Comment on End-to-End Encrypted Chat that YOU Control: Hosting XMPP (Jabber) with Prosody
starkzarn@infosec.pub 3 days agoYes, absolutely. It all depends on implementation. I am using VLANs for L2 isolation. I have a specific DMZ VLAN that has my XMPP server and only my XMPP server on it. My network core applies ACLs that prevent any inter-VLAN traffic from there, so even if STUN/TURN pokes holes, the most that is accessible is that single VLAN, which happens to contain only the single host that I want to be accessible.
Great question.
qwexfle@lemmy.ml 1 day ago
I’m interested, although I’m not sure I understand. Isn’t the point of poking holes to enable clients to connect when obscured by NAT? Does voip still work with this?