Secure Access to LAN from WAN

castle

Dabbler
Joined
Mar 1, 2019
Messages
19
Hi until now I've been using OpenVPN to achieve this, but I'm wondering if an encrypted socks proxy, ie shadowproxy, would be just as secure but a lot more flexible from work as I could setup one browser at my work computer "for home use", while keeping the other stuff at work connected to the local network.

Perhaps there is a better alternative to shadowsocks? and how secure is ie shadowsocks or any other encrypted proxy compared to OpenVPN?

Any thoughts?
 

Kris Moore

SVP of Engineering
Administrator
Moderator
iXsystems
Joined
Nov 12, 2015
Messages
1,448
If you're a bit adventurous, 11.3-RC1 and onward now includes WireGuard in the base system. I've switched from OpenVPN, and it's fantastic. Time-permitting I'm going to try and put together a HOWTO for it this next week, since I think lots of our users will find it a far superior way to setup a VPN.
 
Last edited:

castle

Dabbler
Joined
Mar 1, 2019
Messages
19
Thanks for replying, I’m happy with OpenVPN, the only drawback is the fact that it’s a VPN thus applying to everything on the client, ideally I’d like a VPN to only apply to the applications I assign to, which is why I’m interested to know what the community thinks of shadowsocks (or any encrypted socks proxy). Not for masquerading my web traffic, I don’t live in China or Iran :) I’m interested in this for securely connecting a browser to my home network while simultaneously being able to use other applications at work on the work network.

I recently helped someone set up a vps with shadowsocks in an attempt to circumvent The Great Firewall of China, as the person in question had relocated to Beijing, China for work.

Wireguard seems interesting though, but more as a replacement, with the same “issues” (features), for OpenVPN but with substantially less overhead. Will be interesting to follow it, I'm sure I will try it out, but most likely hosted on a Raspberry Pi 4, as I’m a bit reluctant to port forward WAN, jailed or not, to my NAS box.
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,466

Kris Moore

SVP of Engineering
Administrator
Moderator
iXsystems
Joined
Nov 12, 2015
Messages
1,448
Any chance of ever seeing full support for ZeroTier?

No, ZeroTier has been removed from 11.3. Recent changes to their license terms have made it impossible for us to include, since we want the same VPN technology to be used in both FreeNAS and TrueNAS.
 

danb35

Hall of Famer
Joined
Aug 16, 2011
Messages
15,466
Recent changes to their license terms have made it impossible for us to include
Pity--its ability to join arbitrary devices in a virtual network with very little configuration required is really handy. But keeping a consistent code base certainly makes sense.
 

garm

Wizard
Joined
Aug 19, 2017
Messages
1,555
And having it serverless is nice too. This is going to cause some work..
 

Tigersharke

BOfH in User's clothing
Administrator
Moderator
Joined
May 18, 2016
Messages
890
Hmm. If one wished, how would zerotier be used outside of FreeNAS if they wanted to connect their FreeNAS to a remote location?

I would guess that motivated users could put it into a jail on their own but if entirely seperate from the FreeNAS box, I'm guessing it would be positioned between it and the Firewall device/box.
 

ronclark

Dabbler
Joined
Dec 5, 2017
Messages
40
I was bummed to find out Zerotier was removed after upgrading to 11.3, i used it a lot. nice and simple setup
 

troybs1d

Dabbler
Joined
Feb 7, 2020
Messages
22
You can always port forward SSH from a basic "jumpbox" (ex. any RPi) & use PuTTy with a dynamic port tunneling to say 1654 locally. Firefox has the best "just browser" proxying option. In Firefox you work just enable SOCKS5 to localhost on port 1654 - all the data on FireFox will come out on the other end (jumpbox's network) while the rest of your network traffic will go over the normal internet connection of that location. I know there is a way to force SOCKS5 proxying to software that doesn't natively support it but sadly it's buggy in Windows 7 & up but works just fine in XP (aka a dedicated XP VM).
 
Top