I’m currently running both a home server and a VPS. The former is not reachable through the internet, only through vpn. The latter hosts public services.

The VPS is regularly cutting it very close with storage and today I messed up and crashed the whole stack trying to make an impromptu backup. Lesson learned: we need more storage! I could just rent more storage but just today I updated my home server with 16 TB of raid 1 enterprise HDDs.

So I thought I could maybe do a (wireguard) VPN tunnel directly to some storage service that I host on my homeserver. The upload is not great but realistically I dont need much. The important stuff stays on the VPS. Mainly videos, pictures and other stuff that doesnt get accessed a lot should go there. The rest should be “cached” at the VPS.

I would have to host wireguard on a server port, only have it access one folder which doesnt contain anything important, forward the port on the router and have the vps have the keys. Even if someone gets into the VPS and steals the keys, they only get that one file storage folder.

Has anyone done this? Are there services that do this or do I just host wireguard and thats it?

Thanks for reading. Have a good one! :)

  • hauiOP
    link
    fedilink
    English
    28 months ago

    I‘m not sure you understand how a vpn works. It usually connects to the outermost part of a network (the router in my case) and then enters through there. The vpn port is always open and thats why I asked since you said thats not the case. (Incase that comes up: there are setups where another port is used for „knocking“ and opens up the entry port. Still one port has to be open to receive anything)

    Also, you have no reason to talk down to me. We might have had a misunderstanding here, idk. I‘m just asking to find out what you meant.

    • BreakDecks
      link
      fedilink
      English
      08 months ago

      No shit the VPN requires an open port, I never said otherwise, but if your router is the one running the server, you aren’t forwarding the port. The router itself is listening on its WAN interface.

      The VPN prevents you from having to forward any ports, because the router allows you to tunnel in. The only open port will be whatever port the VPN server listens on, and it isn’t a forwarded port.

      Source: I literally work at a VPN company.

      • hauiOP
        link
        fedilink
        English
        18 months ago

        I hope you dont work in a customer facing position then. You literally have no idea how to talk to someone in a respectful manner.

        So, my initial take was correct. You do need an open port and if you want your router to manage it, you have to isolate the vpn from the rest of the network.

        Anyway, since this isnt going anywhere and you keep being irritating, I‘m gonna call it. Good luck with that attitude.