There are ~50,000-60,000+ available IP ports. If you had Wireguard configured correctly and running on every single one of them a port scanner would get exactly the same result as if every port was closed. Wireguard is completely silent unless the correct key is provided.

The “script kiddies” could scan every port for months and they’d get the same result. There is no known way to even know there’s an open port much less know that Wireguard is running on it AND have the correct key for access.

I understand being gun shy after your experience (I would be too), but that experience has nothing to do with what happens when you open a port for Wireguard.

deleted by creator

When I looked into this configuration a few years ago the security improvements seemed minimal. Adding yet another provider to the mix plus the additional risk of a server misconfiguration didn’t seem to be worth the trouble unless I was dealing with CGNAT.

Besides hiding endpoints from your ISP and exposing them to the VPS, how much security does this really add?

DDNS (Dynamic DNS), one 3rd party service I do use.

My network is reached by URL, not IP (although IP still works). When my IP changes the router updates the DDNS service in minutes. Lots of providers out there and it’s easy to switch if needed. I like DuckDNS. It’s free or you can choose to donate a bit to cover their expenses.

I think you’re overthinking it. Wireguard is considered the “gold standard” and an excellent solution for what you’re trying to do. Open ports can be a concern, but an open Wireguard port is completely silent when not in use and does not respond unless it receives the correct access keys. That makes it invisible to port scanners.

Wireguard on my OpenWRT router works flawlessly. If the router is working the WG endpoint is too, and there are no 3rd parties involved. Tailscale provides much the same thing, but as I understand it requires the involvement of multiple 3rd party services. I’ve been burned too many times by terms of service changes and security breaches so I wanted to avoid relying on any corporate entities wherever possible.

Tasker brings up the tunnel on my phone automatically whenever I’m not connected to my home wifi and drops it when I get back home, so my home servers are always available. My biggest problem when not at home is Verizon’s crappy mobile network.

IMO it’s worth the effort to properly configure Wireguard and get your servers working. Once you get it set up you probably won’t have to touch it for years.

Pretty sure a decent amount of them are bots.

Could be, but those bots must be programmed to simulate actual Maggots. They don’t know how to spell, capitalize or use punctuation, much less write more than a single barely comprehensible sentence.

I found it useful for some things. We have a pack of coyotes in town that preys on dogs and occasionally is spotted in the neighborhood. It was also useful for business & contractor recommendations, but have to otherwise agree with you.

It goes deeper with Nextdoor. During Covid someone living next to a local evangelical church posted pictures of a packed event where no one was wearing a mask. Some of those pictures included the backs of a few kid’s heads.

The “Good Christian” church members complained that he was a pedophile and Nextdoor deleted his account! This could not be done by moderators and required Nextdoor executive approval.

Nextdoor is a Maggot haven from top to bottom.

Even in my relatively liberal U.S. city, Next Door is overrun by Magats who are cheered on and protected by right-wing Magat moderators. It needs to die and this looks like a great replacement.

So the opposite must be true too right? When taxes go way up companies drop their prices to compensate because, according to you they only charge what consumers can pay. Except that doesn’t happen at all. Instead tariffs just caused prices to go way up without any intervention by corporations.

What complete nonsense.

It took a bit of effort and finding a really stable Linux distro on my hardware. For me that was Linux Mint.

Switching was made relatively easy by dual-booting and running Linux as much as possible while going back to Windows if I didn’t have time to figure something out. After few months of this I wasn’t using Windows at all and eventually deleted the partition.

Your assumptions are no longer accurate.

For one thing Lithium-ion batteries are becoming common in consumer UPS models including those from Cyberpower, Eaton, and APC.

There is no memory effect and they don’t need to be discharged and recharged regularly.

Similar to a mechanical device that wears out faster with heavy use, the depth of discharge (DoD) determines the cycle count of the battery. The smaller the discharge (low DoD), the longer the battery will last. If at all possible, avoid full discharges and charge the battery more often between uses. Partial discharge on Li-ion is fine. There is no memory and the battery does not need periodic full discharge cycles to prolong life. - https://www.batteryuniversity.com/article/bu-808-how-to-prolong-lithium-based-batteries/

The risk of fire is extremely low. For a high quality charge limited lithium ion battery in a controlled environment it is about the same as a UPS with lead acid batteries.

Your chance of being struck by lightning in the course of a lifetime is about 1 in 13,000. Lithium-ion batteries have a failure rate that is less than one in a million. The failure rate of a quality Li-ion cell is better than 1 in 10 million. https://www.batteryuniversity.com/article/bu-304a-safety-concerns-with-li-ion/

Battery swelling (not caused by manufacturing defects) is primarily caused by overcharging, deep-discharge, physical damage, and heat, none of which are problems for my server installation.

The risk of fire from parking your car in your garage is hundreds of times higher than using a laptop as a server.

After having my server fail to recover after a power failure while I was out of town for an extended period, I moved all important server apps to an relatively inexpensive (<$200) laptop.

The battery is firmware limited to a 70% charge which means it will last for years with no significant safety concerns. Even at a partial charge, Debian indicates 7 hours of run time when the power fails (I’ve had none longer than 4), and it’s unaffected by power blinks. It saves a bit of electricity too and costs $150 less per year to run than my old UPS alone.

It’s been running for nearly 2 years without a hitch.

I have both running right now. Mint on my laptop and media server. Debian only because it was previously required for Home Assistant support, (support which they’ve now dropped.)

Both distros are extraordinarily reliable, but I much prefer Mint. Debian is more focused on security and some of the design choices focus on that over usability. My LAN is completely locked down and only accessible via Wireguard and the physical systems are only accessible to me, so IDK how much better security it provides in my situation. Mint has every package I’ve ever needed prebuilt while I have had to build some packages for Debian.

Bottom line: As much as I like Mint, for me there is not sufficient reason to switch from Debian to Mint or visa-versa, but if I were installing from scratch I’d choose Mint every time.

Nomachine with local & Wireguard access only.

I think Anydesk can be trusted as much as any company. They did notify users when a breach occurred a couple of years ago. By contrast Teamviewer was hacked and blamed their customer’s “password reuse” for years before finally admitting they had a breach. The company cannot be trusted.

I use Anydesk occasionally to help friends but never leave it running if it’s not actively in use.

The battery limiting capability was an absolute requirement and I also ended up with a Dell. Having a display and keyboard always available is also great for some tasks.

I had a similar failure while I was out of the country for a month. My Raspberry Pi didn’t come back after a power blink. Home Assistant, Wireguard tunnels, security cameras, Jellyfin, Syncthing backup and DNS all failed until I returned. After looking at possible solutions I ruled out buying redundant hardware because of the cost, and more importantly the time and complexity of implementing and maintaining everything.

Instead I bought a small, relatively inexpensive laptop and a router with plenty of processing power and memory. I moved my Wireguard endpoints, DHCP and DNS server to the router and everything else to the laptop and disconnected my UPS completely.

If the router is up, WG connectivity, DNS, DHCP and wifi are up. The router does reset on power failure, but my ISP has no local power backup so Internet is out until power is restored anyway.

This laptop loafs along at 10 watts and costs about $2 per month to operate despite our high electric rates. My old UPS drew 75 watts most of the time even when there was nothing plugged in and cost more than $16/month to run. The laptop’s battery is firmware limited to a 70% charge so the battery will last years without degrading and making other battery issues unlikely. It provides 7 hours of operation if power fails compared to an optimistic 20 minutes for the UPS. Power blinks (and there have been plenty) have no effect on the laptop at all.

I’ve been happy with this configuration. It has worked flawlessly for almost 2 years.

You got a year? Ubuntu must be improving! I’d typically get 2-4 months and then have to spend hours troubleshooting to get something working again. I can’t remember the last time that happened to one of my Mint installations.

You aren’t alone having stability problems with Ubuntu. As much as I like the OS, my Ubuntu installs always broke and required troubleshooting at some point. Right now I only have Ubuntu installed on a bootable USB ssd that I use for backups and other disk operations, but even on that the desktop crashes regularly.

I eventually got tired exploring different distos and switched back to Mint. It’s been running with regular updates and upgrades on my desktop PC for 5 years and 3 on my laptop. I’ve had very few problems. Debian has been just as stable on my server.

I’m no security expert and my biggest concern with self-hosting is making a configuration error in the OS or some app, or missing a critical update that allows someone access to my personal data. In order to reduce the attack surface and management requirements my network can only be accessed through Wireguard. The random open WG ports do not respond to unauthenticated packets, so someone would have to have access to my configurations to be able to get past my firewall, at least in the absence of some yet unknown vulnerability. Of course that won’t prevent mistakes being made on PCs (especially Windows) but it’s one less thing to worry about.

Wireguard clients on our PCs and phones make connecting and accessing media and files a breeze. There are no third parties involved so enshittification by some company’s security breach or sudden monthly fee isn’t going to happen.

I have a Bosgame mini-PC that is completely inaudible unless you get close to it. Power draw is <15 watts under light load meaning that even with the high electricity rates where I live it costs less than $3.50 a month to operate. I’ve avoided hard drives because I don’t want to listen to them whine, so no comment there. Two simultaneous 1080p Jellyfin streams increase CPU utilization by less than a percent and it still is under 5% with a couple of other Docker containers running.

Good luck setting everything up to your liking.