the END of VPNs?!
Вставка
- Опубліковано 27 кві 2023
- Ditch your VPN and start using Twingate (it’s FREE): ntck.co/twingate
Want to try the teams and business plan? Use my coupon codes to get 3 months FREE:
🚀Monthly Plan: NETWORKCHUCK-MONTHLY
🚀Annual Plan: NETWORKCHUCK-YEARLY
Say goodbye to VPNs for remote access! I've ditched my VPN because they're slow, complicated, and insecure - not to mention outdated! I needed a better solution - one that's lightning-fast and gives me granular control over user access. Enter Twingate, the zero-trust remote access solution that will revolutionize your remote connectivity experience. In this video, I'll guide you through setting up Twingate on your home or business network FOR FREE in just 5 minutes. Don't miss out on this game-changing technology!
Twingate Docs (deep-dive into how it works): www.twingate.com/docs/how-twi...
SUPPORT NETWORKCHUCK
---------------------------------------------------
🚀🚀Join the Academy: ntck.co/NCAcademy
☕☕ COFFEE and MERCH: ntck.co/coffee
💪💪 Try the NetworkChuck Cloud Browser: browser.networkchuck.com
**Sponsored by Twingate
FOLLOW ME EVERYWHERE
---------------------------------------------------
Instagram: / networkchuck
Twitter: / networkchuck
Facebook: / networkchuck
Join the Discord server: bit.ly/nc-discord
AFFILIATES & REFERRALS
---------------------------------------------------
(GEAR I USE...STUFF I RECOMMEND)
My network gear: geni.us/L6wyIUj
Amazon Affiliate Store: www.amazon.com/shop/networkchuck
Buy a Raspberry Pi: geni.us/aBeqAL
Do you want to know how I draw on the screen?? Go to ntck.co/EpicPen and use code NetworkChuck to get 20% off!!
fast and reliable unifi in the cloud: hostifi.com/?via=chuck
---------------------------------------------------
Twingate is an alternative to zerotier, a global provider of software-defined networking and offers secure remote access solutions.
Twingate is an alternative to zscaler, a cloud-based security platform that provides zero-trust access solutions and internet security services.
Twingate is an alternative to Perimeter 81, a provider of cloud-based network security solutions, including zero-trust network access.
Twingate is an alternative to Pulse Secure, which provides software-defined secure access solutions and offers zero-trust access technology.
Twingate is an alternative to OpenVPN, an open-source VPN technology provider that offers secure remote access solutions for businesses.
Twingate is an alternative to Cisco, which offers zero-trust solutions that provide secure access to resources based on context and policy, leveraging multi-factor authentication and endpoint security.
---------------------------------------------------
#zerotrust #twingate #vpn - Наука та технологія
Someone needs to make an open source version so we can host the controller ourselves. I dont like twingate being in control of the controller
Agreed. Zero trust also means don’t trust controller when not self hosted.
ZeroTier is a good alternative to this. I think the only thing the OpenSource version lacks is a GUI, so if you're fine with CLI, it's a good option.
@@nobodyshomeuk I selfhost zerotier and use ztncui for a UI and it works great.
Zerotier or nebula would be go to option for this.
As soon as I heard "the controller is managed by Twingate, its in their cloud" that was a solid NOPE for me. If I don't have full 100% self-hosted control then that's a solid pass for me.
NEVER, and I mean NEVER, rely on a third party for access into your own network. If it's not selfhosted, there is nothing secure or reliable about it.
watch the rest of the vid, look at how they handle authentication. Twingate REQUIRES third-party auth (google, github...etc) for you to connect to a resource. It's not self-hosted, but it's also not as "managed'" as you might think.
@ mmm... All I hear is "less risky, but risky nonetheless"
the thing is that even law enforcement could have full access to your local network. Not that I hide anything but it's the basic principle of "don't leave your doors open to anyone"
This is literally the equivalent of turning off your firewall.
Yea, I also gave twingate and tailscale a pass. I don't want to rely on any 3rd party when accessing my network. 😗
@@NetworkChuck this wouldnt pass ISO 27001 in my book
Yeah this might not be a great option for your personal network, but I think for small businesses it’s hard to beat.
I love that everyone is worried about it not being self hosted, it gives me hope
a lot of times, self hosted is not a secure as one might think. Errors in set-up, old firmwares, etc, etc.
@@DjTonioRoffo but it's in your control: if you fd up that's on you. Trusting a centralized solution like this and you could find yourself at the mercy of "show me the man and I'll show you the crime" by simply saying "the wrong thing" on the internet and activating the "online safety bill" on you.
@@ShaferHart are you in the reality of today's IT solutions? Do you run everything locally? It's just not possible anymore.
Nowadays most websites are already end to end encrypted via HTTPS/TLS similar to VPN's, therefore double encrypting the data is a waste of time and VPN fees, with slower speeds and higher latency. The only thing it's good for is hiding your location, but even a simple proxy can do that for about half the cost with a simpler setup, higher speeds, and lower latency while still encrypted via HTTPS/TLS. Also, a VPN server is a single point for an attack by bad hackers or state actors since all your connections are going through the same server.
@@BillAnt fully agreed. Using VPN as a safety measure to prevent a man-in-the-middle from listening your HTTP traffic is pointless as there's no pure HTTP traffic left nowadays. But it is just a single use case for VPN, very narrow one which got pedaled because of all those "Secured VPN service providers" wanted to sell their services. Why VPN as a technology appeared, first of all, is to connect together in a virtual private (and secured) network various hosts scattered across the globe, but all having access to internet.
I know that Twingate sponsors this video, but I really value having control over my data. Therefore, I prefer Pritunl, because they have self-hosted option. Chuck, I think you should consider making a video about it. Congratulations on your video!
P.S.: The benefit of the Twingate provide is the endpoint controls.
why not tailscale
@@bensavage6389it’s just WireGuard which is still a vpn
@@bensavage6389same issue with controller ?
@@rafal9ck817 why not headscale?
I wonder what that top secret project was...
Also your editors did a pretty big brain move saving you money by downloading more RAM!
hello there, funny to see you again
Oh nothing, he's just building his own Stargate in his basement! ;)
Jeff, save us... Explain the guy this is just a fancy VPN controled by a 3rd party with ACL! xD.
Here before this blows up
What is your opinion? Waiting for on your channel
Ditch your VPN and start using Twingate (it’s FREE): ntck.co/twingate
Want to try the teams and business plan? Use my coupon codes to get 3 months FREE:
🚀Monthly Plan: NETWORKCHUCK-MONTHLY
🚀Annual Plan: NETWORKCHUCK-YEARLY
SUPPORT NETWORKCHUCK
---------------------------------------------------
🚀🚀Join the Academy: ntck.co/NCAcademy
☕☕ COFFEE and MERCH: ntck.co/coffee
💪💪 Try the NetworkChuck Cloud Browser: browser.networkchuck.com
sorry, everything thats free is because you are the product. Or they change plans and charge users next year and ditch the free plan. you know how it is.
@@VividNation This ^^^^^^
Early here.
:3 I thought you were gonna mention the cancerous Restrict Act. 💀💀💀😅😅😅
:3 NordVPN Meshnet is free and quick to setup.
You have solved problem I've had for 12 months. Thanks so much xx
This is awesome!!! Can’t wait to give this a test drive. The video was so fun to watch thanks for always providing such informative entertaining content! 😀
Hey Chuck!! I have been watching this channel for a very long time and since I've started watching this channel, I started studying for certifications. I have obtained A+ and Network+ but now I am ecstatic to share that I just passed my CCNA!! You and this channel were a massive part of that! Just wanted to say thank you! I love the content and I look forward to a whole lot more to come from you I'm sure.
Congrats man! :) I'm studying myself for the CCNA. Is there a reason why you started with Network+ before CCNA? I was under the impression that both certs broadly cover the same networking concepts, the difference being that CCNA focuses on Cisco solutions and is obviously more hands-on with the CLI configuration. Am I missing out by not taking Network+ before completing CCNA?
@@aldarion2222 I don't think your missing out. I took Network+ because I was new to everything and honestly it couldn't hurt in my case. It really made the transition to study for the CCNA much easier because I already knew most of the concepts of networking, now I just had to focus on CLI configurations and the different protocols associated with CCNA. It's my understanding too that CCNA carries more weight in the job market than Network+ but we shall see. I've added my CCNA cert to my resume and now going on the job hunt. Good luck with your studies!
Looks like very long add...
@@Charles-ow3fo What did you use to study? I want to get both certs this year I have some experience just want to reinforce, and congrats on CCNA!
@@SuperVexal Thank you! I was on Udemy quite a bit and I purchased the official cert guides. I also attended night classes at a tech school to get more hands on but packet tracer is great for simulating a network if getting hands on is not an option for you.
I think the bit about the client and connector talking directly to one another is technically incorrect. While the relay knows which IPs and ports the client and connector use (after NAT), you cannot have them connect to each other. That is because the NAT routers will only accept packets originating from the relay for those ports.
So, in order to connect client and connector, the traffic has to be routed through the relay as a proxy. And while that traffic is probably encrypted, all of this is controlled by non-open software provided by Twingate. Thus, you essentially have to trust that Twingate is a. "not evil" and b. "stays secure".
Also, the ressources that are being exposed are controlled via a cloud instance ("controller") and also, who may connect to them. You essentially delegate control over what can be accessed to Twingate, putting a remote control to your network in their hands (aka "firewall piercing"). Surely, nothing to worry about, huh?
Thank you for let me know about these solution finally resolved 3 year problem to connect my home via starlink
Thank you so much for showing me this, I was looking for an easy and secure way to access my server, (which isn't in my house) and this does it just fine.
0:49 Thats not a VPN weakness but a lack of OPSEC on your part.
1:36 Zero trust? Doubtful. Basically you allow in a 3rd party onto your network because of the cloud control plane. BTW on the backend they use good old VPN protocols.
1:44 You can do that without VPN or this no-name sw vendor, its called "having proper firewall rules".
1:57 Gimmick, simply having an AV and fw rules doesnt mean the machine isnt infected or boned by a hacker.......
Holy grail of an answer :)
underrated comment!
Yep, 0% trust on users, 100% trust on TwinGate. I've kinda heard of this concept a couple of times. It sounds interesting as tech though.
Nice video as always :)
Great video and great product! Love how enthusiastic you are talking about it haha
I'm genuinely surprised that you don't already have a VPN setup. Also, for the concern about them having full network access can't you just use subnets to segregate the data and have the VPN only get you into a specific subnet? I mean, at my job the VPN I use won't let me access stuff in the accounting network.
He probably does have a VPN set up. This whole video is just a big ad anyway,
Subnets don’t restrict ports. Even if you are restricted to a certain subnet you’d still have access to all ports. He references that. A VPN setup like that is far more complex. Plus you often can’t specify firewall rules on a per user or group basis. For example, sales can only access tbe inventory system on port 443. But IT users can access it on 443 and 22. It’s a simple concept but either impossible, difficult or expensive to implement in a traditional VPN.
@@BDTech-yi6ub exactly - you can do *some* of these access restrictions by doing a bunch of network munching but Twingate makes it so much easier.
I think the whole point of something like Twingate is that you don’t have to go through all the work of creating separate subnets, which are kind of a pain to set up and really hard to set up granular access. You can basically have one big flat network and then Twingate acts as a segregation layer. Pretty cool networking tech IMO
@@BDTech-yi6ub Sophos XG you can do policy based routing for users and groups
What happens when Twingate's cloud/business inevitably gets hacked? What are the safeguards to ensure the hackers don't get access to everything we've provisioned access to using Twingate? I, too, would be much more excited if I could run an open source version so that I could host the controller and not be dependent of Twingate. Thanks much for the great content.
Yeah, and it will get hacked. These types of services are prone to hacking because of the type of service it is...a back door to your network.
@@gatolibero8329 Chuck has 3 million subs! I believe him rather than a random with zero subs!
Edit: Please stop computer Internet bullying me 🙁
@@swallowedinthesea11 that is not always good logic to go by my friend... @Gato Libero is NOT wrong in anything they said. Not to mention the fact that this video watched like one giant Ad rather than an informational video. You should wonder why he tried to give you a legit reason as to why he made this video and uses the product while simultaneously advertising the very same product in an ad spot which he also supposedly came across by chance LMAO Yea OK
I find the solution could work better if they create an account with the public and private key authentication method to sign in, or they come up with something that they had hosted for us, but they cannot access it, only we had a key to unlock it.
@@swallowedinthesea11 the only problem is, they paid him to advertise it
I know how this will go. At some point they will just remove the free tier entirely. Happened to like 5 different services I used in the past.
First they allow you to sign up for free, then remove the free tier when you rely on their service, so you either have to pay up, or quickly search for a replacement.
Truth... that business model grinds my gears.
I guess that’s where the coffee comes in. just want to know what equal parts meth and angel dust I need to procure 😌
Thanks Network Chuck… great explanation, easy to understand… thanks for helping me stay up to date!
That looks like a great piece of software, but I am becoming increasedly concerned with amount of network infrastructure that is beginning to operate on closed source SaaS models.
SaaS, nore like SuuS.
I'll see my way out...
This is a saas model don't go for it
Oh, that ship has sailed a long time ago. Every business and their granddad's are running at least part of their stuff in Azure, Google, ... all running on a few dozens of highly concentrated server farms. The decentralized internet is gone.
@@breakfast7595 nah bro I'm stealing that lol
I use zerotier myself. It doesn't have the granular automatic control but it works for me and my (somewhat extended) family. I even use it to connect my cloud oracle servers with the rest of my network.
Zerotier is a godtier product! Free to use, setup in 5 min, no need to forward a single port in your insecure home router, and the speed is similar to LAN speed. Cant recommend that shit enough!
Man, what a discovery this has been. Excellent video!
Like everyone else, I'm concerned too because it's not open source. An important point and strength of most self-hosted VPN applications are that they're open-source, so when you say "Managed" and a third-party server comes in between, personally, no matter how legit and reliable that company is, it's a red flag for me.
Same here
Nice technology. I wonder if this protocol will be abused. When a PC is behind NAT , a home router uses Port-NAT. A statefull firewall "expects" data on the inbound port. Since the TwinGate client installed on a PC behind a NAT. It is basicly a backdoor relayer (SOCK5 proxy) in your LAN environment. Why? External users can connect to other devices in your LAN. Oh well, it is a cool tech, but I hope IDS/IPS firewall can detect this kind of traffic in business environment. A employee can easily make backdoors in your network if you are not carefull. Thanks for the clip and explanation.
Exactly my thoughts...no trust to VPN, but install a third party backdoor is ok.
It’s running on higher layers, so just block the process from running and you’re good.
Your comment is the very reason we segment networks using subnets. Keep all the critical infrastructure off the access network.
@@flaminbutt Issue is that's fine until the bad actor comes in with a raspberry pi or something and plugs it into an ethernet cable. Now .,... proper network security should prevent that (network segmentation, mac address port filtering, etc), but the potential is there for an improperly secured network.
@Brent Burroughs Issue is they tried that at my university, stunnel got around it with relative ease.
A David Bombal and a NetwrokChuck video on the same day? TODAY IS MY LUCKY DAY
"It's easy, it's the NEW way."
me: "alright"
"so you need to register for their cloud"
me: "aright imma head out"
The thumbnail is pure art 😂
The pieces of this I did understand were so cool to me that I feel inspired to really dive in and learn substantially about networking. Thanks for all you do!
This is interesting, but why should I ditch my VPN? If I am on a "public WiFi" connection with my laptop, I want to have my WiFi connection secured using an encrypted VPN connection.
My brother, THANKS for sharing this USEFUL SOLUTION! =)
I'm gonna try it myself TODAY
Great idea to use a proprietary service 'never heard of' as the single point into every aspect of your network!
🤣
Almost everything is proprietary and everything allows data collection for law enforcement and for marketing. The whole security depends on the proprietary firm but anyway insiders can access anything on your device.
@@dangbro not everything
@@deality 'Almost everything ' was the key words I used.
Im so glad I found this channel! Thanks Mr. NetworkChuck for providing great instruction, and excellent videos!
Chuck. Thanks love the video. ❤ maybe I missed it but how much better/different is this compared to a cloudflare tunnel?
Thank you for this lesson in IT and how internet protocol is evolving 🙂
Thank you for having me discovering this LOVELY tool ! Amazing ! Easy, secure, fast !!!
VPN is perfectly securable... VPN connection should be to a firewalled VLAN. Then you can specify ACL on that VLAN that controls what the users can access.
ACL on that VLAN? Can you explain what that means? What is ACL?
@@lorcster6694 access control list. Basically firewall rules
@Evan ah OK thanks.
Spoken like an IT Guru.
@@lorcster6694 Access Control List
Great to see someone do this with QUIC, it's been on my mind for over a year now, their is an IETF workgroup working on proxy support and QUIC.
But routing all my traffic through someone else, not so happy.
Also: lots of VPNs just give you the subnet and nothing else, not routing everything through it. yep, split-tunnel
And lots of people set up a firewall on a VPN concentrator to control what people can reach.
21:20 very common among enterprise VPN vendors, I've never cared for it, but I guess good to see such features added by a company with a free option.
I needed this so much. thanks a lot
I've been on a NetworkChuck geek binge today. Thanks Chuck!!
A split tunnel SSL VPN is a way better option - entirely self hosted and self configurable, and only the traffic that needs to go over the VPN does so (this negates the "everything goes through the VPN device" point that Chuck makes, only specific traffic that you define will go through it)- and their are products out there for this that also have ACLs etc. - I hate the idea of this going through a 3rd party service/server to access a private network.
Your traffic (data) isn't going through Twingate. They simply facilitate a peer-to-peer connection.
@@NetworkChuck Great job trying to advertise the product more even though you know it is bad. Do you get more money if more people sign up for the service or something.
@@NetworkChuck Yeah, I thought you explained NAT traversal really well.
Pretty sure it’s just point to point with a pinned cert on the TLS tunnel.
Also I’ve played around with split tunnel configs for all sorts of VPNs and Twingate is so much easier.
For some business use cases, SaaS infrastructure is an acceptable risk.
Your production values are killer. The live overlay is amazing. Would love to know how you do that. :)
Good Sir, you may have just solved a current issue my company is facing. The existing firewall doesn't allow granular rules for port forwarding (only forward IF FROM . This should help things SO much. Thanks for staying on top of things and sharing!
Threw away VPN after fighting with configuration issues for months and this works so much better!!
This is almost like a middle ground between cloudflares secure tunnel and tailscale. Thanks for actually explaining how this works.
I was wondering about the difference between this, Cloudflare tunnels and Tailscale. The three of these seem pretty much the same to me - at least on the surface. Would like to know the differences.
@Not ReallyMe Tailscale uses wireguard, cloudflare uses http/2 and what network chuck mentioned uses QUIC. Cloudflare can use QUIC if you'd like but this one does it out of the box and is a little easier to configure. Tailscale let's you segregate your traffic if needed so not everything needs to touch your network. All 3 seem to be great to be honest. It comes down to what meets your needs.
They all have pretty good free tiers so just try them out to see what works better. Personally I find Twingate to be the easiest to use for narrow access to multiple different networks like Network Chuck describes in the video
Yeah Twingate looks kind of like the Goldilocks option for me. Really easy to set up but has way more complete controls than Cloudflare and Tailscale.
Could you make a video on how to host your own VPN locally, and as simply as possible?
To be honest, i never ever understand what are you talking about but i always love to watch you describing your content ❤❤
Awesome Chuck! THANK YOU, thank you, Thank You!
this and talescale are good for me because while i could set up a true vpn through to my nas on my own with playing with my firewall and such. i know that my family probably can't or won't. Having the ability with tailscale to share connection access to my nas from anywhere, with just making an account and having clicked the invite link i sent them, is FAR more intuitive for most home users than the alternatives i've tried to convince them to try in order to access my jellyfin through my nas;
Great video Chuck. I mean I love this product already. Couple weeks ago, we deployed something pretty similar to Twingate and was called Checkpoint Harmony Connect. It pretty much did the same thing and I had to set up a docker inside our internal vm farm. You’re awesome because now I understand how it works. Cheers man and keep these videos up
I loved the intro video music, was on point bro 👌
This sounds like a great solution for those like me who dont have access to the router admin pannel and port forwarding on the nas network. Cant wait to try it out.
Hate VPNs and love Twingate!!! Glad the word is getting out
Back in my day (2004) , we used Hamachi. It 'kinda' did the same thing without the extra layers of security. Then it got sold off to Logmein (say no more)
Great to see there are plenty of decent alternatives. Another great video Chuck, thankyou!
It's not a great video its just an ad,
I used Hamachi to allow people to connect to the private World of Warcraft server I used to run way back when. Super easy to get people connected.
Hamachi... Now that is a name I haven't heard in a long time.
@@heavyq I remember trying to play Age of Empires 2 over Hamachi. Every single time we'd make it way into a game then disconnect and corrupt the game.
We played Minecraft on hamachi when we were like 12-14! There also was Tungle
Also need to hit the notifications bell. I was subscribed for months and just realized I have to turn on notifications.
Exciting stuff Chuck! I can't wait to get home and try this over the weekend. You make learning fun. Thanks.
I'm rewatching this video cause I just passed my first Cisco certification and honestly want to thank you cause throughout all your content, you touch so many subjects that all were such great help to understand networking. So thanks man!
This is like magic!
I struggled a lot with trying to make this work using FTP or a Static IP address and the provider wanted to charge me a lot more for that service.
As some one who is not experienced in networking stuff, this worked like a charm.
I installed Docker to my WD Mycloud EX4100 and launched it in there, so no more annoying webpages to upload files or download them, I can just map the route directly to windows and its fantastic!
Thank you very much for sharing this!
Thanks for this video! This was exactly was I was looking for for my home lab setup. 👍🏻👍🏻👍🏻
I can't believe how easy this was to set up
I tested this on my iPhone and it cannot bypass sites I configured my isp to block but it works with my pc. What gives? Back to VPN I go.
I love it when Chuck says something is easy, and then in about 60 seconds into the process my eyes start glazing over. 🤣
Hey there,👆🏾 leave me a message
Thanks for commenting 💚
same here too about 5 minutes in for me of none stop keyboard tapping I like batch and script files, 🙂
This is absolutely NOT zero trust. In this scenario you have to trust twin gate and there are multiple points of failure. First is the fact that this is closed source software, if TG get compromised or otherwise do something untrustworthy, they can push a malicious update to this software and you would never know. This requires you to trust them. Another point of failure is the fact that TG have the auth tokens. So this requires you to trust them not to leak those. Calling this Zero Trust is damaging your credibility.
Clear and easy! Thank you very much
Seems great sollution for remote access to automation devices like PLC controllers, i didn't try it yet but will do asap. Thanks!!!
Great review. Couple of thoughts. It's not zero trust if you're proxying with a third party. It's third-party trust at a minimum. More likely, it's third party (Twingate) plus whoever else is listening at the third-party relay; think NSA. Also, Twingate software appears to be closed-source. Again we'd have to trust that Twingate's software does only what they claim it does. That's a big camel to swallow if you're security conscious.
Love your videos. I remember seeing this video when you posted it, but just now getting around to trying it. What's your opinion of cloudflares vs twingate?
So with this, I can mask my IP to other countries to access content that is streamed only at that country? or DL stuff without my ISP able to know what I downloaded? and I can use this for Free?
I'd like to see a video of you comparing Twingate to Cloudflare tunnels (zero trust, previously called Argo Tunnels). I've been using the latter for quite some time and it's nice not having to install a client to facilitate the split tunnel vpn connection.
I'm using Wireguard on my Router... Easiest setup ever and I also can control what each VPN connection can or can't connect to.
No need for twingate which runs outside my home, I can even use this setup on a dynamic IP address.
I can't see me switching to a service that isn't selfhosted, it's too risky for me.
The best "VPN" I ever did use.
Big thanks for sharing this !
Damn, this is so easy, and you just earned my subscription
Thank you!
While this solution lacks the necessary security measures for implementation in large-scale or business networks, I must admit its enticing simplicity in terms of setup and operation. As someone with over a decade of experience as a network engineer with a proficiency in software development as well, I find myself pondering why I hadn't conceived of such a smart and user-friendly solution earlier. 😊
Seems like twingate is either using TLS sessions OR its actually a traditional VPN under the hood with some ZTNA security features.
keep watching. I deep dive a little on how it works.
@@NetworkChuck Ok, I just finished the video. It sounds like its a TLS session that does a port translation. This is actually something that is being implemented (or soon to be implemented) by more traditional network vendors.
the thumbnail of this vis is brilliant lmfao i havent laughed out loud like that in awhile
This is the best thumbnail you've ever made for a video.
its the same as you can do with cloudflare, but it looks a bit easier... I'll give it a try :)
... aaaand your vid is an absolute banger! .... as usual ;)
and btw: almost 3 mio subs! 🥳
I love your videos ❤
so this cuts having a domain and doing a tunnel through cloudflared? Im loving this
I am a networking novice, so I really appreciate your videos. They teach me a ton. I’m curious what you think about devices like firewalla. I got one recently and use its internal VPN with WireGuard. Seems to work okay, but curious if I”m missing something or not as secure as they like to say I am.
Interesting. I've been getting by with wireguard via my current firewall app for my remote access needs. My needs are very simple though, since they are just for myself. I find Wireguard is very fast at establishing connections, certainly faster than traditional ipsec or ssl vpn's, though it really needs work on the UI and could use a kill switch or toggle option.
I'd certainly consider twingate if I could host my own controllers (the part that lives outside my firewall). With the way some companies change their policies regarding their customers I'd be wary of anyone having full control over the part in the middle that makes it all work. Sure, it is VERY convenient, but that puts them in a position of power to change the deal later without consent (insert clip of Darth Vader changing the deal here>. That and it is a single target for attack and a data breech would be a big problem (it stores info about your internal network, public ip's and your users after all). Something I'll bookmark for the future though.
Network Chuck must somehow be listening in to my device or something Hahaa. A couple weeks ago my company asked me to look into ticketing software.. he released a video on how to create your own. I just got asked about getting a VPN to use and then he releases this video. Love your videos man haha
Your channel always has excellent videos, it helped me in critical moments and in some cases, I managed to predict and eliminate catastrophes before their birth.
But this video is insane!
Thanks!
I love your Awesome video tutorial s they are so helpful and straight forward 🙂
This really looks like Tailscale. The UI looks very similar down to the ordering of the menu items within the control panel. Sure there’s some nicer things that seem to just add UI wrappers on top of where Tailscale has ACLs defined as code. And with Tailscale, there’s also the OSS control plane Headscale that can be run with the native Tailscale programs/apps. Not really sure that Twingate is a better alternative for selfhosted or otherwise…
Yea it does seem similar to Tailscale. Interesting that the ordering of items on the menu is the same…. I wonder how much ‘inspiration’ they got from Tailscale lol
Not going to lie, I did not expect that ending haha that got me good lol. WHAT ARE YOU DOING!? Videos are always awesome from you man. My personal opinion on VPNS:
I majored in cybersecurity and I knew from the get go, you are only as secure as the product you use nothing more, and nothing less. This is good for probably 80% of the world. But the other 20% I feel are like me and never agreeed to it. My favorite way to access stuff from other places is 2 step VPN through a firewall. Yeah it can still get session hijacked (remember the golden rule, you are only secure as the product you use). But at the end of the day I technically am MFA'ed to my VPN and I can control what user through my dedicated VPN can use. I think I should mention that I use sonicwall, and I am not talking about your commercial VPN's I am talking about a business level one which is completely different than what most at home users will use.
I was thrown off the beginning of the video when he mentioned a VPN letting remote clients access the entire network when you're able to restrict client to client and subnet to subnet connectivity using firewall rules and ACLs. Additionally MFA can be achieved with DUO at no cost for lab users.
Hi Network Chuck, I'm curious when setting this up are the tokens acting as a secure hash between the devices?
It just works!!! Installed on a Raspberry Pi 2B and its works!!!
I’d love to see a nitty gritty comparison and performance test between Twingate, Tailscale, and ZeroTier. I’ve been using Zerotier for a long time but Twingate’s more modern security features might be what makes me switch.
It would be awesome, I am also interested in that comparison as I am using ZeroTier but until now I haven't heard about other alternatives like this.
I like Tailscale better.
I use zerotier and it's rules yet enabling access to the rest of network and managing access for specific ips per user would would be MUCH more difficult to achieve than in twingate.
it sounds good, but still there is no guarantee that your third party vpn provider won't get hacked or sell your data. If I do care about my data, I would rather setup a wireguard server instead, as it's fast, secure, and fully under my control.
Hi Chuck,
First off all thank you for all the amazing videos.
I have been using the UrbanVPN (non commercial purposes) for a while and I like the service.
So I want to pay for it but there is no payed version.
What do you think about UrbanVPN?
Thank you in advance.
Chuck, you need to do a vid, just back handsprings. Your pep is enthusiastic and rubs off. Great vid!
I will demo this because I'm curious, but I will say right off the bat that I'm not wild about deploying anything that requires something in the external cloud to function. ¯\_(ツ)_/¯
Why does hosting your own VPN need to provide full access to everything? If you're not already setting up device and service specific access and permissions you're doing it wrong.
I doesn't but He needs to say that it does for the ad for the product to work at all.
Cool idea, gonna look for self-hosted open source options, thanks.
Question - can you access your server with twingate from CAPTIVE portal page (i.e train, airport networks)?
Can't connect to my VPN on captive portal so hoping Twingate can do this....
I installed twingate, but right after a restart, I can't open windows anymore. I'm troubleshooting as I'm typing this.
😂
You said, "VPNs are old", but proxy servers are even older. They're the precursor to VPNs. Just had to point that out. Doesn't mean this method isn't effective.
Yea at least Tailscale uses Wireguard
Forgive me for the stupid question . How do you compare this service with wireguard and the vpn2vpn that fritzboxes are putting together between eachother? I found some similarities but I'm not that tech to understand those in detail
Sooo...can it be operated from the inside the organization or it's cloud based, or to their servers? What if the organization wants to use their own inner network without having to connect to the outside?
My Master's thesis was about zero-trust networking. This technology is great and pretty safe at so many levels especially with DDoS and other types of threats. Great explanation as usual Chuck!
but how is it really zero trust if it is managed by a third party?
@@tobylegion6913 You are correct! I wouldn’t trust a third party either.
Mainly i’m talking about the technology itself which is much broad and has a great potential.
Remember this technology is still under development phase. Which means every company will try its way to come up with a way that enables them to grab some 💵
Shame we didnt talk before you did your thesis... I work on the open source OpenZiti project which allows anyone to embed zero trust networking into almost anything (incl. apps with SDKs). Would have been great thesis project. We worked with one team recently who built an intent-based network using ziti and blockchain!
@@philipgriffiths5779 Would’ve been great collaboration. That was a long time ago and it would be an honour!
@@Loodough Hopefully you can find some future use for OpenZiti 😁