Natanael

Wireguard is most reliable in terms of security. For censorship resistance, it’s all about tunneling it in a way that looks indistinguishable from normal traffic

Domain or IP doesn’t make much of a difference. If somebody can block one they can block the other. The trick is not getting flagged. Domain does make it easier to administer though with stuff like dyndns, but then you also need to make sure eSNI is available (especially if it’s on hosting) and that you’re using encrypted DNS lookups

Your workaround is precisely why I said “more practical”. Any updates to your tooling might break it because it’s not an expected usecase

You don’t want FIDO2 security tokens for that, use an OpenPGP applet (works with some Yubikeys and with many programmable smartcards). Much more practical for authenticating a server.

BTW we have a lot of cryptography experts in www.reddit.com/r/crypto (yes I know, I’m trying to get the community moved, I’ve been moderating it for a decade and it’s a slow process)

You need to set up a publicly accessible device (in this case the VPS) as your IPv6 gateway

So you set up your VPN connecting your network to the VPS (should probably be set up from the router) and set your router to advertise an IP adress for the VPS which is routable from your local network as the gateway address (and should probably also run DHCPv6 for your network)

(note, I have not set up this stuff myself so I can’t help with implementation details)

Robots can definitely flip burgers.

Some can even do it twice!

Exclusively using Discord as a support channel should get you banned from the internet

An application password, basically

Yup, it’s more like self administration or something like that

It definitely sounds like he has redundant routes (this literally shouldn’t be possible otherwise) so yeah, he needs to fix priority