personal VPN and not reliying on an third party service.
@gerbrand5980 9 ай бұрын
Yeah, this is just simply a bad video. Instead of bashing VPN's, you should advertise it as a cool alternative. This should avoid most controversy that you're seeing now in the comments.
@paulzachary9812 9 ай бұрын
Yikes
@80robina 7 ай бұрын
Mate, I'm noooo way trusting a cloud service to VPN in my own network, I would rather self host all myself like I do wireguard and openvpn on my opnsense firewall
Lawrence Systems
Рет қаралды 57 М.