You Should Probably Stop Using ExpressVPN
https://gizmodo.com/you-should-probably-stop-using-expressvpn-1847739547
@voltronic I will like to know what you think about ProtonVPN, I always use them
@ketchup9080
I used the free version briefly when it was first released, but you can't judge based on that.
I believe @corlin is a happy customer of the full paid version.
@corlin @voltronic I'm a paid customer too, and nice.
that's the only VPN I'm using.
@corlin
Have you tried it network-wide, ruining it on your gateway? (Less convenient to deactivate, I know )
Yep.
One test only.
I have a big network. Over 45 devices. Seemed to work fine....
But I need to do more tests, under stress.
But it looks like I might be adding it to the main network.
Right now, using client side, every one is happy. So I might leave it at that.
@corlin @voltronic @ketchup9080
<puts on network design hat>
one option would be to adjust the network topology in such way that anything connecting to network X (either via dedicated WIFi SSID or wired VLAN) gets gateway based VPN...everything else is direct to internet (where you'd still have the option to do client-based VPN)
several ways to accomplish that...some logical config only, some additional hardware based
@opie
That's a neat idea.
Wow great idea!
Some time in the next year I am completely redoing my main network,
Some new hardware, and defiantly new software, along with a total redesign. So I will add this to the stack of notes to research.
This network came to be ad-hoc, with security as an add-on.
I am going fix that, by starting with security first, built into the design.
@corlin
Please blog the new build so we can live vicariously through you. 😉
feel free to ping me if you want any of my seemingly endless thoughts on stuff like this...a lot of it depends on the capabilities of the devices in use...
all my WiFi APs support SSID-to-VLAN mapping, so all SSIDs are mapped to separate VLANs, the APs connect to the main firewall via 802.1q trunks, and the main firewall supports multiple isolated routing tables (VRFs)...so I can create *very* complex topologies solely via logical config
Ok Thanks.
This is why new hardware is going to be needed.
I want to "future-proof" this, so I can do all kinds of things just with configs. VRF's are a big part of this.
I will let you all know as it comes together.
@voltronic @ketchup9080
I am very happy with the paid version.
Yes slightly slower speeds, At the most secure levels.
Yet much more control, and much greater security.
Clients work well on Mac, and Linux.
(i don't do windows)
Really good documentation.
All around the best VPN, you can get !