| ▲ | sunshine-o 4 hours ago | |||||||
For someone who want to setup a private network between host/devices, I feel the dilemma is always: 1. Trust a third party like Tailscale by giving them the key to your kingdom, but everything is incredibly easy and secure. 2. Self-host but need at least one host with a fixed IP address and an open port on the Internet. What requires a set of security skills and constant monitoring. That includes headscale, selhosted netbird, zerotier or a private yggdrasil mesh. | ||||||||
| ▲ | abcd_f 3 hours ago | parent | next [-] | |||||||
You can conceal that open port with some form of port knocking. Though this does reinforce your "easy" point. Also, if it's an UDP port, then using a protocol that expects first client packet to be pre-authenticated and not emitting any response otherwise gets you pretty damn close to having this port closed. | ||||||||
| ▲ | CommanderData 3 hours ago | parent | prev [-] | |||||||
When I look at these zero trust solutions need 80/443 for what seems some type of bootstrapping Better it happens using the same approach wireguard takes (udp/stateless). Though I'm not sure if there's more than just bootstrap taking place, maybe constant routing updates etc | ||||||||
| ||||||||