Comment on How to secure Jellyfin hosted over the internet?

• dan@upvote.au ⁨1⁩ ⁨week⁩ ago

  My point is that since the VPN uses a different subnet, it’s fine to keep it connected even at home. It’ll only use the VPN if you access the server’s VPN IP, not its regular IP.

  In any case, Tailscale and Wireguard are peer-to-peer, so the connection over the VPN is still directly to the server and there’s no real disadvantage of using the VPN IP on your local network.

  source

  • beerclue@lemmy.world ⁨1⁩ ⁨week⁩ ago

    Right, but I have wireguard on my opnsense. So when I want to reach jellyfin.example.com, if I am at home, it goes phone -> DNS -> proxy -> jellyfin (on the same network). If I am connected to the VPN, it goes from phone -> internet -> opnsense public ip -> wireguard subnet -> local subnet -> DNS -> proxy -> jellyfin. I see some unneeded extra steps here… Am I wrong?

    source

    • dan@upvote.au ⁨1⁩ ⁨week⁩ ago

      Oh yeah, there’ll be some overhead if you’re running Wireguard on a router. Hitting your router’s public IP won’t go out to the internet though - the router will recognize that it’s its IP.

      It’s common to run Wireguard on every computer/phone/tablet/etc rather than just on the router, since this takes advantage of its peer-to-peer nature. Tailscale makes it a lot easier to configure it this way though - it’s a bit of work for vanilla Wireguard.

      source

      • beerclue@lemmy.world ⁨1⁩ ⁨week⁩ ago

        I don’t think I’ve ever encountered what you say… I use WG it to access a network, not a device. I have a few dozen devices, physical and virtual, why should I set up wg on all of them? Tailscale, maybe, it’s a different story, but I prefer to “self host” and not rely on a 3rd party provider. Wireguard was relatively easy to set up too, a few years ago… and in the meantime, if I need to add a new client, it’s a two minute job.

        source