You are only browsing one thread in the discussion! All comments are available on the post page.

Return

Bdaman ,

The only externally accessible service is my wireguard vpn. For anything else, if you are not on my lan or VPN back into my lan, it’s not accessible.

AtariDump ,

This is the way.

sunbeam60 ,

Funnily enough it’s exactly the opposite way of where the corporate world is going, where the LAN is no longer seen as a fortress and most services are available publically but behind 2FA.

AtariDump ,

Corporate world, I still have to VPN in before much is accessible. Then there’s also 2FA.

Homelab, ehhh. Much smaller user base and within smackable reach.

sunbeam60 ,

Oh right. The last three business I’ve worked in have all been fully public services; assume the intruder is already in the LAN, so don’t treat it like a barrier.

SecretSauces ,
@SecretSauces@lemmy.world avatar

Can I ask your setup? I'd like to get this for myself as well.

JDubbleu ,

Not OP, but I just use ZeroTier for this since it's dead simple to setup and free. I'm sure there's some 100% self-hosted solutions, but it's worked for me without issue.

flawedFraction ,

Try pivpn. It is meant to run on a raspberry pi, but it should work on most Ubuntu and Debian based distributions.

jaykay ,
@jaykay@lemmy.zip avatar

Not OP but… I have an old PC as a server, Wireguard in docker container, port-forward in the router and that’s it

RedNight ,

Which image? I've seen a few wireguard options on docker hub

jaykay ,
@jaykay@lemmy.zip avatar

Linuxserver

Bdaman ,

Sorry, haven't logged on in a bit. I use OPNSense on an old PC for my firewall with the wireguard packet installed.

Then use the wireguard client on my familys phones/laptops that is set to auto connect when NOT on my home wifi. That way media payback, adguard-home dns and everything acts as seamless as possible even when away while still keeping all ports blocked.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • selfhosted@lemmy.world
  • random
  • All magazines
    •