zlacker

>>todsac+(OP)
Tailscale is a great solution for this problem. I too run homeserver with Nextcloud and other stuff, but protected behind Tailscale (Wireguard) VPN. I can't even imagine exposing something like my family's personal data over internet, no matter how convenient it is.

But I sympathize with OP. He is not a developer and it is sad that whatever software engineers produce is vulnerable to script kiddies. Exposing database or any server with a good password should not be exploitable in any way. C and C++ has been failing us for decades yet we continue to use such unsafe stacks.

>>Algebr+83
What do you need Tailscale for? Why isn't Wireguard enough?

>>rane+s7
There's nothing wrong with wireguard at all if you already have the hosting service available. The core value add for Tailscale is that they provide/host the service coordinating your wireguard network.

If I'm not mistaken, there's a self-hosted alternative that let's you run the core of Tailscale's service yourself if you're interested in managing wireguard.

>>_heimd+d8
What kind of "hosting service" are you referring to? Just run wireguard on the home server, or your router, and that's it. No more infra required.

>>bennyt+3q
I meant to say hosted service there, I.e. running a wireguard server to negotiate the VPN connections.

The main reason I haven't jumped into hosting wireguard rather than using Tailscale is mainly because I reach for Tailscale to avoid exposing my home server to the public internet.

>>_heimd+JI
What could be the issue with exposing WireGuard at a random port to the public internet?

It works over UDP so it doesn't even send any acknowledgement or error response to unauthenticated or non-handshake packets.