Yep, this is a great setup.
On the DDNS front, depending on how (in)frequently your home IP address changes you could probably do away with the DDNS service. I have a registered domain name with a web host, i configured a sub domain to point to my home IP address (so vpn.domainname.com) which i use for my vpn connections. In the event that I’m out and about and i notice my connection to home vpn isn’t working i sign into Plex and check my home IP address via the admin pages, if it has changed then i log into my web host to update the ip the sub domain is pointed to, then I’m back in business. I used to have this scripted in Ruby, but it was more work to upkeep the script than it was to just update the IP record when it changed - in my experience it changes almost never (knock on wood).
Curious - Why recommend OpenVPN when wireguard is more efficient and less overhead ?
You’re 100% correct.
My tests should’ve been more thorough. I tested before with my phone using mobile internet but it turns out that turning off meshnet isn’t ass instant as I thought. If I wait for half a minute after switching off mesh I can’t access anything from the outside anymore (perfect!).
Thank you for taking the time to write a comment and making me test it again! I’ll edit the post to remove the false information about nordvpn mesh. The post itself will remain up since the comments contain a lot of good and informative information for other people trying to set up a vpn solution for themselves.
And if you want to selfhost as this /r/ is focused, check out the open source zero trust overlay network called OpenZiti - OpenZiti · GitHub
Or just use opnsense with no payment at all.
And if you want to selfhost as this /r/ is focused, check out the open source zero trust overlay network called OpenZiti - https://github.com/openziti… bonus, OpenZiti can be used for ZTN in your local network so no need to switch it off, have ZT everywhere!
This is definitely useful. I use it occasionally, but if I have docker already installed on the system, my preference is to use wg-easy. Works especially well for people who are command line scared.
Great suggestion! It’s a great tool.
Protectli vault hardware comes pre installed with opnsense, where it’s fairly easy to install add-ons like wireguard
There are other (cheaper) options to install opnsense on different hardware too, but I have no regrets with this purchase after a few years of use
I don’t personally know WireGuard and I’ve never had performance issues so far with OpenVPN. It is also easy to setup on Android and Windows with the configuration settings exported from pfSense.
I appreciate the fact that you gave it another try.
Glad to hear that everything is cleared up and working.
Firewalla is a lot more secure and feature rich. Good bit of kit made by a load of ex Cisco engineers
How do you have it setup on your phone too autocorrect, but only tunnel specific apps?
Lol. Lot more secure? Because you dont know the security issues.
No Firewall is 100% secure.
And name a few Features that firewalla has that opnsense is missing.
Only people that know nothing about networking say something is less secure than x without any actual knowledge or proof.
Since you didnt reply i see my point as valid.
Overall => Opnsense has a bigger Community, More Features, is free and fully opensource.
Thanks
On iPhone there’s a setting called on-demand activation for VPN. On Android, I use Tasker to check when I’m on home WiFi and either activate or deactivate wireguard accordingly.
As for tunneling specific apps, in the wireguard app on Android, you can choose which apps to include or exclude
But, but, Firewalla say they are more secure! I’m sure their advertising can be 100% trusted… /s
Thank you for adding /s to your post. When I first saw this, I was horrified. How could anybody say something like this? I immediately began writing a 1000 word paragraph about how horrible of a person you are. I even sent a copy to a Harvard professor to proofread it. After several hours of refining and editing, my comment was ready to absolutely destroy you. But then, just as I was about to hit send, I saw something in the corner of my eye. A /s at the end of your comment. Suddenly everything made sense. Your comment was sarcasm! I immediately burst out in laughter at the comedic genius of your comment. The person next to me on the bus saw your comment and started crying from laughter too. Before long, there was an entire bus of people on the floor laughing at your incredible use of comedy. All of this was due to you adding /s to your post. Thank you.
I am a bot if you couldn’t figure that out, if I made a mistake, ignore it cause its not that fucking hard to ignore a comment.
Well, take your time and write the reply when you have time.
Just want to know why you think that a paid Firewall is better.
And pls dont say: cisco devs so it has to be good, ive been running around patching more cisco security issues than alcatel / HP / Fujitsu / Qnap the last year.
Ps:
https://www.reddit.com/r/firewalla/s/gr9Jm3N8ug
Because its working fine for you, you just ignore all the security issues they have and still say its safer than all other Firewalls?
How much do they pay you?
And yeah, iam working way more since its easy cash + if i dont work i do networking anyways as a hobby, so why not do it everything at the same time.
The more i read about firewalla the more unsecure it seems.
Read this thread alone and its clear that firewalla has more Problems than 99% of even chinese Firewall Software.
https://www.reddit.com/r/firewalla/s/gr9Jm3N8ug