Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Condor323326y@mpie I have VPN services running on my external servers as part of their security model. Hiding a service behind said VPN means making said service only accessible from its network, e.g. 10.8.0.0/24. These are mostly administrative services like sshd, which in order to see it you'll need a VPN connection. To obtain that connection however, you need SSH access to the server first, which effectively makes it a catch-22.
-
Oh yeah "but it works when I do that on my machine" - listen you retarded dumbass, so then we better deliver your machine AND your stupid face attached to it straight to the customer, right?!
-
mpie1716yPoint still stands. Not going to start a discussion, but I think you mean something else
-
Condor323326y@mpie The point doesn't stand. Hiding a service behind the VPN is exactly what it means. There's a VPN server with a network assigned to it. In order to connect to such services I need to make myself a member of that network first. Which in turn means that that service is hidden within that network, behind a VPN server.
You may call it "just my opinion" though. It's becoming more common in recent years, so don't worry too much about it. -
mpie1716yThere we go. So not being able to connect to the service and it is giving a totally new ip address is hiding in your opinion?
Those 2 errors may fool a junior developer. All others won't be. -
Condor323326y@mpie You don't necessarily get a new IP address (edit: at least not the external IP's that commercial VPN's for consumers usually give, unless the server is configured to forward traffic) if you connect to the VPN. I feel like you're confused about what VPN's really are, especially in enterprise situations. A VPN is not just a tool to get a different IP and browse the internet from there. It is quite literally a virtual private network. You can think of it as your home network but entirely in software. You connect to the server on its external IP on whatever port the VPN is running (usually 1194/udp) and get from it access to its internal network along with an internal IP for it (e.g. 10.8.0.2).
Please educate yourself about VPN servers first. I find your ignorant assumption that I - a professional sysadmin - don't know about VPN servers quite rude to be honest. -
Condor323326y@mpie Dunning-Kruger at its finest, don't you say? I work with servers every day, all day long. How that makes me not a professional, I don't know. I've been in the trade for over 4 years now.
EDUCATE YOURSELF. -
Condor323326y@mpie Programming for 20 years yet can't tell their elbow from their arse about a VPN. Checks out. We can be anything we want to be on the internet, can't we?
By that logic however, you know your stacks and limit your arguments to those or you don't. I think we both know which one this here argument is. -
Condor323326y@mpie Yes, welcome to the real world. I run several VPN servers of my own and interface with them administratively every day. Welcome to the real world indeed!
-
Wack61916yWouldn't that also bring down the service for every one else? Assuming the dev is allready in the same subnet/lan as the server, wouldn't it be better to simply either drop all traffic for the dev's ip or even better throttle it down until it's barely usable, but doesn't brake anything...
-
Condor323326y@Wack yeah, after posting I thought of that as well.. maybe if they have VPN access, doing some fuckery in iptables or revoking their certificates would make more sense 🤔
But I was too lazy to edit the rant ¯\_(ツ)_/¯ -
@mpie I'm just wondering regarding your "its OK if its too complicated for you" comment, what would be too complicated in this case? What @Condor explains as for hiding an application or whatsoever behind a VPN is perfectly legit and done by many. Hell, I can only access tiny/unimportant portions of my works infrastructure (hosting provider) without vpn'ing into our vpn server, loads and loads isn't accessible without VPN connection.
It runs on internal subnets which are, indeed, quite literally, 'behind a vpn'.
And before you tell me that I don't know anything about vpn's, let me add that I manage my own mini cluster of vpn servers which I use myself (smartphone, tablet, laptop, desktop). Its not hiding anything behind that network but that's not my use case either. -
As for 'the professional' part, you can be a vpn professional if you learn it (vpn, openvpn maybe, how it works).
Then, it doesn't matter how much devving experience you have as a vpn network has nothing to do with developing software itself.
I write software in my free time and manage 30+ servers for fun (including the vpn ones) and I've put time into learning how it works (mostly, I wouldn't call myself a professional yet as I have more to learn in order to fully understand it) so I can at least call myself someone who knows in general what they're talking about as for vpn.
Someone who's been programming for 30 years in C (not sure how long C exists but just a hypothetical example) might have never touched anything relating to vpn's. They might be an expert at C but have no clue what a vpn does. -
p1ERRson666yJust ask him to buy a vpn-cable... Somebody came to time last week and needed a new vpn-cable since the old one was broken. A bit vague about specs tho...
Every time I hear a developer say "works for me", I'm gonna hide a service of mine that they use behind the VPN.
Dev: "oy mate, this server is down"
Me (with VPN connection): "sorry mate, works for me"
Dev: "but here, check this out, it's down!!"
Me: "mate, check your network connection. You must have a shitty network connection."
Dev: -_-
Me: "Maybe shitty hardware? Driver issues on your network card? 🤭"
Because you know, we sysadmins can do that too 😉
rant
works for me