Fyi, you don’t need a raspberry pi to use PiVPN, it actually works on all Ubuntu based distros and even Alpine Linux, you can just install it in a VM on your NAS.
Comment on VPNs, self hosting & security
Tsubodai@programming.dev 6 months agoYeah, I definitely like the idea of leaving all services running locally, and connect to my VPN when needing to tinker/access.
I do have a couple of raspberry pi’s, but I prefer to run stuff on the Nas, I only use the pi’s as clients to stream from.
I’m gonna go lookup the difference between openvpn and wireguard :) And I have a dynamic DNS setup, that’s basically the same as a fixed IP, right?
Thanks!
Presi300@lemmy.world 6 months ago
Tsubodai@programming.dev 6 months ago
Ah. VMs. I (stupidly?) Set my storage array to use extra, and apparently it needs to be a btrfs to be able to use VMs. I cba to rebuild it at the moment… so I just use docker for everything
Presi300@lemmy.world 6 months ago
Ext4? What do you run on your NAS?
habitualTartare@lemmy.world 6 months ago
I setup openvpn on my network originally + duckdns on a dynamic IP in 2021/2022. It’s an “older” protocol but I felt it was easier to setup since it’s been around longer and the tools just make it easy.
Wireguard has speed advantages but being newer, takes more work to see those speed advantages. There’s a docker container called wg-easy that I’ve heard mixed things about (speed in a docker container vs easy to setup).
I used tail scale when I rebuilt my VPN server because I was originally using Oracle Linux (wanted to learn it more but went back to Ubuntu).
If you can get certificates working, wireguard shouldn’t be too difficult. I prefer VPN over exposing multiple ports/protocols for a family or small userbase. If you’re sharing libraries or other services with extended family, I’d probably expose those to the Internet and work on hardening/having that server in a demilitarized zone + certificate based authentication and MFA on any public admin accounts.