Absolutely lovely animation. This just made my day. Thank you kind stranger.

Even if we get people to shift to privacy respecting or encrypted apps, the problem still stands. They could just ask you to give access to those services. If you don't, it would come with its own legal challenges.

Section 247(1)(ii)–(iii) mandates individuals and businesses to disclose passwords or encryption keys and permits officers to “override the access control” of any device or account. If you don’t hand over your phone passcode or email password on demand, officials can hack into the device. Any refusal is now explicitly punishable as non-compliance.

End-to-end encrypted messaging services like WhatsApp or Signal could be forced open during a tax raid.

Solving the issue would need to come from challenging the act itself.

I wasn't able to get a clear response but I can say that they are primarily going to use it for writing and storing code like a Github repo, plus installation of 2-3 programs whose names I couldn't recognise.

They could use Github itself, but I know they know this too so but deliberate chose to work this way. I could probably suggest a software like Gitea or Forgejo for this purpose, but I suppose they aren't in need of that.

I've set up Pangolin on my VPS and had no problems accessing docker services on my homelab remotely. However, I don't know how I am supposed to SSH or SFTP to my homelab. Will I connect to my VPS instead? Would I need to break Pangolin or expose a vulnerability to do so?

Honestly I am in need of a proper networking tutorial at this point.

I was told the some team members work in different universities, so we would need to accommodate them as well

This actually worked! I've disabled the 'Block connection without VPN' and 'Always-on VPN' options and my phone is finally able to access other devices.

I've never tried this approach before as my computers were able to connect to each other even with kill switch enabled on both of them, making me assume the problem didn't lie here, but you proved me otherwise.

I'm somewhat hesitant to leave the configuration like this, but I guess it's worth it given the circumstances. Thank you very much for your advice!

I have to go to work, but posting this is more important

Honestly, after considering the security implications of enabling access to the university's network, I think I would first warn the team about this before setting up anything and let them decide how to proceed afterwards. I'll also inform them to ask the IT department for the in-house VPN solution and identity management.

I don't believe there would be need for the team to access anything in the network apart from the computer itself. Is it possible to arrange a solution that disables connections to intranet devices through the server by default just to be safe?

Part of the reason why they left so many details vague was to give me some freedom on what to setup in the server based on what I think is right, although I do agree there needs to be clarification for some points.

Could you give me a hint on what I should additionally ask regarding their server needs?

I was proposed to set up the server knowing that I have limited knowledge on managing stuff like this. They already have an sysadmin in the campus, but I think their setup is simple enough that they were willing to approach me. Besides I do consider myself to be experienced enough to work my way around CLI and troubleshoot issues even if I haven't had experience with hardware like this.

I don't think negotiating for a different computer would be possible. The main challenge would be to make best of the hardware I'm provided, with additional peripherals if needed.

I do plan on asking them the nature of the work to be done on the server, but I wouldn't expect it to be too niche or computationally intensive since they have separate computers for that. In any case, I will relay the points highlighted in this thread to them and get a clear idea of what is needed to be arranged.

You are right. This is the least I can do.

Thanks for the words of encouragement.

I would never have found this on my own otherwise. I feel any amount of gratitude would fall short of compensating for how much time and effort it has saved me. Thank you regardless.

If possible, can you share how I can achieve the same effect with SFTP?

Thanks a ton!

Could you suggest what would be the most appropriate backup solution in this case? I could also ask them to arrange a backup drive or a cloud provider if needed.

Sorry if I am unable to provide specific details for the queries. I don't have answers to most of them myself which is why I was hoping what the safest bet for these situations would be to implement.

1. Highly likely they would be installing new software

2. I don't know much about its use case, although it won't be too intensive since they probably have a separate machine for heavier work.

3. Backup storage option wasn't proposed at all. I'm thinking of proposing to implement one.

4. I expect between 10-20 users.

5. User permissions requirements wasn't discussed as well, although I wouldn't expect there to be any need to grant everyone admin privileges

6. Don't know about the criticality of data. I could only speculate to be considerable by default.

Thank you for your suggestions. From the thread it is highly apparent that I would need IT's support on this.

As for the hardware, we could still consider a machine with Linux as the server instead. Though the remote access issue would need to be resolved.

The server should be no problem to the university as long as it's set up to do what I was told it would do.

Is it okay to use macOS too? I thought Linux was more prevalent among servers. Although if there is no significant change in operating one compared to Linux, then I'll just stick to macOS after all.

Thank you for your assist. I found the underlying issue to be with the DNS from the domain provider. I switched to Cloudflare DNS and now it works flawlessly.

I've been using your application for my services for almost a month now, though I just have one redirect link at the moment. I just forgot about it after the setup, although you could consider it to be a sign of a good product?

I wish if there could be additional analytics or logs for the links like a timeline, unique + existing visitors etc, however I completely understand if they cannot be implemented for the sake of keeping the app simple. Thanks for your service regardless!

Split tunneling is only available for paid plans. Free tier users can only choose between having their entire traffic go through the VPN or none at all.

I don't mind being without split tunneling. My grudge lies in not being able to access other computers and their services on the same network.