Article 5BPX6 Using OpenBSD Routing Tables to Segment the Home Network for Privacy

Using OpenBSD Routing Tables to Segment the Home Network for Privacy

by
martyb
from SoylentNews on (#5BPX6)

canopic jug writes:

OpenBSD user Lari Huttunen has a blog post in which he dives into using OpenBSD's rdomain(4) feature to sort work VPNs into separate kernel-level routing tables. This segregates the network traffic in such a way as to prevent traffic in separate routing tables from interacting. With many working from home, insecure work networks have begun to intrude into the home LANs via work-related VPNs. By adding the home network to a work VPN, the LAN becomes merged with work's internal network, usually quite insecure at that. His goal is to keep his personal home devices, especially the IoT items, separate from the now mandatory work-related VPNs on his small-office / home-office network. That way, the work networks can no longer access his appliances.

Problem Statement

Over the years, companies and corporations have become ever more hungry for everything related to their users' geolocation, telemetry, demography, relationsip with one another, interests, convictions, social preferences - you name it. At the same time, users wanting to consume digital services meet a lot of ridiculous restrictions depending on where they live and how they access the Internet. Ecojails, in one form or another are created by multi-national corporations in order to capitalize everything about their users' behavior. In 2020, this has all been exacerbated by everyone suddenly working from home if possible.

Motivation

This is why I wanted to research how identity-based routing could enhance users' privacy in a totally transparent way. I've never been a big fan of VPNs as a security solution, but have come to realize that they have a role to play in privacy. Since soon everything needs to be online to function from a vacuum cleaner to dish washer to toaster, it is increasingly difficult to keep the Internet of Targets at bay. Moreover, our personal telemetry devices feed out a constant stream of information to the ecojail masters, be they Apple, Google, Microsoft, Amazon, Alibaba or Netflix. Taking back control will not be easy and one will evidently need to compromise along the way, but realization is the first step to recovery.

Lari's solution works from tools provided by OpenBSD's base system.

Previously:
(2020) WireGuard Imported Into OpenBSD
(2019) How SSH Key Shielding Works
(2019) Dutch Govt Explains the Risks Behind DNS-Over-HTTPS Move
(2014) OpenSSH No Longer has to Depend on OpenSSL

Original Submission

Read more of this story at SoylentNews.

External Content
Source RSS or Atom Feed
Feed Location https://soylentnews.org/index.rss
Feed Title SoylentNews
Feed Link https://soylentnews.org/
Feed Copyright Copyright 2014, SoylentNews
Reply 0 comments