cracauer@
Developer
How do you deal with an increasing zoo of physical machines in random physical ethernets, VMs on many hosts and in many different network configs (NATed, bridged etc)? It's getting very annoying to remember which jumphost to use for what. And that only covers ssh, some things provide HTTP(S) services.
Once upon a time I thought I would properly IP route everything and use a routing demon to keep things current. Not just to get to the machines but also to up-clue myself about routing demons.
But with the ease of Wireguard now (screw OpenVPN and setting up a certification authority) I wonder. If I make a /etc/hosts or ~/.ssh/config entry for anything should I just hook that entity into the VPN, unconditionally?
The major catch I can think about is that "minor" devices such as routers, TV appliances, printers (shudder) are having between no and inconvenient VPN capability (does an Apple TV do wireguard?). And performance would be impacted, some of my CPUs do not fill 10 Gb/s with encryption.
Is anybody of you dealing with this below the level of having an actual networking group at work?
Once upon a time I thought I would properly IP route everything and use a routing demon to keep things current. Not just to get to the machines but also to up-clue myself about routing demons.
But with the ease of Wireguard now (screw OpenVPN and setting up a certification authority) I wonder. If I make a /etc/hosts or ~/.ssh/config entry for anything should I just hook that entity into the VPN, unconditionally?
The major catch I can think about is that "minor" devices such as routers, TV appliances, printers (shudder) are having between no and inconvenient VPN capability (does an Apple TV do wireguard?). And performance would be impacted, some of my CPUs do not fill 10 Gb/s with encryption.
Is anybody of you dealing with this below the level of having an actual networking group at work?
