Ebooks are really easy to find. Anna’s Archive and Zlib basically have every book you’d be looking for in their shadow libraries.

Kubuntu? Whore.

SFP is pretty straightforward. Most of the SFP modules you can buy you just connect and they work. For something like that, you would be doing fiber to ethernet hand off at a switch. Then you have pretty much everything run to the switch including router and just VLAN isolate. It’s not super complicated, but if you never messed with VLANs it might be better to go with something pre-packaged unless you’re up for learning.

You could also do a DIY router and run a multi-gig SFP+ network card over PCIe. You still have to purchase a separate SFP module for that, but that is another option.

I set up a backup cell connection to my cable internet connection. Sketchy Chinese 4G LTE modem. My router was a DIY job I set up off of Ubuntu Server. Everything ran to a Cisco switch and then was VLAN isolated. For the two WAN connections, I ran scripts from the router that periodically tried to reach out to several DNS providers and then average response rates to determine if the main connection was up. If not then it would modify default routes and push everything to the cell.

The cell connection had pretty low data cap, so it was just for backup and wasn’t a home style plan. I used the old TTL modification trick to get it to pass data like a phone. When I moved the backup to 5G, TTL modification stopped working and I had to resort to creating tunnel interfaces to an actual phone. Since that tunnel is limited in bandwidth to the lowest value, my speeds were really cut in half.

A VPN would give you access to a network, but not necessarily the devices on that network. It adds another layer of security as the user not only has to have SSH credentials/keys, but they also have to have the same for the VPN. SSH and VPNs would really be used in conjunction with each other.

It’s onion security.

My understanding was it’s bad practice to host images on Lemmy instances anyway as it contributes to storage bloat. Instead of coming up with a one-off script solution (albeit a good effort), wouldn’t it make sense to offload the scanning to a third party like imgur or catbox who would already be doing that and just link images into Lemmy? If nothing else wouldn’t that limit liability on the instance admins?

Typically schools and universities have acceptable use policies for student VPNs. It is not very difficult to detect VPN setup on a network and universities almost always have at least some form of network monitoring happening.

That said, VPNs are often times blocked and so is SFTP. Most universities I’ve done work with have a requirement that the traffic will be blocked unless you can make a case to IT as to why you need that access.

There are few legitimate use cases for student VPNs and IT staff are usually not idiots and understand what you are up to.

Yep, that’s the one. You just set your upstream default to something like tcp-tls:1.1.1.1:853 for DoT (which is what I use anyway).

Good documentation on other features like adblocking,caching,etc: https://0xerr0r.github.io/blocky/v0.21/configuration/

Just throwing out a couple of other solutions I didn’t see mentioned for DoH/DoT:

1. CoreDNS
2. Blocky

Both of those support encryption and allow for DNSBL. If you are wanting to hand out DNS entries over DHCP it may a problem with your ISPs router there. Either replace it, sit one you do control between it and your network, or run DHCP snooping from a switch to restrict it’s DHCP.