I already host multiple services via caddy as my reverse proxy. Jellyfin, I am worried about authentication. How do you secure it?
I already host multiple services via caddy as my reverse proxy. Jellyfin, I am worried about authentication. How do you secure it?
I also have a different subnet for WG. Not sure I understand what you’re saying…
If you have a separate subnet for it, then why do you only want it to be connected when you’re not on home wifi? You can just leave it connected all the time since it won’t interfere with accessing anything outside that subnet.
That’s assuming you’re not routing all your traffic through it.
My network is not publicly accessible. I can only access the internal services while connected to my VPN or when I’m physically at home. I connect to WG to use the local DNS (pihole) or to access the selfhosted stuff. I don’t need to be connected while I’m at home… In a way, I am always using the home DNS.
Maybe I’m misunderstanding what you’re saying…
He’s saying that while there is no benefit to being connect to WG at home, there is also no downside so many people just stay connected all the time.
Oh, I get that, but it just doesn’t make any sense to me to be physically next to the server, and connect to it via VPN…
My point is that since the VPN uses a different subnet, it’s fine to keep it connected even at home. It’ll only use the VPN if you access the server’s VPN IP, not its regular IP.
In any case, Tailscale and Wireguard are peer-to-peer, so the connection over the VPN is still directly to the server and there’s no real disadvantage of using the VPN IP on your local network.
Right, but I have wireguard on my opnsense. So when I want to reach https://jellyfin.example.com/ , if I am at home, it goes phone -> DNS -> proxy -> jellyfin (on the same network). If I am connected to the VPN, it goes from phone -> internet -> opnsense public ip -> wireguard subnet -> local subnet -> DNS -> proxy -> jellyfin. I see some unneeded extra steps here… Am I wrong?
Yeah, this. Plus if you leave it connected, you can use the VPN IPs while at home instead of having to use a different IP when at home vs when out (or deal with split horizon DNS)