Just for the hell of it, I called #Astound, it's been 4 years since my last call, to see if they've managed a bridge the 1/2 mile of paved road next to a California highway. #CA174 When they were #Wave, they quoted 25k per household to provide service. I literally live on a 5 mile strip of #CA174 which cable and fiber won't develop. The answer was no. And somehow #FCC #placercoumty and the 4 ISPs providing service think 12-25 download is #broadband #ruralbroadband #infrastructureupgrade

Friends of #BSDCafe and the #Fediverse, I had some time, so I went ahead and moved the jails immediately :-) Now the reverse proxy and the mail server are running on one VPS, while the rest is on another (more powerful) VPS hosted on a physical server I manage. I've allocated multiple cores and 16 gigabytes of RAM. If any issues arise, please let me know.
#ServerMigration #InfrastructureUpgrade #ServerManagement #VPS #BSDCafeUpdates

Old customer infrastructure based on #Proxmox 5 and an ancient #Dell server running an outdated #pfSense.
They asked me to update everything because the ERP provider (a small software house) accessing via #VPN claims the pfSense version is too old. I agree and decide to upgrade Proxmox.

On the old Dell, I install #OpenBSD and, in agreement with the ERP provider, a #Wireguard VPN.

After a few days, they 'recall' me because, for their internal compliance and following their '#security manual,' they need to enter the password manually every time they connect, and Wireguard doesn't support user/password concept.

They ask for the possibility to change the PSK with each access to ensure that the one in their configuration files is not the current one - an absurd operation. I don't have a maintenance contract and can't take this responsibility, as it doesn't make sense. Clearly, they agreed on Wireguard without even knowing what it was.
To avoid issues, I ask them what to install instead. They suggest #OpenVPN might be acceptable. I proceed accordingly. They contact me again: 'The version of OpenVPN is not suitable, and OpenBSD is not certified according to our security procedures.' I ask them to tell me what is certified. They respond: '#Debian 7, #Wheezy - and the version of OpenVPN from Debian 7.'
I politely point out that Debian 7 reached its End of Life in 2016, and even the extended LTS has been unsupported for 3 years. They don't care, they must abide by their manual - it's safe for them.

The customer asks me to accommodate them anyway, but I reflect on the fact that when they inevitably get compromised, it will be my fault for installing something so outdated today.

I declined the job - limiting myself to updating Proxmox.

I'm not sure if I'm more offended by the bureaucracy of certain 'internal manuals' or by the closed-mindedness of certain colleagues who can't stand up against such dynamics.

#ITSecurity #InfrastructureUpgrade #ClientIssues #IT #SyaAdmin