Groups keyboard shortcuts have been updated
Dismiss
See shortcuts

SSH vs VPN

23 views
Skip to first unread message

Darrell Lee

unread,
Feb 4, 2025, 3:13:08 AMFeb 4
to UCLUG
Wondering which one would be more secure for working with a MySQL database using MySQL Workbench locally and accessing the database at Linode via ssh or VPN ?

Darrell Lee
Advanced Data LLC

George Law

unread,
Feb 4, 2025, 8:12:55 AMFeb 4
to uc...@googlegroups.com
ssh tunnel has always worked for me

ssh -p 2112 -N -L 3336:127.0.0.1:3306 user@remote_host
and then connect with mysql to 127.0.0.1 port 3336


--
You received this message because you are subscribed to the Google Groups "Upstate Carolina Linux Users Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to uclug+un...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/uclug/194d00512c8.27e9.6ecb3768cd55b08006402ae3e564851b%40adsi-sc.com.

Bill Jacqmein

unread,
Feb 4, 2025, 10:54:59 AMFeb 4
to uc...@googlegroups.com
https://tailscale.com/ might be useful if more ports are required
If it is just one, I love George's ssh tunnel.
> To view this discussion visit https://groups.google.com/d/msgid/uclug/CAKzfAU6j2c0571tftw5dPrx7PuqCd8rddmZsTvawuZXK8zU6oA%40mail.gmail.com.

George Law

unread,
Feb 4, 2025, 11:21:32 AMFeb 4
to uc...@googlegroups.com
tailscale is great - allows me to get into my home network via my phone

by default it uses its own 100.X network or something ... I forget exactly the ip range

So if you've got a home network with various machines on it, by default those would not be reachable via tailscale

if you want to be able to access machines on your internal network, you need to use the 'accept-routes' option
e.g. I've got my home network on 192.168.29.0/24

so to be able to access according to the 192.168.29.X addresses

$ tailscape up --accept-routes=192.168.29.0/24

Then via termius or juicessh on my phone/tablet I can get to the same internal IPs I use when I am at home.

I actually interviewed with Tailscale a couple months ago, hoping for some kind of hybrid position, a little sys admin, a little high level support, yada yada but they are pretty silo'd and it would have been only support.

if anyone knows Allen Vailliencourt, he's currently a "Solutions Engineer" for them
I "met" Allen years ago when he was a recruiter - i think for FGP?

~George


To view this discussion visit https://groups.google.com/d/msgid/uclug/CAMQEVvHvuw7vtyLB%2BqYLBP_bDLd7eexrfy1ys811gTZ8m9vK0w%40mail.gmail.com.

Bill Jacqmein

unread,
Feb 4, 2025, 11:26:26 AMFeb 4
to uc...@googlegroups.com
100.64.0.0/10 - https://www.rfc-editor.org/info/rfc6888

Alex from selfhosted is currently with them.

Nice for Allen! I think I bumped into him at a Tech After Five years ago.
> To view this discussion visit https://groups.google.com/d/msgid/uclug/CAKzfAU787pZ-266kNKm8-%3DTbEqBpGqcWa%3DiA%3DjENG-i6ohcKOQ%40mail.gmail.com.

Jay Little

unread,
Feb 4, 2025, 11:42:56 AMFeb 4
to UCLUG (Google)
Tailscale is quite awesome.  I basically don't have to screw with NAT Port Forwarding anymore and my entire network is accessible from anywhere on any device I have setup with the client.  It is easier and more secure than what I was doing before (which involved port forwards and old school VPNing into my own network via Wireguard)

FWIW, this is the Tailscale blog post that finally convinced me to try it out after years of hearing about it on various Linux podcasts:


I highly recommend reading it if you aren't familiar with it.

I also knew Allen back from when I used to work at Erwin Penland about a decade ago.  He's a pretty cool guy.  It's pretty awesome that he works for Tailscale nowadays.

E. Matt Armstrong

unread,
Feb 4, 2025, 7:48:40 PMFeb 4
to Upstate Carolina Linux Users Group
Tailscale is a game changer. I'm able to stream my own content from jellyfin when I travel (it even worked across the Pacific). I have a home exit node when I'm on public Wi-Fi. I can use my pi-hole DNS on my phone when away from home. I can also easily set up another exit node on AWS in other parts of the world, to access Geo-ristricted content, which cost me about 25 cents for 16hrs of use last month. And best of all I have no open ports on my firewall.

Kevin Tollison

unread,
Feb 4, 2025, 9:19:56 PMFeb 4
to uc...@googlegroups.com
I switched to NetBird about 6 months ago.  The interface seems cleaner.  Very similar features as Tailscale with some variations in approaches. 

Truly open source and can be self hosted.  I haven’t been that frogy yet. :)

Kevin

On Feb 4, 2025, at 7:48 PM, E. Matt Armstrong <mattman...@gmail.com> wrote:

Tailscale is a game changer. I'm able to stream my own content from jellyfin when I travel (it even worked across the Pacific). I have a home exit node when I'm on public Wi-Fi. I can use my pi-hole DNS on my phone when away from home. I can also easily set up another exit node on AWS in other parts of the world, to access Geo-ristricted content, which cost me about 25 cents for 16hrs of use last month. And best of all I have no open ports on my firewall.

Darrell Lee

unread,
Feb 5, 2025, 12:38:28 AMFeb 5
to uc...@googlegroups.com
Kevin didn't you use to use OpenVPN?

Darrell Lee
Advanced Data LLC

Kevin Tollison

unread,
Feb 5, 2025, 7:01:12 AMFeb 5
to uc...@googlegroups.com, uc...@googlegroups.com
Still do for some things 

On Feb 5, 2025, at 12:38 AM, 'Darrell Lee' via Upstate Carolina Linux Users Group <uc...@googlegroups.com> wrote:


Kevin didn't you use to use OpenVPN?

Darrell Lee
Advanced Data LLC

On February 4, 2025 9:19:58 PM Kevin Tollison <ktol...@gmail.com> wrote:

I switched to NetBird about 6 months ago.  The interface seems cleaner.  Very similar features as Tailscale with some variations in approaches. 

Truly open source and can be self hosted.  I haven’t been that frogy yet. :)

Reply all
Reply to author
Forward
0 new messages