Comment on How to secure Jellyfin hosted over the internet?
beerclue@lemmy.world 1 week agoRight, but I have wireguard on my opnsense. So when I want to reach jellyfin.example.com, if I am at home, it goes phone -> DNS -> proxy -> jellyfin (on the same network). If I am connected to the VPN, it goes from phone -> internet -> opnsense public ip -> wireguard subnet -> local subnet -> DNS -> proxy -> jellyfin. I see some unneeded extra steps here… Am I wrong?
dan@upvote.au 1 week ago
Oh yeah, there’ll be some overhead if you’re running Wireguard on a router. Hitting your router’s public IP won’t go out to the internet though - the router will recognize that it’s its IP.
It’s common to run Wireguard on every computer/phone/tablet/etc rather than just on the router, since this takes advantage of its peer-to-peer nature. Tailscale makes it a lot easier to configure it this way though - it’s a bit of work for vanilla Wireguard.
beerclue@lemmy.world 1 week ago
I don’t think I’ve ever encountered what you say… I use WG it to access a network, not a device. I have a few dozen devices, physical and virtual, why should I set up wg on all of them? Tailscale, maybe, it’s a different story, but I prefer to “self host” and not rely on a 3rd party provider. Wireguard was relatively easy to set up too, a few years ago… and in the meantime, if I need to add a new client, it’s a two minute job.