Email or username:

Password:

Forgot your password?
Top-level
R. L. Dane :debian: :openbsd:

@jsbilsbrough @vkc @crossed

Yeah, its not the same level of isolation, for sure.

What do you do for remote access? Tail scale? VPN?

I'm thinking in regards to home stuff.

11 comments
James Bilsbrough

@RL_Dane @vkc Tailscale has worked out really well for me.

I’ve got it setup on my Pi with a subnet router for stuff that can’t run Tailscale easily - like my TrueNAS box.

That way I can access anything on the local subnet when I’m connected to Tailscale on any device
I have with me.

R. L. Dane :debian: :openbsd:

@jsbilsbrough @vkc

I'll have to find a way to combine #Yunohost with #Tailscale, because Yuno wants to have open ports on the internet, and I think that's loopy, even for home.

James Bilsbrough

@RL_Dane @vkc shout if you want any help / sanity checks!

Veronica Explains replied to R. L. Dane :debian: :openbsd:

@RL_Dane @jsbilsbrough Tailscale is fun, I haven't deployed it personally but have played around on it a bit. I'm also not a fan of port knocking and tend to VPN when away from home.

I'm ancient so I've typically used OpenVPN but I rarely use it anymore anyway, since nowadays if I'm leaving home I don't need to bring my homelab with me. :)

R. L. Dane :debian: :openbsd: replied to Veronica

@vkc @jsbilsbrough

Doesn't the VPN itself need an open port, though? Is that safer than SSH?

I was thinking of using Tailscale because (to my understanding) it doesn't need an open port.

Man, I'm really wished I had switched to NetSec in 2003. My networking knowledge is really rough. 😅

Veronica Explains replied to R. L. Dane :debian: :openbsd:

@RL_Dane @jsbilsbrough "safer" is relative to the threat, of course.

In my typical case, OpenVPN is handled itself by my firewall appliance. While it opens a port it also knows what bad traffic to scan for, without me telling it what to do. Again, I'm not a security researcher, but I tend to trust pfSense/OPNsense/etc more than myself when it comes to opening a port and watching for baddies.

And nowadays I don't even do that, because I just don't need it badly enough anymore.

Veronica Explains replied to Veronica

@RL_Dane @jsbilsbrough I should also mention that I typically remote from a static IP provided by my wireless carrier. So, in my case, the firewall knew where I'd be coming from and I could block most of the internet from getting in.

Tom replied to Veronica

@vkc @RL_Dane @jsbilsbrough You can get static IP's for mobile data?

Veronica Explains replied to Tom

@tripplehelix it's usually an option for business accounts. I've had them numerous times in the past connected with hotspot appliances. Not currently using one since I don't have as much of a need anymore.

@RL_Dane @jsbilsbrough

Tom replied to Veronica

@vkc @RL_Dane @jsbilsbrough I like the ability to see my local cameras when away, tailscale makes that simple.

Go Up