Yeah, but also would be interested in how you put it together.
Comment on Journey into self-hosting
themachine@lemmy.world 2 months ago
I’m not entirely sure what the actual question is. Can you rephrase what exactly you are trying to accomplish?
homesweethomeMrL@lemmy.world 2 months ago
SturgiesYrFase@lemmy.ml 2 months ago
VPN needs to come in from my domain IP, but exit from my network. What network security best practices should I be implementing?
themachine@lemmy.world 2 months ago
Best practicescomeas down to what you do or do not want the VPN clients to access. This mostly comes down to routing and firewall rules.
So, what should your users have access to?
Also what is the vpn?
SturgiesYrFase@lemmy.ml 2 months ago
Some users just need to be able to exit my home network.
I would like to, maybe, in the future have a file server/jellyfin, have access to other devices on my network and if I’m somewhere with low enough latency stream games off steam.
Just wanted to say, thanks for asking me for further details. You could have been a dick about my unclear initial post, and I appreciate your just picking away at it until I was a bit more specific about what I was actually asking for.
If this was reddit the whole thing would’ve been a fair bit more hostile.
themachine@lemmy.world 2 months ago
You did not answer what VPN tech you are using.
Without that knowledge i would recommend setting up tailscale and having your users use that. If you want to be fully self hosted you can also run Headscale as the control plane instead of relying on Tailscales own service.
I recommend tailscale as it is very easy to grant a user privileges to ONLY use an endpoint as an exit node but also grant access to any other endpoints as needed (such as your future jellyfin server) via theor ACLs.