Sysadmin

7816 readers

34 users here now

A community dedicated to the profession of IT Systems Administration

No generic Lemmy issue posts please! Posts about Lemmy belong in one of these communities:
[email protected]
[email protected]
[email protected]
[email protected]

founded 2 years ago

MODERATORS

DarraignTheSane

00Lemming

L3s

Tailscale as a tool for PCI compliance (to avoid port forwarding) (lemmy.zip)

submitted 1 year ago* (last edited 1 year ago) by [email protected] to c/sysadmin

4 comments fedilink hide all child comments

So I recently discovered that the camera NVRs are majority insecure. This lead to my company failing to get PCI compliance which wasn't all that unexpected. However, this leads to the awkward situation of me comparing mesh VPNs. I've been playing around with netbird but I'm looking for a more polished solution.

Do any of you use Tailscale in a corporate environment? If so how well does it work and is there any major pain points?

Edit: I gave up on Tailscale as it was a pain in the ass. I'll just use Netbird with a reverse proxy for the cameras.

you are viewing a single comment's thread
view the rest of the comments

[–] slazer2au 13 points 1 year ago (1 children)

In all honesty of you are in a commerical environment and scale where PCI and mesh VPNs are cropping up you should consider hardware firewalls.

FortiNet has FortiGate ADVPN as part of the base image and no extra licenses required. If you include the licenses you can get PCI reports from the FortiGate.

Juniper has SRX mesh, don't go for the cisco tax of DMVPN, Palo Alto has LSVPN

[–] [email protected] 0 points 1 year ago

I am actually managing a bunch of locations with only 1-3 people at each. Full firewalls feel overkill but maybe there is a middle ground. I've actually considered openWRT with ansible but keeping openWRT updated is a pain in the ass.

For now I'll just stick with Tailscale and some sort of management software.