Hi, my current setup is the following
Windows server pc with hyperV (it’s a weird choice I know but I wanted to experiment with stuff I’m also using at work) hosting some VMs:
- OPNSense (doing dhcp server)
- owncloud (personal cloud)
- pihole
Till yesterday I had a fix public IP to reach my owncloud via port forwarding from my work laptop and as well my two desktop (outside my network)
Can you suggest a more secure way of doing it? Any general other suggestion to make my setup better?
Thank you
PS: i have no budget constrain but I’m usually not prompt to waste money :D
I disagree. Tailscale has a much higher attack surface since the network is controlled by a separate entity, tailscale. As on pure wireguard, you would need to first compromise one of your clients to get into the network.
Also tailscale is a much higher value target since you could compromise thousands of devices/networks/communication with ‘just’ compromising the vendors network.
You have an excellent point, it seems like tailscale would have a larger attack surface.
I wonder if credentials are hashed in some way on tailscale servers, so even with an attacker gaining access to their servers it would essentially be useless to them.