this post was submitted on 05 Feb 2024
30 points (94.1% liked)

Selfhosted

40183 readers
999 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

So for the past few years (?) I have been using wireguard to vpn into (effectively) my firewall and a dynamic dns setup to access that remotely. But with the shitshow that is google domains and the like, this seems like a good opportunity to look into a few of the alternatives. I am not entirely opposed to just going in and changing the dns server once I figure out what I am going to do on that front, but wireguard has always been a bit of a mess to set up for less "tech savvy" people who need access to the home network.

Every so often I see some cloud based solutions get suggested. Which is sketchy but I already have a few alerts set up to be able to remotely shut my network down if wireguard is acting up when it shouldn't be and shutting down a VM is a lot less of a "do I really need to do this?" than shutting off the entire network. But most of those solutions seem built around selling seats which means they want you to add individual devices rather than just setting up a tunnel.

So is wireguard still the gold standard? Or is there a more user friendly solution that will let me compromise a bit but also have a setup that doesn't require me to be physically on site to fix the inevitable hiccups because it takes hours of reading articles to understand the setup?

Thanks

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 20 points 9 months ago* (last edited 9 months ago) (2 children)

If you're just accessing one device, why not use SSH?

SSH with pubkey authentication and sane firewall rules is very secure. Bonus points for fail2ban

[–] [email protected] 3 points 9 months ago (1 children)

Fail2ban might not be a good thing. You can flood the blacklist.

You just have to run a continous attack with spoofed source addresses. use IPv6 addresses and just wait until the whole ipv6 space is in the blacklist. by then that file will be huge. might even crash some servers

[–] [email protected] 2 points 9 months ago* (last edited 9 months ago)

you're right and sane firewall rules could prevent this type of attack