this post was submitted on 28 Jun 2023
19 points (100.0% liked)

cybersecurity

3227 readers
5 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Enjoy!

founded 1 year ago
MODERATORS
 

Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 1 year ago (1 children)

Nice! I have a bunch of services I run locally but have been hesitant to expose to the internet so when I want remote access it's alwys over an openVPN connection. Why did you decide to go this route over just using wireguard directly from your client devices? I presume the openbsd box is just a reverse proxy?

[–] [email protected] 1 points 1 year ago

I had some servers sitting around from a previous project and I put them to use.

As soon as I wanted a valid TLS endpoint I was going down the rabbit hole of tunneling the local services; ingress or egress I'd have "trust issues" that I would have to deal with such as where the vaults live and get the database to them, sshfs? zfs smb? nfs? So I decided to extend out for the public services and keep the private services a couple tunnels away from the internet.

The other nice part is that I can make a tmpfs/memfs mount for my vault and cache it at the edge, still working on that one. ;-)