I’ve seen a bunch of people recommend Authelia. Do you mind if I ask why you went with it over other software? I only went with authentik because I found a tutorial on it first
Comment on How do you all handle security and monitoring for your publicly accessible services?
foggy@lemmy.world 1 week ago
Auth portal for VPN tunnell -> Authelia -> fail2ban -> VLAN with services only.
Keep that VLAN segmented. You’re good unless you’re a DOGE employee, then I’d recommend quite a bit more security.
a_fancy_kiwi@lemmy.world 1 week ago
pezhore@infosec.pub 1 week ago
This is the way. Layer 3 separation for services you wish to access outside of the home network and the rest of your stuff, with a VPN endpoint exposed for remote access.
It may be overkill, but I have several VLANs for specific traffic:
There are two new additions: a ext-vpn VLAN and a egress-vpn VLAN. I spun up a VM that’s dual homed running its own Wireguard/OpenVPN client on the egress side, serving DHCP on the ext-vpn side. The latter has its own wireless ssid so that anyone who connects to it is automatically on a VPN into a non-US country.