What's new

Let's talk about Twingate

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

BreakingDad

Very Senior Member

Would it be possible to run this on the router? apparently it can run on a pi? Would it work as an AMTM addon? looks like a tiny install.


Is it safe regarding Twingate being in control of the controller? Trusted by some small businesses, Safe for home use?

Comment from Chuck :

"watch the rest of the vid, look at how they handle authentication. Twingate REQUIRES third-party auth (google, github...etc) for you to connect to a resource. It's not self-hosted, but it's also not as "managed'" as you might think."

A lot of comments on the video about this.

Would it negate the potential "restrict act" more comments on this.


Also an interesting alternative to zerotier with ztncui.

Interesting stuff regardless, consume with Coffee of course :)

Best Comment:

Devon Crain

2 weeks ago
The pieces of this I did understand were so cool to me that I feel inspired to really dive in and learn substantially about networking. Thanks for all you do!
 
Last edited:

Would it be possible to run this on the router? apparently it can run on a pi?

Probably a lot easier, and less of a headache to run it in a docker container... Spin up a local vm with Ubuntu on it, and profit.
 
Looks like nothing I would allow on any networks I manage.
 

Would it be possible to run this on the router? apparently it can run on a pi? Would it work as an AMTM addon? looks like a tiny install.


Is it safe regarding Twingate being in control of the controller? Trusted by some small businesses, Safe for home use?

Comment from Chuck :

"watch the rest of the vid, look at how they handle authentication. Twingate REQUIRES third-party auth (google, github...etc) for you to connect to a resource. It's not self-hosted, but it's also not as "managed'" as you might think."

A lot of comments on the video about this.

Would it negate the potential "restrict act" more comments on this.


Also an interesting alternative to zerotier with ztncui.

Interesting stuff regardless, consume with Coffee of course :)

Best Comment:

Devon Crain

2 weeks ago
The pieces of this I did understand were so cool to me that I feel inspired to really dive in and learn substantially about networking. Thanks for all you do!
So I watched the video... and think it's pretty dang cool, actually. It works very much like TeamViewer works... you have clients and resources that log into a relay that's controlled by TeamViewer, and facilitates that point-to-point connection. While TV is strictly used for screensharing, this one goes well beyond that, and provides access to resources on the local network... I am going to do a little more research on the Twingate company/product itself to determine the level of access they have to the "stream"... but it sounds fairly secure.

Yeah, I also saw that federal act that would supposedly restrict VPNs... I don't see how they could do that, or enforce that when the vast majority of businesses rely on these to provide access to their remote employees to get into their secure networks. It's going to be very difficult to take this away and fine people for using one. And for godsakes... why would anyone want to specifically go through the trouble to setup a VPN just to access Tiktok... Oh wait, maybe it's like those people who are are using VPN to get to Netflix... lol

This has some more good detail on what to expect...


Notes:

Twingate does collect some of your information. Mostly this is standard information needed to set up your account, or for diagnostic purposes. Some of it is voluntary but the ways that Twingate might use it is spelled out clearly in the privacy policy.

Considering Twingate’s many integrations, it’s important to mention that it will also receive information from the 3rd party apps you may be using with it. However, it can’t read data that’s not routed through it. This means that it won’t log any of your usual personal traffic, such as video calls and instant messages.

However, it is based in the US which is a member of the 5 Eyes Alliance. Although Twingate says it will fight any demands for your data, this does mean that your data could potentially be claimed by any member countries.

You might miss certain features associated with standard business VPNs, like a kill-switch to ensure that everything goes through an encrypted tunnel without exception.

I contacted Twingate to confirm the type of encryption used. While data is being transferred, it is secured via SSL/TLS. When the data is at rest, it is protected by Google cloud services featuring AES-256 encryption, with symmetric keys. Data keys are encrypted using a regularly changed master key, stored in a secure keystore.
 
Last edited:
So I watched the video... and think it's pretty dang cool, actually. It works very much like TeamViewer works... you have clients and resources that log into a relay that's controlled by TeamViewer, and facilitates that point-to-point connection. While TV is strictly used for screensharing, this one goes well beyond that, and provides access to resources on the local network... I am going to do a little more research on the Twingate company/product itself to determine the level of access they have to the "stream"... but it sounds fairly secure.

Yeah, I also saw that federal act that would supposedly restrict VPNs... I don't see how they could do that, or enforce that when the vast majority of businesses rely on these to provide access to their remote employees to get into their secure networks. It's going to be very difficult to take this away and fine people for using one. And for godsakes... why would anyone want to specifically go through the trouble to setup a VPN just to access Tiktok... Oh wait, maybe it's like those people who are are using VPN to get to Netflix... lol

This has some more good detail on what to expect...


Notes:

Twingate does collect some of your information. Mostly this is standard information needed to set up your account, or for diagnostic purposes. Some of it is voluntary but the ways that Twingate might use it is spelled out clearly in the privacy policy.

Considering Twingate’s many integrations, it’s important to mention that it will also receive information from the 3rd party apps you may be using with it. However, it can’t read data that’s not routed through it. This means that it won’t log any of your usual personal traffic, such as video calls and instant messages.

However, it is based in the US which is a member of the 5 Eyes Alliance. Although Twingate says it will fight any demands for your data, this does mean that your data could potentially be claimed by any member countries.

You might miss certain features associated with standard business VPNs, like a kill-switch to ensure that everything goes through an encrypted tunnel without exception.

I contacted Twingate to confirm the type of encryption used. While data is being transferred, it is secured via SSL/TLS. When the data is at rest, it is protected by Google cloud services featuring AES-256 encryption, with symmetric keys. Data keys are encrypted using a regularly changed master key, stored in a secure keystore.

Wow, thanks for the indepth reply, the research and the further reading - appreciated. I also thought it looked very cool, which is why I wanted to discuss it further with the snb community. Anything that runs well on a pi (adguard for example) I get excited by, also with the potential to have more plugins on the router. All that is required I believe is a simple connector you deploy onto your linux box, pi, nas, windows box etc etc The rest you setup through your twingate account. Can probably be done without even a plugin.

I might play around with it for fun on the spare pi I have at some point. when I have some free time. It also works with exisiting VPN setups. Also interesting that you don't need to expose your network publicly as it connects through "connectors" (proxies)

I wonder if anyone here has already tried twingate, and what their experience with it is?
 
'Protected by Google Cloud services' was enough for me to ban it more from anything I use personally.

Google has never protected anything but itself.
 
However, it is based in the US which is a member of the 5 Eyes Alliance. Although Twingate says it will fight any demands for your data, this does mean that your data could potentially be claimed by any member countries.
Uhhh, last I checked, it's up to 14 or 20 Eyes countries sharing information now. It really IS the Matrix and what Edward Snowden warned us about.
so WireGuard on a router under your control (or something like this) isn't so far fetched.
Here in Canada we have a new law, and another bill on the books to back it up, that could be described as fascist from the perspective that open exchange of information/opinion/discourse is being monitored and censored and banned when it isn't "approved" or within the definitions of the new law. It might be said by some that "they" are closing down channels.
but I also see that people are eschewing smartphones for basic mobiles that are non-smart to eliminate the noise/distractions of the media from their lives so that they can focus on efficient and meaningful communication...increasing their personal signal to noise ratio. That's something I'm all for.
Building your own stone walls and moat around what you consider important is taking it a step further, something I've recently become VERY mindful of and can't fault ANYONE for.
So, conclusion - these are good things, non-corporate VPNs, privacy, security, etc.
But we can't take things to the extreme that we're so well bubbled off that we're insular and isolated and out of touch with the greater world as a whole. Humans are social and interactive...or we would've died out long ago.
 
Uhhh, last I checked, it's up to 14 or 20 Eyes countries sharing information now. It really IS the Matrix and what Edward Snowden warned us about.
So there's 5, 9 and 14 according to that article... https://www.vpnmentor.com/blog/understanding-five-eyes-concept/

Here in Canada we have a new law, and another bill on the books to back it up, that could be described as fascist from the perspective that open exchange of information/opinion/discourse is being monitored and censored and banned when it isn't "approved" or within the definitions of the new law. It might be said by some that "they" are closing down channels.
but I also see that people are eschewing smartphones for basic mobiles that are non-smart to eliminate the noise/distractions of the media from their lives so that they can focus on efficient and meaningful communication...increasing their personal signal to noise ratio. That's something I'm all for.
Building your own stone walls and moat around what you consider important is taking it a step further, something I've recently become VERY mindful of and can't fault ANYONE for.
So, conclusion - these are good things, non-corporate VPNs, privacy, security, etc.
But we can't take things to the extreme that we're so well bubbled off that we're insular and isolated and out of touch with the greater world as a whole. Humans are social and interactive...or we would've died out long ago.
I can see the benefits and drawbacks... you have just as many criminals/terrorists using this same technology that we security-minded technologists like to use... how you separate the wheat from the chaff, right? It's in a nation's best interest to keep its citizens safe, while not crossing the line and infringing on people's right to privacy.
 
I would force all VPN providers to comply to local regulations when their servers are located inside the country. Otherwise they are in fact illegal and doing business based on mostly scare tactics. Whoever wants to connect directly to Panama or Papua New Guinea - feel free to do so. In Canada in particular activity logging is mandatory for all ISPs. I don't mind if someone is watching because in another thread here we are discussing NUC options, but someone else somewhere else may be discussing NUKE options. Scaled down to a company - you do what the company policy says and what you agreed to. If you don't want to - go work somewhere else. Democracy is like spice. Too much of it spoils the food.
 
I would force all VPN providers to comply to local regulations when their servers are located inside the country. Otherwise they are in fact illegal and doing business based on mostly scare tactics. Whoever wants to connect directly to Panama or Papua New Guinea - feel free to do so. In Canada in particular activity logging is mandatory for all ISPs. I don't mind if someone is watching because in another thread here we are discussing NUC options, but someone else somewhere else may be discussing NUKE options. Scaled down to a company - you do what the company policy says and what you agreed to. If you don't want to - go work somewhere else. Democracy is like spice. Too much of it spoils the food.
OK thanks for your legislative input, Senator @Tech9! :p Thanks for being part of the 5 Eyes Consortium!
 
Last edited:
I have joined the eyes about 2 years ago. Mandalorians tracking department.


:D
 
I have joined the eyes about 2 years ago. Mandalorians tracking department.


:D
This is the way...
 

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top