zlacker

[return to "A story on home server security"]
1. acidbu+s3[view] [source] 2025-01-05 13:25:14
>>todsac+(OP)
I really like the "VPN into home first" philosophy of remote access to my home IT. I was doing openvpn into my ddwrt router fortunately years, and now it's wireguard into openwrt. It's quite easy for me to vpn in first and then do whatever: check security cams, control house via home assistant, print stuff, access my zfs shared drive, run big scientific simulations or whatever on big computer, etc. The router VPN endpoint is open to attack but I think it's a relatively small attack surface.
◧◩
2. 6ak74r+Ek[view] [source] 2025-01-05 16:04:22
>>acidbu+s3
> I think it's a relatively small attack surface.

Plus, you can obfuscate that too by using a random port for Wireguard (instead of the default 51820): if Wireguard isn't able to authenticate (or pre-authenticate?) a client, it'll act as if the port is closed. So, a malicious actor/bot wouldn't even know you have a port open that it can exploit.

[go to top]