Selfhosted

48963 readers

1041 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.

Resources:

selfh.st Newsletter and index of selfhosted software and apps
awesome-selfhosted software
awesome-sysadmin resources
Self-Hosted Podcast from Jupiter Broadcasting

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago

MODERATORS

HybridSarcasm@lemmy.world

HybridSarcasm@lemmy.hybridsarcasm.xyz

VPN server on router or within home network? (discuss.tchncs.de)

submitted 2 weeks ago by ratzki@discuss.tchncs.de to c/selfhosted@lemmy.world

40 comments fedilink hide all child comments

Hi, looking for some advice to set up a VPN server to get into my home network when traveling.

I have a NAS and an openWRT AP within the network. My router is provided by the ISP and with a built-in VPN. Being a hobbyist in networking, I would like to tab your brains for suggestions and know how:

Should I get my own router to run a wireguard VPN off the router directly, i.e. on the edge of the network, OR run a VPN service off the openWRT AP or the NAS, i.e. from within the home network?

Thanks a lot for your help!

you are viewing a single comment's thread
view the rest of the comments

[–] dual_sport_dork@lemmy.world 35 points 2 weeks ago (1 children)

I personally do not trust ISP provided routers to be secure and up to date, nor free of purposefully built in back doors for either tech support or surveillance purposes (or both). You can expect patches and updates on those somewhere on the timescale between late and never.

Therefore I always put those straight into bridge mode and serve my network with my own router, which I can trust and control. Bad actors (or David from the ISP help desk) may be able to have their way with my ISP router, but all that will let them do is talk to my own router, which will then summarily invite them to fuck off.

Likewise, I would not be keen on using an ISP provided router's inbuilt VPN capability, which is probably limited to plain old PTPP -- it has been on all of the examples I've touched so far -- and thus should not be treated as secure.

You can configure an OpenWRT based router to act as an L2TP/IPSec gateway to provide VPN access on your network without the need for any additional hardware. It's kind of a faff at the moment and requires manually installing packages and editing config files, but it can be done.

[–] ratzki@discuss.tchncs.de 2 points 1 week ago

Thank you for the David link 🎆

The distrust is adding up, I see your point. Will be adding an openWRT router to host a VPN and also manage VLANs. Ultimately might move AdGuard there instead of piHole on my NAS.

Still not sure what to think about the cloud-pangolin setup, so might work stepwise.

Thanks!