Email or username:

Password:

Forgot your password?
Veronica's posts Post Back to profile
Top-level
R. L. Dane :debian: :openbsd:

@jsbilsbrough @vkc @crossed

What do y'all think about port-knocking? Is it any good?

1 July at 15:10 | Wall-to-wall | Open on fosstodon.org
13 comments
James Bilsbrough

@RL_Dane @vkc @crossed seems like a potentially bad idea, plus it appears it relies on the local firewall, not a network level one ?

howtogeek.com/442733/how-to-us

1 July at 15:16 | Open on mastodon.me.uk
R. L. Dane :debian: :openbsd:

@jsbilsbrough @vkc @crossed

Yeah, its not the same level of isolation, for sure.

What do you do for remote access? Tail scale? VPN?

I'm thinking in regards to home stuff.

1 July at 15:21 | Open on fosstodon.org
James Bilsbrough

@RL_Dane @vkc Tailscale has worked out really well for me.

I’ve got it setup on my Pi with a subnet router for stuff that can’t run Tailscale easily - like my TrueNAS box.

That way I can access anything on the local subnet when I’m connected to Tailscale on any device
I have with me.

1 July at 15:26 | Open on mastodon.me.uk
R. L. Dane :debian: :openbsd:

@jsbilsbrough @vkc

I'll have to find a way to combine #Yunohost with #Tailscale, because Yuno wants to have open ports on the internet, and I think that's loopy, even for home.

1 July at 15:37 | Open on fosstodon.org
James Bilsbrough

@RL_Dane @vkc shout if you want any help / sanity checks!

1 July at 15:44 | Open on mastodon.me.uk
R. L. Dane :debian: :openbsd:
Veronica Explains replied to R. L. Dane :debian: :openbsd:

@RL_Dane @jsbilsbrough Tailscale is fun, I haven't deployed it personally but have played around on it a bit. I'm also not a fan of port knocking and tend to VPN when away from home.

I'm ancient so I've typically used OpenVPN but I rarely use it anymore anyway, since nowadays if I'm leaving home I don't need to bring my homelab with me. :)

1 July at 16:07 | Open on linuxmom.net
R. L. Dane :debian: :openbsd: replied to Veronica

@vkc @jsbilsbrough

Doesn't the VPN itself need an open port, though? Is that safer than SSH?

I was thinking of using Tailscale because (to my understanding) it doesn't need an open port.

Man, I'm really wished I had switched to NetSec in 2003. My networking knowledge is really rough. 😅

1 July at 16:12 | Open on fosstodon.org
Veronica Explains replied to R. L. Dane :debian: :openbsd:

@RL_Dane @jsbilsbrough "safer" is relative to the threat, of course.

In my typical case, OpenVPN is handled itself by my firewall appliance. While it opens a port it also knows what bad traffic to scan for, without me telling it what to do. Again, I'm not a security researcher, but I tend to trust pfSense/OPNsense/etc more than myself when it comes to opening a port and watching for baddies.

And nowadays I don't even do that, because I just don't need it badly enough anymore.

1 July at 17:13 | Open on linuxmom.net
Veronica Explains replied to Veronica

@RL_Dane @jsbilsbrough I should also mention that I typically remote from a static IP provided by my wireless carrier. So, in my case, the firewall knew where I'd be coming from and I could block most of the internet from getting in.

1 July at 17:15 | Open on linuxmom.net
Tom replied to Veronica

@vkc @RL_Dane @jsbilsbrough You can get static IP's for mobile data?

1 July at 17:30 | Open on fosstodon.org
Veronica Explains replied to Tom

@tripplehelix it's usually an option for business accounts. I've had them numerous times in the past connected with hotspot appliances. Not currently using one since I don't have as much of a need anymore.

@RL_Dane @jsbilsbrough

1 July at 17:43 | Open on linuxmom.net
Tom replied to Veronica

@vkc @RL_Dane @jsbilsbrough I like the ability to see my local cameras when away, tailscale makes that simple.

1 July at 17:08 | Open on fosstodon.org
Go Up