Comment on Another good reason not to open port 22
018118055@sopuli.xyz 1 year ago
I’d favour own VPN instead of relying on an additional third party
Comment on Another good reason not to open port 22
018118055@sopuli.xyz 1 year ago
I’d favour own VPN instead of relying on an additional third party
entropicdrift@lemmy.sdf.org 1 year ago
Right? PiVPN is easy AF and uses WireGuard. No reason not to set up something yourself if you’re already selfhosting.
glasgitarrewelt@feddit.de 1 year ago
Please ELI5: How does this solution work? You tunnel yourself in your home network with a VPN on your PI? How is that safer, isn’t there still a port open?
entropicdrift@lemmy.sdf.org 1 year ago
I have a port open, yes, but it’s not port 22. The problem with Tailscale is you’re trusting a third party. With my setup, it’s just me connecting directly to my Pi. Thanks to port forwarding the only open port pointing to my Pi is the one that I use for WireGuard.
I already have a DDNS and domain name pointing to my house, so there’s effectively no added risk compared to my existing setup with a couple webapps being reverse proxied behind Caddy on a different device.
glasgitarrewelt@feddit.de 1 year ago
Thanks! I think I get too hung up on the VPN-part. If I had a setup where I open one Port to a Pi which is set up as a nginx reverse proxy that redirects the connection to my different services depending on the URL - homeassistant.myserver.com, backup.myserver.com,… - would that be considered a VPN?
018118055@sopuli.xyz 1 year ago
Mine is quick enough to run remote desktop over
entropicdrift@lemmy.sdf.org 1 year ago
Same, I use Moonlight/Sunshine to stream my main gaming PC. I can even use wake on lan, so the big chungus isn’t drawing power unless I’m using it.
not_awake@lemmy.world [bot] 1 year ago
Do you have any tutorial that explains what you did? I’d love to try to better understand your setup
018118055@sopuli.xyz 1 year ago
Oh, something new to try, thanks