Throw your VPN in the trash,
you don't need it anymore. I found something better. Like seriously, while my team and I were gone for three
weeks working on a top secret project for a pretty big YouTuber <laugh>. I was just telling everyone how Nick was
lazy and didn't finish his edit before the trip. Oh yeah, I only stayed up. Till one. I can't tell you about it.
Don't even ask me. I'll tell you later. We needed a secure wicked fasts way
to access all of our stuff back home. Things like my big fat NASS remote desktop
into our editing machines and even my home lab to watch some flex. That's
kind of what VPN is for, right? I mean, sure I could have set it up,
but I didn't have the time. And the solution I found took about five
minutes. And this one might shock you. VPN is not secure enough. Like when I give my two
knucklehead editors VP in access, they get access to everything servers
they shouldn't touch and they have a nasty habit of downloading free ramp. And if they already have malware and they
can blast it out to my entire network, what I need is a solution that gives
them access to only stuff they need. Nothing else. This is a little technique called
zero trust because I zero trust them. And listen, it's not just security after
some research, VPN is kind of the uh, kind of the old way of doing
things and old as lane. I mean, have you seen the new stuff? It's crazy.
So what I found, it's kind of amazing. It's called Twin Gate. It's a zero
trust, remote access solution, buzzwords, blah blah blah. It basically means magic
and it checks all my boxes. Watch this. In about five minutes,
I deploy the Twin Gate, Docker container to my studio
network, my home lab network, and even some private networks
in the cloud. And just like that, I can connect from anywhere no matter
where I go, no firewall config, no port forwarding and just works. And I don't care if you have CG
Nat or some weird I S P issues. It just does its thing kind
of scary, easy actually. I have granular control on what
each person on my team can access. I can even say, you could only access
this machine on this port and that's it. I can even control what they're
allowed to access stuff with. Like I could say they can use iPhones
but no Android and that just makes sense. And if they're using Windows, I can
require antivirus firewall settings. And if they don't have 'em, they
can't connect. And the crazy part, this is free, free for up to five
users and that covers my business. So let's get this set up
in your network right now. I'll walk you through
every step. It'll be quick, no longer than it taste to
brew a cup of coffee, trust me. And speaking of coffee,
go ahead and do that. Grab you some because everything
in it requires coffee. Also, shout out to Twin Gate for helping me
solve my remote access problems and for sponsoring this video. Now I'm pretty picky about sponsors
and Twin Gate makes the cut. I love it. It's something I actually
use for everything and I
know this will provide a ton of value to you. So let's get into
it. Actually, you know, real quick, have you hacked the
YouTube algorithm today? Let's make sure you do hit that
like button notification bell. Come and subscribe to everything. Yes,
you gotta hack YouTube today ethically, of course. Now here's the setup.
We have our network for me, it's my studio for you, it might
be your home lab or your business. The goal here is to get my knucklehead
editors access to what they need inside my network. So Income's Twin
Gate. Twin Gate has four parts. And don't let that scare you. You'll
have to worry about two of 'em. I'm telling you, this is not complex, at
least the setup. We've got our client, our connector, our
controller, and our relay. Right now we're gonna focus on
the connector and the controller. The controller is managed by
Twin Gate. It's in their cloud, and it's what we'll use to sign up for
a free account and configure all our stuff and who has access
to what the connector is, the docker container you're
gonna put inside of your network, behind your firewall. And all you have to know about the
connector is that it connects stuff. That's all you have to know. I think that's the only two
steps we have to worry about. Set up an account on Twin
Gate, which is the controller, and then deploy the connector
inside our network. Done. Now that does beg the question, what
do we need for this? Only two things. First, you'll need something to put that
Docker container on some type of Lennox server. This could be your nas, an
old laptop, even a raspberry pie, which is what I'm going
to demo on right now. And the second thing you should
already have in your hand right now, a cup of coffee. Like I said, everything
in it requires coffee. Say it with me, I'm not gonna do it again, but
seriously, get some coffee. First step is the controller. So head
out to twin gates.com. That's simple. That's it. It's time to
ditch your vpn. Dang right. And right here in the middle, we're
gonna click on try Twin Gate for free. Try twin gate, try twin gates. Say that
10 times fast. That's ridiculously hard. Click it here. Pick your poison.
What do you wanna log in with? I'm gonna log in with GitHub,
click on that authorize twin gate. And here we have some details.
Now if you're like, okay, I'm setting this up for my home lab, I
don't have a company name, don't worry, they're gonna give you a business trial
for 14 days, no credit card, whatever. You're gonna have that starter plan for
free forever. So make up a company name. I'm gonna name my own hack, well tech
number of employees under a hundred. Let's finish it up. Skip all
this, blah, blah, blah. No, I don't need technical support. I'm good.
I can run C commands, I promise I can. And then choose your url. I'll
leave it at Hack Wall Tech. Good to go create that network. So at
this point you have a twin Gate account, you have a controller. Now all we
have to do is configure a few things. There are two things
we're gonna start with, and it's actually telling
you right here at step one, the first thing we'll set
up is your remote network, which will be your home lab,
studio, business, whatever. And once we defined it here, we can actually deploy our
connector to connect everything up. The second thing will configure
resources. By default, you can't access anything. So you have to specifically explicitly
define what you are allowed to access in your network. I love that. Zero
trust. All right, let's go. Let's knock out the network first. You'll notice right down here we have add
a remote network. Let's click on that. Choose your location. Notice
you have some options. What I care about right now is
on-premise, and I'll name it Hack well hq, add Remote Network. Man, that was
so hard, right? <laugh>, that was easy. And we're almost done actually. Now to
deploy our connector inside the network. Notice they have two connectors
over here, but they're not deployed. And notice they do want you to deploy
two, you can deploy one, that's fine. But if you want redundancy and high
availability, you can deploy two. But we'll start with one, but
which one to pick? Impetuous, jagar or Optimal Vulture. I
can pronounce this better. I'm gonna go with that one. So we'll click on deploy connector and
we'll choose how we're going to deploy this. Now, I talked about this Docker, docker's so easy we're gonna go with
that, but you do have options. Step, we're gonna generate our
tokens. What are those? We'll cover more about that
here in a bit. In fact, I'm gonna go kind of nerdy on you and
explain the magic of how this works. But let's set this up. First. We'll
go ahead and generate our tokens. Click on generate tokens, and it will
ask you to authenticate yourself again, which is great security. And you'll notice you do have your
access and refresh tokens generated. And then we'll scroll
on down to step four. And all we have to do here is copy and
paste this Docker run command and we're good to go. So I'll pause here for a
second. Let's get logged into the device. We're going to install our twin gate
connector on. For me it's a raspberry pie. So here in Windows I'm gonna launch my
terminal and I'll ssh into my raspberry pie. And before we copy
and paste our command, let's just make sure we have Docker
installed, and that's super easy. First, we'll update our repositories,
pseudo p t update, and then we'll install Docker
pseudo apt install docker.io dash y. Mine is already installed,
but it should go pretty quick for you. And now literally all we
have to do is copy and paste. So we'll get back to our browser
here, click the copy command, go back to our terminal and paste. And
you may have to run this as pseudo. I wanna do a control A, run it as pseudo at the beginning and
then hit enter and let the party start. Who, ah, I love seeing this quick
coffee break while the show's happening. Just enjoy the show. And that was it. So real quick
while we're here on the terminal, before we leave, let's type in
pseudo docker PS to make sure it's, it's in there running. And
there it is, it's running. And now if we get back to our
twinge controller, aka twinge.com, there it is. Our connection status,
the optimal vulture is connected. Now let's add some resources. Let's
get back to our network up here. Click on that. And we don't
really need this right now. So let's just click on dismiss. And right here you'll see
an add resource button. Let's click on that Add resource. The first thing we'll do
is choose a remote network. I'm gonna pick Hack well hq. And yes, that does mean you can have
more than one remote network. So add your parents' house at grandma's
house, your friend's house, whatever. You can do that. Then we'll specify our
host. Now we can use DNS or IP address. And this DNS thing, by the way, is crazy. We'll cover that here in a bit for now. We'll focus on IP address
to keep things simple. So choose cider label what you're
setting up. I'm gonna access my nas. First big fat nas. Then the IP address. Keep in mind, this will be
your private IP address aside, your home network or your
business network, whatever it is. Then also notice we have an alias option. We'll cover that when we talk about dns.
But again, this whole thing is insane. It's magic. I can't wait to tell
you that though. But let, let's, let's keep moving forward. Next
we have protocol restrictions. And what I wanna do is have my
editors only access my NASS on Port 5,000, which is the gooey. So I
click on protocol restrictions. Right now everything's
allowed, may not want that. So we'll say TCP restrict and we'll
specify the ports. I'll say 5,000. And then I'll block UDP and
block I C M P. So at this point, only port 5,000 TCP is allowed.
That's all we care about right now. I'm gonna click on ad resource.
And then as soon as you do that, you can choose who has access to this
resource for now we have one group. That's everyone. I'll go ahead and add
that. We can change that at any time. And I'll click on add one group.
So right now we have a resource. If I hover over this guy right here, it'll tell me exactly what's
allowed TCP 5,000. That's it. So what do you say we tested out? Which
by the way, you just set up Twin Gate, like that was it. That's all it took.
Now we have to worry about is the client. The third piece, which is just installing an app
and logging in super hard <laugh>. Let's try that right now. All
right, I got my laptop here. I wanna download the Twin Gate client
by heading out to twin gate.com/download cuz I'm using Windows. I'll
click on download for Windows. They have an app for everything. Mac, go
West, iPhone, Android, whatever. It's, I'll open the file and install the
sucker and click on finish. Ugh. And a restart. I hate restarting
this stuff. One moment. Now, before I configure Twin
Gate, like any good magician, let me show you that I can't
access my stuff. First. I want to make sure I'm connected
to my 5G connection on my phone. Now let's try and access my NASS
four, 5,000. It's not looking good. Can't reach the page. Now
let's sign into twinge. I'll connect to Hack Well Tech, that's
when I named it, right? Yeah, I think so. I'll join that network, sign in with
my GitHub and we should be good to go. I'm gonna close my browser window
real quick. It already happened. Look at that 5,000. I'm going over it,
man. Look at my tray right now. Yes, I can see I'm connected.
Oh, that's so stinking cool. I love this but I shouldn't be able
to ping anything. Let's see. Yeah, nothing campaign it. We disabled
IC m p, let's try S ssh. Nothing. Let me nail it real quick.
Actually, I wanna test this. Now we're rolling then I'm gonna
just edit it real quick and add port 22. Let's see what happens.
Confirm changes. Let's try it now. Oh, took a minute, but I'm in just
like that. How cool is that? Now at this point you've configured
Twin Gate, like it works, it's amazing. But there's more we can do. There's
DNS based routing, device security, and we're gonna walk through all that
here in a moment. But if you're like me, kind of a nerd, you can't just walk
away from this video thinking, okay, I've got the fastest, most secure
way to connect to my stuff. But you have to know how it works,
right? Like how is this thing working? Let's talk about that Now
let's get a bit nerdy. Let's pop the hood on this
thing and see what's going on. What's the magic that's making
all this tick? And it's, it's actually really cool. I
can't wait to show you now. I'll start with this Twin gate. It's,
it's not a p n, it's not <laugh>. Let me explain Now, the goal for
Twin Gate is this right here, a secure end-to-end TLS tunnel. It's
peer-to-peer between the client, which is you or your family or
your employees, friends, whatever, and the connector inside your
network. But how does this happen? Especially with networks
that don't play nice. They have like CG Nat Dynamic IP addresses
and all the craziness our ISPs put us through. Because trust me, if you
have those networks, this thing just, it just works. But how, let's start with the connector
cuz he does most of the work. The connector is this guy. Let's talk about how the
connector was born real quick. So you may recall in our controller here, we deploy the connector inside the
controller, the optimal vulture. When we did that, we had to generate
a couple of tokens like, like this. If I try to deploy another
connector, I'll say generate tokens, have to authenticate
again. And there they are. I point this out because this is
a key part of Twin Gate security. They use more tokens than Chuck E Cheese
and that's how they authenticate with each other. So when we deploy this docker run
command baked in with these Chucky cheese tokens and when the twin Gate
connector came up in our network, he talked to the controller and said,
Hey, here I am. Here's my tokens. And they, they were friends
now cuz he knew who he was. So he gives him the
tokens and then exchange. The controller tells a connector
everything he needs to know. Two really important things
we're gonna focus on right now. First is an ACL and access control list. This tells the connector who's
allowed to come into the network. It's a list of allowed devices and
what they're allowed to access. We define that. Remember we
did that inside the controller. So the controller's giving
the connector that list, he's also telling him about Mr. Relay. Remember Twin Gate has four components
and this is the fourth one we have not talked about yet. So the
controller says, Hey, here's a few relays that you
can connect to. Now the relays, I'll tell you more about what
those are here in a moment. Much like the controller, they're hosted inside Twin Gates network
so you don't have to worry about it. I'll put the relays
right here in my beard. Now the relay's job is simple but
super important. He's the matchmaker. He helps the client, my knucklehead video editors and
the connector discovery each other, find out how to meet. He's
the guy that does that. The kind of play in love is blind right
now they're talking behind a wall. Let's take down that wall. Just a hug. Now here's how the client
and the connector connect. The first thing that'll happen
is the connector will connect. He's such a connector. He'll connect with a relay and he guesses
what he uses to authenticate <laugh> a token. It's actually a token from the
controller to say, Hey, I know this guy, we both know him. We're friends, we're
good. Not on the flip side, the client, it's doing the same thing. It did the whole token thing of the
controller when it authenticated and it connects to a relay. So now that the client and the
connector are talking to the relay, the relay can now introduce
them. He's the matchmaker, but he's doing more than you might think
cuz there's a pretty big problem he's solving right now. And this
is why we even need a relay. The problem is that the devices in your
network are nestled safely behind a firewall or a router and they're somewhat
kind of sheltered from the internet. The internet can't touch them. And
that's by design. That's a good thing. Your devices don't even
have a public IP address, which is what they need to talk
to everyone on the internet. Usually your router is the one that has
the public IP address and he allows the devices on your network. So think
you're nas, your twin gate connector, your editing PCs. He allows those devices to use the
public IP whenever they want to talk to people. This is a magical technology
called nat or network address translation. So what this means is that
your computer, for example, has no problem talking to the internet
when it tries to go out and talk to a website. The router will let
it use its public IP address. It'll actually give it a
little identifier, a port, let's say 5 1 7 90 with that identifier
that port your computer can talk to any website it wants. It works great. And when the website wants to send a
photo back or a meme or whatever you're doing, it knows that this came
from 1 5, 9, 7 4, 1, 2, 2, 1 1 3, port 51, 7, 9, 0. So when it talks back to your
computer and it gets to your router, your router goes, oh, this is 4507 9
0. When they get that right to 'em. Now Nat and these randomly assigned ports
are great for your computer to connect to stuff on the internet,
but not great at all. <laugh> for things to connect back to it. So the Twin Gate client can't
start talking to your computer. There's no door open there. And
that's where the relays come in. The relay does something really clever
and it's so cool when you really think about it. So you know the example I gave you of
your computer connecting to a website and using a randomly assigned port using that. It uses that to build that
peer-to-peer connection. So watch this, your connector inside your network,
it's connected to the relay, right? We've got a connection, which means he's gonna have a public IP
and a randomly assigned port from Nat from your router. So IP and port and the relay knows
that because he has that connection. On the other side of things,
you using the Twin Gate client, you're probably using Nat too
wifi at Starbucks airport, some secret YouTuber
studio, whatever it is. So you get your public IP and they
randomly assign port and the client has a connection with the relay. So
right at this moment, look at this, the relay has a connection with
the connector and the client, he knows their public IP addresses and
he knows the port that Nats using to reach back to them. So the relay goes,
lemme just tell them where they are. Let me, let me tell both these guys where they
are so they can talk to each other. And that's exactly what happens.
The relay tells the client, Hey, if you want to talk to the connector,
here's his IP address in port. And he tells the connector, Hey,
if you wanna talk to the client, here's his IP address in port. And
with that magic information supplied, bam, we get a connection. They know how to find each other in
a secure end-to-end TLS tunnel is established. Now this
magic does have a name, it's called Nat Traversal because we're
traversing all these NAT servers to make a direct connection, which is pretty hard to do when things
are kind of hidden behind random ports. That's why we need a server like a relay. This is actually operating
as a stun server. Stun does this kind of stuff and it
facilitates those connections. Whoa, why is there a virus on
this pc? Let me remove that, how embarrassing I left that there. Now a couple of things about how
this connection business works. A couple of highlights. This
thing is secure. Like I said, twin Gate is using more
tokens than Chuck E. Cheese. Every single interaction was
authenticated with a token. This TLS tunnel is using
penned certificates, which makes it darn near impossible
to do a man in the middle attack. And honestly, I'm not doing it justice. If you wanna dive deeper into how like
all the authentication and tokenizing stuff is working, I've gotta
document below, check it out. The second thing is that this is
not a VPN n I mentioned it before. So you're probably like, well
Chuck, if it's not vpn, what is it? It's a proxy actually. It's a super secure private proxy and
specifically the connector inside your network is operating it as a proxy. They work by terminating
network connections and
they'll do some fancy stuff for that traffic. They'll
manipulate it, validate it, and forward the traffic on to its
correct destination. It's very, very programmable and and custom. The
third thing I want you to know is, uh, this sucker's quick and no, I didn't forget how to spell
<laugh> Quick is a new protocol. If you haven't heard of this. It's a transport layer protocol for
all your network uh, nerds out there. It's built on top of U udp and it's
designed to be faster and more efficient than tcp, which is like
wait, you're building on top
of UDP to beat TCP <laugh>? Sure, but that's what it does. Now,
quick is taking the internet by storm. You're probably already using it right
now if you did a wire shark capture. But here's some of the main
differences that makes it amazing. One of them is multiplexing.
Multiplexing is a big one. You can send multiple streams of data
over one connection versus this rush hour freeway up here that's tcp. And what this means for Twin Gate and
why it's so quick to make connections is that it can make a connection off
and everything in one round trip. Whereas with TCP it might be a bunch
of back and forth negotiations and time and remitted packets
and all kinds of stuff. And one really cool thing that quick
does, and this is kind of mind blowing, but it does client side
roaming or it facilitates that. So let's say you as a client are trying
to remain connected to a remote desktop session or you're watching a movie on
Plex and you go from wifi in your house to maybe you're in the car on 5g. Normally that switch and connection
requires a disconnect and reconnect quick just keeps connection up. The
connection survives. It's kind of crazy. And then one more thing to note back
haul with traditional V P N when you connect, it normally means every bit of traffic
you're generating whatever website you go to, whether it's on your private
network or on the internet, it's gonna go through that VPN N device. Literally everything you're doing
is going through the VPN N device. That's bad for a variety
of reasons. First of all, you may not want to have everything
you're doing be seen by that VPN N device. All you wanted was access
to some resources. Second, as an IT person is a person trying
to administer a VPN gateway, dude, that's a lot of extra traffic that
you're having to grow your firewall for. It's really inefficient. But with Twin Gate it does a thing
called Split tunnel by default, which means that only traffic destined
for the resources you want access, go through a twin gate, everything
else, Facebook, YouTube, it goes out. Your standard internet gateway
doesn't touch twin gay. So only the traffic that needs to go
across those security t l s tunnels, those end-to-end tunnels, the only traffic that goes across those
is traffic that's supposed to for those resources. Now, yes, you can configure
Split Tunnel with a lot of V P N. I've done it. It's not easy. <laugh>
Twin Gate is built in by default. You don't have to even think about
it. It just works like that. Okay, we popped the hood, we
saw some nerdy stuff. Now time to configure some nerdy things
starting with something really cool. Device security. Now back here in our
twin gate controller, aka twin gate.com, let's do a few things real quick. First, we're actually gonna add to our
team by clicking on team up here, adding to your team is real easy. If
you wanna add family, friends, whatever, I'll click on add user, I'll add
myself to this team, send invite email. And what I'll also do is configure
a group. So I'll click on groups, add a group and say Beards,
that's it. Add group. And then I'll jump into that group, click
on users and add myself to that group. Now here I'm connecting on my
phone and you can see I'm on 5g. Now I'm connecting through just
fine, everything's loading. But now let's play with device security. So at the top I'll click on
devices and first of all, it's pretty cool that you can
see every device connected, but what we care about is security
right here. Let's click on that here. We can configure security based on
minimum OS requirements. So for example, I may not want iOS allowed at all. So I can go in here and say Block iOS.
So now when I try to log into Twin Gate, I've got iOS blocked, I can't
even authenticate, I can't get in. So you block an entire OS or just enforce
good policies like hey, screen lock, let's make sure we have screen lock
and maybe like biometric configuration. So touch ID if you still have that face
id, things like that. Heck yeah, Linux, HD encryption, firewall, windows,
goodness gracious, enable the whole thing. So that's already super powerful. Also, you'll see we have the option
to create a trusted profile. Let me show you what that
is. The click on create. Let's say we'll do one for Windows. Notice here we have the
option to integrate with third
party endpoint protection stuff, CrowdStrike, Intune, Sentinel One. And you can rely on those super advanced
programs to tell you if those devices are safe to connect. And if
they're not trusted by those, then they're not trusted by
Twin Gates. That's pretty cool. Now we also have policies
where you can define policies. The main thing I want you to see in
policies is the MFA not required. Over here you can just straight off
the bat make sure that MFA multifactor authentication is required. And then going into policies you
can set further requirements. Like if you set the default
policy for device security, you can manage that to say,
Hey, only trusted devices, meaning they have to be trusted
by CrowdStrike in TuneIn all one. Or you can leave it at any device
as long as they meet device security requirements, the minimum
OS requirements you've set. Now I wanna move on to something pretty
fun and it's how Twin Gate handles and treats dns. It's kind of crazy. So let's get back up to
the network tab over here. I don't need to switch to my pen.
Ah, there we go. We'll go to network. And so far we've added a resource
by specifying the IP address. Like here's the IP Twin Gate
will take care of the rest. But we also saw how we could use DNS a
domain name. Let's try it out real quick. So here in my network I've
got a Prox Box server. It's great for hosting virtual machines. You can find it via DNS at
prox dot hogwarts dot local. Now keeping in mind, this
is via my local DNS server. So here in my studio and maybe in
your network or your business network, you have a DNS server.
So when I ping prox max, it replies to the IP address because
my private DNS server response, this is not accessible
on the big wild internet. Now how Twin Gate will use
your DNS servers crazy. But let's go ahead and add it real quick. So I'm gonna have my new
employee I created, which was me. I think I'm gonna have me access Prox
box. So we'll click on ad resource, we'll choose a remote network. We'll
only have one right now. We'll do dns, we'll label it. And then
I'll put in the DNS address, which is proxima dot hogwarts dot local. Notice I'm not telling it what IP
address that it is or anything like that. I'm just saying the DNS address,
the domain name for protocol. I'll allow everything just for
testing. And then I'll say only beards. Only beards can use this. So I have
one group, which is just gonna be me. Now first let's see if it works
because I don't wanna lie to you. I wanna get logged back in. I got logged
out. Oh I forgot I enforced mfa. Ugh, I'm gonna turn it off real quick. <laugh>,
I don't feel like doing it right now. That's just bad security. Okay, cool. So I see Product Moss here
and currently I'm on 5g, so I'm not on my home network. I'm gonna authenticate and then copy
the address and try to go to it. I'll do https, colon wwa, paste it in there and go to pour 8,006
for Prox Max proceed. And there we go. Just like that. Lemme show you
how that, here's my network, here's my Prox MO server and
here's my uh, DNS server, which is actually running on a raspberry
pie. It's agar. I highly recommend it. What's crazy is that the Twin
Gate connector, he does a lot, but what he also does
beyond everything else, well not beyond just also is
that he proxies DNS request. He's a DNS proxy. And
here's what that means. So me over here on my Twin Gate
client, I got Twin Gate on my phone. There's something kind of weird going on
with your Twin Gate client and by weird I mean awesome. This is the only time
I'll mention it using VPN by the way, it actually uses a VPN connection on
your phone and whatever device you're using, it's a VPN
connection to local host. So 1 2 7 0 0 1, which we all know that local host one
two seven zero zero one is itself. It's the phone itself. It's making a VPN connection back to
itself that has one purpose of Twin Gate. It's listening and waiting for attempts
to connect to resources and it's a acl. So it has a list of things that it
knows I'm allowed to connect to, blah blah blah blah blah. One of
those things being proxim max, it waits and listens and it goes,
oh, oh, that's for me Proxim Max. It watches everything. And when it sees
it's something meant for Twin Gate, it'll take it and send it to the Twin
Gate connector over its secure TLS Tunnel. Now in the case of dns, what it'll do is, you know we configured a resource
that's prox box dot hogwarts dot local. When it sees prox
box dot hogwarts dot local, it's like okay that's in my list. It will then send this over our secure
TLS connection TLS Tunnel to the Twin Gate connector and the connector will
resolve that DNS request with its own configured DNS server.
So think about that. My twin gate connector that's
sitting inside my network, I gave it it's DNS server, which
is my private DNS server here. That's what it's using to resolve any
of those domain names I configure inside Twin Gate. That's pretty cool. And what that empowers me to do is DNS
base routing to different networks, which I don't think any other
solution does. It's kind of crazy. Now that's cool, but what if you don't
have a DNS server in your house? Well, twin Gate has a new feature called
Alias sis. Let's try it out real quick. Let's add another resource. I
wanna connect to my Plex server. So remote network hack WorldTech,
I'll do a an IP address, the alias, I can make it whatever I want it
to be. Plex dot beards dot awesome. I don't know that's what it's gonna be. I will only allow port 32,
400 for Plex and that's it. I'll give me access Beards of
course. And that's the Plex server. Let's see if that alias works.
If this works be kind of crazy, let's go to plex dot, beards dot awesome. Port 3 2 400. Is it working?
Seems to be working. It worked. How cool is that? Now a couple of things in
case you didn't notice this, you don't have to add
just individual resources. If you wanted to add a one
resource and make that a wild card, so either an IP address, say
like my network, do a slash 24, make that one resource and you
get access to your entire network. Same goes for dns, which is pretty
stinking cool. Just do a wild card. I use this heavily by the way. And it's
so stinking cool. Makes things easy. At least for me. Like I only give myself access to
this and restrict everyone else. It just makes sense. Now
because this video is so long, I'm not gonna demo these last few things, but I just wanna touch on them real quick
because they're so powerful and I do use them. If I go over
to my team, we the top, I've got users groups and then there's
one thing I haven't talked about. And that's services. What is that?
Click on that. Nothing there. What this is though, it's so cool. You've seen how we can install a Twin
Gate cloud on your phone, laptop, whatever. But they also have
headless clients. They got no heads, which means you can install them on a
Linux server with one command and they just work and it's so cool. So
I did this with um, uptime Kuma. So I had a LE server in the cloud. I installed Uptime Kuma on that and I
installed the Twin Gate headless client on there. And with that it was able to
monitor everything in my private network. And actually I lied. It wasn't my
private network that was monitoring, I was actually doing the top secret
YouTube thing I talked to you about. I was using this exact setup
to monitor a couple hun. Uh, I can't tell you it was a lot of devices,
but it did it like Twin Gate handle, all that. It was a wild car DNS setup.
It was crazy. But services are cool. They're not the hardest
setup. It's a one-liner. Now what this also opens
up is C I C D automation. And you can use things like Terraform
<laugh> where you can like just deploy infrastructure and with the infrastructure
built in the Terraform template, is that what they call it?
I think it's a template, is deploying twin gate connectors
and headless clients and it just, you spin up things automatically.
It's kind of crazy. So you can automate your access, automate
your zero trust. Two more things. If I go over to settings I,
twin Gate's, a big thing, man. Two things you can look at
right now. Identity provider, you can sync up Google
Workspace, Okta Azure ad. I personally use Google Workspace.
Pretty cool. I sync up my employees. You can also do Secure dns. So you can actually have your clients
use a secure DNS provider using D O H and you can specify that here. So
that's Twin Gate. What do you think? Are you gonna throw away your VPN or are
you using something else that you think is better fighting? No, I'm
just kidding. But seriously, let me know below in the comments.
I wanna know what you think. Grandma, go subscribe to Network. Chuck. What are you doing?