So for the past few years (?) I have been using wireguard to vpn into (effectively) my firewall and a dynamic dns setup to access that remotely. But with the shitshow that is google domains and the like, this seems like a good opportunity to look into a few of the alternatives. I am not entirely opposed to just going in and changing the dns server once I figure out what I am going to do on that front, but wireguard has always been a bit of a mess to set up for less “tech savvy” people who need access to the home network.

Every so often I see some cloud based solutions get suggested. Which is sketchy but I already have a few alerts set up to be able to remotely shut my network down if wireguard is acting up when it shouldn’t be and shutting down a VM is a lot less of a “do I really need to do this?” than shutting off the entire network. But most of those solutions seem built around selling seats which means they want you to add individual devices rather than just setting up a tunnel.

So is wireguard still the gold standard? Or is there a more user friendly solution that will let me compromise a bit but also have a setup that doesn’t require me to be physically on site to fix the inevitable hiccups because it takes hours of reading articles to understand the setup?

Thanks

  • lntl@lemmy.ml
    link
    fedilink
    English
    arrow-up
    15
    ·
    edit-2
    9 months ago

    If you’re just accessing one device, why not use SSH?

    SSH with pubkey authentication and sane firewall rules is very secure. Bonus points for fail2ban

    • kylian0087@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      9 months ago

      Fail2ban might not be a good thing. You can flood the blacklist.

      You just have to run a continous attack with spoofed source addresses. use IPv6 addresses and just wait until the whole ipv6 space is in the blacklist. by then that file will be huge. might even crash some servers

      • lntl@lemmy.ml
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        9 months ago

        you’re right and sane firewall rules could prevent this type of attack

  • Atemu@lemmy.ml
    link
    fedilink
    English
    arrow-up
    12
    ·
    edit-2
    9 months ago

    with the shitshow that is google domains and the like, this seems like a good opportunity to look into a few of the alternatives.

    I don’t see how google domains play into this? If you’re using their DNS and it sucks, just use a different DNS host instead. I can recommend https://desec.io/.

    most of those solutions seem built around selling seats which means they want you to add individual devices rather than just setting up a tunnel.

    Are you talking about Tailscale?

    The idea behind every client and server running a tailscaled isn’t to sell you more seats but rather to enable P2P connections. Their whole product is set up around this; ACLs and individual device sharing wouldn’t work without this architecture.

    If you don’t care about all of that, you can simply set up a subnet router on one device and use it like a classical VPN server. Though I’ve never run into device limits on the free plan, even before they were increased.

    Tailscale is as close to a hassle-free user-friendly solution as you can reasonably get.

    • Poutinetown@lemmy.ca
      link
      fedilink
      English
      arrow-up
      1
      ·
      9 months ago

      Cloudflare, namecheap, GoDaddy, domain.com, they all offer dns I think. Some of them are supported by Dyndns; you can find a list of supported providers.

  • TCB13@lemmy.world
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    10
    ·
    9 months ago

    So is wireguard still the gold standard?

    Yes, unlike you want to rely on 3rd parties and proprietary garbage like Cloudflare, Tailscale and whatnot.

    • Atemu@lemmy.ml
      link
      fedilink
      English
      arrow-up
      11
      arrow-down
      1
      ·
      9 months ago

      Tailscale’s official clients are FOSS on free platforms and there is an officially endorsed FOSS back-end (headscale) if you wanted to self-host a fully FOSS environment.

      Of course, hosting headscale requires a public server which you may not want or have the ability to host and in those cases, using their proprietary back-end as a service is absolutely fine in my books.

      As a company, Tailscale has generally struck me as quite the opposite of “garbage”.