Edit: Decided to go with the Ubiquiti Dream Machine Pro. Thank you for all the suggestions and advice!

Hey Tildenauts,

I'm planning to help a local nonprofit replace their aging hardware firewall pro bono. I have a fair amount of experience with networking and security, especially where web servers are concerned, but I haven't setup a hardware firewall recently enough to know off the top of my head which are the best options here.

The organization is fairly small but on its way to medium sized, around 30 employees at the moment but will likely expand to 50+ in coming years. So I'm looking for a solution that will comfortably scale up to 100 employees. There is remote work, accessing their local server via VPN, so something that comes bundled with a user friendly VPN client would be ideal. I haven't seen their physical setup yet but I know their server gets a lot of use. Not all employees use it remotely on a regular basis but many do.

From past experience I know that Cisco, Sophos and SonicWall are potential options. Cisco seems to be pushing their Meraki platform pretty hard but I don't think this organization needs a subscription based solution.

Anyone have recommendations for hardware firewalls I should consider? Any potential footguns I should know about?

Thanks in advance!

As a Brit who's now effected by the Great British Firewall I'd like recommendations for VPNs that meet the following criteria either directly or via additional software/Firefox extensions:

• Use VPN only for specific apps on iOS (apply to Reddit, Discord, BlueSky and Twitter/X, Wikipedia (if it ends up banned) but not others)
• Use VPN for specific websites on Windows/macOS (apply to Reddit, Discord, BlueSky, Twitter/X, Wikipedia (if it ends up banned) websites)
• VPN considered generally trustworthy and not an American firm

Personal recommendations that you have experience with only please.

Just a quick PSA, if anyone noticed massive amounts of shows disappeared from Netflix the past week or two. Apparently they're getting stricter with VPN detection, and blocking per region licensed shows if we're on VPN.

As the years go by, I’ve become increasingly annoyed (I choose that word intentionally) at the thought that there’s some “record” of my activity on the Internet somewhere, which was probably put together by my ISP. I “don’t have anything to hide” (other than perhaps the one or other ROM or movie that I download), but I also don’t want to randomly get fined or put in prison if, in a few years, our governments decide to retroactively criminalize certain activities (I’m thinking mostly about piracy).

I’m not tech savvy though. That’s not because I haven’t tried. I have. I spent countless hours reading about how one can keep one’s activity on the Internet “private”. To my knowledge, it isn’t actually possible. I mean, even if I didn’t use my real name anywhere, or didn’t have any social media accounts (thankfully, I don’t), just the fact that I have to use an ISP to surf the web means that at least they are “spying” on me.

So, I’m approaching all of you wonderful, tech savvy people (rather than ChatGPT or a search engine) to ask you if there’s something that I’m missing, and if there is a way (preferably a fool-proof one) to stop my ISP (or “anyone” for that matter) from collecting data on my activity on the Internet (particularly when I download ROMs or movies, which is the only “illegal” thing that I ever do).

I recently moved to a new place with a new ISP, and my Mullvad VPN isn't playing nicely with Firefox like it used to. Can any of you networking gurus please help me troubleshoot?

When the VPN is enabled, most requests from the browser fail immediately. If I pull up the dev tools Network tab, I can see that these requests fail with an NS_ERROR_FAILURE message before any data is transferred.

I have Firefox configured to use "strict" Enhanced Tracking Protection. When I reduce it to "standard" my requests go through.

I'm also trying to use DNS over HTTPS with a custom provider (Mullvad, via https://dns.mullvad.net/dns-query). I'm configuring this in Firefox, using the "Increased Protection" DoH setting. When I do that, Firefox reports the DoH status as "Status: Not active (NS_ERROR_FAILURE)". This happens even when Enhanced Tracking Protection is set to "standard" — in other words, that reduced setting fixed the NS_ERROR_FAILURE for HTTP requests, but not for DoH.

So how do I fix this so Strict Enhanced Tracking Protection, DNS over HTTPS, and Mullvad all work together? I never had this problem with my old ISP, so I suspect something's being blocked at the WAN level that I need to circumvent.

• OS: macOS Sonoma 14.5
• VPN protocol: WireGuard
• ISP: AT&T Fiber

I'm just using the official Mullvad client app with mostly default settings. The fiber gateway modem/router came with some default packet filtering firewall rules but I disabled everything in the admin panel. Weirdly, rebooting my machine fixed this temporarily, but the next time I disconnected/reconnected the VPN it broke again. Other browsers (with default settings and no DoH) are working fine when the VPN is connected.

Edit: Solved! Solution here.

It's nice having english language forums that don't require a vpn to access. Anyone got any other suggestions and any recommendations for vpns that work on mobile data reliably? I've found PIA, Nord, and Proton to not work but Surfshark does for now if intermittently (more reliably on wifi).

I watch Countdown every day. For the last year I've had a t2.micro for free from AWS. Its been pretty good, but my year is coming up. I am looking for the cheapest VPN possible, which is often having my own VPS.

Does anybody have any suggestions? Most are around $6, which isn't too bad, but I'd love to get something cheaper; either in a reliable lowend box or a proper provider.

I have a server running Unraid at home. I have ~20 docker containers running at the moment with almost all of them only available within my local network. I just stood up an instance of Seafile on the server to act as a google drive replacement. Still in the early test phase before I commit to throwing important stuff on there. I have my domain proxied through Cloudflare so none of my local ports are exposed to the internet. Seafille has complicated passwords set for admin and user accounts (generated with Bitwarden, hot damn I love that app). I also enabled 2FA on each account. I know that I can further clamp it down using some of Cloudflare's extra access controls but in my admittedly limited experience, those all cause issues getting an app to authenticate with the service. Web apps don't have this issue of course.

So am I ok with this setup? I can encrypt the data before uploading easily as it's a built in feature of Seafile. Or would it be better to just run with local only and run a VPN to access when I'm outside?

I figure just about any effort along these lines I trust more than Google with my data. But I may be overconfident in that perhaps. I'm still learning the ropes with Linux and self-hosting in general.

Recently NordVPN rolled out an update which forced users to use an encrypted username and password combination when connecting through OpenVPN. I haven't seen any posts on this here, and it took me way longer than I want to admit troubleshooting this issue because I knew my original credentials were correct.

If you use a gluetun container for routing any of other containers traffic, you might have recently noticed a 500 Internal Service Error in your Health Status and when you check your logs you will find a AUTH_FAILED message.

Solution below:

1. Go to NordVPN website and log in (using your normal credentials)
2. Under accounts, services, click NordVPN
3. Click "Set up NordVPN Manually" at the bottom of the page
4. You will receive an email verification code, using whatever email you have set up for your NordVPN services. Type this code into the popup window.
5. Copy your new encrypted credentials for your Open VPN client settings.

This is my first post, please add tags as required.

How does Mullvad removing port forwarding affect an Unraid setup using deluge-vpn container?

I don’t access my server from outside my network and just use a basic binhex deluge-vpn docker setup. Any issues I’ll have here?

Currently out of town and won’t be back until after this change happens tomorrow. Curious what to expect when I'm back home.

So, I had an issue with the radionouspace.net website, referenced here. Since then, I've started hitting the exact same issue on a few other sites ... webpage never resolves, the browser just spins its wheels until it times out.

I went thru and systematically shut down all of my add-ons, no joy. Tried other browsers, does not work anywhere ... except, oddly, sometimes, in TOR. On a hunch, I fired up my VPN service and tried to connect thru a US-based VPN server ... and there it is.

I have now confirmed, multiple websites (I'm assuming these are all US-based -- have not checked) no longer resolve for me, here in Hungary. Can anyone, anywhere else in the EU, confirm this?

I'm guessing this is the US response to the latest GDPR ruling against data-sharing across the Pond, but I'm on a "news fast" and haven't been keeping up-to-date ... anyone care to fill me in -- the "in a nutshell" version?

Update: Definitely something local-ish, probably specific to my ISP. VPN thru Hungary works, non-VPN thru Hungary does not.