Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Except browsers and other software that are becoming hard-coded to block access to such devices.

We used to use Firefox solely for internal problem devices with IP and subnet exclusions but even that is becoming difficult.



Use the self-signed cert between the proxy and the problem device; everything else talks to the proxy.


Or Wireguard.


Using VPNs on server infrastructure to punch a hole is a resume generating event.


Wireguard is not a VPN, it’s a protocol that can be used for a lot of things.


The wireguard protocol is an encapsulation or tunneling protocol... which is, by definition, a virtualized private network protocol.

It's not different from IPSec, GRE, VXLAN, etc. It's just the new hotness.

We use VXLAN extensively in our network, btw, and IKEv2/IPSec tunnels between sites.


WireGuard can be used to create a virtualised private network, but doesn't do so on its own, or without additional infrastructure. WireGuard tunnels network packages securely, with high throughput, from an arbitrary point A to an arbitrary point B. No more, no less.

Just because it can be used to recreate VPNs traditionally used to remotely dial into a secure network zone doesn't mean it shouldn't be used in far smaller use-cases. WireGuard doesn't constitute anything like a full VPN solution on its own.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: