What is the issue with one Wireguard port open? You vpn to home LAN and everything is there.
The issue with these VPN companies is that they log data, you have to run an agent running as root, reliance on several other companies too like IdP, etc. Very large attack surface.
If your devices are in one network like at home, you have all those things with Wireguard too.
Devices in home LAN all talk to each other, so you have a mesh network.
You need keys for your laptop, phone and remote devices only.
Most nodes are in LAN and don’t need to even run VPN.
With plain Wireguard, you open a single port in a single device. With mesh VPNs you open tons of ports: several ports in coordination, STUN and relay servers, also every device runs a vpn server listening to a port.
You VPN to home and use your home DNS. Your enter ACL rules and DNS server in your router.
I use a mesh VPN but I’m thinking of switching back to Wireguard, my older setup.
I have requested theft a number of times, even presented video footage. I was surprised they ask you fill out bureaucratic paperwork and at the end they do nothing, after all these taxes we pay in Europe.
Linux desktop is amazing. Coming from Debian, I installed Windows and had to quickly purge it from my hardware! Super bloated, slow, constantly phoned some CC center, automatically connected to OneDrive, …
Debian is a breath of fresh air in comparison. Totally quiet and snappy.
Debian (stable) is great but I wouldn't use it for a gaming PC on modern hardware. The drivers included are just too old. Bazzite or Arch (DIY option) seem better options.
Debian Stable gamer here, with modern hardware, having a great time.
> The drivers included are just too old.
This can usually be fixed by enabling Debian Backports. In some cases, it doesn't even need fixing, because userland drivers like Mesa can be included in the runtimes provided by Steam, Flatpak, etc.
Once set up, Debian is a very low-maintenance system that respects my time, and I love it for that.
I don't game, but all my computers run Debian Stable, and my oldest child wastes considerable time gaming on Steam. I had to tweak one or two things for him early on, but it all seems to work fine.
People who don't use Debian misunderstand Stable. It's released every two years, and a subset of the software is kept up to date in Backports. For anything not included in Backports, its trivial to run Debian Testing or Unstable in a chroot on your Stable machine.
I moved to Debian Stable ~20 years ago because constant updates in other distros always screwed up CUPS printing (among other things). Curiously, I was using Ubuntu earlier this year and the same thing happened. Never going back.
If I’m not wrong, a hetzner VM by default has no firewall enabled. If you are coming from providers with different default settings, that might bite you. Containers that you thought were not open to internet have been open all this time. Two firewalls failed: They bypassed ufw and there was no external firewall either.
You have to define a firewall policy and attach it to the VM.
I had this question a while ago. Type I hypervisors are not designed to run on laptops. Some features like battery optimization, suspension, WiFi , Bluetooth etc may not work well.
And more importantly, the consoles in web interfaces seem to be more for emergency access than everyday use; the access is primarily meant to be over ssh or rdp.
QubesOS is an exception. The next best option is a type II hypervisor like Qemu/kvm on Linux, pretending that it’s type I.
The issue with these VPN companies is that they log data, you have to run an agent running as root, reliance on several other companies too like IdP, etc. Very large attack surface.
reply