I have a VPS that I secure as much as possible since the IP is public, but does a wireguard-access-only homelab warrant the same efforts? Those with homelabs like this, what do you do?

  • hoshikarakitaridia@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    3 hours ago

    After installing tailscale with my Headscale server, I just left it as is. Maybe people in the comments can chime in but if you expose only your VPN server or broker (Headscale), you kinda narrowed down your attack vectors and a VPN itself is really solid. From my basic knowledge, it’s the server and client which are the bottleneck at that point, but there’s only so much you can do and if you continuously update both and maybe stay on stable / ltsc branches, you kinda did everything.

    I guess there’s something to say about the encryption algorithms used. What I remember from back in the day is everything elliptic curves that’s common is quite good so if you see “ECDSA” / “ECDH” you should be fine. RSA unfortunately is not that great anymore.