the END of VPNs?!

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
Throw your VPN in the trash, you don't need it anymore. I found something better. Like seriously, while my team and I were gone for three weeks working on a top secret project for a pretty big YouTuber <laugh>. I was just telling everyone how Nick was lazy and didn't finish his edit before the trip. Oh yeah, I only stayed up. Till one. I can't tell you about it. Don't even ask me. I'll tell you later. We needed a secure wicked fasts way to access all of our stuff back home. Things like my big fat NASS remote desktop into our editing machines and even my home lab to watch some flex. That's kind of what VPN is for, right? I mean, sure I could have set it up, but I didn't have the time. And the solution I found took about five minutes. And this one might shock you. VPN is not secure enough. Like when I give my two knucklehead editors VP in access, they get access to everything servers they shouldn't touch and they have a nasty habit of downloading free ramp. And if they already have malware and they can blast it out to my entire network, what I need is a solution that gives them access to only stuff they need. Nothing else. This is a little technique called zero trust because I zero trust them. And listen, it's not just security after some research, VPN is kind of the uh, kind of the old way of doing things and old as lane. I mean, have you seen the new stuff? It's crazy. So what I found, it's kind of amazing. It's called Twin Gate. It's a zero trust, remote access solution, buzzwords, blah blah blah. It basically means magic and it checks all my boxes. Watch this. In about five minutes, I deploy the Twin Gate, Docker container to my studio network, my home lab network, and even some private networks in the cloud. And just like that, I can connect from anywhere no matter where I go, no firewall config, no port forwarding and just works. And I don't care if you have CG Nat or some weird I S P issues. It just does its thing kind of scary, easy actually. I have granular control on what each person on my team can access. I can even say, you could only access this machine on this port and that's it. I can even control what they're allowed to access stuff with. Like I could say they can use iPhones but no Android and that just makes sense. And if they're using Windows, I can require antivirus firewall settings. And if they don't have 'em, they can't connect. And the crazy part, this is free, free for up to five users and that covers my business. So let's get this set up in your network right now. I'll walk you through every step. It'll be quick, no longer than it taste to brew a cup of coffee, trust me. And speaking of coffee, go ahead and do that. Grab you some because everything in it requires coffee. Also, shout out to Twin Gate for helping me solve my remote access problems and for sponsoring this video. Now I'm pretty picky about sponsors and Twin Gate makes the cut. I love it. It's something I actually use for everything and I know this will provide a ton of value to you. So let's get into it. Actually, you know, real quick, have you hacked the YouTube algorithm today? Let's make sure you do hit that like button notification bell. Come and subscribe to everything. Yes, you gotta hack YouTube today ethically, of course. Now here's the setup. We have our network for me, it's my studio for you, it might be your home lab or your business. The goal here is to get my knucklehead editors access to what they need inside my network. So Income's Twin Gate. Twin Gate has four parts. And don't let that scare you. You'll have to worry about two of 'em. I'm telling you, this is not complex, at least the setup. We've got our client, our connector, our controller, and our relay. Right now we're gonna focus on the connector and the controller. The controller is managed by Twin Gate. It's in their cloud, and it's what we'll use to sign up for a free account and configure all our stuff and who has access to what the connector is, the docker container you're gonna put inside of your network, behind your firewall. And all you have to know about the connector is that it connects stuff. That's all you have to know. I think that's the only two steps we have to worry about. Set up an account on Twin Gate, which is the controller, and then deploy the connector inside our network. Done. Now that does beg the question, what do we need for this? Only two things. First, you'll need something to put that Docker container on some type of Lennox server. This could be your nas, an old laptop, even a raspberry pie, which is what I'm going to demo on right now. And the second thing you should already have in your hand right now, a cup of coffee. Like I said, everything in it requires coffee. Say it with me, I'm not gonna do it again, but seriously, get some coffee. First step is the controller. So head out to twin gates.com. That's simple. That's it. It's time to ditch your vpn. Dang right. And right here in the middle, we're gonna click on try Twin Gate for free. Try twin gate, try twin gates. Say that 10 times fast. That's ridiculously hard. Click it here. Pick your poison. What do you wanna log in with? I'm gonna log in with GitHub, click on that authorize twin gate. And here we have some details. Now if you're like, okay, I'm setting this up for my home lab, I don't have a company name, don't worry, they're gonna give you a business trial for 14 days, no credit card, whatever. You're gonna have that starter plan for free forever. So make up a company name. I'm gonna name my own hack, well tech number of employees under a hundred. Let's finish it up. Skip all this, blah, blah, blah. No, I don't need technical support. I'm good. I can run C commands, I promise I can. And then choose your url. I'll leave it at Hack Wall Tech. Good to go create that network. So at this point you have a twin Gate account, you have a controller. Now all we have to do is configure a few things. There are two things we're gonna start with, and it's actually telling you right here at step one, the first thing we'll set up is your remote network, which will be your home lab, studio, business, whatever. And once we defined it here, we can actually deploy our connector to connect everything up. The second thing will configure resources. By default, you can't access anything. So you have to specifically explicitly define what you are allowed to access in your network. I love that. Zero trust. All right, let's go. Let's knock out the network first. You'll notice right down here we have add a remote network. Let's click on that. Choose your location. Notice you have some options. What I care about right now is on-premise, and I'll name it Hack well hq, add Remote Network. Man, that was so hard, right? <laugh>, that was easy. And we're almost done actually. Now to deploy our connector inside the network. Notice they have two connectors over here, but they're not deployed. And notice they do want you to deploy two, you can deploy one, that's fine. But if you want redundancy and high availability, you can deploy two. But we'll start with one, but which one to pick? Impetuous, jagar or Optimal Vulture. I can pronounce this better. I'm gonna go with that one. So we'll click on deploy connector and we'll choose how we're going to deploy this. Now, I talked about this Docker, docker's so easy we're gonna go with that, but you do have options. Step, we're gonna generate our tokens. What are those? We'll cover more about that here in a bit. In fact, I'm gonna go kind of nerdy on you and explain the magic of how this works. But let's set this up. First. We'll go ahead and generate our tokens. Click on generate tokens, and it will ask you to authenticate yourself again, which is great security. And you'll notice you do have your access and refresh tokens generated. And then we'll scroll on down to step four. And all we have to do here is copy and paste this Docker run command and we're good to go. So I'll pause here for a second. Let's get logged into the device. We're going to install our twin gate connector on. For me it's a raspberry pie. So here in Windows I'm gonna launch my terminal and I'll ssh into my raspberry pie. And before we copy and paste our command, let's just make sure we have Docker installed, and that's super easy. First, we'll update our repositories, pseudo p t update, and then we'll install Docker pseudo apt install docker.io dash y. Mine is already installed, but it should go pretty quick for you. And now literally all we have to do is copy and paste. So we'll get back to our browser here, click the copy command, go back to our terminal and paste. And you may have to run this as pseudo. I wanna do a control A, run it as pseudo at the beginning and then hit enter and let the party start. Who, ah, I love seeing this quick coffee break while the show's happening. Just enjoy the show. And that was it. So real quick while we're here on the terminal, before we leave, let's type in pseudo docker PS to make sure it's, it's in there running. And there it is, it's running. And now if we get back to our twinge controller, aka twinge.com, there it is. Our connection status, the optimal vulture is connected. Now let's add some resources. Let's get back to our network up here. Click on that. And we don't really need this right now. So let's just click on dismiss. And right here you'll see an add resource button. Let's click on that Add resource. The first thing we'll do is choose a remote network. I'm gonna pick Hack well hq. And yes, that does mean you can have more than one remote network. So add your parents' house at grandma's house, your friend's house, whatever. You can do that. Then we'll specify our host. Now we can use DNS or IP address. And this DNS thing, by the way, is crazy. We'll cover that here in a bit for now. We'll focus on IP address to keep things simple. So choose cider label what you're setting up. I'm gonna access my nas. First big fat nas. Then the IP address. Keep in mind, this will be your private IP address aside, your home network or your business network, whatever it is. Then also notice we have an alias option. We'll cover that when we talk about dns. But again, this whole thing is insane. It's magic. I can't wait to tell you that though. But let, let's, let's keep moving forward. Next we have protocol restrictions. And what I wanna do is have my editors only access my NASS on Port 5,000, which is the gooey. So I click on protocol restrictions. Right now everything's allowed, may not want that. So we'll say TCP restrict and we'll specify the ports. I'll say 5,000. And then I'll block UDP and block I C M P. So at this point, only port 5,000 TCP is allowed. That's all we care about right now. I'm gonna click on ad resource. And then as soon as you do that, you can choose who has access to this resource for now we have one group. That's everyone. I'll go ahead and add that. We can change that at any time. And I'll click on add one group. So right now we have a resource. If I hover over this guy right here, it'll tell me exactly what's allowed TCP 5,000. That's it. So what do you say we tested out? Which by the way, you just set up Twin Gate, like that was it. That's all it took. Now we have to worry about is the client. The third piece, which is just installing an app and logging in super hard <laugh>. Let's try that right now. All right, I got my laptop here. I wanna download the Twin Gate client by heading out to twin gate.com/download cuz I'm using Windows. I'll click on download for Windows. They have an app for everything. Mac, go West, iPhone, Android, whatever. It's, I'll open the file and install the sucker and click on finish. Ugh. And a restart. I hate restarting this stuff. One moment. Now, before I configure Twin Gate, like any good magician, let me show you that I can't access my stuff. First. I want to make sure I'm connected to my 5G connection on my phone. Now let's try and access my NASS four, 5,000. It's not looking good. Can't reach the page. Now let's sign into twinge. I'll connect to Hack Well Tech, that's when I named it, right? Yeah, I think so. I'll join that network, sign in with my GitHub and we should be good to go. I'm gonna close my browser window real quick. It already happened. Look at that 5,000. I'm going over it, man. Look at my tray right now. Yes, I can see I'm connected. Oh, that's so stinking cool. I love this but I shouldn't be able to ping anything. Let's see. Yeah, nothing campaign it. We disabled IC m p, let's try S ssh. Nothing. Let me nail it real quick. Actually, I wanna test this. Now we're rolling then I'm gonna just edit it real quick and add port 22. Let's see what happens. Confirm changes. Let's try it now. Oh, took a minute, but I'm in just like that. How cool is that? Now at this point you've configured Twin Gate, like it works, it's amazing. But there's more we can do. There's DNS based routing, device security, and we're gonna walk through all that here in a moment. But if you're like me, kind of a nerd, you can't just walk away from this video thinking, okay, I've got the fastest, most secure way to connect to my stuff. But you have to know how it works, right? Like how is this thing working? Let's talk about that Now let's get a bit nerdy. Let's pop the hood on this thing and see what's going on. What's the magic that's making all this tick? And it's, it's actually really cool. I can't wait to show you now. I'll start with this Twin gate. It's, it's not a p n, it's not <laugh>. Let me explain Now, the goal for Twin Gate is this right here, a secure end-to-end TLS tunnel. It's peer-to-peer between the client, which is you or your family or your employees, friends, whatever, and the connector inside your network. But how does this happen? Especially with networks that don't play nice. They have like CG Nat Dynamic IP addresses and all the craziness our ISPs put us through. Because trust me, if you have those networks, this thing just, it just works. But how, let's start with the connector cuz he does most of the work. The connector is this guy. Let's talk about how the connector was born real quick. So you may recall in our controller here, we deploy the connector inside the controller, the optimal vulture. When we did that, we had to generate a couple of tokens like, like this. If I try to deploy another connector, I'll say generate tokens, have to authenticate again. And there they are. I point this out because this is a key part of Twin Gate security. They use more tokens than Chuck E Cheese and that's how they authenticate with each other. So when we deploy this docker run command baked in with these Chucky cheese tokens and when the twin Gate connector came up in our network, he talked to the controller and said, Hey, here I am. Here's my tokens. And they, they were friends now cuz he knew who he was. So he gives him the tokens and then exchange. The controller tells a connector everything he needs to know. Two really important things we're gonna focus on right now. First is an ACL and access control list. This tells the connector who's allowed to come into the network. It's a list of allowed devices and what they're allowed to access. We define that. Remember we did that inside the controller. So the controller's giving the connector that list, he's also telling him about Mr. Relay. Remember Twin Gate has four components and this is the fourth one we have not talked about yet. So the controller says, Hey, here's a few relays that you can connect to. Now the relays, I'll tell you more about what those are here in a moment. Much like the controller, they're hosted inside Twin Gates network so you don't have to worry about it. I'll put the relays right here in my beard. Now the relay's job is simple but super important. He's the matchmaker. He helps the client, my knucklehead video editors and the connector discovery each other, find out how to meet. He's the guy that does that. The kind of play in love is blind right now they're talking behind a wall. Let's take down that wall. Just a hug. Now here's how the client and the connector connect. The first thing that'll happen is the connector will connect. He's such a connector. He'll connect with a relay and he guesses what he uses to authenticate <laugh> a token. It's actually a token from the controller to say, Hey, I know this guy, we both know him. We're friends, we're good. Not on the flip side, the client, it's doing the same thing. It did the whole token thing of the controller when it authenticated and it connects to a relay. So now that the client and the connector are talking to the relay, the relay can now introduce them. He's the matchmaker, but he's doing more than you might think cuz there's a pretty big problem he's solving right now. And this is why we even need a relay. The problem is that the devices in your network are nestled safely behind a firewall or a router and they're somewhat kind of sheltered from the internet. The internet can't touch them. And that's by design. That's a good thing. Your devices don't even have a public IP address, which is what they need to talk to everyone on the internet. Usually your router is the one that has the public IP address and he allows the devices on your network. So think you're nas, your twin gate connector, your editing PCs. He allows those devices to use the public IP whenever they want to talk to people. This is a magical technology called nat or network address translation. So what this means is that your computer, for example, has no problem talking to the internet when it tries to go out and talk to a website. The router will let it use its public IP address. It'll actually give it a little identifier, a port, let's say 5 1 7 90 with that identifier that port your computer can talk to any website it wants. It works great. And when the website wants to send a photo back or a meme or whatever you're doing, it knows that this came from 1 5, 9, 7 4, 1, 2, 2, 1 1 3, port 51, 7, 9, 0. So when it talks back to your computer and it gets to your router, your router goes, oh, this is 4507 9 0. When they get that right to 'em. Now Nat and these randomly assigned ports are great for your computer to connect to stuff on the internet, but not great at all. <laugh> for things to connect back to it. So the Twin Gate client can't start talking to your computer. There's no door open there. And that's where the relays come in. The relay does something really clever and it's so cool when you really think about it. So you know the example I gave you of your computer connecting to a website and using a randomly assigned port using that. It uses that to build that peer-to-peer connection. So watch this, your connector inside your network, it's connected to the relay, right? We've got a connection, which means he's gonna have a public IP and a randomly assigned port from Nat from your router. So IP and port and the relay knows that because he has that connection. On the other side of things, you using the Twin Gate client, you're probably using Nat too wifi at Starbucks airport, some secret YouTuber studio, whatever it is. So you get your public IP and they randomly assign port and the client has a connection with the relay. So right at this moment, look at this, the relay has a connection with the connector and the client, he knows their public IP addresses and he knows the port that Nats using to reach back to them. So the relay goes, lemme just tell them where they are. Let me, let me tell both these guys where they are so they can talk to each other. And that's exactly what happens. The relay tells the client, Hey, if you want to talk to the connector, here's his IP address in port. And he tells the connector, Hey, if you wanna talk to the client, here's his IP address in port. And with that magic information supplied, bam, we get a connection. They know how to find each other in a secure end-to-end TLS tunnel is established. Now this magic does have a name, it's called Nat Traversal because we're traversing all these NAT servers to make a direct connection, which is pretty hard to do when things are kind of hidden behind random ports. That's why we need a server like a relay. This is actually operating as a stun server. Stun does this kind of stuff and it facilitates those connections. Whoa, why is there a virus on this pc? Let me remove that, how embarrassing I left that there. Now a couple of things about how this connection business works. A couple of highlights. This thing is secure. Like I said, twin Gate is using more tokens than Chuck E. Cheese. Every single interaction was authenticated with a token. This TLS tunnel is using penned certificates, which makes it darn near impossible to do a man in the middle attack. And honestly, I'm not doing it justice. If you wanna dive deeper into how like all the authentication and tokenizing stuff is working, I've gotta document below, check it out. The second thing is that this is not a VPN n I mentioned it before. So you're probably like, well Chuck, if it's not vpn, what is it? It's a proxy actually. It's a super secure private proxy and specifically the connector inside your network is operating it as a proxy. They work by terminating network connections and they'll do some fancy stuff for that traffic. They'll manipulate it, validate it, and forward the traffic on to its correct destination. It's very, very programmable and and custom. The third thing I want you to know is, uh, this sucker's quick and no, I didn't forget how to spell <laugh> Quick is a new protocol. If you haven't heard of this. It's a transport layer protocol for all your network uh, nerds out there. It's built on top of U udp and it's designed to be faster and more efficient than tcp, which is like wait, you're building on top of UDP to beat TCP <laugh>? Sure, but that's what it does. Now, quick is taking the internet by storm. You're probably already using it right now if you did a wire shark capture. But here's some of the main differences that makes it amazing. One of them is multiplexing. Multiplexing is a big one. You can send multiple streams of data over one connection versus this rush hour freeway up here that's tcp. And what this means for Twin Gate and why it's so quick to make connections is that it can make a connection off and everything in one round trip. Whereas with TCP it might be a bunch of back and forth negotiations and time and remitted packets and all kinds of stuff. And one really cool thing that quick does, and this is kind of mind blowing, but it does client side roaming or it facilitates that. So let's say you as a client are trying to remain connected to a remote desktop session or you're watching a movie on Plex and you go from wifi in your house to maybe you're in the car on 5g. Normally that switch and connection requires a disconnect and reconnect quick just keeps connection up. The connection survives. It's kind of crazy. And then one more thing to note back haul with traditional V P N when you connect, it normally means every bit of traffic you're generating whatever website you go to, whether it's on your private network or on the internet, it's gonna go through that VPN N device. Literally everything you're doing is going through the VPN N device. That's bad for a variety of reasons. First of all, you may not want to have everything you're doing be seen by that VPN N device. All you wanted was access to some resources. Second, as an IT person is a person trying to administer a VPN gateway, dude, that's a lot of extra traffic that you're having to grow your firewall for. It's really inefficient. But with Twin Gate it does a thing called Split tunnel by default, which means that only traffic destined for the resources you want access, go through a twin gate, everything else, Facebook, YouTube, it goes out. Your standard internet gateway doesn't touch twin gay. So only the traffic that needs to go across those security t l s tunnels, those end-to-end tunnels, the only traffic that goes across those is traffic that's supposed to for those resources. Now, yes, you can configure Split Tunnel with a lot of V P N. I've done it. It's not easy. <laugh> Twin Gate is built in by default. You don't have to even think about it. It just works like that. Okay, we popped the hood, we saw some nerdy stuff. Now time to configure some nerdy things starting with something really cool. Device security. Now back here in our twin gate controller, aka twin gate.com, let's do a few things real quick. First, we're actually gonna add to our team by clicking on team up here, adding to your team is real easy. If you wanna add family, friends, whatever, I'll click on add user, I'll add myself to this team, send invite email. And what I'll also do is configure a group. So I'll click on groups, add a group and say Beards, that's it. Add group. And then I'll jump into that group, click on users and add myself to that group. Now here I'm connecting on my phone and you can see I'm on 5g. Now I'm connecting through just fine, everything's loading. But now let's play with device security. So at the top I'll click on devices and first of all, it's pretty cool that you can see every device connected, but what we care about is security right here. Let's click on that here. We can configure security based on minimum OS requirements. So for example, I may not want iOS allowed at all. So I can go in here and say Block iOS. So now when I try to log into Twin Gate, I've got iOS blocked, I can't even authenticate, I can't get in. So you block an entire OS or just enforce good policies like hey, screen lock, let's make sure we have screen lock and maybe like biometric configuration. So touch ID if you still have that face id, things like that. Heck yeah, Linux, HD encryption, firewall, windows, goodness gracious, enable the whole thing. So that's already super powerful. Also, you'll see we have the option to create a trusted profile. Let me show you what that is. The click on create. Let's say we'll do one for Windows. Notice here we have the option to integrate with third party endpoint protection stuff, CrowdStrike, Intune, Sentinel One. And you can rely on those super advanced programs to tell you if those devices are safe to connect. And if they're not trusted by those, then they're not trusted by Twin Gates. That's pretty cool. Now we also have policies where you can define policies. The main thing I want you to see in policies is the MFA not required. Over here you can just straight off the bat make sure that MFA multifactor authentication is required. And then going into policies you can set further requirements. Like if you set the default policy for device security, you can manage that to say, Hey, only trusted devices, meaning they have to be trusted by CrowdStrike in TuneIn all one. Or you can leave it at any device as long as they meet device security requirements, the minimum OS requirements you've set. Now I wanna move on to something pretty fun and it's how Twin Gate handles and treats dns. It's kind of crazy. So let's get back up to the network tab over here. I don't need to switch to my pen. Ah, there we go. We'll go to network. And so far we've added a resource by specifying the IP address. Like here's the IP Twin Gate will take care of the rest. But we also saw how we could use DNS a domain name. Let's try it out real quick. So here in my network I've got a Prox Box server. It's great for hosting virtual machines. You can find it via DNS at prox dot hogwarts dot local. Now keeping in mind, this is via my local DNS server. So here in my studio and maybe in your network or your business network, you have a DNS server. So when I ping prox max, it replies to the IP address because my private DNS server response, this is not accessible on the big wild internet. Now how Twin Gate will use your DNS servers crazy. But let's go ahead and add it real quick. So I'm gonna have my new employee I created, which was me. I think I'm gonna have me access Prox box. So we'll click on ad resource, we'll choose a remote network. We'll only have one right now. We'll do dns, we'll label it. And then I'll put in the DNS address, which is proxima dot hogwarts dot local. Notice I'm not telling it what IP address that it is or anything like that. I'm just saying the DNS address, the domain name for protocol. I'll allow everything just for testing. And then I'll say only beards. Only beards can use this. So I have one group, which is just gonna be me. Now first let's see if it works because I don't wanna lie to you. I wanna get logged back in. I got logged out. Oh I forgot I enforced mfa. Ugh, I'm gonna turn it off real quick. <laugh>, I don't feel like doing it right now. That's just bad security. Okay, cool. So I see Product Moss here and currently I'm on 5g, so I'm not on my home network. I'm gonna authenticate and then copy the address and try to go to it. I'll do https, colon wwa, paste it in there and go to pour 8,006 for Prox Max proceed. And there we go. Just like that. Lemme show you how that, here's my network, here's my Prox MO server and here's my uh, DNS server, which is actually running on a raspberry pie. It's agar. I highly recommend it. What's crazy is that the Twin Gate connector, he does a lot, but what he also does beyond everything else, well not beyond just also is that he proxies DNS request. He's a DNS proxy. And here's what that means. So me over here on my Twin Gate client, I got Twin Gate on my phone. There's something kind of weird going on with your Twin Gate client and by weird I mean awesome. This is the only time I'll mention it using VPN by the way, it actually uses a VPN connection on your phone and whatever device you're using, it's a VPN connection to local host. So 1 2 7 0 0 1, which we all know that local host one two seven zero zero one is itself. It's the phone itself. It's making a VPN connection back to itself that has one purpose of Twin Gate. It's listening and waiting for attempts to connect to resources and it's a acl. So it has a list of things that it knows I'm allowed to connect to, blah blah blah blah blah. One of those things being proxim max, it waits and listens and it goes, oh, oh, that's for me Proxim Max. It watches everything. And when it sees it's something meant for Twin Gate, it'll take it and send it to the Twin Gate connector over its secure TLS Tunnel. Now in the case of dns, what it'll do is, you know we configured a resource that's prox box dot hogwarts dot local. When it sees prox box dot hogwarts dot local, it's like okay that's in my list. It will then send this over our secure TLS connection TLS Tunnel to the Twin Gate connector and the connector will resolve that DNS request with its own configured DNS server. So think about that. My twin gate connector that's sitting inside my network, I gave it it's DNS server, which is my private DNS server here. That's what it's using to resolve any of those domain names I configure inside Twin Gate. That's pretty cool. And what that empowers me to do is DNS base routing to different networks, which I don't think any other solution does. It's kind of crazy. Now that's cool, but what if you don't have a DNS server in your house? Well, twin Gate has a new feature called Alias sis. Let's try it out real quick. Let's add another resource. I wanna connect to my Plex server. So remote network hack WorldTech, I'll do a an IP address, the alias, I can make it whatever I want it to be. Plex dot beards dot awesome. I don't know that's what it's gonna be. I will only allow port 32, 400 for Plex and that's it. I'll give me access Beards of course. And that's the Plex server. Let's see if that alias works. If this works be kind of crazy, let's go to plex dot, beards dot awesome. Port 3 2 400. Is it working? Seems to be working. It worked. How cool is that? Now a couple of things in case you didn't notice this, you don't have to add just individual resources. If you wanted to add a one resource and make that a wild card, so either an IP address, say like my network, do a slash 24, make that one resource and you get access to your entire network. Same goes for dns, which is pretty stinking cool. Just do a wild card. I use this heavily by the way. And it's so stinking cool. Makes things easy. At least for me. Like I only give myself access to this and restrict everyone else. It just makes sense. Now because this video is so long, I'm not gonna demo these last few things, but I just wanna touch on them real quick because they're so powerful and I do use them. If I go over to my team, we the top, I've got users groups and then there's one thing I haven't talked about. And that's services. What is that? Click on that. Nothing there. What this is though, it's so cool. You've seen how we can install a Twin Gate cloud on your phone, laptop, whatever. But they also have headless clients. They got no heads, which means you can install them on a Linux server with one command and they just work and it's so cool. So I did this with um, uptime Kuma. So I had a LE server in the cloud. I installed Uptime Kuma on that and I installed the Twin Gate headless client on there. And with that it was able to monitor everything in my private network. And actually I lied. It wasn't my private network that was monitoring, I was actually doing the top secret YouTube thing I talked to you about. I was using this exact setup to monitor a couple hun. Uh, I can't tell you it was a lot of devices, but it did it like Twin Gate handle, all that. It was a wild car DNS setup. It was crazy. But services are cool. They're not the hardest setup. It's a one-liner. Now what this also opens up is C I C D automation. And you can use things like Terraform <laugh> where you can like just deploy infrastructure and with the infrastructure built in the Terraform template, is that what they call it? I think it's a template, is deploying twin gate connectors and headless clients and it just, you spin up things automatically. It's kind of crazy. So you can automate your access, automate your zero trust. Two more things. If I go over to settings I, twin Gate's, a big thing, man. Two things you can look at right now. Identity provider, you can sync up Google Workspace, Okta Azure ad. I personally use Google Workspace. Pretty cool. I sync up my employees. You can also do Secure dns. So you can actually have your clients use a secure DNS provider using D O H and you can specify that here. So that's Twin Gate. What do you think? Are you gonna throw away your VPN or are you using something else that you think is better fighting? No, I'm just kidding. But seriously, let me know below in the comments. I wanna know what you think. Grandma, go subscribe to Network. Chuck. What are you doing?
Info
Channel: NetworkChuck
Views: 1,217,976
Rating: undefined out of 5
Keywords: Twingate, VPN alternative, Zero-trust, Remote access, Cybersecurity, Network security, Business security, Work from home, Productivity, Remote work, Security solutions, Access control, Network access, IT security, Cyber threats, Secure remote access, Identity and access management, Two-factor authentication, Multi-factor authentication, Security management
Id: IYmXPF3XUwo
Channel Id: undefined
Length: 28min 48sec (1728 seconds)
Published: Fri Apr 28 2023
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.