EU OS VPN to protect sensitive network services
How can EU OS benefit from VPNs to provide extra security when the users are working from home/abroad/business trips? How can we anticipate post-quantum crypto?
This is in particular important when the operating system interacts with sensitive infrastructure from the organisation, such as:
- pull remote execution jobs from Foreman (e.g. to initiate a software update)
- access private OCI container store
- access private Flatpak app store
- potential network-attached storage
- potential network printing services
- directory service / Single-Sign-On (FreeIPA, Keykcloak, Authentik, etc.)
- access from remote for trouble shooting (Cockpit?)
References:
- https://www.wireguard.com/
- https://rosenpass.eu/ (post quantum extenstion for wireguard)
- https://netbird.io/ (open source VPN clients and backend for wireguard orchestration, apparenly inspired by tailscale)
- netbird + rosenpass for post-quantum crypto: https://docs.netbird.io/how-to/enable-post-quantum-cryptography
- https://tailscale.com/ (open source VPN clients with closed-source backend for wireguard orchestration)
- https://headscale.net/stable/ (open-source backend for tailscale)
- netbird and declarative config (using terraform): https://github.com/netbirdio/netbird/issues/1208
Edited by Robert Riemann